From 331cd380209ecd4b532c2289adb26c4094b8de06 Mon Sep 17 00:00:00 2001 From: Mark Shields <4237425+beejiujitsu@users.noreply.github.com> Date: Fri, 26 May 2023 12:00:00 -0400 Subject: [PATCH 001/252] fix: CVE-2023-1732 (#13748) Upgrade cloudflare pkg to minimum version required to resolve https://nvd.nist.gov/vuln/detail/CVE-2023-1732 Signed-off-by: Mark Shields <4237425+beejiujitsu@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 3dfee30d14edb..efc6d3b6bd40b 100644 --- a/go.mod +++ b/go.mod @@ -123,7 +123,7 @@ require ( github.com/cenkalti/backoff/v4 v4.1.3 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/gettext-go v0.0.0-20170215093142-bf70f2a70fb1 // indirect - github.com/cloudflare/circl v1.1.0 // indirect + github.com/cloudflare/circl v1.3.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect diff --git a/go.sum b/go.sum index e012846fc3213..79c0571043f8e 100644 --- a/go.sum +++ b/go.sum @@ -200,8 +200,9 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.1.0 h1:bZgT/A+cikZnKIwn7xL2OBj012Bmvho/o6RpRvv3GKY= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= +github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313/go.mod h1:P1wt9Z3DP8O6W3rvwCt0REIlshg1InHImaLW0t3ObY0= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= From b6db057cf2d5ca83f4207bdc3a943b104f6870d7 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Fri, 26 May 2023 18:02:09 +0200 Subject: [PATCH 002/252] fix(kustomize): allow using build env in images (#13745) This allows substituting the target revision using image:${ARGOCD_APP_REVISION} Signed-off-by: Robin Gloster --- util/kustomize/kustomize.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/util/kustomize/kustomize.go b/util/kustomize/kustomize.go index 0c2bd50683105..78765cb2ff35d 100644 --- a/util/kustomize/kustomize.go +++ b/util/kustomize/kustomize.go @@ -108,7 +108,9 @@ func (k *kustomize) Build(opts *v1alpha1.ApplicationSourceKustomize, kustomizeOp // set image node:8.15.0 mysql=mariadb alpine@sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d3 args := []string{"edit", "set", "image"} for _, image := range opts.Images { - args = append(args, string(image)) + // this allows using ${ARGOCD_APP_REVISION} + envSubstitutedImage := envVars.Envsubst(string(image)) + args = append(args, envSubstitutedImage) } cmd := exec.Command(k.getBinaryPath(), args...) cmd.Dir = k.path From 4ce4885e731069467ea63933d0ab6454acb75b41 Mon Sep 17 00:00:00 2001 From: Koray Koska <11356621+koraykoska@users.noreply.github.com> Date: Fri, 26 May 2023 20:20:30 +0300 Subject: [PATCH 003/252] chore: add chainnodes to users (#13754) Signed-off-by: Koray Koska <11356621+koraykoska@users.noreply.github.com> --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index e3c74d15c499e..724f317c37c4c 100644 --- a/USERS.md +++ b/USERS.md @@ -45,6 +45,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Celonis](https://www.celonis.com/) 1. [CERN](https://home.cern/) 1. [Chargetrip](https://chargetrip.com) +1. [Chainnodes](https://chainnodes.org) 1. [Chime](https://www.chime.com) 1. [Cisco ET&I](https://eti.cisco.com/) 1. [Cloud Posse](https://www.cloudposse.com/) From c651bd8de551c85fc897c997c1976d6777259921 Mon Sep 17 00:00:00 2001 From: Blake Pettersson Date: Sat, 27 May 2023 17:26:34 +0200 Subject: [PATCH 004/252] fix: surface source not permitted errors (#12255) * chore: surface source not permitted errors For Git and Helm repositories, we filter out non-permitted urls before submitting a `ManifestRequest` to the repo-server. While that works fine, this also leads to very hard to debug issues in particular when using Helm dependencies. This (very) WIP PR adds `ProjectSourceRepos` as a parameter to `ManifestRequest`, so we can verify that a source is in fact permitted in order to distinguish between actual 40x errors (caused by e.g misconfiguration) and "source not permitted" caused by not adding the relevant sources to the AppProject config. This still needs documentation, tests and some basic sanity checking before proceeding further, as well as resolving whatever is causing `make codegen` to not properly work. Signed-off-by: Blake Pettersson * chore: propagate project values to repo-server Signed-off-by: Blake Pettersson * test: fix failing unit tests now onto the e2e tests... Signed-off-by: Blake Pettersson * test: fix failing e2e test(s) Signed-off-by: Blake Pettersson * fix: add project params Signed-off-by: Blake Pettersson * test: add e2e test Add Helm dependency check test. Signed-off-by: Blake Pettersson * chore: remove git source check Discussed over Slack and deemed this to not be necessary at this time. Signed-off-by: Blake Pettersson * make codegen Signed-off-by: Blake Pettersson * chore: cr tweaks Signed-off-by: Blake Pettersson * chore: code review tweaks Signed-off-by: Blake Pettersson * test: fix Signed-off-by: Blake Pettersson * test: wip Signed-off-by: Blake Pettersson * test: wip Signed-off-by: Blake Pettersson * chore: wip Signed-off-by: Blake Pettersson * chore: typo Signed-off-by: Blake Pettersson * fix: typo Signed-off-by: Blake Pettersson * chore: rebase fixes Signed-off-by: Blake Pettersson * test: oci:// is not prefixed Signed-off-by: Blake Pettersson --------- Signed-off-by: Blake Pettersson --- cmd/argocd/commands/app.go | 46 ++- cmd/argocd/commands/project.go | 14 +- controller/state.go | 2 + reposerver/apiclient/repository.pb.go | 390 +++++++++++------- reposerver/repository/repository.go | 19 + reposerver/repository/repository.proto | 4 + reposerver/repository/repository_test.go | 170 ++++++-- server/application/application.go | 16 + test/e2e/helm_test.go | 40 ++ .../Chart.yaml | 6 +- util/argo/argo.go | 4 + 11 files changed, 511 insertions(+), 200 deletions(-) diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index 112008859ad74..39758dbc76337 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -845,9 +845,9 @@ func targetObjects(resources []*argoappv1.ResourceDiff) ([]*unstructured.Unstruc return objs, nil } -func getLocalObjects(ctx context.Context, app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, +func getLocalObjects(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, configManagementPlugins []*argoappv1.ConfigManagementPlugin, trackingMethod string) []*unstructured.Unstructured { - manifestStrings := getLocalObjectsString(ctx, app, local, localRepoRoot, appLabelKey, kubeVersion, apiVersions, kustomizeOptions, configManagementPlugins, trackingMethod) + manifestStrings := getLocalObjectsString(ctx, app, proj, local, localRepoRoot, appLabelKey, kubeVersion, apiVersions, kustomizeOptions, configManagementPlugins, trackingMethod) objs := make([]*unstructured.Unstructured, len(manifestStrings)) for i := range manifestStrings { obj := unstructured.Unstructured{} @@ -858,20 +858,22 @@ func getLocalObjects(ctx context.Context, app *argoappv1.Application, local, loc return objs } -func getLocalObjectsString(ctx context.Context, app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, +func getLocalObjectsString(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, configManagementPlugins []*argoappv1.ConfigManagementPlugin, trackingMethod string) []string { source := app.Spec.GetSource() res, err := repository.GenerateManifests(ctx, local, localRepoRoot, source.TargetRevision, &repoapiclient.ManifestRequest{ - Repo: &argoappv1.Repository{Repo: source.RepoURL}, - AppLabelKey: appLabelKey, - AppName: app.Name, - Namespace: app.Spec.Destination.Namespace, - ApplicationSource: &source, - KustomizeOptions: kustomizeOptions, - KubeVersion: kubeVersion, - ApiVersions: apiVersions, - Plugins: configManagementPlugins, - TrackingMethod: trackingMethod, + Repo: &argoappv1.Repository{Repo: source.RepoURL}, + AppLabelKey: appLabelKey, + AppName: app.Name, + Namespace: app.Spec.Destination.Namespace, + ApplicationSource: &source, + KustomizeOptions: kustomizeOptions, + KubeVersion: kubeVersion, + ApiVersions: apiVersions, + Plugins: configManagementPlugins, + TrackingMethod: trackingMethod, + ProjectName: proj.Name, + ProjectSourceRepos: proj.Spec.SourceRepos, }, true, &git.NoopCredsStore{}, resource.MustParse("0"), nil) errors.CheckError(err) @@ -989,7 +991,8 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co diffOption.cluster = cluster } } - foundDiffs := findandPrintDiff(ctx, app, resources, argoSettings, appName, diffOption) + proj := getProject(c, clientOpts, ctx, app.Spec.Project) + foundDiffs := findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, appName, diffOption) if foundDiffs && exitCode { os.Exit(1) } @@ -1017,13 +1020,13 @@ type DifferenceOption struct { } // findandPrintDiff ... Prints difference between application current state and state stored in git or locally, returns boolean as true if difference is found else returns false -func findandPrintDiff(ctx context.Context, app *argoappv1.Application, resources *application.ManagedResourcesResponse, argoSettings *settingspkg.Settings, appName string, diffOptions *DifferenceOption) bool { +func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settingspkg.Settings, appName string, diffOptions *DifferenceOption) bool { var foundDiffs bool liveObjs, err := cmdutil.LiveObjects(resources.Items) errors.CheckError(err) items := make([]objKeyLiveTarget, 0) if diffOptions.local != "" { - localObjs := groupObjsByKey(getLocalObjects(ctx, app, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace) + localObjs := groupObjsByKey(getLocalObjects(ctx, app, proj, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace) items = groupObjsForDiff(resources, localObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace)) } else if diffOptions.revision != "" { var unstructureds []*unstructured.Unstructured @@ -1686,7 +1689,9 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co cluster, err := clusterIf.Get(ctx, &clusterpkg.ClusterQuery{Name: app.Spec.Destination.Name, Server: app.Spec.Destination.Server}) errors.CheckError(err) argoio.Close(conn) - localObjsStrings = getLocalObjectsString(ctx, app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.Info.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod) + + proj := getProject(c, clientOpts, ctx, app.Spec.Project) + localObjsStrings = getLocalObjectsString(ctx, app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.Info.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod) errors.CheckError(err) diffOption.local = local diffOption.localRepoRoot = localRepoRoot @@ -1755,7 +1760,9 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) foundDiffs := false fmt.Printf("====== Previewing differences between live and desired state of application %s ======\n", appQualifiedName) - foundDiffs = findandPrintDiff(ctx, app, resources, argoSettings, appQualifiedName, diffOption) + + proj := getProject(c, clientOpts, ctx, app.Spec.Project) + foundDiffs = findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, appQualifiedName, diffOption) if foundDiffs { if !diffChangesConfirm { yesno := cli.AskToProceed(fmt.Sprintf("Please review changes to application %s shown above. Do you want to continue the sync process? (y/n): ", appQualifiedName)) @@ -2367,7 +2374,8 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob cluster, err := clusterIf.Get(context.Background(), &clusterpkg.ClusterQuery{Name: app.Spec.Destination.Name, Server: app.Spec.Destination.Server}) errors.CheckError(err) - unstructureds = getLocalObjects(context.Background(), app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod) + proj := getProject(c, clientOpts, ctx, app.Spec.Project) + unstructureds = getLocalObjects(context.Background(), app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod) } else if revision != "" { q := application.ApplicationManifestQuery{ Name: &appName, diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index d8298101ddab1..56f6363b06bf0 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -1,6 +1,7 @@ package commands import ( + "context" "encoding/json" "fmt" "io" @@ -819,10 +820,7 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command os.Exit(1) } projName := args[0] - conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() - defer argoio.Close(conn) - detailedProject, err := projIf.GetDetailedProject(ctx, &projectpkg.ProjectQuery{Name: projName}) - errors.CheckError(err) + detailedProject := getProject(c, clientOpts, ctx, projName) switch output { case "yaml", "json": @@ -839,6 +837,14 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command return command } +func getProject(c *cobra.Command, clientOpts *argocdclient.ClientOptions, ctx context.Context, projName string) *projectpkg.DetailedProjectsResponse { + conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() + defer argoio.Close(conn) + detailedProject, err := projIf.GetDetailedProject(ctx, &projectpkg.ProjectQuery{Name: projName}) + errors.CheckError(err) + return detailedProject +} + func NewProjectEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "edit PROJECT", diff --git a/controller/state.go b/controller/state.go index 62b55bea9ce75..1d70dcae1cc30 100644 --- a/controller/state.go +++ b/controller/state.go @@ -210,6 +210,8 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp HelmOptions: helmOptions, HasMultipleSources: app.Spec.HasMultipleSources(), RefSources: refSources, + ProjectName: proj.Name, + ProjectSourceRepos: proj.Spec.SourceRepos, }) if err != nil { return nil, nil, err diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 3e9eab42178c2..784c0ecc52d34 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -45,17 +45,21 @@ type ManifestRequest struct { KubeVersion string `protobuf:"bytes,14,opt,name=kubeVersion,proto3" json:"kubeVersion,omitempty"` ApiVersions []string `protobuf:"bytes,15,rep,name=apiVersions,proto3" json:"apiVersions,omitempty"` // Request to verify the signature when generating the manifests (only for Git repositories) - VerifySignature bool `protobuf:"varint,16,opt,name=verifySignature,proto3" json:"verifySignature,omitempty"` - HelmRepoCreds []*v1alpha1.RepoCreds `protobuf:"bytes,17,rep,name=helmRepoCreds,proto3" json:"helmRepoCreds,omitempty"` - NoRevisionCache bool `protobuf:"varint,18,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` - TrackingMethod string `protobuf:"bytes,19,opt,name=trackingMethod,proto3" json:"trackingMethod,omitempty"` - EnabledSourceTypes map[string]bool `protobuf:"bytes,20,rep,name=enabledSourceTypes,proto3" json:"enabledSourceTypes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` - HelmOptions *v1alpha1.HelmOptions `protobuf:"bytes,21,opt,name=helmOptions,proto3" json:"helmOptions,omitempty"` - HasMultipleSources bool `protobuf:"varint,22,opt,name=hasMultipleSources,proto3" json:"hasMultipleSources,omitempty"` - RefSources map[string]*v1alpha1.RefTarget `protobuf:"bytes,23,rep,name=refSources,proto3" json:"refSources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + VerifySignature bool `protobuf:"varint,16,opt,name=verifySignature,proto3" json:"verifySignature,omitempty"` + HelmRepoCreds []*v1alpha1.RepoCreds `protobuf:"bytes,17,rep,name=helmRepoCreds,proto3" json:"helmRepoCreds,omitempty"` + NoRevisionCache bool `protobuf:"varint,18,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` + TrackingMethod string `protobuf:"bytes,19,opt,name=trackingMethod,proto3" json:"trackingMethod,omitempty"` + EnabledSourceTypes map[string]bool `protobuf:"bytes,20,rep,name=enabledSourceTypes,proto3" json:"enabledSourceTypes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` + HelmOptions *v1alpha1.HelmOptions `protobuf:"bytes,21,opt,name=helmOptions,proto3" json:"helmOptions,omitempty"` + HasMultipleSources bool `protobuf:"varint,22,opt,name=hasMultipleSources,proto3" json:"hasMultipleSources,omitempty"` + RefSources map[string]*v1alpha1.RefTarget `protobuf:"bytes,23,rep,name=refSources,proto3" json:"refSources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // This is used to surface "source not permitted" errors for Helm repositories + ProjectSourceRepos []string `protobuf:"bytes,24,rep,name=projectSourceRepos,proto3" json:"projectSourceRepos,omitempty"` + // This is used to surface "source not permitted" errors for Helm repositories + ProjectName string `protobuf:"bytes,25,opt,name=projectName,proto3" json:"projectName,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ManifestRequest) Reset() { *m = ManifestRequest{} } @@ -231,6 +235,20 @@ func (m *ManifestRequest) GetRefSources() map[string]*v1alpha1.RefTarget { return nil } +func (m *ManifestRequest) GetProjectSourceRepos() []string { + if m != nil { + return m.ProjectSourceRepos + } + return nil +} + +func (m *ManifestRequest) GetProjectName() string { + if m != nil { + return m.ProjectName + } + return "" +} + type ManifestRequestWithFiles struct { // Types that are valid to be assigned to Part: // *ManifestRequestWithFiles_Request @@ -2162,136 +2180,138 @@ func init() { } var fileDescriptor_dd8723cfcc820480 = []byte{ - // 2061 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x5a, 0x5b, 0x6f, 0x1c, 0x49, + // 2092 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0x5b, 0x6f, 0x1c, 0x49, 0x15, 0x9e, 0x9e, 0xf1, 0x65, 0xe6, 0xd8, 0xb1, 0xc7, 0x15, 0x5f, 0x3a, 0xb3, 0x59, 0xcb, 0xdb, 0x90, 0xc8, 0x24, 0xbb, 0x33, 0xb2, 0xa3, 0xdd, 0xa0, 0x2c, 0x2c, 0xf2, 0x7a, 0x13, 0x3b, 0x9b, 0x38, 0x31, 0x9d, 0x00, 0x5a, 0x08, 0xa0, 0x72, 0x4f, 0xcd, 0x4c, 0xed, 0xf4, 0x74, 0x57, 0xba, - 0xab, 0x8d, 0x1c, 0x89, 0x07, 0x04, 0xe2, 0x27, 0x20, 0xc4, 0xff, 0x40, 0x3c, 0x21, 0x9e, 0xb8, - 0x48, 0xbc, 0xac, 0xf8, 0x03, 0xa0, 0xfc, 0x12, 0x54, 0x97, 0xbe, 0x4e, 0xdb, 0xc9, 0x32, 0x8e, - 0x57, 0x68, 0x5f, 0x92, 0xae, 0xaa, 0x73, 0xab, 0x53, 0xa7, 0xce, 0xf9, 0x4e, 0x8d, 0xe1, 0x7a, - 0x40, 0x98, 0x1f, 0x92, 0xe0, 0x98, 0x04, 0x1d, 0xf9, 0x49, 0xb9, 0x1f, 0x9c, 0x64, 0x3e, 0xdb, - 0x2c, 0xf0, 0xb9, 0x8f, 0x20, 0x9d, 0x69, 0x3d, 0xec, 0x53, 0x3e, 0x88, 0x8e, 0xda, 0x8e, 0x3f, - 0xea, 0xe0, 0xa0, 0xef, 0xb3, 0xc0, 0xff, 0x5c, 0x7e, 0xbc, 0xe7, 0x74, 0x3b, 0xc7, 0xdb, 0x1d, - 0x36, 0xec, 0x77, 0x30, 0xa3, 0x61, 0x07, 0x33, 0xe6, 0x52, 0x07, 0x73, 0xea, 0x7b, 0x9d, 0xe3, - 0x2d, 0xec, 0xb2, 0x01, 0xde, 0xea, 0xf4, 0x89, 0x47, 0x02, 0xcc, 0x49, 0x57, 0x49, 0x6e, 0xbd, - 0xd5, 0xf7, 0xfd, 0xbe, 0x4b, 0x3a, 0x72, 0x74, 0x14, 0xf5, 0x3a, 0x64, 0xc4, 0xb8, 0x56, 0x6b, - 0xfd, 0x7e, 0x1e, 0x16, 0x0f, 0xb0, 0x47, 0x7b, 0x24, 0xe4, 0x36, 0x79, 0x1e, 0x91, 0x90, 0xa3, - 0x67, 0x30, 0x25, 0x8c, 0x31, 0x8d, 0x0d, 0x63, 0x73, 0x6e, 0x7b, 0xbf, 0x9d, 0x5a, 0xd3, 0x8e, - 0xad, 0x91, 0x1f, 0x3f, 0x77, 0xba, 0xed, 0xe3, 0xed, 0x36, 0x1b, 0xf6, 0xdb, 0xc2, 0x9a, 0x76, - 0xc6, 0x9a, 0x76, 0x6c, 0x4d, 0xdb, 0x4e, 0xb6, 0x65, 0x4b, 0xa9, 0xa8, 0x05, 0xf5, 0x80, 0x1c, - 0xd3, 0x90, 0xfa, 0x9e, 0x59, 0xdd, 0x30, 0x36, 0x1b, 0x76, 0x32, 0x46, 0x26, 0xcc, 0x7a, 0xfe, - 0x2e, 0x76, 0x06, 0xc4, 0xac, 0x6d, 0x18, 0x9b, 0x75, 0x3b, 0x1e, 0xa2, 0x0d, 0x98, 0xc3, 0x8c, - 0x3d, 0xc4, 0x47, 0xc4, 0x7d, 0x40, 0x4e, 0xcc, 0x29, 0xc9, 0x98, 0x9d, 0x12, 0xbc, 0x98, 0xb1, - 0x47, 0x78, 0x44, 0xcc, 0x69, 0xb9, 0x1a, 0x0f, 0xd1, 0x55, 0x68, 0x78, 0x78, 0x44, 0x42, 0x86, - 0x1d, 0x62, 0xd6, 0xe5, 0x5a, 0x3a, 0x81, 0x7e, 0x09, 0x4b, 0x19, 0xc3, 0x9f, 0xf8, 0x51, 0xe0, - 0x10, 0x13, 0xe4, 0xd6, 0x1f, 0x4f, 0xb6, 0xf5, 0x9d, 0xa2, 0x58, 0x7b, 0x5c, 0x13, 0xfa, 0x19, - 0x4c, 0xcb, 0x93, 0x37, 0xe7, 0x36, 0x6a, 0xe7, 0xea, 0x6d, 0x25, 0x16, 0x79, 0x30, 0xcb, 0xdc, - 0xa8, 0x4f, 0xbd, 0xd0, 0x9c, 0x97, 0x1a, 0x9e, 0x4e, 0xa6, 0x61, 0xd7, 0xf7, 0x7a, 0xb4, 0x7f, - 0x80, 0x3d, 0xdc, 0x27, 0x23, 0xe2, 0xf1, 0x43, 0x29, 0xdc, 0x8e, 0x95, 0xa0, 0x17, 0xd0, 0x1c, - 0x46, 0x21, 0xf7, 0x47, 0xf4, 0x05, 0x79, 0xcc, 0x04, 0x6f, 0x68, 0x5e, 0x92, 0xde, 0x7c, 0x34, - 0x99, 0xe2, 0x07, 0x05, 0xa9, 0xf6, 0x98, 0x1e, 0x11, 0x24, 0xc3, 0xe8, 0x88, 0xfc, 0x90, 0x04, - 0x32, 0xba, 0x16, 0x54, 0x90, 0x64, 0xa6, 0x54, 0x18, 0x51, 0x3d, 0x0a, 0xcd, 0xc5, 0x8d, 0x9a, - 0x0a, 0xa3, 0x64, 0x0a, 0x6d, 0xc2, 0xe2, 0x31, 0x09, 0x68, 0xef, 0xe4, 0x09, 0xed, 0x7b, 0x98, - 0x47, 0x01, 0x31, 0x9b, 0x32, 0x14, 0x8b, 0xd3, 0x68, 0x04, 0x97, 0x06, 0xc4, 0x1d, 0x09, 0x97, - 0xef, 0x06, 0xa4, 0x1b, 0x9a, 0x4b, 0xd2, 0xbf, 0x7b, 0x93, 0x9f, 0xa0, 0x14, 0x67, 0xe7, 0xa5, - 0x0b, 0xc3, 0x3c, 0xdf, 0xd6, 0x37, 0x45, 0xdd, 0x11, 0xa4, 0x0c, 0x2b, 0x4c, 0xa3, 0xeb, 0xb0, - 0xc0, 0x03, 0xec, 0x0c, 0xa9, 0xd7, 0x3f, 0x20, 0x7c, 0xe0, 0x77, 0xcd, 0xcb, 0xd2, 0x13, 0x85, - 0x59, 0xe4, 0x00, 0x22, 0x1e, 0x3e, 0x72, 0x49, 0x57, 0xc5, 0xe2, 0xd3, 0x13, 0x46, 0x42, 0x73, - 0x59, 0xee, 0xe2, 0x56, 0x3b, 0x93, 0xa1, 0x0a, 0x09, 0xa2, 0x7d, 0x77, 0x8c, 0xeb, 0xae, 0xc7, - 0x83, 0x13, 0xbb, 0x44, 0x1c, 0x1a, 0xc2, 0x9c, 0xd8, 0x47, 0x1c, 0x0a, 0x2b, 0x32, 0x14, 0xee, - 0x4f, 0xe6, 0xa3, 0xfd, 0x54, 0xa0, 0x9d, 0x95, 0x8e, 0xda, 0x80, 0x06, 0x38, 0x3c, 0x88, 0x5c, - 0x4e, 0x99, 0x4b, 0x94, 0x19, 0xa1, 0xb9, 0x2a, 0xdd, 0x54, 0xb2, 0x82, 0x1e, 0x00, 0x04, 0xa4, - 0x17, 0xd3, 0xad, 0xc9, 0x9d, 0xdf, 0x3c, 0x6b, 0xe7, 0x76, 0x42, 0xad, 0x76, 0x9c, 0x61, 0x6f, - 0xdd, 0x85, 0xb5, 0x53, 0x1c, 0x83, 0x9a, 0x50, 0x1b, 0x92, 0x13, 0x99, 0x50, 0x1b, 0xb6, 0xf8, - 0x44, 0xcb, 0x30, 0x7d, 0x8c, 0xdd, 0x88, 0xc8, 0x14, 0x58, 0xb7, 0xd5, 0xe0, 0x4e, 0xf5, 0xdb, - 0x46, 0xeb, 0xb7, 0x06, 0x2c, 0x16, 0xd4, 0x94, 0xf0, 0xff, 0x34, 0xcb, 0x7f, 0x0e, 0x41, 0xd7, - 0x7b, 0x8a, 0x83, 0x3e, 0xe1, 0x19, 0x43, 0xac, 0x7f, 0x19, 0x60, 0x16, 0xf6, 0xff, 0x23, 0xca, - 0x07, 0xf7, 0xa8, 0x4b, 0x42, 0x74, 0x1b, 0x66, 0x03, 0x35, 0xa7, 0xcb, 0xc4, 0x5b, 0x67, 0xb8, - 0x6d, 0xbf, 0x62, 0xc7, 0xd4, 0xe8, 0x23, 0xa8, 0x8f, 0x08, 0xc7, 0x5d, 0xcc, 0xb1, 0xb6, 0x7d, - 0xa3, 0x8c, 0x53, 0x68, 0x39, 0xd0, 0x74, 0xfb, 0x15, 0x3b, 0xe1, 0x41, 0xef, 0xc3, 0xb4, 0x33, - 0x88, 0xbc, 0xa1, 0x2c, 0x10, 0x73, 0xdb, 0x6f, 0x9f, 0xc6, 0xbc, 0x2b, 0x88, 0xf6, 0x2b, 0xb6, - 0xa2, 0xfe, 0x78, 0x06, 0xa6, 0x18, 0x0e, 0xb8, 0x75, 0x0f, 0x96, 0xcb, 0x54, 0x88, 0xaa, 0xe4, - 0x0c, 0x88, 0x33, 0x0c, 0xa3, 0x91, 0x76, 0x73, 0x32, 0x46, 0x08, 0xa6, 0x42, 0xfa, 0x42, 0xb9, - 0xba, 0x66, 0xcb, 0x6f, 0xeb, 0x5b, 0xb0, 0x34, 0xa6, 0x4d, 0x1c, 0xaa, 0xb2, 0x4d, 0x48, 0x98, - 0xd7, 0xaa, 0xad, 0x08, 0x56, 0x9e, 0x4a, 0x5f, 0x24, 0xa9, 0xf9, 0x22, 0xea, 0xac, 0xb5, 0x0f, - 0xab, 0x45, 0xb5, 0x21, 0xf3, 0xbd, 0x90, 0x88, 0x5b, 0x22, 0x73, 0x19, 0x25, 0xdd, 0x74, 0x55, - 0x5a, 0x51, 0xb7, 0x4b, 0x56, 0xac, 0x5f, 0x55, 0x61, 0xd5, 0x26, 0xa1, 0xef, 0x1e, 0x93, 0x38, - 0xd1, 0x5c, 0x0c, 0x54, 0xf8, 0x09, 0xd4, 0x30, 0x63, 0x3a, 0x4c, 0xee, 0x9f, 0x5b, 0x31, 0xb6, - 0x85, 0x54, 0xf4, 0x2e, 0x2c, 0xe1, 0xd1, 0x11, 0xed, 0x47, 0x7e, 0x14, 0xc6, 0xdb, 0x92, 0x41, - 0xd5, 0xb0, 0xc7, 0x17, 0x2c, 0x07, 0xd6, 0xc6, 0x5c, 0xa0, 0xdd, 0x99, 0x05, 0x34, 0x46, 0x01, - 0xd0, 0x94, 0x2a, 0xa9, 0x9e, 0xa6, 0xe4, 0x6f, 0x06, 0x34, 0xd3, 0xab, 0xa3, 0xc5, 0x5f, 0x85, - 0xc6, 0x48, 0xcf, 0x85, 0xa6, 0x21, 0x0b, 0x56, 0x3a, 0x91, 0xc7, 0x36, 0xd5, 0x22, 0xb6, 0x59, - 0x85, 0x19, 0x05, 0x3d, 0xf5, 0xc6, 0xf4, 0x28, 0x67, 0xf2, 0x54, 0xc1, 0xe4, 0x75, 0x80, 0x30, - 0xc9, 0x5f, 0xe6, 0x8c, 0x5c, 0xcd, 0xcc, 0x20, 0x0b, 0xe6, 0x55, 0x25, 0xb4, 0x49, 0x18, 0xb9, - 0xdc, 0x9c, 0x95, 0x14, 0xb9, 0x39, 0xcb, 0x87, 0xc5, 0x87, 0x54, 0xec, 0xa1, 0x17, 0x5e, 0x4c, - 0xb0, 0x7f, 0x00, 0x53, 0x42, 0x99, 0xd8, 0xd8, 0x51, 0x80, 0x3d, 0x67, 0x40, 0x62, 0x5f, 0x25, - 0x63, 0x71, 0x8d, 0x39, 0xee, 0x87, 0x66, 0x55, 0xce, 0xcb, 0x6f, 0xeb, 0x4f, 0x55, 0x65, 0xe9, - 0x0e, 0x63, 0xe1, 0x57, 0x0f, 0x7f, 0xcb, 0x0b, 0x72, 0x6d, 0xbc, 0x20, 0x17, 0x4c, 0xfe, 0x32, - 0x05, 0xf9, 0x9c, 0xca, 0x94, 0x15, 0xc1, 0xec, 0x0e, 0x63, 0xc2, 0x10, 0xb4, 0x05, 0x53, 0x98, - 0x31, 0xe5, 0xf0, 0x42, 0x46, 0xd6, 0x24, 0xe2, 0x7f, 0x6d, 0x92, 0x24, 0x6d, 0xdd, 0x86, 0x46, - 0x32, 0xf5, 0x2a, 0xb5, 0x8d, 0xac, 0xda, 0x0d, 0x00, 0x85, 0x38, 0xef, 0x7b, 0x3d, 0x5f, 0x1c, - 0xa9, 0x08, 0x76, 0xcd, 0x2a, 0xbf, 0xad, 0x3b, 0x31, 0x85, 0xb4, 0xed, 0x5d, 0x98, 0xa6, 0x9c, - 0x8c, 0x62, 0xe3, 0x56, 0xb3, 0xc6, 0xa5, 0x82, 0x6c, 0x45, 0x64, 0xfd, 0xbd, 0x0e, 0x57, 0xc4, - 0x89, 0x3d, 0x91, 0xd7, 0x64, 0x87, 0xb1, 0x4f, 0x08, 0xc7, 0xd4, 0x0d, 0xbf, 0x1f, 0x91, 0xe0, - 0xe4, 0x0d, 0x07, 0x46, 0x1f, 0x66, 0xd4, 0x2d, 0xd3, 0xf9, 0xee, 0xdc, 0x9b, 0x0f, 0x2d, 0x3e, - 0xed, 0x38, 0x6a, 0x6f, 0xa6, 0xe3, 0x28, 0xeb, 0x00, 0xa6, 0x2e, 0xa8, 0x03, 0x38, 0xbd, 0x09, - 0xcc, 0xb4, 0x96, 0x33, 0xf9, 0xd6, 0xb2, 0x04, 0x58, 0xcf, 0xbe, 0x2e, 0xb0, 0xae, 0x97, 0x02, - 0xeb, 0x51, 0xe9, 0x3d, 0x6e, 0x48, 0x77, 0x7f, 0x37, 0x1b, 0x81, 0xa7, 0xc6, 0xda, 0x24, 0x10, - 0x1b, 0xde, 0x28, 0xc4, 0xfe, 0x41, 0x0e, 0x32, 0xab, 0xa6, 0xf5, 0xfd, 0xd7, 0xdb, 0xd3, 0xd7, - 0x09, 0x3c, 0xff, 0x46, 0x62, 0x26, 0xe6, 0xa7, 0x3e, 0x48, 0x0a, 0xba, 0xa8, 0x43, 0xa2, 0xb4, - 0xea, 0xa4, 0x25, 0xbe, 0xd1, 0x4d, 0x98, 0x12, 0x4e, 0xd6, 0xa0, 0x76, 0x2d, 0xeb, 0x4f, 0x71, - 0x12, 0x3b, 0x8c, 0x3d, 0x61, 0xc4, 0xb1, 0x25, 0x11, 0xba, 0x03, 0x8d, 0x24, 0xf0, 0xf5, 0xcd, - 0xba, 0x9a, 0xe5, 0x48, 0xee, 0x49, 0xcc, 0x96, 0x92, 0x0b, 0xde, 0x2e, 0x0d, 0x88, 0x23, 0x21, - 0xdf, 0xf4, 0x38, 0xef, 0x27, 0xf1, 0x62, 0xc2, 0x9b, 0x90, 0xa3, 0x2d, 0x98, 0x51, 0x5d, 0xbe, - 0xbc, 0x41, 0x73, 0xdb, 0x57, 0xc6, 0x93, 0x69, 0xcc, 0xa5, 0x09, 0xad, 0xbf, 0x1a, 0xf0, 0x4e, - 0x1a, 0x10, 0xf1, 0x6d, 0x8a, 0x51, 0xf7, 0x57, 0x5f, 0x71, 0xaf, 0xc3, 0x82, 0x84, 0xf9, 0x69, - 0xb3, 0xaf, 0xde, 0x9d, 0x0a, 0xb3, 0xd6, 0x1f, 0x0d, 0xb8, 0x36, 0xbe, 0x8f, 0xdd, 0x01, 0x0e, - 0x78, 0x72, 0xbc, 0x17, 0xb1, 0x97, 0xb8, 0xe0, 0x55, 0xd3, 0x82, 0x97, 0xdb, 0x5f, 0x2d, 0xbf, - 0x3f, 0xeb, 0x2f, 0x55, 0x98, 0xcb, 0x04, 0x50, 0x59, 0xc1, 0x14, 0x80, 0x4f, 0xc6, 0xad, 0x6c, - 0xec, 0x64, 0x51, 0x68, 0xd8, 0x99, 0x19, 0x34, 0x04, 0x60, 0x38, 0xc0, 0x23, 0xc2, 0x49, 0x20, - 0x32, 0xb9, 0xb8, 0xf1, 0x0f, 0x26, 0xcf, 0x2e, 0x87, 0xb1, 0x4c, 0x3b, 0x23, 0x5e, 0x20, 0x56, - 0xa9, 0x3a, 0xd4, 0xf9, 0x5b, 0x8f, 0xd0, 0x2f, 0x60, 0xa1, 0x47, 0x5d, 0x72, 0x98, 0x1a, 0x32, - 0x23, 0x0d, 0x79, 0x3c, 0xb9, 0x21, 0xf7, 0xb2, 0x72, 0xed, 0x82, 0x1a, 0xeb, 0x06, 0x34, 0x8b, - 0xf7, 0x49, 0x18, 0x49, 0x47, 0xb8, 0x9f, 0x78, 0x4b, 0x8f, 0x2c, 0x04, 0xcd, 0xe2, 0xfd, 0xb1, - 0xfe, 0x5d, 0x85, 0x95, 0x44, 0xdc, 0x8e, 0xe7, 0xf9, 0x91, 0xe7, 0xc8, 0x87, 0xb3, 0xd2, 0xb3, - 0x58, 0x86, 0x69, 0x4e, 0xb9, 0x9b, 0x00, 0x1f, 0x39, 0x10, 0xb5, 0x8b, 0xfb, 0xbe, 0xcb, 0x29, - 0xd3, 0x07, 0x1c, 0x0f, 0xd5, 0xd9, 0x3f, 0x8f, 0x68, 0x40, 0xba, 0x32, 0x13, 0xd4, 0xed, 0x64, - 0x2c, 0xd6, 0x04, 0xaa, 0x91, 0x30, 0x5e, 0x39, 0x33, 0x19, 0xcb, 0xb8, 0xf7, 0x5d, 0x97, 0x38, - 0xc2, 0x1d, 0x19, 0xa0, 0x5f, 0x98, 0x95, 0x0d, 0x04, 0x0f, 0xa8, 0xd7, 0xd7, 0x30, 0x5f, 0x8f, - 0x84, 0x9d, 0x38, 0x08, 0xf0, 0x89, 0x59, 0x97, 0x0e, 0x50, 0x03, 0xf4, 0x1d, 0xa8, 0x8d, 0x30, - 0xd3, 0x85, 0xee, 0x46, 0x2e, 0x3b, 0x94, 0x79, 0xa0, 0x7d, 0x80, 0x99, 0xaa, 0x04, 0x82, 0xad, - 0xf5, 0x01, 0xd4, 0xe3, 0x89, 0x2f, 0x05, 0x09, 0x3f, 0x87, 0x4b, 0xb9, 0xe4, 0x83, 0x3e, 0x83, - 0xd5, 0x34, 0xa2, 0xb2, 0x0a, 0x35, 0x08, 0x7c, 0xe7, 0x95, 0x96, 0xd9, 0xa7, 0x08, 0xb0, 0x9e, - 0xc3, 0x92, 0x08, 0x19, 0x79, 0xf1, 0x2f, 0xa8, 0xb5, 0xf9, 0x10, 0x1a, 0x89, 0xca, 0xd2, 0x98, - 0x69, 0x41, 0xfd, 0x38, 0x7e, 0xd0, 0x54, 0xbd, 0x4d, 0x32, 0xb6, 0x76, 0x00, 0x65, 0xed, 0xd5, - 0x15, 0xe8, 0x66, 0x1e, 0x14, 0xaf, 0x14, 0xcb, 0x8d, 0x24, 0x8f, 0x31, 0xf1, 0x3f, 0x0d, 0x58, - 0xdc, 0xa3, 0xf2, 0x95, 0xe3, 0x82, 0x92, 0xdc, 0x0d, 0x68, 0x86, 0xd1, 0xd1, 0xc8, 0xef, 0x46, - 0x2e, 0xd1, 0xa0, 0x40, 0x57, 0xfa, 0xb1, 0xf9, 0xb3, 0x92, 0x9f, 0x70, 0x16, 0xc3, 0x7c, 0xa0, - 0x3b, 0x5c, 0xf9, 0x6d, 0xfd, 0xda, 0x80, 0x66, 0xba, 0x1b, 0xed, 0x8f, 0xdb, 0x2a, 0x6e, 0x95, - 0x37, 0xae, 0x65, 0xbd, 0x51, 0x24, 0xfd, 0xdf, 0x43, 0x76, 0x3e, 0x1b, 0xb2, 0x7f, 0x36, 0x60, - 0x65, 0x8f, 0xf2, 0x38, 0x59, 0xd0, 0xff, 0x33, 0xcf, 0x5a, 0x6d, 0x58, 0x2d, 0x9a, 0xaf, 0x5d, - 0xb9, 0x0c, 0xd3, 0xc2, 0xcf, 0x71, 0xf7, 0xad, 0x06, 0xdb, 0x5f, 0x34, 0x60, 0x29, 0x2d, 0x9f, - 0xe2, 0x5f, 0xea, 0x10, 0xf4, 0x18, 0x9a, 0x7b, 0xfa, 0xb7, 0xaa, 0xf8, 0xd5, 0x03, 0x9d, 0xf5, - 0x8c, 0xd8, 0xba, 0x5a, 0xbe, 0xa8, 0x54, 0x5b, 0x15, 0xe4, 0xc0, 0x95, 0xa2, 0xc0, 0xf4, 0xc5, - 0xf2, 0x9b, 0x67, 0x48, 0x4e, 0xa8, 0x5e, 0xa5, 0x62, 0xd3, 0x40, 0x9f, 0xc1, 0x42, 0xfe, 0x5d, - 0x0d, 0xe5, 0xf2, 0x49, 0xe9, 0x53, 0x5f, 0xcb, 0x3a, 0x8b, 0x24, 0xb1, 0xff, 0x99, 0x00, 0xaf, - 0xb9, 0x47, 0x26, 0x64, 0xe5, 0xa1, 0x75, 0xd9, 0x23, 0x5c, 0xeb, 0x1b, 0x67, 0xd2, 0x24, 0xd2, - 0x3f, 0x84, 0x7a, 0xfc, 0x28, 0x93, 0x77, 0x73, 0xe1, 0xa9, 0xa6, 0xd5, 0xcc, 0xcb, 0xeb, 0x85, - 0x56, 0x05, 0x7d, 0xa4, 0x98, 0x45, 0xd3, 0x3e, 0xce, 0x9c, 0x79, 0x8a, 0x68, 0x5d, 0x2e, 0x69, - 0xff, 0xad, 0x0a, 0xfa, 0x1e, 0xcc, 0x89, 0xaf, 0x43, 0xfd, 0x2b, 0xd1, 0x6a, 0x5b, 0xfd, 0x28, - 0xd9, 0x8e, 0x7f, 0x94, 0x6c, 0xdf, 0x1d, 0x31, 0x7e, 0xd2, 0x2a, 0xe9, 0xcf, 0xb5, 0x80, 0x67, - 0x70, 0x69, 0x8f, 0xf0, 0x14, 0x4e, 0xa3, 0x6b, 0xaf, 0xd5, 0x74, 0xb4, 0xac, 0x22, 0xd9, 0x38, - 0x22, 0xb7, 0x2a, 0xe8, 0x77, 0x06, 0x5c, 0xde, 0x23, 0xbc, 0x08, 0x50, 0xd1, 0x7b, 0xe5, 0x4a, - 0x4e, 0x01, 0xb2, 0xad, 0x47, 0x93, 0xde, 0xd7, 0xbc, 0x58, 0xab, 0x82, 0xfe, 0x60, 0xc0, 0x5a, - 0xc6, 0xb0, 0x2c, 0xe2, 0x44, 0x5b, 0x67, 0x1b, 0x57, 0x82, 0x4e, 0x5b, 0x9f, 0x4e, 0xf8, 0xe3, - 0x5f, 0x46, 0xa4, 0x55, 0x41, 0x87, 0xf2, 0x4c, 0xd2, 0x02, 0x83, 0xde, 0x2e, 0xad, 0x24, 0x89, - 0xf6, 0xf5, 0xd3, 0x96, 0x93, 0x73, 0xf8, 0x14, 0xe6, 0xf6, 0x08, 0x8f, 0xb3, 0x6e, 0x3e, 0xd2, - 0x0a, 0x45, 0x28, 0x7f, 0x55, 0x8b, 0x89, 0x5a, 0x46, 0xcc, 0x92, 0x92, 0x95, 0xc9, 0x53, 0xf9, - 0xbb, 0x5a, 0x9a, 0x82, 0xf3, 0x11, 0x53, 0x9e, 0xe6, 0xac, 0xca, 0xc7, 0x3b, 0xff, 0x78, 0xb9, - 0x6e, 0x7c, 0xf1, 0x72, 0xdd, 0xf8, 0xcf, 0xcb, 0x75, 0xe3, 0xc7, 0xb7, 0x5e, 0xf1, 0x8b, 0x7d, - 0xe6, 0x8f, 0x00, 0x30, 0xa3, 0x8e, 0x4b, 0x89, 0xc7, 0x8f, 0x66, 0x64, 0xf0, 0xdf, 0xfa, 0x6f, - 0x00, 0x00, 0x00, 0xff, 0xff, 0xfb, 0xa8, 0x48, 0x92, 0x23, 0x20, 0x00, 0x00, + 0xab, 0x8d, 0x1c, 0x89, 0x07, 0x04, 0xe2, 0x27, 0xf0, 0xc0, 0xff, 0x40, 0x3c, 0x21, 0x9e, 0xb8, + 0x48, 0xbc, 0xac, 0xf8, 0x03, 0xa0, 0x3c, 0xf2, 0x2b, 0x50, 0x5d, 0xfa, 0x3a, 0x6d, 0x27, 0xcb, + 0x38, 0x5e, 0xb1, 0x2f, 0x49, 0xd7, 0xa9, 0x53, 0xe7, 0x9c, 0x3a, 0x75, 0x2e, 0x5f, 0xd5, 0x18, + 0xae, 0x07, 0x84, 0xf9, 0x21, 0x09, 0x8e, 0x49, 0xd0, 0x91, 0x9f, 0x94, 0xfb, 0xc1, 0x49, 0xe6, + 0xb3, 0xcd, 0x02, 0x9f, 0xfb, 0x08, 0x52, 0x4a, 0xeb, 0x61, 0x9f, 0xf2, 0x41, 0x74, 0xd4, 0x76, + 0xfc, 0x51, 0x07, 0x07, 0x7d, 0x9f, 0x05, 0xfe, 0xe7, 0xf2, 0xe3, 0x3d, 0xa7, 0xdb, 0x39, 0xde, + 0xee, 0xb0, 0x61, 0xbf, 0x83, 0x19, 0x0d, 0x3b, 0x98, 0x31, 0x97, 0x3a, 0x98, 0x53, 0xdf, 0xeb, + 0x1c, 0x6f, 0x61, 0x97, 0x0d, 0xf0, 0x56, 0xa7, 0x4f, 0x3c, 0x12, 0x60, 0x4e, 0xba, 0x4a, 0x72, + 0xeb, 0xad, 0xbe, 0xef, 0xf7, 0x5d, 0xd2, 0x91, 0xa3, 0xa3, 0xa8, 0xd7, 0x21, 0x23, 0xc6, 0xb5, + 0x5a, 0xeb, 0x3f, 0xf3, 0xb0, 0x78, 0x80, 0x3d, 0xda, 0x23, 0x21, 0xb7, 0xc9, 0xf3, 0x88, 0x84, + 0x1c, 0x3d, 0x83, 0x29, 0x61, 0x8c, 0x69, 0x6c, 0x18, 0x9b, 0x73, 0xdb, 0xfb, 0xed, 0xd4, 0x9a, + 0x76, 0x6c, 0x8d, 0xfc, 0xf8, 0xb9, 0xd3, 0x6d, 0x1f, 0x6f, 0xb7, 0xd9, 0xb0, 0xdf, 0x16, 0xd6, + 0xb4, 0x33, 0xd6, 0xb4, 0x63, 0x6b, 0xda, 0x76, 0xb2, 0x2d, 0x5b, 0x4a, 0x45, 0x2d, 0xa8, 0x07, + 0xe4, 0x98, 0x86, 0xd4, 0xf7, 0xcc, 0xea, 0x86, 0xb1, 0xd9, 0xb0, 0x93, 0x31, 0x32, 0x61, 0xd6, + 0xf3, 0x77, 0xb1, 0x33, 0x20, 0x66, 0x6d, 0xc3, 0xd8, 0xac, 0xdb, 0xf1, 0x10, 0x6d, 0xc0, 0x1c, + 0x66, 0xec, 0x21, 0x3e, 0x22, 0xee, 0x03, 0x72, 0x62, 0x4e, 0xc9, 0x85, 0x59, 0x92, 0x58, 0x8b, + 0x19, 0x7b, 0x84, 0x47, 0xc4, 0x9c, 0x96, 0xb3, 0xf1, 0x10, 0x5d, 0x85, 0x86, 0x87, 0x47, 0x24, + 0x64, 0xd8, 0x21, 0x66, 0x5d, 0xce, 0xa5, 0x04, 0xf4, 0x4b, 0x58, 0xca, 0x18, 0xfe, 0xc4, 0x8f, + 0x02, 0x87, 0x98, 0x20, 0xb7, 0xfe, 0x78, 0xb2, 0xad, 0xef, 0x14, 0xc5, 0xda, 0xe3, 0x9a, 0xd0, + 0xcf, 0x60, 0x5a, 0x9e, 0xbc, 0x39, 0xb7, 0x51, 0x3b, 0x57, 0x6f, 0x2b, 0xb1, 0xc8, 0x83, 0x59, + 0xe6, 0x46, 0x7d, 0xea, 0x85, 0xe6, 0xbc, 0xd4, 0xf0, 0x74, 0x32, 0x0d, 0xbb, 0xbe, 0xd7, 0xa3, + 0xfd, 0x03, 0xec, 0xe1, 0x3e, 0x19, 0x11, 0x8f, 0x1f, 0x4a, 0xe1, 0x76, 0xac, 0x04, 0xbd, 0x80, + 0xe6, 0x30, 0x0a, 0xb9, 0x3f, 0xa2, 0x2f, 0xc8, 0x63, 0x26, 0xd6, 0x86, 0xe6, 0x25, 0xe9, 0xcd, + 0x47, 0x93, 0x29, 0x7e, 0x50, 0x90, 0x6a, 0x8f, 0xe9, 0x11, 0x41, 0x32, 0x8c, 0x8e, 0xc8, 0x0f, + 0x49, 0x20, 0xa3, 0x6b, 0x41, 0x05, 0x49, 0x86, 0xa4, 0xc2, 0x88, 0xea, 0x51, 0x68, 0x2e, 0x6e, + 0xd4, 0x54, 0x18, 0x25, 0x24, 0xb4, 0x09, 0x8b, 0xc7, 0x24, 0xa0, 0xbd, 0x93, 0x27, 0xb4, 0xef, + 0x61, 0x1e, 0x05, 0xc4, 0x6c, 0xca, 0x50, 0x2c, 0x92, 0xd1, 0x08, 0x2e, 0x0d, 0x88, 0x3b, 0x12, + 0x2e, 0xdf, 0x0d, 0x48, 0x37, 0x34, 0x97, 0xa4, 0x7f, 0xf7, 0x26, 0x3f, 0x41, 0x29, 0xce, 0xce, + 0x4b, 0x17, 0x86, 0x79, 0xbe, 0xad, 0x33, 0x45, 0xe5, 0x08, 0x52, 0x86, 0x15, 0xc8, 0xe8, 0x3a, + 0x2c, 0xf0, 0x00, 0x3b, 0x43, 0xea, 0xf5, 0x0f, 0x08, 0x1f, 0xf8, 0x5d, 0xf3, 0xb2, 0xf4, 0x44, + 0x81, 0x8a, 0x1c, 0x40, 0xc4, 0xc3, 0x47, 0x2e, 0xe9, 0xaa, 0x58, 0x7c, 0x7a, 0xc2, 0x48, 0x68, + 0x2e, 0xcb, 0x5d, 0xdc, 0x6a, 0x67, 0x2a, 0x54, 0xa1, 0x40, 0xb4, 0xef, 0x8e, 0xad, 0xba, 0xeb, + 0xf1, 0xe0, 0xc4, 0x2e, 0x11, 0x87, 0x86, 0x30, 0x27, 0xf6, 0x11, 0x87, 0xc2, 0x8a, 0x0c, 0x85, + 0xfb, 0x93, 0xf9, 0x68, 0x3f, 0x15, 0x68, 0x67, 0xa5, 0xa3, 0x36, 0xa0, 0x01, 0x0e, 0x0f, 0x22, + 0x97, 0x53, 0xe6, 0x12, 0x65, 0x46, 0x68, 0xae, 0x4a, 0x37, 0x95, 0xcc, 0xa0, 0x07, 0x00, 0x01, + 0xe9, 0xc5, 0x7c, 0x6b, 0x72, 0xe7, 0x37, 0xcf, 0xda, 0xb9, 0x9d, 0x70, 0xab, 0x1d, 0x67, 0x96, + 0x0b, 0xe5, 0x62, 0x1b, 0xc4, 0xe1, 0x3a, 0xdb, 0x65, 0x5a, 0x9b, 0x32, 0xc4, 0x4a, 0x66, 0x44, + 0x2c, 0x6a, 0xaa, 0x2c, 0x5a, 0x57, 0x54, 0xb4, 0x66, 0x48, 0xad, 0xbb, 0xb0, 0x76, 0x8a, 0xab, + 0x51, 0x13, 0x6a, 0x43, 0x72, 0x22, 0x4b, 0x74, 0xc3, 0x16, 0x9f, 0x68, 0x19, 0xa6, 0x8f, 0xb1, + 0x1b, 0x11, 0x59, 0x54, 0xeb, 0xb6, 0x1a, 0xdc, 0xa9, 0x7e, 0xdb, 0x68, 0xfd, 0xd6, 0x80, 0xc5, + 0x82, 0xe1, 0x25, 0xeb, 0x7f, 0x9a, 0x5d, 0x7f, 0x0e, 0x61, 0xdc, 0x7b, 0x8a, 0x83, 0x3e, 0xe1, + 0x19, 0x43, 0xac, 0x7f, 0x1a, 0x60, 0x16, 0x3c, 0xfa, 0x23, 0xca, 0x07, 0xf7, 0xa8, 0x4b, 0x42, + 0x74, 0x1b, 0x66, 0x03, 0x45, 0xd3, 0x8d, 0xe7, 0xad, 0x33, 0x0e, 0x62, 0xbf, 0x62, 0xc7, 0xdc, + 0xe8, 0x23, 0xa8, 0x8f, 0x08, 0xc7, 0x5d, 0xcc, 0xb1, 0xb6, 0x7d, 0xa3, 0x6c, 0xa5, 0xd0, 0x72, + 0xa0, 0xf9, 0xf6, 0x2b, 0x76, 0xb2, 0x06, 0xbd, 0x0f, 0xd3, 0xce, 0x20, 0xf2, 0x86, 0xb2, 0xe5, + 0xcc, 0x6d, 0xbf, 0x7d, 0xda, 0xe2, 0x5d, 0xc1, 0xb4, 0x5f, 0xb1, 0x15, 0xf7, 0xc7, 0x33, 0x30, + 0xc5, 0x70, 0xc0, 0xad, 0x7b, 0xb0, 0x5c, 0xa6, 0x42, 0xf4, 0x39, 0x67, 0x40, 0x9c, 0x61, 0x18, + 0x8d, 0xb4, 0x9b, 0x93, 0x31, 0x42, 0x30, 0x15, 0xd2, 0x17, 0xca, 0xd5, 0x35, 0x5b, 0x7e, 0x5b, + 0xdf, 0x82, 0xa5, 0x31, 0x6d, 0xe2, 0x50, 0x95, 0x6d, 0x42, 0xc2, 0xbc, 0x56, 0x6d, 0x45, 0xb0, + 0xf2, 0x54, 0xfa, 0x22, 0x29, 0xf6, 0x17, 0xd1, 0xb9, 0xad, 0x7d, 0x58, 0x2d, 0xaa, 0x0d, 0x99, + 0xef, 0x85, 0x44, 0x84, 0xbe, 0xac, 0x8e, 0x94, 0x74, 0xd3, 0x59, 0x69, 0x45, 0xdd, 0x2e, 0x99, + 0xb1, 0x7e, 0x55, 0x85, 0x55, 0x9b, 0x84, 0xbe, 0x7b, 0x4c, 0xe2, 0xd2, 0x75, 0x31, 0xe0, 0xe3, + 0x27, 0x50, 0xc3, 0x8c, 0xe9, 0x30, 0xb9, 0x7f, 0x6e, 0xed, 0xdd, 0x16, 0x52, 0xd1, 0xbb, 0xb0, + 0x84, 0x47, 0x47, 0xb4, 0x1f, 0xf9, 0x51, 0x18, 0x6f, 0x4b, 0x06, 0x55, 0xc3, 0x1e, 0x9f, 0xb0, + 0x1c, 0x58, 0x1b, 0x73, 0x81, 0x76, 0x67, 0x16, 0x22, 0x19, 0x05, 0x88, 0x54, 0xaa, 0xa4, 0x7a, + 0x9a, 0x92, 0xbf, 0x1a, 0xd0, 0x4c, 0x53, 0x47, 0x8b, 0xbf, 0x0a, 0x8d, 0x91, 0xa6, 0x85, 0xa6, + 0x21, 0xeb, 0x53, 0x4a, 0xc8, 0xa3, 0xa5, 0x6a, 0x11, 0x2d, 0xad, 0xc2, 0x8c, 0x02, 0xb3, 0x7a, + 0x63, 0x7a, 0x94, 0x33, 0x79, 0xaa, 0x60, 0xf2, 0x3a, 0x40, 0x98, 0xd4, 0x2f, 0x73, 0x46, 0xce, + 0x66, 0x28, 0xc8, 0x82, 0x79, 0xd5, 0x5b, 0x6d, 0x12, 0x46, 0x2e, 0x37, 0x67, 0x25, 0x47, 0x8e, + 0x66, 0xf9, 0xb0, 0xf8, 0x90, 0x8a, 0x3d, 0xf4, 0xc2, 0x8b, 0x09, 0xf6, 0x0f, 0x60, 0x4a, 0x28, + 0x13, 0x1b, 0x3b, 0x0a, 0xb0, 0xe7, 0x0c, 0x48, 0xec, 0xab, 0x64, 0x2c, 0xd2, 0x98, 0xe3, 0x7e, + 0x68, 0x56, 0x25, 0x5d, 0x7e, 0x5b, 0x7f, 0xac, 0x2a, 0x4b, 0x77, 0x18, 0x0b, 0xbf, 0x7a, 0x40, + 0x5d, 0xde, 0xe2, 0x6b, 0xe3, 0x2d, 0xbe, 0x60, 0xf2, 0x97, 0x69, 0xf1, 0xe7, 0xd4, 0xa6, 0xac, + 0x08, 0x66, 0x77, 0x18, 0x13, 0x86, 0xa0, 0x2d, 0x98, 0xc2, 0x8c, 0x29, 0x87, 0x17, 0x2a, 0xb2, + 0x66, 0x11, 0xff, 0x6b, 0x93, 0x24, 0x6b, 0xeb, 0x36, 0x34, 0x12, 0xd2, 0xab, 0xd4, 0x36, 0xb2, + 0x6a, 0x37, 0x00, 0x14, 0x86, 0xbd, 0xef, 0xf5, 0x7c, 0x71, 0xa4, 0x22, 0xd8, 0xf5, 0x52, 0xf9, + 0x6d, 0xdd, 0x89, 0x39, 0xa4, 0x6d, 0xef, 0xc2, 0x34, 0xe5, 0x64, 0x14, 0x1b, 0xb7, 0x9a, 0x35, + 0x2e, 0x15, 0x64, 0x2b, 0x26, 0xeb, 0x6f, 0x75, 0xb8, 0x22, 0x4e, 0xec, 0x89, 0x4c, 0x93, 0x1d, + 0xc6, 0x3e, 0x21, 0x1c, 0x53, 0x37, 0xfc, 0x7e, 0x44, 0x82, 0x93, 0x37, 0x1c, 0x18, 0x7d, 0x98, + 0x51, 0x59, 0xa6, 0xeb, 0xdd, 0xb9, 0x5f, 0x67, 0xb4, 0xf8, 0xf4, 0x0e, 0x53, 0x7b, 0x33, 0x77, + 0x98, 0xb2, 0x3b, 0xc5, 0xd4, 0x05, 0xdd, 0x29, 0x4e, 0xbf, 0x56, 0x66, 0x2e, 0xab, 0x33, 0xf9, + 0xcb, 0x6a, 0x09, 0x54, 0x9f, 0x7d, 0x5d, 0xa8, 0x5e, 0x2f, 0x85, 0xea, 0xa3, 0xd2, 0x3c, 0x6e, + 0x48, 0x77, 0x7f, 0x37, 0x1b, 0x81, 0xa7, 0xc6, 0xda, 0x24, 0xa0, 0x1d, 0xde, 0x28, 0x68, 0xff, + 0x41, 0x0e, 0x84, 0xab, 0x6b, 0xf0, 0xfb, 0xaf, 0xb7, 0xa7, 0x33, 0xe0, 0xf8, 0xd7, 0x0e, 0x3c, + 0xff, 0x46, 0x62, 0x26, 0xe6, 0xa7, 0x3e, 0x48, 0x1a, 0xba, 0xe8, 0x43, 0xa2, 0xb5, 0xea, 0xa2, + 0x25, 0xbe, 0xd1, 0x4d, 0x98, 0x12, 0x4e, 0xd6, 0xa0, 0x76, 0x2d, 0xeb, 0x4f, 0x71, 0x12, 0x3b, + 0x8c, 0x3d, 0x61, 0xc4, 0xb1, 0x25, 0x13, 0xba, 0x03, 0x8d, 0x24, 0xf0, 0x75, 0x66, 0x5d, 0xcd, + 0xae, 0x48, 0xf2, 0x24, 0x5e, 0x96, 0xb2, 0x8b, 0xb5, 0x5d, 0x1a, 0x10, 0x47, 0x42, 0xbe, 0xe9, + 0xf1, 0xb5, 0x9f, 0xc4, 0x93, 0xc9, 0xda, 0x84, 0x1d, 0x6d, 0xc1, 0x8c, 0x7a, 0x37, 0x90, 0x19, + 0x34, 0xb7, 0x7d, 0x65, 0xbc, 0x98, 0xc6, 0xab, 0x34, 0xa3, 0xf5, 0x17, 0x03, 0xde, 0x49, 0x03, + 0x22, 0xce, 0xa6, 0x18, 0x75, 0x7f, 0xf5, 0x1d, 0xf7, 0x3a, 0x2c, 0x48, 0x98, 0x9f, 0x3e, 0x1f, + 0xa8, 0x97, 0xac, 0x02, 0xd5, 0xfa, 0x83, 0x01, 0xd7, 0xc6, 0xf7, 0xb1, 0x3b, 0xc0, 0x01, 0x4f, + 0x8e, 0xf7, 0x22, 0xf6, 0x12, 0x37, 0xbc, 0x6a, 0xda, 0xf0, 0x72, 0xfb, 0xab, 0xe5, 0xf7, 0x67, + 0xfd, 0xb9, 0x0a, 0x73, 0x99, 0x00, 0x2a, 0x6b, 0x98, 0x02, 0xf0, 0xc9, 0xb8, 0x95, 0x17, 0x3b, + 0xd9, 0x14, 0x1a, 0x76, 0x86, 0x82, 0x86, 0x00, 0x0c, 0x07, 0x78, 0x44, 0x38, 0x09, 0x44, 0x25, + 0x17, 0x19, 0xff, 0x60, 0xf2, 0xea, 0x72, 0x18, 0xcb, 0xb4, 0x33, 0xe2, 0x05, 0x62, 0x95, 0xaa, + 0x43, 0x5d, 0xbf, 0xf5, 0x08, 0xfd, 0x02, 0x16, 0x7a, 0xd4, 0x25, 0x87, 0xa9, 0x21, 0x33, 0xd2, + 0x90, 0xc7, 0x93, 0x1b, 0x72, 0x2f, 0x2b, 0xd7, 0x2e, 0xa8, 0xb1, 0x6e, 0x40, 0xb3, 0x98, 0x4f, + 0xc2, 0x48, 0x3a, 0xc2, 0xfd, 0xc4, 0x5b, 0x7a, 0x64, 0x21, 0x68, 0x16, 0xf3, 0xc7, 0xfa, 0x57, + 0x15, 0x56, 0x12, 0x71, 0x3b, 0x9e, 0xe7, 0x47, 0x9e, 0x23, 0x9f, 0xe2, 0x4a, 0xcf, 0x62, 0x19, + 0xa6, 0x39, 0xe5, 0x6e, 0x02, 0x7c, 0xe4, 0x40, 0xf4, 0x2e, 0xee, 0xfb, 0x2e, 0xa7, 0x4c, 0x1f, + 0x70, 0x3c, 0x54, 0x67, 0xff, 0x3c, 0xa2, 0x01, 0xe9, 0xca, 0x4a, 0x50, 0xb7, 0x93, 0xb1, 0x98, + 0x13, 0xa8, 0x46, 0xc2, 0x78, 0xe5, 0xcc, 0x64, 0x2c, 0xe3, 0xde, 0x77, 0x5d, 0xe2, 0x08, 0x77, + 0x64, 0x80, 0x7e, 0x81, 0x2a, 0x2f, 0x10, 0x3c, 0xa0, 0x5e, 0x5f, 0xc3, 0x7c, 0x3d, 0x12, 0x76, + 0xe2, 0x20, 0xc0, 0x27, 0x66, 0x5d, 0x3a, 0x40, 0x0d, 0xd0, 0x77, 0xa0, 0x36, 0xc2, 0x4c, 0x37, + 0xba, 0x1b, 0xb9, 0xea, 0x50, 0xe6, 0x81, 0xf6, 0x01, 0x66, 0xaa, 0x13, 0x88, 0x65, 0xad, 0x0f, + 0xa0, 0x1e, 0x13, 0xbe, 0x14, 0x24, 0xfc, 0x1c, 0x2e, 0xe5, 0x8a, 0x0f, 0xfa, 0x0c, 0x56, 0xd3, + 0x88, 0xca, 0x2a, 0xd4, 0x20, 0xf0, 0x9d, 0x57, 0x5a, 0x66, 0x9f, 0x22, 0xc0, 0x7a, 0x0e, 0x4b, + 0x22, 0x64, 0x64, 0xe2, 0x5f, 0xd0, 0xd5, 0xe6, 0x43, 0x68, 0x24, 0x2a, 0x4b, 0x63, 0xa6, 0x05, + 0xf5, 0xe3, 0xf8, 0x89, 0x54, 0xdd, 0x6d, 0x92, 0xb1, 0xb5, 0x03, 0x28, 0x6b, 0xaf, 0xee, 0x40, + 0x37, 0xf3, 0xa0, 0x78, 0xa5, 0xd8, 0x6e, 0x24, 0x7b, 0x8c, 0x89, 0xff, 0x61, 0xc0, 0xe2, 0x1e, + 0x95, 0xaf, 0x1c, 0x17, 0x54, 0xe4, 0x6e, 0x40, 0x33, 0x8c, 0x8e, 0x46, 0x7e, 0x37, 0x72, 0x89, + 0x06, 0x05, 0xba, 0xd3, 0x8f, 0xd1, 0xcf, 0x2a, 0x7e, 0xc2, 0x59, 0x0c, 0xf3, 0x81, 0xbe, 0xe1, + 0xca, 0x6f, 0xeb, 0xd7, 0x06, 0x34, 0xd3, 0xdd, 0x68, 0x7f, 0xdc, 0x56, 0x71, 0xab, 0xbc, 0x71, + 0x2d, 0xeb, 0x8d, 0x22, 0xeb, 0xff, 0x1e, 0xb2, 0xf3, 0xd9, 0x90, 0xfd, 0x93, 0x01, 0x2b, 0x7b, + 0x94, 0xc7, 0xc5, 0x82, 0xfe, 0x9f, 0x79, 0xd6, 0x6a, 0xc3, 0x6a, 0xd1, 0x7c, 0xed, 0xca, 0x65, + 0x98, 0x16, 0x7e, 0x8e, 0x6f, 0xdf, 0x6a, 0xb0, 0xfd, 0x45, 0x03, 0x96, 0xd2, 0xf6, 0x29, 0xfe, + 0xa5, 0x0e, 0x41, 0x8f, 0xa1, 0xb9, 0xa7, 0x7f, 0xfd, 0x8a, 0x5f, 0x3d, 0xd0, 0x59, 0xcf, 0x88, + 0xad, 0xab, 0xe5, 0x93, 0x4a, 0xb5, 0x55, 0x41, 0x0e, 0x5c, 0x29, 0x0a, 0x4c, 0x5f, 0x2c, 0xbf, + 0x79, 0x86, 0xe4, 0x84, 0xeb, 0x55, 0x2a, 0x36, 0x0d, 0xf4, 0x19, 0x2c, 0xe4, 0xdf, 0xd5, 0x50, + 0xae, 0x9e, 0x94, 0x3e, 0xf5, 0xb5, 0xac, 0xb3, 0x58, 0x12, 0xfb, 0x9f, 0x09, 0xf0, 0x9a, 0x7b, + 0x64, 0x42, 0x56, 0x1e, 0x5a, 0x97, 0x3d, 0xc2, 0xb5, 0xbe, 0x71, 0x26, 0x4f, 0x22, 0xfd, 0x43, + 0xa8, 0xc7, 0x8f, 0x32, 0x79, 0x37, 0x17, 0x9e, 0x6a, 0x5a, 0xcd, 0xbc, 0xbc, 0x5e, 0x68, 0x55, + 0xd0, 0x47, 0x6a, 0xb1, 0xb8, 0xb4, 0x8f, 0x2f, 0xce, 0x3c, 0x45, 0xb4, 0x2e, 0x97, 0x5c, 0xff, + 0xad, 0x0a, 0xfa, 0x1e, 0xcc, 0x89, 0xaf, 0x43, 0xfd, 0xbb, 0xd3, 0x6a, 0x5b, 0xfd, 0xcc, 0xd9, + 0x8e, 0x7f, 0xe6, 0x6c, 0xdf, 0x1d, 0x31, 0x7e, 0xd2, 0x2a, 0xb9, 0x9f, 0x6b, 0x01, 0xcf, 0xe0, + 0xd2, 0x1e, 0xe1, 0x29, 0x9c, 0x46, 0xd7, 0x5e, 0xeb, 0xd2, 0xd1, 0xb2, 0x8a, 0x6c, 0xe3, 0x88, + 0xdc, 0xaa, 0xa0, 0xdf, 0x19, 0x70, 0x79, 0x8f, 0xf0, 0x22, 0x40, 0x45, 0xef, 0x95, 0x2b, 0x39, + 0x05, 0xc8, 0xb6, 0x1e, 0x4d, 0x9a, 0xaf, 0x79, 0xb1, 0x56, 0x05, 0xfd, 0xde, 0x80, 0xb5, 0x8c, + 0x61, 0x59, 0xc4, 0x89, 0xb6, 0xce, 0x36, 0xae, 0x04, 0x9d, 0xb6, 0x3e, 0x9d, 0xf0, 0xe7, 0xc4, + 0x8c, 0x48, 0xab, 0x82, 0x0e, 0xe5, 0x99, 0xa4, 0x0d, 0x06, 0xbd, 0x5d, 0xda, 0x49, 0x12, 0xed, + 0xeb, 0xa7, 0x4d, 0x27, 0xe7, 0xf0, 0x29, 0xcc, 0xed, 0x11, 0x1e, 0x57, 0xdd, 0x7c, 0xa4, 0x15, + 0x9a, 0x50, 0x3e, 0x55, 0x8b, 0x85, 0x5a, 0x46, 0xcc, 0x92, 0x92, 0x95, 0xa9, 0x53, 0xf9, 0x5c, + 0x2d, 0x2d, 0xc1, 0xf9, 0x88, 0x29, 0x2f, 0x73, 0x56, 0xe5, 0xe3, 0x9d, 0xbf, 0xbf, 0x5c, 0x37, + 0xbe, 0x78, 0xb9, 0x6e, 0xfc, 0xfb, 0xe5, 0xba, 0xf1, 0xe3, 0x5b, 0xaf, 0xf8, 0x1b, 0x80, 0xcc, + 0x9f, 0x15, 0x60, 0x46, 0x1d, 0x97, 0x12, 0x8f, 0x1f, 0xcd, 0xc8, 0xe0, 0xbf, 0xf5, 0xdf, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x38, 0x69, 0xf2, 0xff, 0x75, 0x20, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2891,6 +2911,26 @@ func (m *ManifestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.ProjectName) > 0 { + i -= len(m.ProjectName) + copy(dAtA[i:], m.ProjectName) + i = encodeVarintRepository(dAtA, i, uint64(len(m.ProjectName))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xca + } + if len(m.ProjectSourceRepos) > 0 { + for iNdEx := len(m.ProjectSourceRepos) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.ProjectSourceRepos[iNdEx]) + copy(dAtA[i:], m.ProjectSourceRepos[iNdEx]) + i = encodeVarintRepository(dAtA, i, uint64(len(m.ProjectSourceRepos[iNdEx]))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xc2 + } + } if len(m.RefSources) > 0 { for k := range m.RefSources { v := m.RefSources[k] @@ -4921,6 +4961,16 @@ func (m *ManifestRequest) Size() (n int) { n += mapEntrySize + 2 + sovRepository(uint64(mapEntrySize)) } } + if len(m.ProjectSourceRepos) > 0 { + for _, s := range m.ProjectSourceRepos { + l = len(s) + n += 2 + l + sovRepository(uint64(l)) + } + } + l = len(m.ProjectName) + if l > 0 { + n += 2 + l + sovRepository(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6512,6 +6562,70 @@ func (m *ManifestRequest) Unmarshal(dAtA []byte) error { } m.RefSources[mapkey] = mapvalue iNdEx = postIndex + case 24: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ProjectSourceRepos", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthRepository + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthRepository + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ProjectSourceRepos = append(m.ProjectSourceRepos, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 25: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ProjectName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthRepository + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthRepository + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ProjectName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 71a6bdc876ca3..c509906a26632 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -1044,6 +1044,11 @@ func runHelmBuild(appPath string, h helm.Helm) error { return os.WriteFile(markerFile, []byte("marker"), 0644) } +func isSourcePermitted(url string, repos []string) bool { + p := v1alpha1.AppProject{Spec: v1alpha1.AppProjectSpec{SourceRepos: repos}} + return p.IsSourcePermitted(v1alpha1.ApplicationSource{RepoURL: url}) +} + func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclient.ManifestRequest, isLocal bool, gitRepoPaths io.TempPaths) ([]*unstructured.Unstructured, error) { concurrencyAllowed := isConcurrencyAllowed(appPath) if !concurrencyAllowed { @@ -1140,6 +1145,20 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie if err != nil { return nil, err } + + var reposNotPermitted []string + // We do a sanity check here to give a nicer error message in case any of the Helm repositories are not permitted by + // the AppProject which the application is a part of + for _, repo := range helmRepos { + if !isSourcePermitted(repo.Repo, q.ProjectSourceRepos) { + reposNotPermitted = append(reposNotPermitted, repo.Repo) + } + } + + if len(reposNotPermitted) > 0 { + return nil, status.Errorf(codes.PermissionDenied, "helm repos %s are not permitted in project '%s'", strings.Join(reposNotPermitted, ", "), q.ProjectName) + } + h, err := helm.NewHelmApp(appPath, helmRepos, isLocal, version, proxy, passCredentials) if err != nil { return nil, err diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index 685526a5b08af..b1c89e3a2282e 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -31,6 +31,10 @@ message ManifestRequest { github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HelmOptions helmOptions = 21; bool hasMultipleSources = 22; map refSources = 23; + // This is used to surface "source not permitted" errors for Helm repositories + repeated string projectSourceRepos = 24; + // This is used to surface "source not permitted" errors for Helm repositories + string projectName = 25; } message ManifestRequestWithFiles { diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 1c5e655c571a2..8a32be75eda3d 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -152,7 +152,12 @@ func TestGenerateYamlManifestInDir(t *testing.T) { service := newService("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} + q := apiclient.ManifestRequest{ + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, + } // update this value if we add/remove manifests const countOfManifests = 49 @@ -218,7 +223,8 @@ func Test_GenerateManifests_NoOutOfBoundsAccess(t *testing.T) { mustNotContain = testCaseCopy.mustNotContain } - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := GenerateManifests(context.Background(), repoDir, "", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) require.Error(t, err) assert.NotContains(t, err.Error(), mustNotContain) @@ -233,7 +239,8 @@ func TestGenerateManifests_MissingSymlinkDestination(t *testing.T) { err := os.Symlink("/obviously/does/not/exist", path.Join(repoDir, "test.yaml")) require.NoError(t, err) - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} _, err = GenerateManifests(context.Background(), repoDir, "", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) require.NoError(t, err) } @@ -243,8 +250,11 @@ func TestGenerateManifests_K8SAPIResetCache(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - KubeVersion: "v1.16.0", - Repo: &argoappv1.Repository{}, ApplicationSource: &src, + KubeVersion: "v1.16.0", + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } cachedFakeResponse := &apiclient.ManifestResponse{Manifests: []string{"Fake"}} @@ -268,7 +278,10 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &src, + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: nil}, nil) @@ -283,7 +296,8 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { func TestHelmManifestFromChartRepo(t *testing.T) { service := newService(".") source := &argoappv1.ApplicationSource{Chart: "my-chart", TargetRevision: ">= 1.0.0"} - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -312,7 +326,8 @@ func TestHelmChartReferencingExternalValues(t *testing.T) { }, nil) refSources, err := argo.GetRefSources(context.Background(), spec, repoDB) require.NoError(t, err) - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -364,7 +379,8 @@ func TestGenerateManifestsUseExactRevision(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Revision: "abc"} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Revision: "abc", ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -377,7 +393,8 @@ func TestRecurseManifestsInDir(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -410,6 +427,8 @@ func TestGenerateJsonnetManifestInDir(t *testing.T) { }, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -431,6 +450,8 @@ func TestGenerateJsonnetManifestInRootDir(t *testing.T) { }, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -450,6 +471,8 @@ func TestGenerateJsonnetLibOutside(t *testing.T) { }, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } _, err := service.GenerateManifest(context.Background(), &q) require.Error(t, err) @@ -624,6 +647,8 @@ func TestManifestGenErrorCacheFileContentsChange(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: ".", }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) fmt.Println("-", step, "-", res != nil, err != nil, errorExpected) @@ -792,6 +817,8 @@ func TestGenerateHelmWithValues(t *testing.T) { Values: `cluster: {slaveCount: 2}`, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -827,6 +854,8 @@ func TestHelmWithMissingValueFiles(t *testing.T) { ValueFiles: []string{"values-production.yaml", missingValuesFile}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } // Should fail since we're passing a non-existent values file, and error should indicate that @@ -852,6 +881,8 @@ func TestGenerateHelmWithEnvVars(t *testing.T) { ValueFiles: []string{"values-$ARGOCD_APP_NAME.yaml"}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -887,6 +918,8 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { Values: `cluster: {slaveCount: 2}`, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -898,6 +931,8 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: "./my-chart", }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) } @@ -921,7 +956,12 @@ func TestHelmManifestFromChartRepoWithValueFile(t *testing.T) { ValueFiles: []string{"./my-chart-values.yaml"}, }, } - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} + request := &apiclient.ManifestRequest{ + Repo: &argoappv1.Repository{}, + ApplicationSource: source, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -960,7 +1000,8 @@ func TestHelmManifestFromChartRepoWithValueFileLinks(t *testing.T) { ValueFiles: []string{"my-chart-link.yaml"}, }, } - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} _, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) }) @@ -979,7 +1020,9 @@ func TestGenerateHelmWithURL(t *testing.T) { Values: `cluster: {slaveCount: 2}`, }, }, - HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"https"}}, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, + HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"https"}}, }) assert.NoError(t, err) } @@ -999,6 +1042,8 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { Values: `cluster: {slaveCount: 2}`, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "outside repository root") @@ -1016,6 +1061,8 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { Values: `cluster: {slaveCount: 2}`, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) }) @@ -1032,6 +1079,8 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { Values: `cluster: {slaveCount: 2}`, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) }) @@ -1048,6 +1097,8 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { Values: `cluster: {slaveCount: 2}`, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "outside repository root") @@ -1065,6 +1116,8 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { Values: `cluster: {slaveCount: 2}`, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "is not allowed") @@ -1081,7 +1134,9 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValueFiles: []string{"s3://my-bucket/my-chart-values.yaml"}, }, }, - HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"s3"}}, + HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"s3"}}, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "s3://my-bucket/my-chart-values.yaml: no such file or directory") @@ -1120,12 +1175,14 @@ func TestGenerateHelmWithAbsoluteFileParameter(t *testing.T) { }}, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) } // The requested file parameter (`../external/external-secret.txt`) is outside the app path -// (`./util/helm/testdata/redis`), however since the requested value is sill under the repo +// (`./util/helm/testdata/redis`), however since the requested value is still under the repo // directory (`~/go/src/github.com/argoproj/argo-cd`), it is allowed. It is used as a means of // providing direct content to a helm chart via a specific key. func TestGenerateHelmWithFileParameter(t *testing.T) { @@ -1147,6 +1204,8 @@ func TestGenerateHelmWithFileParameter(t *testing.T) { }, }, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) } @@ -1156,9 +1215,11 @@ func TestGenerateNullList(t *testing.T) { t.Run("null list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/null-list"}, - NoCache: true, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/null-list"}, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Nil(t, err) assert.Equal(t, len(res1.Manifests), 1) @@ -1167,9 +1228,11 @@ func TestGenerateNullList(t *testing.T) { t.Run("empty list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/empty-list"}, - NoCache: true, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/empty-list"}, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Nil(t, err) assert.Equal(t, len(res1.Manifests), 1) @@ -1178,9 +1241,11 @@ func TestGenerateNullList(t *testing.T) { t.Run("weird list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/weird-list"}, - NoCache: true, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/weird-list"}, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.Nil(t, err) assert.Len(t, res1.Manifests, 2) @@ -1228,6 +1293,8 @@ func TestRunCustomTool(t *testing.T) { Repo: &argoappv1.Repository{ Username: "foo", Password: "bar", }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -1246,8 +1313,10 @@ func TestRunCustomTool(t *testing.T) { func TestGenerateFromUTF16(t *testing.T) { q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{}, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, } res1, err := GenerateManifests(context.Background(), "./testdata/utf-16", "/", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) assert.Nil(t, err) @@ -1425,7 +1494,13 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newServiceWithSignature("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true} + q := apiclient.ManifestRequest{ + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, + VerifySignature: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, + } res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1436,7 +1511,8 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newServiceWithSignature("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1447,7 +1523,8 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newService("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1458,7 +1535,8 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newService("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1617,6 +1695,8 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1646,6 +1726,8 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1675,7 +1757,9 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - AppName: "testapp", + AppName: "testapp", + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1705,7 +1789,9 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - AppName: "testapp2", + AppName: "testapp2", + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1735,9 +1821,11 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { } sourceCopy := source.DeepCopy() // make a copy in case GenerateManifest mutates it. _, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: sourceCopy, - AppName: "test", + Repo: &argoappv1.Repository{}, + ApplicationSource: sourceCopy, + AppName: "test", + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) res := &cache.CachedManifestResponse{} @@ -1771,7 +1859,9 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: regularGitTagHash, }, - NoCache: true, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }, wantError: false, service: newServiceWithCommitSHA(".", regularGitTagHash), @@ -1785,7 +1875,9 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: annotatedGitTaghash, }, - NoCache: true, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }, wantError: false, service: newServiceWithCommitSHA(".", annotatedGitTaghash), @@ -1799,7 +1891,9 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: invalidGitTaghash, }, - NoCache: true, + NoCache: true, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, }, wantError: true, service: newServiceWithCommitSHA(".", invalidGitTaghash), diff --git a/server/application/application.go b/server/application/application.go index 47525c9aed391..97fe50415ef45 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -421,6 +421,11 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan return fmt.Errorf("error getting API resources: %w", err) } + proj, err := argo.GetAppProject(a, applisters.NewAppProjectLister(s.projInformer.GetIndexer()), s.ns, s.settingsMgr, s.db, ctx) + if err != nil { + return fmt.Errorf("error getting app project: %w", err) + } + manifestInfo, err = client.GenerateManifest(ctx, &apiclient.ManifestRequest{ Repo: repo, Revision: revision, @@ -437,6 +442,8 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan HelmOptions: helmOptions, TrackingMethod: string(argoutil.GetTrackingMethod(s.settingsMgr)), EnabledSourceTypes: enableGenerateManifests, + ProjectName: proj.Name, + ProjectSourceRepos: proj.Spec.SourceRepos, }) if err != nil { return fmt.Errorf("error generating manifests: %w", err) @@ -516,6 +523,12 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get } source := a.Spec.GetSource() + + proj, err := argo.GetAppProject(a, applisters.NewAppProjectLister(s.projInformer.GetIndexer()), s.ns, s.settingsMgr, s.db, ctx) + if err != nil { + return fmt.Errorf("error getting app project: %w", err) + } + req := &apiclient.ManifestRequest{ Repo: repo, Revision: source.TargetRevision, @@ -532,6 +545,8 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get HelmOptions: helmOptions, TrackingMethod: string(argoutil.GetTrackingMethod(s.settingsMgr)), EnabledSourceTypes: enableGenerateManifests, + ProjectName: proj.Name, + ProjectSourceRepos: proj.Spec.SourceRepos, } repoStreamClient, err := client.GenerateManifestWithFiles(stream.Context()) @@ -1106,6 +1121,7 @@ func (s *Server) validateAndNormalizeApp(ctx context.Context, app *appv1.Applica } var conditions []appv1.ApplicationCondition + if validate { conditions := make([]appv1.ApplicationCondition, 0) condition, err := argo.ValidateRepo(ctx, app, s.repoClientset, s.db, plugins, s.kubectl, proj, s.settingsMgr) diff --git a/test/e2e/helm_test.go b/test/e2e/helm_test.go index a723d3a90bb30..953d208a1af9e 100644 --- a/test/e2e/helm_test.go +++ b/test/e2e/helm_test.go @@ -19,6 +19,7 @@ import ( "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" + projectFixture "github.com/argoproj/argo-cd/v2/test/e2e/fixture/project" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/repos" . "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/argo-cd/v2/util/settings" @@ -399,6 +400,45 @@ func TestHelmWithMultipleDependencies(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)) } +func TestHelmWithMultipleDependenciesPermissionDenied(t *testing.T) { + SkipOnEnv(t, "HELM") + + projName := "argo-helm-project-denied" + projectFixture. + Given(t). + Name(projName). + Destination("*,*"). + When(). + Create(). + AddSource(RepoURL(RepoURLTypeFile)) + + expectedErr := fmt.Sprintf("helm repos localhost:5000/myrepo are not permitted in project '%s'", projName) + GivenWithSameState(t). + Project(projName). + Path("helm-oci-with-dependencies"). + CustomCACertAdded(). + HelmHTTPSCredentialsUserPassAdded(). + HelmPassCredentials(). + When(). + IgnoreErrors(). + CreateApp(). + Then(). + Expect(Error("", expectedErr)) + + expectedErr = fmt.Sprintf("helm repos https://localhost:9444/argo-e2e/testdata.git/helm-repo/local, https://localhost:9444/argo-e2e/testdata.git/helm-repo/local2 are not permitted in project '%s'", projName) + GivenWithSameState(t). + Project(projName). + Path("helm-with-multiple-dependencies"). + CustomCACertAdded(). + HelmHTTPSCredentialsUserPassAdded(). + HelmPassCredentials(). + When(). + IgnoreErrors(). + CreateApp(). + Then(). + Expect(Error("", expectedErr)) +} + func TestHelmWithDependenciesLegacyRepo(t *testing.T) { SkipOnEnv(t, "HELM") testHelmWithDependencies(t, "helm-with-dependencies", true) diff --git a/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml b/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml index fc1982761746c..f7f144d20e123 100644 --- a/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml +++ b/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml @@ -1,7 +1,11 @@ apiVersion: v2 -name: helm-with-dependencies +name: helm-with-multiple-dependencies version: v1.0.0 dependencies: - name: helm repository: "https://localhost:9444/argo-e2e/testdata.git/helm-repo/local" version: v1.0.0 + - name: helm + repository: "https://localhost:9444/argo-e2e/testdata.git/helm-repo/local2" + version: v1.0.0 + alias: helm2 \ No newline at end of file diff --git a/util/argo/argo.go b/util/argo/argo.go index a9d5a0bc9ba9d..33f8bdd7e2c6a 100644 --- a/util/argo/argo.go +++ b/util/argo/argo.go @@ -420,6 +420,7 @@ func validateRepo(ctx context.Context, helmOptions, app.Name, app.Spec.Destination, + proj, sources, repoClient, plugins, @@ -705,6 +706,7 @@ func verifyGenerateManifests( helmOptions *argoappv1.HelmOptions, name string, dest argoappv1.ApplicationDestination, + proj *argoappv1.AppProject, sources []argoappv1.ApplicationSource, repoClient apiclient.RepoServerServiceClient, plugins []*argoappv1.ConfigManagementPlugin, @@ -773,6 +775,8 @@ func verifyGenerateManifests( NoRevisionCache: true, HasMultipleSources: hasMultipleSources, RefSources: refSources, + ProjectName: proj.Name, + ProjectSourceRepos: proj.Spec.SourceRepos, } req.Repo.CopyCredentialsFromRepo(repoRes) req.Repo.CopySettingsFrom(repoRes) From 82604652ee08d1357cc86323d8cb0705d0c6f508 Mon Sep 17 00:00:00 2001 From: wmgroot Date: Sat, 27 May 2023 10:29:42 -0500 Subject: [PATCH 005/252] fix(appset): add ApplicationSet ProgressiveSync handling to clean up old appStatus entries when Applications are removed or RollingSync is disabled (#13419) Signed-off-by: wmgroot --- .../controllers/applicationset_controller.go | 67 ++++--- .../applicationset_controller_test.go | 186 ++++++++++++++---- 2 files changed, 184 insertions(+), 69 deletions(-) diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 1350edcff0fad..f0688a54d6cee 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -149,19 +149,28 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque // appSyncMap tracks which apps will be synced during this reconciliation. appSyncMap := map[string]bool{} - if r.EnableProgressiveSyncs && applicationSetInfo.Spec.Strategy != nil { - applications, err := r.getCurrentApplications(ctx, applicationSetInfo) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) - } + if r.EnableProgressiveSyncs { + if applicationSetInfo.Spec.Strategy == nil && len(applicationSetInfo.Status.ApplicationStatus) > 0 { + log.Infof("Removing %v unnecessary AppStatus entries from ApplicationSet %v", len(applicationSetInfo.Status.ApplicationStatus), applicationSetInfo.Name) - for _, app := range applications { - appMap[app.Name] = app - } + err := r.setAppSetApplicationStatus(ctx, &applicationSetInfo, []argov1alpha1.ApplicationSetApplicationStatus{}) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to clear previous AppSet application statuses for %v: %w", applicationSetInfo.Name, err) + } + } else { + applications, err := r.getCurrentApplications(ctx, applicationSetInfo) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) + } - appSyncMap, err = r.performProgressiveSyncs(ctx, applicationSetInfo, applications, desiredApplications, appMap) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err) + for _, app := range applications { + appMap[app.Name] = app + } + + appSyncMap, err = r.performProgressiveSyncs(ctx, applicationSetInfo, applications, desiredApplications, appMap) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err) + } } } @@ -1222,30 +1231,30 @@ func findApplicationStatusIndex(appStatuses []argov1alpha1.ApplicationSetApplica // with any new/changed Application statuses. func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet, applicationStatuses []argov1alpha1.ApplicationSetApplicationStatus) error { needToUpdateStatus := false - for i := range applicationStatuses { - appStatus := applicationStatuses[i] - idx := findApplicationStatusIndex(applicationSet.Status.ApplicationStatus, appStatus.Application) - if idx == -1 { - needToUpdateStatus = true - break - } - currentStatus := applicationSet.Status.ApplicationStatus[idx] - if currentStatus.Message != appStatus.Message || currentStatus.Status != appStatus.Status { - needToUpdateStatus = true - break + + if len(applicationStatuses) != len(applicationSet.Status.ApplicationStatus) { + needToUpdateStatus = true + } else { + for i := range applicationStatuses { + appStatus := applicationStatuses[i] + idx := findApplicationStatusIndex(applicationSet.Status.ApplicationStatus, appStatus.Application) + if idx == -1 { + needToUpdateStatus = true + break + } + currentStatus := applicationSet.Status.ApplicationStatus[idx] + if currentStatus.Message != appStatus.Message || currentStatus.Status != appStatus.Status || currentStatus.Step != appStatus.Step { + needToUpdateStatus = true + break + } } } if needToUpdateStatus { - // fetch updated Application Set object before updating it namespacedName := types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name} - if err := r.Get(ctx, namespacedName, applicationSet); err != nil { - if client.IgnoreNotFound(err) != nil { - return nil - } - return fmt.Errorf("error fetching updated application set: %v", err) - } + // rebuild ApplicationStatus from scratch, we don't need any previous status history + applicationSet.Status.ApplicationStatus = []argov1alpha1.ApplicationSetApplicationStatus{} for i := range applicationStatuses { applicationSet.Status.SetApplicationStatus(applicationStatuses[i]) } diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index 0f433b7979d56..e822a157c1a75 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -2277,55 +2277,104 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { err = v1alpha1.AddToScheme(scheme) assert.Nil(t, err) - appSet := v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Generators: []v1alpha1.ApplicationSetGenerator{ - {List: &v1alpha1.ListGenerator{ - Elements: []apiextensionsv1.JSON{{ - Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), - }}, - }}, + kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) + argoDBMock := dbmocks.ArgoDB{} + argoObjs := []runtime.Object{} + + for _, cc := range []struct { + name string + appSet v1alpha1.ApplicationSet + appStatuses []v1alpha1.ApplicationSetApplicationStatus + expectedAppStatuses []v1alpha1.ApplicationSetApplicationStatus + }{ + { + name: "sets a single appstatus", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }}, + }, + Template: v1alpha1.ApplicationSetTemplate{}, + }, + }, + appStatuses: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "testing SetApplicationSetApplicationStatus to Healthy", + Status: "Healthy", + }, + }, + expectedAppStatuses: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "testing SetApplicationSetApplicationStatus to Healthy", + Status: "Healthy", + }, }, - Template: v1alpha1.ApplicationSetTemplate{}, }, - } - - appStatuses := []v1alpha1.ApplicationSetApplicationStatus{ { - Application: "my-application", - LastTransitionTime: &metav1.Time{}, - Message: "testing SetApplicationSetApplicationStatus to Healthy", - Status: "Healthy", + name: "removes an appstatus", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }}, + }, + Template: v1alpha1.ApplicationSetTemplate{}, + }, + Status: v1alpha1.ApplicationSetStatus{ + ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "testing SetApplicationSetApplicationStatus to Healthy", + Status: "Healthy", + }, + }, + }, + }, + appStatuses: []v1alpha1.ApplicationSetApplicationStatus{}, + expectedAppStatuses: nil, }, - } + } { - kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} - argoObjs := []runtime.Object{} + t.Run(cc.name, func(t *testing.T) { - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build() - r := ApplicationSetReconciler{ - Client: client, - Scheme: scheme, - Renderer: &utils.Render{}, - Recorder: record.NewFakeRecorder(1), - Generators: map[string]generators.Generator{ - "List": generators.NewListGenerator(), - }, - ArgoDB: &argoDBMock, - ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), - KubeClientset: kubeclientset, - } + r := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Renderer: &utils.Render{}, + Recorder: record.NewFakeRecorder(1), + Generators: map[string]generators.Generator{ + "List": generators.NewListGenerator(), + }, + ArgoDB: &argoDBMock, + ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), + KubeClientset: kubeclientset, + } - err = r.setAppSetApplicationStatus(context.TODO(), &appSet, appStatuses) - assert.Nil(t, err) + err = r.setAppSetApplicationStatus(context.TODO(), &cc.appSet, cc.appStatuses) + assert.Nil(t, err) - assert.Len(t, appSet.Status.ApplicationStatus, 1) + assert.Equal(t, cc.expectedAppStatuses, cc.appSet.Status.ApplicationStatus) + }) + } } func TestBuildAppDependencyList(t *testing.T) { @@ -4122,6 +4171,63 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + { + name: "removes the appStatus for applications that no longer exist", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Strategy: &v1alpha1.ApplicationSetStrategy{ + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + }, + }, + Status: v1alpha1.ApplicationSetStatus{ + ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "Application has pending changes, setting status to Waiting.", + Status: "Waiting", + Step: "1", + }, + { + Application: "app2", + Message: "Application has pending changes, setting status to Waiting.", + Status: "Waiting", + Step: "1", + }, + }, + }, + }, + apps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + }, + Status: v1alpha1.ApplicationStatus{ + Health: v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + }, + OperationState: &v1alpha1.OperationState{ + Phase: common.OperationSucceeded, + }, + Sync: v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + }, + }, + }, + }, + expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ + { + Application: "app1", + Message: "Application resource is already Healthy, updating status from Waiting to Healthy.", + Status: "Healthy", + Step: "1", + }, + }, + }, } { t.Run(cc.name, func(t *testing.T) { From 591b33d956bbba6037f299d4997bbf489c2af91e Mon Sep 17 00:00:00 2001 From: wmgroot Date: Sat, 27 May 2023 10:35:56 -0500 Subject: [PATCH 006/252] fix(appset) [ISSUE-13501] adjust NotIn operator behavior of AppSet Progressive Syncs to match documentation (#13551) Signed-off-by: wmgroot --- .../controllers/applicationset_controller.go | 51 ++++------- .../applicationset_controller_test.go | 84 ++++++++++++++++++- 2 files changed, 99 insertions(+), 36 deletions(-) diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index f0688a54d6cee..8210433723da1 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -862,45 +862,21 @@ func (r *ApplicationSetReconciler) buildAppDependencyList(ctx context.Context, a selected := true // default to true, assuming the current Application is a match for the given step matchExpression - allNotInMatched := true // needed to support correct AND behavior between multiple NotIn MatchExpressions - notInUsed := false // since we default to allNotInMatched == true, track whether a NotIn expression was actually used - for _, matchExpression := range step.MatchExpressions { - if matchExpression.Operator == "In" { - if val, ok := app.Labels[matchExpression.Key]; ok { - valueMatched := labelMatchedExpression(val, matchExpression) + if val, ok := app.Labels[matchExpression.Key]; ok { + valueMatched := labelMatchedExpression(val, matchExpression) - if !valueMatched { // none of the matchExpression values was a match with the Application'ss labels - selected = false - break - } - } else { - selected = false // no matching label key with In means this Application will not be included in the current step + if !valueMatched { // none of the matchExpression values was a match with the Application'ss labels + selected = false break } - } else if matchExpression.Operator == "NotIn" { - notInUsed = true // a NotIn selector was used in this matchExpression - if val, ok := app.Labels[matchExpression.Key]; ok { - valueMatched := labelMatchedExpression(val, matchExpression) - - if !valueMatched { // none of the matchExpression values was a match with the Application's labels - allNotInMatched = false - } - } else { - allNotInMatched = false // no matching label key with NotIn means this Application may still be included in the current step - } - } else { // handle invalid operator selection - log.Warnf("skipping AppSet rollingUpdate step Application selection for %q, invalid matchExpression operator provided: %q ", applicationSet.Name, matchExpression.Operator) - selected = false + } else if matchExpression.Operator == "In" { + selected = false // no matching label key with "In" operator means this Application will not be included in the current step break } } - if notInUsed && allNotInMatched { // check if all NotIn Expressions matched, if so exclude this Application - selected = false - } - if selected { appDependencyList[i] = append(appDependencyList[i], app.Name) if val, ok := appStepMap[app.Name]; ok { @@ -916,11 +892,20 @@ func (r *ApplicationSetReconciler) buildAppDependencyList(ctx context.Context, a } func labelMatchedExpression(val string, matchExpression argov1alpha1.ApplicationMatchExpression) bool { - valueMatched := false + if matchExpression.Operator != "In" && matchExpression.Operator != "NotIn" { + log.Errorf("skipping AppSet rollingUpdate step Application selection, invalid matchExpression operator provided: %q ", matchExpression.Operator) + return false + } + + // if operator == In, default to false + // if operator == NotIn, default to true + valueMatched := matchExpression.Operator == "NotIn" + for _, value := range matchExpression.Values { if val == value { - valueMatched = true - break + // first "In" match returns true + // first "NotIn" match returns false + return matchExpression.Operator == "In" } } return valueMatched diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index e822a157c1a75..7ccf6d4c17a10 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -2841,7 +2841,7 @@ func TestBuildAppDependencyList(t *testing.T) { }, }, { - name: "multiple 'NotIn' selectors only match Applications with all labels", + name: "multiple 'NotIn' selectors remove Applications with mising labels on any match", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "name", @@ -2895,10 +2895,88 @@ func TestBuildAppDependencyList(t *testing.T) { }, }, expectedList: [][]string{ - {"app-qa1"}, + {}, + }, + expectedStepMap: map[string]int{}, + }, + { + name: "multiple 'NotIn' selectors filter all matching Applications", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Strategy: &v1alpha1.ApplicationSetStrategy{ + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{ + { + Key: "region", + Operator: "NotIn", + Values: []string{ + "us-east-2", + }, + }, + { + Key: "env", + Operator: "NotIn", + Values: []string{ + "qa", + }, + }, + }, + }, + }, + }, + }, + }, + }, + apps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app-qa1", + Labels: map[string]string{ + "env": "qa", + "region": "us-east-1", + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app-qa2", + Labels: map[string]string{ + "env": "qa", + "region": "us-east-2", + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app-prod1", + Labels: map[string]string{ + "env": "prod", + "region": "us-east-1", + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app-prod2", + Labels: map[string]string{ + "env": "prod", + "region": "us-east-2", + }, + }, + }, + }, + expectedList: [][]string{ + {"app-prod1"}, }, expectedStepMap: map[string]int{ - "app-qa1": 0, + "app-prod1": 0, }, }, { From 5d80789a26427ac95c02c8477b1b45d03a822c89 Mon Sep 17 00:00:00 2001 From: Marie Katrine Ekeberg <78956208+mkekeberg@users.noreply.github.com> Date: Sat, 27 May 2023 18:25:59 +0200 Subject: [PATCH 007/252] fix: Disable keep alives for helm https connections (#13695) Signed-off-by: Marie Katrine Ekeberg --- util/helm/client.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/util/helm/client.go b/util/helm/client.go index edd5900f6e884..8fa3f6c0d24d8 100644 --- a/util/helm/client.go +++ b/util/helm/client.go @@ -304,6 +304,7 @@ func (c *nativeHelmChart) loadRepoIndex() ([]byte, error) { tr := &http.Transport{ Proxy: proxy.GetCallback(c.proxy), TLSClientConfig: tlsConf, + DisableKeepAlives: true, } client := http.Client{Transport: tr} resp, err := client.Do(req) @@ -412,6 +413,7 @@ func (c *nativeHelmChart) GetTags(chart string, noCache bool) (*TagsList, error) client := &http.Client{Transport: &http.Transport{ Proxy: proxy.GetCallback(c.proxy), TLSClientConfig: tlsConf, + DisableKeepAlives: true, }} repo.Client = &auth.Client{ Client: client, From 8385d27e84a270b2a286141f211edeb5b315e643 Mon Sep 17 00:00:00 2001 From: Carlos Sanchez Date: Sat, 27 May 2023 18:30:33 +0200 Subject: [PATCH 008/252] docs: correct indentation for gke ingress (#13680) Signed-off-by: Carlos Sanchez --- docs/operator-manual/ingress.md | 36 ++++++++++++++++----------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md index 35fdef22dd3f4..ee048f3ad6b16 100644 --- a/docs/operator-manual/ingress.md +++ b/docs/operator-manual/ingress.md @@ -537,15 +537,15 @@ spec: - secretName: secret-yourdomain-com rules: - host: argocd.yourdomain.com - http: - paths: - - pathType: ImplementationSpecific - path: "/*" # "*" is needed. Without this, the UI Javascript and CSS will not load properly - backend: - service: - name: argocd-server - port: - number: 80 + http: + paths: + - pathType: ImplementationSpecific + path: "/*" # "*" is needed. Without this, the UI Javascript and CSS will not load properly + backend: + service: + name: argocd-server + port: + number: 80 ``` If you use the version `1.21.3-gke.1600` or later, you should use the following Ingress resource: @@ -562,15 +562,15 @@ spec: - secretName: secret-yourdomain-com rules: - host: argocd.yourdomain.com - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: argocd-server - port: - number: 80 + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: argocd-server + port: + number: 80 ``` As you may know already, it can take some minutes to deploy the load balancer and become ready to accept connections. Once it's ready, get the public IP address for your Load Balancer, go to your DNS server (Google or third party) and point your domain or subdomain (i.e. argocd.yourdomain.com) to that IP address. From 04964c908c6b091d7392e88a01c011192418f198 Mon Sep 17 00:00:00 2001 From: Takashi Kusumi Date: Sun, 28 May 2023 01:44:23 +0900 Subject: [PATCH 009/252] feat: add ssh.github.com to SSH known hosts (#13592) * feat: add ssh.github.com to SSH known hosts Signed-off-by: Takashi Kusumi * fix: update hack/ssh_known_hosts Signed-off-by: Takashi Kusumi * fix: sync known hosts ConfigMap with hack/ssh_known_hosts Signed-off-by: Takashi Kusumi --------- Signed-off-by: Takashi Kusumi --- .../argocd-ssh-known-hosts-cm.yaml | 10 ++++++++-- docs/operator-manual/declarative-setup.md | 15 ++++++++++----- hack/ssh_known_hosts | 9 ++++++++- hack/update-ssh-known-hosts.sh | 17 ++++++++++++++--- .../base/config/argocd-ssh-known-hosts-cm.yaml | 10 ++++++++-- manifests/core-install.yaml | 10 ++++++++-- manifests/ha/install.yaml | 10 ++++++++-- manifests/ha/namespace-install.yaml | 10 ++++++++-- manifests/install.yaml | 10 ++++++++-- manifests/namespace-install.yaml | 10 ++++++++-- 10 files changed, 88 insertions(+), 23 deletions(-) diff --git a/docs/operator-manual/argocd-ssh-known-hosts-cm.yaml b/docs/operator-manual/argocd-ssh-known-hosts-cm.yaml index 8011572939ab6..7bd88fda144ee 100644 --- a/docs/operator-manual/argocd-ssh-known-hosts-cm.yaml +++ b/docs/operator-manual/argocd-ssh-known-hosts-cm.yaml @@ -7,12 +7,18 @@ metadata: name: argocd-ssh-known-hosts-cm data: ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index c2f2e7baf775a..edc06193d5d86 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -424,22 +424,27 @@ An example ConfigMap object: apiVersion: v1 kind: ConfigMap metadata: - name: argocd-ssh-known-hosts-cm - namespace: argocd labels: - app.kubernetes.io/name: argocd-cm + app.kubernetes.io/name: argocd-ssh-known-hosts-cm app.kubernetes.io/part-of: argocd + name: argocd-ssh-known-hosts-cm data: ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl ``` !!! note diff --git a/hack/ssh_known_hosts b/hack/ssh_known_hosts index a6209cdc3a008..f474fe6cc571b 100644 --- a/hack/ssh_known_hosts +++ b/hack/ssh_known_hosts @@ -1,5 +1,12 @@ -# This file was automatically generated. DO NOT EDIT +# This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT +[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= +[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl +[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= +bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= +bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== +github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= +github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf diff --git a/hack/update-ssh-known-hosts.sh b/hack/update-ssh-known-hosts.sh index ede8802e62106..4f8532969c639 100755 --- a/hack/update-ssh-known-hosts.sh +++ b/hack/update-ssh-known-hosts.sh @@ -3,19 +3,30 @@ set -e KNOWN_HOSTS_FILE=$(dirname "$0")/ssh_known_hosts -HEADER="# This file was automatically generated. DO NOT EDIT" +HEADER="# This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT" echo "$HEADER" > $KNOWN_HOSTS_FILE -ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com | sort -u >> $KNOWN_HOSTS_FILE +{ \ + ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com && \ + ssh-keyscan -p 443 ssh.github.com ; \ +} | sort -u >> $KNOWN_HOSTS_FILE chmod 0644 $KNOWN_HOSTS_FILE # Public SSH keys can be verified at the following URLs: # - github.com: https://help.github.com/articles/github-s-ssh-key-fingerprints/ +# - ssh.github.com: https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port#updating-known-hosts # - gitlab.com: https://docs.gitlab.com/ee/user/gitlab_com/#ssh-host-keys-fingerprints # - bitbucket.org: https://confluence.atlassian.com/bitbucket/ssh-keys-935365775.html # - ssh.dev.azure.com, vs-ssh.visualstudio.com: https://docs.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops diff - <(ssh-keygen -l -f $KNOWN_HOSTS_FILE | sort -k 3) < Date: Sat, 27 May 2023 17:48:59 +0100 Subject: [PATCH 010/252] fix(appset): Post selector with Go templates in ApplicationSet (#13584) * fixes #12524 Signed-off-by: Lewis Marsden-Lambert * refactor keepOnlyStringLabels function into more generic map flattening function Signed-off-by: Lewis Marsden-Lambert * updated USERS.md Signed-off-by: Lewis Marsden-Lambert * use flatten library to replace custom flatten function Signed-off-by: Lewis Marsden-Lambert --------- Signed-off-by: Lewis Marsden-Lambert Signed-off-by: Lewis Marsden-Lambert --- USERS.md | 1 + .../generators/generator_spec_processor.go | 38 +++++--- .../generator_spec_processor_test.go | 87 ++++++++++++++++++- 3 files changed, 112 insertions(+), 14 deletions(-) diff --git a/USERS.md b/USERS.md index 724f317c37c4c..2cf9bffa31643 100644 --- a/USERS.md +++ b/USERS.md @@ -229,6 +229,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [SI Analytics](https://si-analytics.ai) 1. [Skit](https://skit.ai/) 1. [Skyscanner](https://www.skyscanner.net/) +1. [Smart Pension](https://www.smartpension.co.uk/) 1. [Smilee.io](https://smilee.io) 1. [Smood.ch](https://www.smood.ch/) 1. [Snapp](https://snapp.ir/) diff --git a/applicationset/generators/generator_spec_processor.go b/applicationset/generators/generator_spec_processor.go index 419cc2dde9702..993a62426c16d 100644 --- a/applicationset/generators/generator_spec_processor.go +++ b/applicationset/generators/generator_spec_processor.go @@ -5,6 +5,7 @@ import ( "reflect" "github.com/argoproj/argo-cd/v2/applicationset/utils" + "github.com/jeremywohl/flatten" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -71,8 +72,17 @@ func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, al } var filterParams []map[string]interface{} for _, param := range params { + flatParam, err := flattenParameters(param) + if err != nil { + log.WithError(err).WithField("generator", g). + Error("error flattening params") + if firstError == nil { + firstError = err + } + continue + } - if requestedGenerator.Selector != nil && !selector.Matches(labels.Set(keepOnlyStringValues(param))) { + if requestedGenerator.Selector != nil && !selector.Matches(labels.Set(flatParam)) { continue } filterParams = append(filterParams, param) @@ -87,18 +97,6 @@ func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, al return res, firstError } -func keepOnlyStringValues(in map[string]interface{}) map[string]string { - var out map[string]string = map[string]string{} - - for key, value := range in { - if _, ok := value.(string); ok { - out[key] = value.(string) - } - } - - return out -} - func GetRelevantGenerators(requestedGenerator *argoprojiov1alpha1.ApplicationSetGenerator, generators map[string]Generator) []Generator { var res []Generator @@ -121,6 +119,20 @@ func GetRelevantGenerators(requestedGenerator *argoprojiov1alpha1.ApplicationSet return res } +func flattenParameters(in map[string]interface{}) (map[string]string, error) { + flat, err := flatten.Flatten(in, "", flatten.DotStyle) + if err != nil { + return nil, err + } + + out := make(map[string]string, len(flat)) + for k, v := range flat { + out[k] = fmt.Sprintf("%v", v) + } + + return out, nil +} + func mergeGeneratorTemplate(g Generator, requestedGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetTemplate argoprojiov1alpha1.ApplicationSetTemplate) (argoprojiov1alpha1.ApplicationSetTemplate, error) { // Make a copy of the value from `GetTemplate()` before merge, rather than copying directly into // the provided parameter (which will touch the original resource object returned by client-go) diff --git a/applicationset/generators/generator_spec_processor_test.go b/applicationset/generators/generator_spec_processor_test.go index 89ca8fc67010a..14b1cf01d30cc 100644 --- a/applicationset/generators/generator_spec_processor_test.go +++ b/applicationset/generators/generator_spec_processor_test.go @@ -73,7 +73,92 @@ func TestMatchValues(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "set", }, - Spec: argov1alpha1.ApplicationSetSpec{}, + Spec: argov1alpha1.ApplicationSetSpec{ + GoTemplate: false, + }, + } + + results, err := Transform(argov1alpha1.ApplicationSetGenerator{ + Selector: testCase.selector, + List: &argov1alpha1.ListGenerator{ + Elements: testCase.elements, + Template: emptyTemplate(), + }}, + data, + emptyTemplate(), + &applicationSetInfo, nil) + + assert.NoError(t, err) + assert.ElementsMatch(t, testCase.expected, results[0].Params) + }) + } +} + +func TestMatchValuesGoTemplate(t *testing.T) { + testCases := []struct { + name string + elements []apiextensionsv1.JSON + selector *metav1.LabelSelector + expected []map[string]interface{} + }{ + { + name: "no filter", + elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url"}`)}}, + selector: &metav1.LabelSelector{}, + expected: []map[string]interface{}{{"cluster": "cluster", "url": "url"}}, + }, + { + name: "nil", + elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url"}`)}}, + selector: nil, + expected: []map[string]interface{}{{"cluster": "cluster", "url": "url"}}, + }, + { + name: "values.foo should be foo but is ignore element", + elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url","values":{"foo":"bar"}}`)}}, + selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "values.foo": "foo", + }, + }, + expected: []map[string]interface{}{}, + }, + { + name: "values.foo should be bar", + elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url","values":{"foo":"bar"}}`)}}, + selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "values.foo": "bar", + }, + }, + expected: []map[string]interface{}{{"cluster": "cluster", "url": "url", "values": map[string]interface{}{"foo": "bar"}}}, + }, + { + name: "values.0 should be bar", + elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url","values":["bar"]}`)}}, + selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "values.0": "bar", + }, + }, + expected: []map[string]interface{}{{"cluster": "cluster", "url": "url", "values": []interface{}{"bar"}}}, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + var listGenerator = NewListGenerator() + var data = map[string]Generator{ + "List": listGenerator, + } + + applicationSetInfo := argov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "set", + }, + Spec: argov1alpha1.ApplicationSetSpec{ + GoTemplate: true, + }, } results, err := Transform(argov1alpha1.ApplicationSetGenerator{ From e0bae9f1c09b7cae86fa080dbe642adf0fb705e5 Mon Sep 17 00:00:00 2001 From: Blake Pettersson Date: Sat, 27 May 2023 18:52:33 +0200 Subject: [PATCH 011/252] fix(appset): allow cluster urls to be matched (#13715) * fix: allow cluster urls to be matched Related to #13646, and after discussion with @crenshaw-dev, it turns out that matching on cluster urls is not possible. This is due to the fact that the implementation of `LabelSelectorAsSelector` from `k8s.io/apimachinery` validates that a label value is no longer than 63 characters, and validates that it's alphanumeric. In order to work around that, we'll create our own implementation of `LabelSelectorAsSelector`. This implementation has been copied verbatim, with the difference that in `isValidLabelValue`, we first check if the label value is a valid url. If it is not, we proceed with the label checks as with the original implementation. Apart from that, the only other differences are making as much as possible to be package-private; the intent is to only make `Matches` and `LabelSelectorAsSelector` available from outside the package. Signed-off-by: Blake Pettersson * chore: drop all label value restrictions We want to be more flexible in what we accept in post-selectors, mainly that we want to allow other values than only server urls. For this, we will drop all restrictions that a typical "label value" would typically have. Signed-off-by: Blake Pettersson --------- Signed-off-by: Blake Pettersson --- .../generators/generator_spec_processor.go | 6 +- .../generator_spec_processor_test.go | 96 +++++++ applicationset/utils/selector.go | 261 ++++++++++++++++++ 3 files changed, 361 insertions(+), 2 deletions(-) create mode 100644 applicationset/utils/selector.go diff --git a/applicationset/generators/generator_spec_processor.go b/applicationset/generators/generator_spec_processor.go index 993a62426c16d..990fb0f8eb81e 100644 --- a/applicationset/generators/generator_spec_processor.go +++ b/applicationset/generators/generator_spec_processor.go @@ -7,7 +7,6 @@ import ( "github.com/argoproj/argo-cd/v2/applicationset/utils" "github.com/jeremywohl/flatten" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -27,7 +26,10 @@ type TransformResult struct { // Transform a spec generator to list of paramSets and a template func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, allGenerators map[string]Generator, baseTemplate argoprojiov1alpha1.ApplicationSetTemplate, appSet *argoprojiov1alpha1.ApplicationSet, genParams map[string]interface{}) ([]TransformResult, error) { - selector, err := metav1.LabelSelectorAsSelector(requestedGenerator.Selector) + // This is a custom version of the `LabelSelectorAsSelector` that is in k8s.io/apimachinery. This has been copied + // verbatim from that package, with the difference that we do not have any restrictions on label values. This is done + // so that, among other things, we can match on cluster urls. + selector, err := utils.LabelSelectorAsSelector(requestedGenerator.Selector) if err != nil { return nil, fmt.Errorf("error parsing label selector: %w", err) } diff --git a/applicationset/generators/generator_spec_processor_test.go b/applicationset/generators/generator_spec_processor_test.go index 14b1cf01d30cc..141fcc4cf90ce 100644 --- a/applicationset/generators/generator_spec_processor_test.go +++ b/applicationset/generators/generator_spec_processor_test.go @@ -177,6 +177,75 @@ func TestMatchValuesGoTemplate(t *testing.T) { } } +func TestTransForm(t *testing.T) { + testCases := []struct { + name string + selector *metav1.LabelSelector + expected []map[string]interface{} + }{ + { + name: "server filter", + selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{"server": "https://production-01.example.com"}, + }, + expected: []map[string]interface{}{{ + "metadata.annotations.foo.argoproj.io": "production", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", + "metadata.labels.environment": "production", + "metadata.labels.org": "bar", + "name": "production_01/west", + "nameNormalized": "production-01-west", + "server": "https://production-01.example.com", + }}, + }, + { + name: "server filter with long url", + selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{"server": "https://some-really-long-url-that-will-exceed-63-characters.com"}, + }, + expected: []map[string]interface{}{{ + "metadata.annotations.foo.argoproj.io": "production", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", + "metadata.labels.environment": "production", + "metadata.labels.org": "bar", + "name": "some-really-long-server-url", + "nameNormalized": "some-really-long-server-url", + "server": "https://some-really-long-url-that-will-exceed-63-characters.com", + }}, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + testGenerators := map[string]Generator{ + "Clusters": getMockClusterGenerator(), + } + + applicationSetInfo := argov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "set", + }, + Spec: argov1alpha1.ApplicationSetSpec{}, + } + + results, err := Transform( + argov1alpha1.ApplicationSetGenerator{ + Selector: testCase.selector, + Clusters: &argov1alpha1.ClusterGenerator{ + Selector: metav1.LabelSelector{}, + Template: argov1alpha1.ApplicationSetTemplate{}, + Values: nil, + }}, + testGenerators, + emptyTemplate(), + &applicationSetInfo, nil) + + assert.NoError(t, err) + assert.ElementsMatch(t, testCase.expected, results[0].Params) + }) + } +} + func emptyTemplate() argov1alpha1.ApplicationSetTemplate { return argov1alpha1.ApplicationSetTemplate{ Spec: argov1alpha1.ApplicationSpec{ @@ -235,8 +304,35 @@ func getMockClusterGenerator() Generator { }, Type: corev1.SecretType("Opaque"), }, + &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "some-really-long-server-url", + Namespace: "namespace", + Labels: map[string]string{ + "argocd.argoproj.io/secret-type": "cluster", + "environment": "production", + "org": "bar", + }, + Annotations: map[string]string{ + "foo.argoproj.io": "production", + }, + }, + Data: map[string][]byte{ + "config": []byte("{}"), + "name": []byte("some-really-long-server-url"), + "server": []byte("https://some-really-long-url-that-will-exceed-63-characters.com"), + }, + Type: corev1.SecretType("Opaque"), + }, } runtimeClusters := []runtime.Object{} + for _, clientCluster := range clusters { + runtimeClusters = append(runtimeClusters, clientCluster) + } appClientset := kubefake.NewSimpleClientset(runtimeClusters...) fakeClient := fake.NewClientBuilder().WithObjects(clusters...).Build() diff --git a/applicationset/utils/selector.go b/applicationset/utils/selector.go new file mode 100644 index 0000000000000..53db73a5b3a48 --- /dev/null +++ b/applicationset/utils/selector.go @@ -0,0 +1,261 @@ +package utils + +import ( + "fmt" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/selection" + "k8s.io/apimachinery/pkg/util/validation" + "k8s.io/apimachinery/pkg/util/validation/field" + "k8s.io/klog/v2" + "sort" + "strconv" + "strings" +) + +var ( + unaryOperators = []string{ + string(selection.Exists), string(selection.DoesNotExist), + } + binaryOperators = []string{ + string(selection.In), string(selection.NotIn), + string(selection.Equals), string(selection.DoubleEquals), string(selection.NotEquals), + string(selection.GreaterThan), string(selection.LessThan), + } + validRequirementOperators = append(binaryOperators, unaryOperators...) +) + +// Selector represents a label selector. +type Selector interface { + // Matches returns true if this selector matches the given set of labels. + Matches(labels.Labels) bool + + // Add adds requirements to the Selector + Add(r ...Requirement) Selector +} + +type internalSelector []Requirement + +// ByKey sorts requirements by key to obtain deterministic parser +type ByKey []Requirement + +func (a ByKey) Len() int { return len(a) } + +func (a ByKey) Swap(i, j int) { a[i], a[j] = a[j], a[i] } + +func (a ByKey) Less(i, j int) bool { return a[i].key < a[j].key } + +// Matches for a internalSelector returns true if all +// its Requirements match the input Labels. If any +// Requirement does not match, false is returned. +func (s internalSelector) Matches(l labels.Labels) bool { + for ix := range s { + if matches := s[ix].Matches(l); !matches { + return false + } + } + return true +} + +// Add adds requirements to the selector. It copies the current selector returning a new one +func (s internalSelector) Add(reqs ...Requirement) Selector { + ret := make(internalSelector, 0, len(s)+len(reqs)) + ret = append(ret, s...) + ret = append(ret, reqs...) + sort.Sort(ByKey(ret)) + return ret +} + +type nothingSelector struct{} + +func (n nothingSelector) Matches(l labels.Labels) bool { + return false +} + +func (n nothingSelector) Add(r ...Requirement) Selector { + return n +} + +// Nothing returns a selector that matches no labels +func nothing() Selector { + return nothingSelector{} +} + +// Everything returns a selector that matches all labels. +func everything() Selector { + return internalSelector{} +} + +// LabelSelectorAsSelector converts the LabelSelector api type into a struct that implements +// labels.Selector +// Note: This function should be kept in sync with the selector methods in pkg/labels/selector.go +func LabelSelectorAsSelector(ps *v1.LabelSelector) (Selector, error) { + if ps == nil { + return nothing(), nil + } + if len(ps.MatchLabels)+len(ps.MatchExpressions) == 0 { + return everything(), nil + } + requirements := make([]Requirement, 0, len(ps.MatchLabels)+len(ps.MatchExpressions)) + for k, v := range ps.MatchLabels { + r, err := newRequirement(k, selection.Equals, []string{v}) + if err != nil { + return nil, err + } + requirements = append(requirements, *r) + } + for _, expr := range ps.MatchExpressions { + var op selection.Operator + switch expr.Operator { + case v1.LabelSelectorOpIn: + op = selection.In + case v1.LabelSelectorOpNotIn: + op = selection.NotIn + case v1.LabelSelectorOpExists: + op = selection.Exists + case v1.LabelSelectorOpDoesNotExist: + op = selection.DoesNotExist + default: + return nil, fmt.Errorf("%q is not a valid pod selector operator", expr.Operator) + } + r, err := newRequirement(expr.Key, op, append([]string(nil), expr.Values...)) + if err != nil { + return nil, err + } + requirements = append(requirements, *r) + } + selector := newSelector() + selector = selector.Add(requirements...) + return selector, nil +} + +// NewSelector returns a nil selector +func newSelector() Selector { + return internalSelector(nil) +} + +func validateLabelKey(k string, path *field.Path) *field.Error { + if errs := validation.IsQualifiedName(k); len(errs) != 0 { + return field.Invalid(path, k, strings.Join(errs, "; ")) + } + return nil +} + +// NewRequirement is the constructor for a Requirement. +// If any of these rules is violated, an error is returned: +// (1) The operator can only be In, NotIn, Equals, DoubleEquals, Gt, Lt, NotEquals, Exists, or DoesNotExist. +// (2) If the operator is In or NotIn, the values set must be non-empty. +// (3) If the operator is Equals, DoubleEquals, or NotEquals, the values set must contain one value. +// (4) If the operator is Exists or DoesNotExist, the value set must be empty. +// (5) If the operator is Gt or Lt, the values set must contain only one value, which will be interpreted as an integer. +// (6) The key is invalid due to its length, or sequence +// +// of characters. See validateLabelKey for more details. +// +// The empty string is a valid value in the input values set. +// Returned error, if not nil, is guaranteed to be an aggregated field.ErrorList +func newRequirement(key string, op selection.Operator, vals []string, opts ...field.PathOption) (*Requirement, error) { + var allErrs field.ErrorList + path := field.ToPath(opts...) + if err := validateLabelKey(key, path.Child("key")); err != nil { + allErrs = append(allErrs, err) + } + + valuePath := path.Child("values") + switch op { + case selection.In, selection.NotIn: + if len(vals) == 0 { + allErrs = append(allErrs, field.Invalid(valuePath, vals, "for 'in', 'notin' operators, values set can't be empty")) + } + case selection.Equals, selection.DoubleEquals, selection.NotEquals: + if len(vals) != 1 { + allErrs = append(allErrs, field.Invalid(valuePath, vals, "exact-match compatibility requires one single value")) + } + case selection.Exists, selection.DoesNotExist: + if len(vals) != 0 { + allErrs = append(allErrs, field.Invalid(valuePath, vals, "values set must be empty for exists and does not exist")) + } + case selection.GreaterThan, selection.LessThan: + if len(vals) != 1 { + allErrs = append(allErrs, field.Invalid(valuePath, vals, "for 'Gt', 'Lt' operators, exactly one value is required")) + } + for i := range vals { + if _, err := strconv.ParseInt(vals[i], 10, 64); err != nil { + allErrs = append(allErrs, field.Invalid(valuePath.Index(i), vals[i], "for 'Gt', 'Lt' operators, the value must be an integer")) + } + } + default: + allErrs = append(allErrs, field.NotSupported(path.Child("operator"), op, validRequirementOperators)) + } + + return &Requirement{key: key, operator: op, strValues: vals}, allErrs.ToAggregate() +} + +// Requirement contains values, a key, and an operator that relates the key and values. +// The zero value of Requirement is invalid. +// Requirement implements both set based match and exact match +// Requirement should be initialized via NewRequirement constructor for creating a valid Requirement. +// +k8s:deepcopy-gen=true +type Requirement struct { + key string + operator selection.Operator + // In the majority of cases we have at most one value here. + // It is generally faster to operate on a single-element slice + // than on a single-element map, so we have a slice here. + strValues []string +} + +func (r *Requirement) hasValue(value string) bool { + for i := range r.strValues { + if r.strValues[i] == value { + return true + } + } + return false +} + +func (r *Requirement) Matches(ls labels.Labels) bool { + switch r.operator { + case selection.In, selection.Equals, selection.DoubleEquals: + if !ls.Has(r.key) { + return false + } + return r.hasValue(ls.Get(r.key)) + case selection.NotIn, selection.NotEquals: + if !ls.Has(r.key) { + return true + } + return !r.hasValue(ls.Get(r.key)) + case selection.Exists: + return ls.Has(r.key) + case selection.DoesNotExist: + return !ls.Has(r.key) + case selection.GreaterThan, selection.LessThan: + if !ls.Has(r.key) { + return false + } + lsValue, err := strconv.ParseInt(ls.Get(r.key), 10, 64) + if err != nil { + klog.V(10).Infof("ParseInt failed for value %+v in label %+v, %+v", ls.Get(r.key), ls, err) + return false + } + + // There should be only one strValue in r.strValues, and can be converted to an integer. + if len(r.strValues) != 1 { + klog.V(10).Infof("Invalid values count %+v of requirement %#v, for 'Gt', 'Lt' operators, exactly one value is required", len(r.strValues), r) + return false + } + + var rValue int64 + for i := range r.strValues { + rValue, err = strconv.ParseInt(r.strValues[i], 10, 64) + if err != nil { + klog.V(10).Infof("ParseInt failed for value %+v in requirement %#v, for 'Gt', 'Lt' operators, the value must be an integer", r.strValues[i], r) + return false + } + } + return (r.operator == selection.GreaterThan && lsValue > rValue) || (r.operator == selection.LessThan && lsValue < rValue) + default: + return false + } +} From 4606d1928b3de66a64342dbca700233ee85911fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 May 2023 13:01:09 -0400 Subject: [PATCH 012/252] chore(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.1 (#13408) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.4 to 5.0.1. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/38e0b6e68b4c852a5500a94740f0e535e0d7ba54...284f54f989303d2699d373481a0cfa13ad5a6666) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/init-release.yaml | 2 +- .github/workflows/release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml index 41c0e55f24dc5..ab62e3b69cb1a 100644 --- a/.github/workflows/init-release.yaml +++ b/.github/workflows/init-release.yaml @@ -57,7 +57,7 @@ jobs: git diff - name: Create pull request - uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4 + uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1 with: commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 839006ad96eb3..85aa873cb6b45 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -270,7 +270,7 @@ jobs: if: ${{ env.UPDATE_VERSION == 'true' }} - name: Create PR to update VERSION on master branch - uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4 + uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1 with: commit-message: Bump version in master title: "chore: Bump version in master" From 566236747474593d4e0d22a0398ffbcca2ff29aa Mon Sep 17 00:00:00 2001 From: Tete17 Date: Sat, 27 May 2023 19:20:42 +0200 Subject: [PATCH 013/252] fix(ui): Stop using the deprecated url format for gitlab instances (#13687) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: Stop using the deprecated url format for gitlab instances The legacy URLs format has been deprecated since february 2023 and now gitlab is make these urls invalid. Ref: https://docs.gitlab.com/ee/update/deprecations.html#legacy-urls-replaced-or-removed Signed-off-by: Miguel Sacristán Izcue * docs: Add Urbantz to the list of organizations using argo-cd Signed-off-by: Miguel Sacristán Izcue --------- Signed-off-by: Miguel Sacristán Izcue --- USERS.md | 1 + ui/src/app/shared/components/urls.test.ts | 2 +- ui/src/app/shared/components/urls.ts | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/USERS.md b/USERS.md index 2cf9bffa31643..e16923624572e 100644 --- a/USERS.md +++ b/USERS.md @@ -270,6 +270,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [ungleich.ch](https://ungleich.ch/) 1. [Unifonic Inc](https://www.unifonic.com/) 1. [Universidad Mesoamericana](https://www.umes.edu.gt/) +1. [Urbantz](https://urbantz.com/) 1. [Vectra](https://www.vectra.ai) 1. [Veepee](https://www.veepee.com) 1. [Viaduct](https://www.viaduct.ai/) diff --git a/ui/src/app/shared/components/urls.test.ts b/ui/src/app/shared/components/urls.test.ts index 9459dfecd7af1..17101fe175418 100644 --- a/ui/src/app/shared/components/urls.test.ts +++ b/ui/src/app/shared/components/urls.test.ts @@ -35,7 +35,7 @@ test('gitlab.com', () => { 'git@gitlab.com:alex_collins/private-repo.git', 'b1fe9426ead684d7af16958920968342ee295c1f', 'https://gitlab.com/alex_collins/private-repo', - 'https://gitlab.com/alex_collins/private-repo/commit/b1fe9426ead684d7af16958920968342ee295c1f'); + 'https://gitlab.com/alex_collins/private-repo/-/commit/b1fe9426ead684d7af16958920968342ee295c1f'); }); test('bitbucket.org', () => { diff --git a/ui/src/app/shared/components/urls.ts b/ui/src/app/shared/components/urls.ts index 9303d43d7da11..ab68e6424ba86 100644 --- a/ui/src/app/shared/components/urls.ts +++ b/ui/src/app/shared/components/urls.ts @@ -39,6 +39,12 @@ export function revisionUrl(url: string, revision: string, forPath: boolean): st urlSubPath = isSHA(revision) && !forPath ? 'commits' : 'src'; } + // Gitlab changed the way urls to commit look like + // Ref: https://docs.gitlab.com/ee/update/deprecations.html#legacy-urls-replaced-or-removed + if (parsed.source === 'gitlab.com') { + urlSubPath = '-/' + urlSubPath; + } + if (!supportedSource(parsed)) { return null; } From 6398c1f9cae1df5ed3e7cb984f0ebb8fe8b3f43b Mon Sep 17 00:00:00 2001 From: sgartner03 <117266185+sgartner03@users.noreply.github.com> Date: Sat, 27 May 2023 21:55:03 +0200 Subject: [PATCH 014/252] feat: Added healthcheck for ArgoEvents EventBus CRD. #12395 (#12401) * Added Healthcheck for ArgoEvent Eventbus CRD fixes #12395 Signed-off-by: lucostus * Added Test for EventBus CRD healthcheck Feat. #12395 Signed-off-by: sgartner03 * changed i to _ for idiomatic lua Signed-off-by: Constantin <41841989+Lucostus@users.noreply.github.com> --------- Signed-off-by: lucostus Signed-off-by: sgartner03 Signed-off-by: Constantin <41841989+Lucostus@users.noreply.github.com> Co-authored-by: lucostus Co-authored-by: Constantin <41841989+Lucostus@users.noreply.github.com> --- .../argoproj.io/EventBus/health.lua | 21 +++++++++++++++++++ .../argoproj.io/EventBus/health_test.yaml | 9 ++++++++ .../EventBus/testdata/degraded.yaml | 21 +++++++++++++++++++ .../EventBus/testdata/healthy.yaml | 19 +++++++++++++++++ 4 files changed, 70 insertions(+) create mode 100644 resource_customizations/argoproj.io/EventBus/health.lua create mode 100644 resource_customizations/argoproj.io/EventBus/health_test.yaml create mode 100644 resource_customizations/argoproj.io/EventBus/testdata/degraded.yaml create mode 100644 resource_customizations/argoproj.io/EventBus/testdata/healthy.yaml diff --git a/resource_customizations/argoproj.io/EventBus/health.lua b/resource_customizations/argoproj.io/EventBus/health.lua new file mode 100644 index 0000000000000..4d2c676f72892 --- /dev/null +++ b/resource_customizations/argoproj.io/EventBus/health.lua @@ -0,0 +1,21 @@ +hs={ status = "Progressing", message = "Waiting for initialization" } + +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Deployed" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message or condition.reason + return hs + end + if condition.type == "Deployed" and condition.status == "True" then + hs.status = "Healthy" + hs.message = condition.message or condition.reason + return hs + end + end + end +end + + +return hs diff --git a/resource_customizations/argoproj.io/EventBus/health_test.yaml b/resource_customizations/argoproj.io/EventBus/health_test.yaml new file mode 100644 index 0000000000000..7babe7fc7f9a3 --- /dev/null +++ b/resource_customizations/argoproj.io/EventBus/health_test.yaml @@ -0,0 +1,9 @@ +tests: + - healthStatus: + status: Healthy + message: "JetStream is deployed" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Degraded + message: 'failed to get jetstream version, err: unsupported version "iwillfail", supported versions: "2.9.5,latest"' + inputPath: testdata/degraded.yaml \ No newline at end of file diff --git a/resource_customizations/argoproj.io/EventBus/testdata/degraded.yaml b/resource_customizations/argoproj.io/EventBus/testdata/degraded.yaml new file mode 100644 index 0000000000000..4ffd1cf6a9623 --- /dev/null +++ b/resource_customizations/argoproj.io/EventBus/testdata/degraded.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: EventBus +metadata: + name: test + namespace: eventbus-test +spec: + jetstream: + replicas: 3 + version: iwillfail +status: + conditions: + - lastTransitionTime: null + status: 'True' + type: Configured + - lastTransitionTime: null + message: >- + failed to get jetstream version, err: unsupported version "iwillfail", + supported versions: "2.9.5,latest" + reason: JetStreamStatefulSetFailed + status: 'False' + type: Deployed \ No newline at end of file diff --git a/resource_customizations/argoproj.io/EventBus/testdata/healthy.yaml b/resource_customizations/argoproj.io/EventBus/testdata/healthy.yaml new file mode 100644 index 0000000000000..8db1455a14d8e --- /dev/null +++ b/resource_customizations/argoproj.io/EventBus/testdata/healthy.yaml @@ -0,0 +1,19 @@ +apiVersion: argoproj.io/v1alpha1 +kind: EventBus +metadata: + name: test + namespace: eventbus-test +spec: + jetstream: + replicas: 3 + version: latest +status: + conditions: + - lastTransitionTime: '2022-12-30T11:44:15Z' + status: 'True' + type: Configured + - lastTransitionTime: '2022-12-30T11:44:15Z' + message: JetStream is deployed + reason: Succeeded + status: 'True' + type: Deployed \ No newline at end of file From 4f6f1ccee5b330bb683e66fa7d6c64a41350bb3b Mon Sep 17 00:00:00 2001 From: Blake Pettersson Date: Sat, 27 May 2023 21:55:23 +0200 Subject: [PATCH 015/252] fix: do not replace namespaces (#13758) * fix: do not replace namespaces When doing kubectl replace, namespaces should not be affected. This applies the fix from argoproj/gitops-engine#524. Fixes argoproj/argo-cd#12810 and argoproj/argo-cd#12539. Signed-off-by: Blake Pettersson * chore: go mod tidy Signed-off-by: Blake Pettersson --------- Signed-off-by: Blake Pettersson --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index efc6d3b6bd40b..91e1e6913120e 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/alicebob/miniredis/v2 v2.23.1 github.com/antonmedv/expr v1.9.0 - github.com/argoproj/gitops-engine v0.7.1-0.20230512020822-b4dd8b8c3976 + github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d github.com/aws/aws-sdk-go v1.44.164 diff --git a/go.sum b/go.sum index 79c0571043f8e..5409ccf441dc1 100644 --- a/go.sum +++ b/go.sum @@ -135,8 +135,8 @@ github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.m github.com/antonmedv/expr v1.9.0 h1:j4HI3NHEdgDnN9p6oI6Ndr0G5QryMY0FNxT4ONrFDGU= github.com/antonmedv/expr v1.9.0/go.mod h1:5qsM3oLGDND7sDmQGDXHkYfkjYMUX14qsgqmHhwGEk8= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= -github.com/argoproj/gitops-engine v0.7.1-0.20230512020822-b4dd8b8c3976 h1:8i12dOcimhwrJxUznzZR/NW4JpIL5DXZjkI3Bl3yh38= -github.com/argoproj/gitops-engine v0.7.1-0.20230512020822-b4dd8b8c3976/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= +github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc h1:i6OgOvFFsoWiGBFEhhDNcYoRtxxtrVwcD7wCEeqhct4= +github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da h1:Vf9xvHcXn4TP/nLIfWn+TaC521V9fpz/DwRP6uEeVR8= github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da/go.mod h1:05koR0gE/O0i5YDbidg1dpr76XitK4DJveh+dIAq6e8= github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d h1:7fXEKF3OQ9i1PrgieA6FLrXOL3UAKyiotomn0RHevds= From 41e91d5acd508dd0664498a366c589f90f93372c Mon Sep 17 00:00:00 2001 From: Yann Soubeyrand Date: Sat, 27 May 2023 21:57:59 +0200 Subject: [PATCH 016/252] fix(repo-server): completely clean up Git working directory (#3683) (#13001) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * refactor(util/git/client): make runCredentialedCmd() signature coherent with runCmd() one Signed-off-by: Yann Soubeyrand * fix(repo-server): completely clean up Git working directory In some cases, for example when a Git submodule wasn’t present anymore in a Git revision, the repo-server didn’t completely clean up its Git working directory. Fixes #3683 Signed-off-by: Yann Soubeyrand --------- Signed-off-by: Yann Soubeyrand --- test/e2e/fixture/app/actions.go | 6 +++++ test/e2e/fixture/fixture.go | 12 ++++++++++ test/e2e/git_submodule_test.go | 22 +++++++++++++++++++ .../testdata/git-submodule/submodule-pod.yaml | 4 +--- util/git/client.go | 21 +++++++++++------- 5 files changed, 54 insertions(+), 11 deletions(-) diff --git a/test/e2e/fixture/app/actions.go b/test/e2e/fixture/app/actions.go index 5baa5937ff40a..c4e173ddf6336 100644 --- a/test/e2e/fixture/app/actions.go +++ b/test/e2e/fixture/app/actions.go @@ -76,6 +76,12 @@ func (a *Actions) AddTag(name string) *Actions { return a } +func (a *Actions) RemoveSubmodule() *Actions { + a.context.t.Helper() + fixture.RemoveSubmodule() + return a +} + func (a *Actions) CreateFromPartialFile(data string, flags ...string) *Actions { a.context.t.Helper() tmpFile, err := os.CreateTemp("", "") diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go index dd54222ca3120..c5048ccb7cd10 100644 --- a/test/e2e/fixture/fixture.go +++ b/test/e2e/fixture/fixture.go @@ -855,6 +855,18 @@ func CreateSubmoduleRepos(repoType string) { CheckError(os.Setenv("GIT_ALLOW_PROTOCOL", oldEnv)) } +func RemoveSubmodule() { + log.Info("removing submodule") + + FailOnErr(Run(submoduleParentDirectory(), "git", "rm", "submodule/test")) + FailOnErr(Run(submoduleParentDirectory(), "touch", "submodule/.gitkeep")) + FailOnErr(Run(submoduleParentDirectory(), "git", "add", "submodule/.gitkeep")) + FailOnErr(Run(submoduleParentDirectory(), "git", "commit", "-m", "remove submodule")) + if IsRemote() { + FailOnErr(Run(submoduleParentDirectory(), "git", "push", "-f", "origin", "master")) + } +} + // RestartRepoServer performs a restart of the repo server deployment and waits // until the rollout has completed. func RestartRepoServer() { diff --git a/test/e2e/git_submodule_test.go b/test/e2e/git_submodule_test.go index 27476db84a1ed..525c13d4b35ef 100644 --- a/test/e2e/git_submodule_test.go +++ b/test/e2e/git_submodule_test.go @@ -40,3 +40,25 @@ func TestGitSubmoduleHTTPSSupport(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). Expect(Pod(func(p v1.Pod) bool { return p.Name == "pod-in-submodule" })) } + +func TestGitSubmoduleRemovalSupport(t *testing.T) { + Given(t). + RepoURLType(fixture.RepoURLTypeSSHSubmoduleParent). + Path("submodule"). + Recurse(). + CustomSSHKnownHostsAdded(). + SubmoduleSSHRepoURLAdded(true). + When(). + CreateFromFile(func(app *Application) {}). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Expect(Pod(func(p v1.Pod) bool { return p.Name == "pod-in-submodule" })). + When(). + RemoveSubmodule(). + Refresh(RefreshTypeNormal). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Expect(NotPod(func(p v1.Pod) bool { return p.Name == "pod-in-submodule" })) +} diff --git a/test/e2e/testdata/git-submodule/submodule-pod.yaml b/test/e2e/testdata/git-submodule/submodule-pod.yaml index fa3b92c2f5875..134107da31cba 100644 --- a/test/e2e/testdata/git-submodule/submodule-pod.yaml +++ b/test/e2e/testdata/git-submodule/submodule-pod.yaml @@ -7,6 +7,4 @@ spec: - name: main image: quay.io/argoprojlabs/argocd-e2e-container:0.1 imagePullPolicy: IfNotPresent - command: - - "true" - restartPolicy: Never + terminationGracePeriodSeconds: 0 diff --git a/util/git/client.go b/util/git/client.go index 51e98df746d86..f7ff776cd4f57 100644 --- a/util/git/client.go +++ b/util/git/client.go @@ -334,9 +334,9 @@ func (m *nativeGitClient) IsLFSEnabled() bool { func (m *nativeGitClient) fetch(revision string) error { var err error if revision != "" { - err = m.runCredentialedCmd("git", "fetch", "origin", revision, "--tags", "--force", "--prune") + err = m.runCredentialedCmd("fetch", "origin", revision, "--tags", "--force", "--prune") } else { - err = m.runCredentialedCmd("git", "fetch", "origin", "--tags", "--force", "--prune") + err = m.runCredentialedCmd("fetch", "origin", "--tags", "--force", "--prune") } return err } @@ -354,7 +354,7 @@ func (m *nativeGitClient) Fetch(revision string) error { if err == nil && m.IsLFSEnabled() { largeFiles, err := m.LsLargeFiles() if err == nil && len(largeFiles) > 0 { - err = m.runCredentialedCmd("git", "lfs", "fetch", "--all") + err = m.runCredentialedCmd("lfs", "fetch", "--all") if err != nil { return err } @@ -387,10 +387,10 @@ func (m *nativeGitClient) LsLargeFiles() ([]string, error) { // Submodule embed other repositories into this repository func (m *nativeGitClient) Submodule() error { - if err := m.runCredentialedCmd("git", "submodule", "sync", "--recursive"); err != nil { + if err := m.runCredentialedCmd("submodule", "sync", "--recursive"); err != nil { return err } - if err := m.runCredentialedCmd("git", "submodule", "update", "--init", "--recursive"); err != nil { + if err := m.runCredentialedCmd("submodule", "update", "--init", "--recursive"); err != nil { return err } return nil @@ -424,7 +424,12 @@ func (m *nativeGitClient) Checkout(revision string, submoduleEnabled bool) error } } } - if _, err := m.runCmd("clean", "-fdx"); err != nil { + // NOTE + // The double “f” in the arguments is not a typo: the first “f” tells + // `git clean` to delete untracked files and directories, and the second “f” + // tells it to clean untractked nested Git repositories (for example a + // submodule which has since been removed). + if _, err := m.runCmd("clean", "-ffdx"); err != nil { return err } return nil @@ -632,7 +637,7 @@ func (m *nativeGitClient) runCmd(args ...string) (string, error) { // runCredentialedCmd is a convenience function to run a git command with username/password credentials // nolint:unparam -func (m *nativeGitClient) runCredentialedCmd(command string, args ...string) error { +func (m *nativeGitClient) runCredentialedCmd(args ...string) error { closer, environ, err := m.creds.Environ() if err != nil { return err @@ -647,7 +652,7 @@ func (m *nativeGitClient) runCredentialedCmd(command string, args ...string) err } } - cmd := exec.Command(command, args...) + cmd := exec.Command("git", args...) cmd.Env = append(cmd.Env, environ...) _, err = m.runCmdOutput(cmd) return err From c3874a223e26396c2ca922edc1df851529aacb39 Mon Sep 17 00:00:00 2001 From: Brian Fox <878612+onematchfox@users.noreply.github.com> Date: Sat, 27 May 2023 22:18:02 +0200 Subject: [PATCH 017/252] fix: implement filtering on cluster `List` API endpoint (#13363) * feat: implement filtering on cluster list endpoint Signed-off-by: OneMatchFox <878612+onematchfox@users.noreply.github.com> * docs: add upgrade notes Signed-off-by: OneMatchFox <878612+onematchfox@users.noreply.github.com> --------- Signed-off-by: OneMatchFox <878612+onematchfox@users.noreply.github.com> --- docs/2.7-2.8.md | 5 - docs/operator-manual/upgrading/2.7-2.8.md | 18 +++ docs/operator-manual/upgrading/overview.md | 1 + mkdocs.yml | 1 + server/cluster/cluster.go | 73 ++++++++++- server/cluster/cluster_test.go | 137 +++++++++++++++++++-- 6 files changed, 215 insertions(+), 20 deletions(-) delete mode 100644 docs/2.7-2.8.md create mode 100644 docs/operator-manual/upgrading/2.7-2.8.md diff --git a/docs/2.7-2.8.md b/docs/2.7-2.8.md deleted file mode 100644 index 32f9e4cf1759c..0000000000000 --- a/docs/2.7-2.8.md +++ /dev/null @@ -1,5 +0,0 @@ -# 2.7 to 2.8 - -## Tini as entrypoint - -With the 2.8 release `entrypoint.sh` will be removed from the containers, because starting with 2.7, the implicit entrypoint is set to `tini` in the `Dockerfile` explicitly, and the kubernetes manifests has been updated to use it. Simply updating the containers without updating the deployment manifests will result in pod startup failures, as the old manifests are relying on `entrypoint.sh` instead of `tini`. Please make sure the manifests are updated properly before moving to 2.8. diff --git a/docs/operator-manual/upgrading/2.7-2.8.md b/docs/operator-manual/upgrading/2.7-2.8.md new file mode 100644 index 0000000000000..58c5098982246 --- /dev/null +++ b/docs/operator-manual/upgrading/2.7-2.8.md @@ -0,0 +1,18 @@ +# v2.7 to 2.8 + +## Tini as entrypoint + +With the 2.8 release `entrypoint.sh` will be removed from the containers, +because starting with 2.7, the implicit entrypoint is set to `tini` in the +`Dockerfile` explicitly, and the kubernetes manifests has been updated to use +it. Simply updating the containers without updating the deployment manifests +will result in pod startup failures, as the old manifests are relying on +`entrypoint.sh` instead of `tini`. Please make sure the manifests are updated +properly before moving to 2.8. + +## Filtering applied to cluster `List` API endpoint + +Prior to `v2.8`, the `List` endpoint on the `ClusterService` did **not** filter +clusters when responding, despite accepting query parameters. This bug has +been addressed, and query parameters are now taken into account to filter the +resulting list of clusters. \ No newline at end of file diff --git a/docs/operator-manual/upgrading/overview.md b/docs/operator-manual/upgrading/overview.md index 0c1ede757c324..419fc7bbb1353 100644 --- a/docs/operator-manual/upgrading/overview.md +++ b/docs/operator-manual/upgrading/overview.md @@ -37,6 +37,7 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/ +* [v2.7 to v2.8](./2.7-2.8.md) * [v2.6 to v2.7](./2.6-2.7.md) * [v2.5 to v2.6](./2.5-2.6.md) * [v2.4 to v2.5](./2.4-2.5.md) diff --git a/mkdocs.yml b/mkdocs.yml index 7d0da86dd10da..8738987a9a3c9 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -115,6 +115,7 @@ nav: - operator-manual/server-commands/additional-configuration-method.md - Upgrading: - operator-manual/upgrading/overview.md + - operator-manual/upgrading/2.7-2.8.md - operator-manual/upgrading/2.6-2.7.md - operator-manual/upgrading/2.5-2.6.md - operator-manual/upgrading/2.4-2.5.md diff --git a/server/cluster/cluster.go b/server/cluster/cluster.go index c7a5e3b5e4cbf..cfcadd762ed6f 100644 --- a/server/cluster/cluster.go +++ b/server/cluster/cluster.go @@ -56,8 +56,21 @@ func (s *Server) List(ctx context.Context, q *cluster.ClusterQuery) (*appv1.Clus return nil, err } + filteredItems := clusterList.Items + + // Filter clusters by id + if filteredItems, err = filterClustersById(filteredItems, q.Id); err != nil { + return nil, err + } + + // Filter clusters by name + filteredItems = filterClustersByName(filteredItems, q.Name) + + // Filter clusters by server + filteredItems = filterClustersByServer(filteredItems, q.Server) + items := make([]appv1.Cluster, 0) - for _, clust := range clusterList.Items { + for _, clust := range filteredItems { if s.enf.Enforce(ctx.Value("claims"), rbacpolicy.ResourceClusters, rbacpolicy.ActionGet, CreateClusterRBACObject(clust.Project, clust.Server)) { items = append(items, clust) } @@ -69,8 +82,62 @@ func (s *Server) List(ctx context.Context, q *cluster.ClusterQuery) (*appv1.Clus if err != nil { return nil, err } - clusterList.Items = items - return clusterList, nil + + cl := *clusterList + cl.Items = items + + return &cl, nil +} + +func filterClustersById(clusters []appv1.Cluster, id *cluster.ClusterID) ([]appv1.Cluster, error) { + if id == nil { + return clusters, nil + } + + var items []appv1.Cluster + + switch id.Type { + case "name": + items = filterClustersByName(clusters, id.Value) + case "name_escaped": + nameUnescaped, err := url.QueryUnescape(id.Value) + if err != nil { + return nil, err + } + items = filterClustersByName(clusters, nameUnescaped) + default: + items = filterClustersByServer(clusters, id.Value) + } + + return items, nil +} + +func filterClustersByName(clusters []appv1.Cluster, name string) []appv1.Cluster { + if name == "" { + return clusters + } + items := make([]appv1.Cluster, 0) + for i := 0; i < len(clusters); i++ { + if clusters[i].Name == name { + items = append(items, clusters[i]) + return items + } + } + return items +} + +func filterClustersByServer(clusters []appv1.Cluster, server string) []appv1.Cluster { + if server == "" { + return clusters + } + items := make([]appv1.Cluster, 0) + for i := 0; i < len(clusters); i++ { + if clusters[i].Server == server { + items = append(items, clusters[i]) + return items + } + } + return items } // Create creates a cluster diff --git a/server/cluster/cluster_test.go b/server/cluster/cluster_test.go index c5b07a4ee7055..c29a1b2d77c04 100644 --- a/server/cluster/cluster_test.go +++ b/server/cluster/cluster_test.go @@ -4,24 +4,15 @@ import ( "context" "encoding/json" "fmt" + "reflect" "testing" "time" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - - "github.com/argoproj/gitops-engine/pkg/utils/kube/kubetest" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - "k8s.io/client-go/kubernetes/fake" - "k8s.io/utils/pointer" - "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster" clusterapi "github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" servercache "github.com/argoproj/argo-cd/v2/server/cache" "github.com/argoproj/argo-cd/v2/test" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" @@ -30,6 +21,16 @@ import ( dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" "github.com/argoproj/argo-cd/v2/util/rbac" "github.com/argoproj/argo-cd/v2/util/settings" + "github.com/argoproj/gitops-engine/pkg/utils/kube/kubetest" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/utils/pointer" ) func newServerInMemoryCache() *servercache.Cache { @@ -491,3 +492,115 @@ func getClientset(config map[string]string, ns string, objects ...runtime.Object } return fake.NewSimpleClientset(append(objects, &cm, &secret)...) } + +func TestListCluster(t *testing.T) { + db := &dbmocks.ArgoDB{} + + fooCluster := v1alpha1.Cluster{ + Name: "foo", + Server: "https://127.0.0.1", + Namespaces: []string{"default", "kube-system"}, + } + barCluster := v1alpha1.Cluster{ + Name: "bar", + Server: "https://192.168.0.1", + Namespaces: []string{"default", "kube-system"}, + } + bazCluster := v1alpha1.Cluster{ + Name: "test/ing", + Server: "https://testing.com", + Namespaces: []string{"default", "kube-system"}, + } + + mockClusterList := v1alpha1.ClusterList{ + ListMeta: v1.ListMeta{}, + Items: []v1alpha1.Cluster{fooCluster, barCluster, bazCluster}, + } + + db.On("ListClusters", mock.Anything).Return(&mockClusterList, nil) + + s := NewServer(db, newNoopEnforcer(), newServerInMemoryCache(), &kubetest.MockKubectlCmd{}) + + tests := []struct { + name string + q *cluster.ClusterQuery + want *appv1.ClusterList + wantErr bool + }{ + { + name: "filter by name", + q: &clusterapi.ClusterQuery{ + Name: fooCluster.Name, + }, + want: &v1alpha1.ClusterList{ + ListMeta: v1.ListMeta{}, + Items: []v1alpha1.Cluster{fooCluster}, + }, + }, + { + name: "filter by server", + q: &clusterapi.ClusterQuery{ + Server: barCluster.Server, + }, + want: &v1alpha1.ClusterList{ + ListMeta: v1.ListMeta{}, + Items: []v1alpha1.Cluster{barCluster}, + }, + }, + { + name: "filter by id - name", + q: &clusterapi.ClusterQuery{ + Id: &clusterapi.ClusterID{ + Type: "name", + Value: fooCluster.Name, + }, + }, + want: &v1alpha1.ClusterList{ + ListMeta: v1.ListMeta{}, + Items: []v1alpha1.Cluster{fooCluster}, + }, + }, + { + name: "filter by id - name_escaped", + q: &clusterapi.ClusterQuery{ + Id: &clusterapi.ClusterID{ + Type: "name_escaped", + Value: "test%2fing", + }, + }, + want: &v1alpha1.ClusterList{ + ListMeta: v1.ListMeta{}, + Items: []v1alpha1.Cluster{bazCluster}, + }, + }, + { + name: "filter by id - server", + q: &clusterapi.ClusterQuery{ + Id: &clusterapi.ClusterID{ + Type: "server", + Value: barCluster.Server, + }, + }, + want: &v1alpha1.ClusterList{ + ListMeta: v1.ListMeta{}, + Items: []v1alpha1.Cluster{barCluster}, + }, + }, + } + for _, tt := range tests { + tt := tt + + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + got, err := s.List(context.Background(), tt.q) + if (err != nil) != tt.wantErr { + t.Errorf("Server.List() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("Server.List() = %v, want %v", got, tt.want) + } + }) + } +} From 4a0b61446aff991ca13e1dd39ddc9529ff6f1407 Mon Sep 17 00:00:00 2001 From: Regina Scott <50851526+reginapizza@users.noreply.github.com> Date: Sat, 27 May 2023 16:20:48 -0400 Subject: [PATCH 018/252] docs: fix incorrect instructions for site documentation (#13209) * fix: incorrect instructions for site documentation Signed-off-by: Regina Scott * drop checking external links Signed-off-by: Regina Scott --------- Signed-off-by: Regina Scott --- docs/developer-guide/site.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/docs/developer-guide/site.md b/docs/developer-guide/site.md index 4e95cb4c8d648..47c1f57e29bb7 100644 --- a/docs/developer-guide/site.md +++ b/docs/developer-guide/site.md @@ -9,12 +9,7 @@ To test: ```bash make serve-docs ``` - -Check for broken external links: - -```bash -make lint-docs -``` +Once running, you can view your locally built documentation at [http://0.0.0.0:8000/](http://0.0.0.0:8000/). ## Deploying From cae3817c79774ec9d9a3c7f0aaa264c465b48758 Mon Sep 17 00:00:00 2001 From: Yang Gang Date: Sun, 28 May 2023 04:21:53 +0800 Subject: [PATCH 019/252] chore: code clean for hack known_types.go (#12304) Signed-off-by: yanggang --- hack/known_types/main.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/hack/known_types/main.go b/hack/known_types/main.go index 491bf1e491c93..be8bcfdc7b50c 100644 --- a/hack/known_types/main.go +++ b/hack/known_types/main.go @@ -4,6 +4,7 @@ import ( "errors" "fmt" "go/importer" + "go/token" "go/types" "os" "strings" @@ -36,15 +37,16 @@ func newCommand() *cobra.Command { packagePath := args[1] outputPath := args[2] - // nolint:staticcheck - imprt := importer.For("source", nil) + if !strings.HasPrefix(packagePath, packagePrefix) { + return fmt.Errorf("package must be under %s", packagePrefix) + } + + imprt := importer.ForCompiler(token.NewFileSet(), "source", nil) pkg, err := imprt.Import(packagePath) if err != nil { return err } - if !strings.HasPrefix(packagePath, packagePrefix) { - return fmt.Errorf("package must be under %s", packagePrefix) - } + shortPackagePath := strings.TrimPrefix(packagePath, packagePrefix) var mapItems []string From 9a4db2abf9a8f0ac9d6b5347609bf2b2b3a29479 Mon Sep 17 00:00:00 2001 From: Jeff Date: Sat, 27 May 2023 15:48:52 -0500 Subject: [PATCH 020/252] fix: allow sync when multiple allow windows are present (#12706) * fix: allow sync when multiple allow windows are present Signed-off-by: Jeff Cousens * fix: fix typo in allow-window documentation Signed-off-by: Jeff Cousens * Retrigger CI pipeline Signed-off-by: Jeff Cousens --------- Signed-off-by: Jeff Cousens --- docs/user-guide/sync_windows.md | 2 +- pkg/apis/application/v1alpha1/types.go | 4 ++++ pkg/apis/application/v1alpha1/types_test.go | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/sync_windows.md b/docs/user-guide/sync_windows.md index 8129e78c27062..031d8e6d67b30 100644 --- a/docs/user-guide/sync_windows.md +++ b/docs/user-guide/sync_windows.md @@ -7,7 +7,7 @@ of both manual and automated syncs but allow an override for manual syncs which in preventing automated syncs or if you need to temporarily override a window to perform a sync. The windows work in the following way. If there are no windows matching an application then all syncs are allowed. If there -are any `allow` windows matching an application then syncs will only be allowed when there is an active `allow` windows. If there +are any `allow` windows matching an application then syncs will only be allowed when there is an active `allow` window. If there are any `deny` windows matching an application then all syncs will be denied when the `deny` windows are active. If there is an active matching `allow` and an active matching `deny` then syncs will be denied as `deny` windows override `allow` windows. The UI and the CLI will both display the state of the sync windows. The UI has a panel which will display different colours depending diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 141854abb8913..48cd6c13b7f35 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -2307,6 +2307,10 @@ func (w *SyncWindows) CanSync(isManual bool) bool { } } + if active.hasAllow() { + return true + } + inactiveAllows := w.InactiveAllows() if inactiveAllows.HasWindows() { if isManual && inactiveAllows.manualEnabled() { diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index 0688dea0069cf..aa629529a25e9 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -2226,6 +2226,20 @@ func TestSyncWindows_CanSync(t *testing.T) { // then assert.False(t, canSync) }) + t.Run("will allow auto sync with active-allow and inactive-allow", func(t *testing.T) { + // given + t.Parallel() + proj := newProjectBuilder(). + withActiveAllowWindow(false). + withInactiveAllowWindow(false). + build() + + // when + canSync := proj.Spec.SyncWindows.CanSync(false) + + // then + assert.True(t, canSync) + }) t.Run("will deny manual sync with active-deny", func(t *testing.T) { // given t.Parallel() From 2a4c4a73495c90ace1289d948daf505f0533bfe4 Mon Sep 17 00:00:00 2001 From: Noaa Barki <47917189+noaabarki@users.noreply.github.com> Date: Sat, 27 May 2023 23:52:22 +0300 Subject: [PATCH 021/252] feat: allow argocd-notifications-controller env variables (#13605) Signed-off-by: Noaa Barki Co-authored-by: Noaa Barki --- cmd/argocd-notification/commands/controller.go | 4 ++-- docs/operator-manual/argocd-cmd-params-cm.yaml | 6 ++++++ .../argocd-notifications-controller-deployment.yaml | 13 +++++++++++++ manifests/ha/install.yaml | 13 +++++++++++++ manifests/ha/namespace-install.yaml | 13 +++++++++++++ manifests/install.yaml | 13 +++++++++++++ manifests/namespace-install.yaml | 13 +++++++++++++ 7 files changed, 73 insertions(+), 2 deletions(-) diff --git a/cmd/argocd-notification/commands/controller.go b/cmd/argocd-notification/commands/controller.go index f9494ea966313..15675e7af376b 100644 --- a/cmd/argocd-notification/commands/controller.go +++ b/cmd/argocd-notification/commands/controller.go @@ -153,8 +153,8 @@ func NewCommand() *cobra.Command { command.Flags().IntVar(&processorsCount, "processors-count", 1, "Processors count.") command.Flags().StringVar(&appLabelSelector, "app-label-selector", "", "App label selector.") command.Flags().StringVar(&namespace, "namespace", "", "Namespace which controller handles. Current namespace if empty.") - command.Flags().StringVar(&logLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error") - command.Flags().StringVar(&logFormat, "logformat", "text", "Set the logging format. One of: text|json") + command.Flags().StringVar(&logLevel, "loglevel", env.StringFromEnv("ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") + command.Flags().StringVar(&logFormat, "logformat", env.StringFromEnv("ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") command.Flags().IntVar(&metricsPort, "metrics-port", defaultMetricsPort, "Metrics port") command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", common.DefaultRepoServerAddr, "Argo CD repo server address") command.Flags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server") diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml index 6ee41dee44cd6..b16fbcb1b681b 100644 --- a/docs/operator-manual/argocd-cmd-params-cm.yaml +++ b/docs/operator-manual/argocd-cmd-params-cm.yaml @@ -168,3 +168,9 @@ data: applicationsetcontroller.enable.git.submodule: "true" # Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: "false" + + ## Argo CD Notifications Controller Properties + # Set the logging level. One of: debug|info|warn|error (default "info") + notificationscontroller.log.level: "info" + # Set the logging format. One of: text|json (default "text") + notificationscontroller.log.format: "text" \ No newline at end of file diff --git a/manifests/base/notification/argocd-notifications-controller-deployment.yaml b/manifests/base/notification/argocd-notifications-controller-deployment.yaml index d49e565e2acd1..8eab1f95570c5 100644 --- a/manifests/base/notification/argocd-notifications-controller-deployment.yaml +++ b/manifests/base/notification/argocd-notifications-controller-deployment.yaml @@ -35,6 +35,19 @@ spec: containers: - args: - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true workingDir: /app livenessProbe: tcpSocket: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index abe3a7be4f0c1..847cc1ac26b25 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -18144,6 +18144,19 @@ spec: containers: - args: - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 9517b617a8b67..d8f4612b36e2c 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1791,6 +1791,19 @@ spec: containers: - args: - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: diff --git a/manifests/install.yaml b/manifests/install.yaml index bec617d9d1ca9..2baf16d746ea0 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -17261,6 +17261,19 @@ spec: containers: - args: - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index d7ecf5576612f..935fdf5f21adb 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -908,6 +908,19 @@ spec: containers: - args: - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: From dfa11ae46162dd1db0c073983f5a84c8dd0f4f30 Mon Sep 17 00:00:00 2001 From: Hassan Tanveer Date: Sun, 28 May 2023 02:42:15 +0500 Subject: [PATCH 022/252] fix(ui): Updated text in refresh dialog (#13583) Signed-off-by: Hassan Tanveer --- .../applications-refresh-panel/applications-refresh-panel.tsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx b/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx index f8cca173f3078..8aa2bcacdbb0d 100644 --- a/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx +++ b/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx @@ -45,7 +45,7 @@ export const ApplicationsRefreshPanel = ({show, apps, hide}: {show: boolean; app return; } - setProgress({percentage: 0, title: 'Starting...'}); + setProgress({percentage: 0, title: 'Refreshing applications'}); let i = 0; for (const app of selectedApps) { await services.applications.get(app.metadata.name, app.metadata.namespace, params.refreshType).catch(e => { @@ -57,7 +57,7 @@ export const ApplicationsRefreshPanel = ({show, apps, hide}: {show: boolean; app i++; setProgress({ percentage: i / selectedApps.length, - title: `${i} of ${selectedApps.length} apps now refreshing` + title: `Refreshed ${i} of ${selectedApps.length} applications` }); } setProgress({percentage: 100, title: 'Complete'}); From 032a596ef503a4c342ed77df8b09644cb16c05f0 Mon Sep 17 00:00:00 2001 From: Kevin Huber Date: Sun, 28 May 2023 00:08:59 +0200 Subject: [PATCH 023/252] feat: Add controllerNamespace to .status of an application (#13081) Signed-off-by: Kevin Huber Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- assets/swagger.json | 4 + controller/appcontroller.go | 1 + controller/appcontroller_test.go | 38 +- manifests/core-install.yaml | 4 + manifests/crds/application-crd.yaml | 4 + manifests/ha/install.yaml | 4 + manifests/install.yaml | 4 + pkg/apis/application/v1alpha1/generated.pb.go | 1284 +++++++++-------- pkg/apis/application/v1alpha1/generated.proto | 3 + .../application/v1alpha1/openapi_generated.go | 7 + pkg/apis/application/v1alpha1/types.go | 2 + 11 files changed, 733 insertions(+), 622 deletions(-) diff --git a/assets/swagger.json b/assets/swagger.json index 7e7901fc01a61..09ebe4d2dd0c4 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -6345,6 +6345,10 @@ "$ref": "#/definitions/v1alpha1ApplicationCondition" } }, + "controllerNamespace": { + "type": "string", + "title": "ControllerNamespace indicates the namespace in which the application controller is located" + }, "health": { "$ref": "#/definitions/v1alpha1HealthStatus" }, diff --git a/controller/appcontroller.go b/controller/appcontroller.go index 75fca472951c9..585c95c35efa6 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -1470,6 +1470,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo }) app.Status.SourceType = compareResult.appSourceType app.Status.SourceTypes = compareResult.appSourceTypes + app.Status.ControllerNamespace = ctrl.namespace ctrl.persistAppStatus(origApp, &app.Status) return } diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index e48c7aa23343c..1573eef0a74bd 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -54,6 +54,7 @@ type fakeData struct { namespacedResources map[kube.ResourceKey]namespacedResource configMapData map[string]string metricsCacheExpiration time.Duration + applicationNamespaces []string } func newFakeController(data *fakeData) *ApplicationController { @@ -111,7 +112,7 @@ func newFakeController(data *fakeData) *ApplicationController { 0, true, nil, - []string{}, + data.applicationNamespaces, ) if err != nil { panic(err) @@ -1584,3 +1585,38 @@ func Test_syncDeleteOption(t *testing.T) { assert.False(t, delete) }) } + +func TestAddControllerNamespace(t *testing.T) { + t.Run("set controllerNamespace when the app is in the controller namespace", func(t *testing.T) { + app := newFakeApp() + ctrl := newFakeController(&fakeData{ + apps: []runtime.Object{app, &defaultProj}, + manifestResponse: &apiclient.ManifestResponse{}, + }) + + ctrl.processAppRefreshQueueItem() + + updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(ctrl.namespace).Get(context.Background(), app.Name, metav1.GetOptions{}) + assert.NoError(t, err) + assert.Equal(t, test.FakeArgoCDNamespace, updatedApp.Status.ControllerNamespace) + }) + t.Run("set controllerNamespace when the app is in another namespace than the controller", func(t *testing.T) { + appNamespace := "app-namespace" + + app := newFakeApp() + app.ObjectMeta.Namespace = appNamespace + proj := defaultProj + proj.Spec.SourceNamespaces = []string{appNamespace} + ctrl := newFakeController(&fakeData{ + apps: []runtime.Object{app, &proj}, + manifestResponse: &apiclient.ManifestResponse{}, + applicationNamespaces: []string{appNamespace}, + }) + + ctrl.processAppRefreshQueueItem() + + updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(appNamespace).Get(context.Background(), app.Name, metav1.GetOptions{}) + assert.NoError(t, err) + assert.Equal(t, test.FakeArgoCDNamespace, updatedApp.Status.ControllerNamespace) + }) +} diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index b2cc11ff0459c..7d232dfe0b730 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -1511,6 +1511,10 @@ spec: - type type: object type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string health: description: Health contains information about the application's current health status diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index 6f5f5d07937bb..1351a6631c9aa 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -1510,6 +1510,10 @@ spec: - type type: object type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string health: description: Health contains information about the application's current health status diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 847cc1ac26b25..1a7cacb097d67 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -1511,6 +1511,10 @@ spec: - type type: object type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string health: description: Health contains information about the application's current health status diff --git a/manifests/install.yaml b/manifests/install.yaml index 2baf16d746ea0..e4f6abbe573a1 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -1511,6 +1511,10 @@ spec: - type type: object type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string health: description: Health contains information about the application's current health status diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index f728362e45089..33a401fc7e5b1 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -4063,627 +4063,629 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 9916 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6b, 0x70, 0x24, 0xd7, - 0x75, 0x18, 0xac, 0x9e, 0xc1, 0x00, 0x33, 0x07, 0x8f, 0x5d, 0xdc, 0xdd, 0x25, 0xc1, 0x25, 0xb9, - 0xd8, 0xaf, 0x59, 0xa6, 0xa8, 0x4f, 0x24, 0x60, 0xae, 0x28, 0x65, 0x63, 0xda, 0x94, 0x31, 0xc0, - 0x2e, 0x16, 0xbb, 0xc0, 0x02, 0xbc, 0xc0, 0xee, 0x4a, 0xa4, 0x29, 0xaa, 0xd1, 0x73, 0x67, 0xd0, - 0x8b, 0x9e, 0xee, 0xd9, 0xee, 0x1e, 0x2c, 0x40, 0xcb, 0xb2, 0x64, 0x4b, 0xb1, 0x12, 0x3d, 0xa8, - 0x50, 0x3f, 0x2c, 0xe7, 0xe1, 0x28, 0xb6, 0xcb, 0x15, 0x57, 0xc2, 0x8a, 0x53, 0xf9, 0x11, 0xe7, - 0x55, 0x15, 0xdb, 0xf9, 0xc1, 0x94, 0x92, 0x8a, 0xaa, 0xe2, 0xb2, 0x9c, 0xd8, 0x81, 0x29, 0xa4, - 0x52, 0x49, 0xa5, 0x2a, 0xae, 0xca, 0xe3, 0x4f, 0xb6, 0x5c, 0x95, 0xd4, 0x7d, 0xdf, 0xee, 0x99, - 0x59, 0x0c, 0x80, 0xc6, 0xee, 0x4a, 0xc5, 0x7f, 0x33, 0xf7, 0x9c, 0x3e, 0xe7, 0xf6, 0xed, 0x7b, - 0xcf, 0x3d, 0xe7, 0x9e, 0xc7, 0x85, 0xc5, 0x86, 0x97, 0x6c, 0xb4, 0xd7, 0xa7, 0xdc, 0xb0, 0x39, - 0xed, 0x44, 0x8d, 0xb0, 0x15, 0x85, 0xb7, 0xd9, 0x8f, 0x17, 0xdc, 0xda, 0xf4, 0xd6, 0x85, 0xe9, - 0xd6, 0x66, 0x63, 0xda, 0x69, 0x79, 0xf1, 0xb4, 0xd3, 0x6a, 0xf9, 0x9e, 0xeb, 0x24, 0x5e, 0x18, - 0x4c, 0x6f, 0xbd, 0xe8, 0xf8, 0xad, 0x0d, 0xe7, 0xc5, 0xe9, 0x06, 0x09, 0x48, 0xe4, 0x24, 0xa4, - 0x36, 0xd5, 0x8a, 0xc2, 0x24, 0x44, 0x3f, 0xa9, 0xa9, 0x4d, 0x49, 0x6a, 0xec, 0xc7, 0x9b, 0x6e, - 0x6d, 0x6a, 0xeb, 0xc2, 0x54, 0x6b, 0xb3, 0x31, 0x45, 0xa9, 0x4d, 0x19, 0xd4, 0xa6, 0x24, 0xb5, - 0xb3, 0x2f, 0x18, 0x7d, 0x69, 0x84, 0x8d, 0x70, 0x9a, 0x11, 0x5d, 0x6f, 0xd7, 0xd9, 0x3f, 0xf6, - 0x87, 0xfd, 0xe2, 0xcc, 0xce, 0xda, 0x9b, 0x17, 0xe3, 0x29, 0x2f, 0xa4, 0xdd, 0x9b, 0x76, 0xc3, - 0x88, 0x4c, 0x6f, 0x75, 0x74, 0xe8, 0xec, 0x15, 0x8d, 0x43, 0xb6, 0x13, 0x12, 0xc4, 0x5e, 0x18, - 0xc4, 0x2f, 0xd0, 0x2e, 0x90, 0x68, 0x8b, 0x44, 0xe6, 0xeb, 0x19, 0x08, 0xdd, 0x28, 0xbd, 0xa4, - 0x29, 0x35, 0x1d, 0x77, 0xc3, 0x0b, 0x48, 0xb4, 0xa3, 0x1f, 0x6f, 0x92, 0xc4, 0xe9, 0xf6, 0xd4, - 0x74, 0xaf, 0xa7, 0xa2, 0x76, 0x90, 0x78, 0x4d, 0xd2, 0xf1, 0xc0, 0x27, 0xf6, 0x7b, 0x20, 0x76, - 0x37, 0x48, 0xd3, 0xe9, 0x78, 0xee, 0x63, 0xbd, 0x9e, 0x6b, 0x27, 0x9e, 0x3f, 0xed, 0x05, 0x49, - 0x9c, 0x44, 0xd9, 0x87, 0xec, 0x3b, 0x30, 0x3a, 0x73, 0x6b, 0x75, 0xa6, 0x9d, 0x6c, 0xcc, 0x86, - 0x41, 0xdd, 0x6b, 0xa0, 0x8f, 0xc3, 0xb0, 0xeb, 0xb7, 0xe3, 0x84, 0x44, 0xd7, 0x9d, 0x26, 0x99, - 0xb0, 0xce, 0x5b, 0xcf, 0x55, 0xaa, 0xa7, 0xde, 0xdb, 0x9d, 0xfc, 0xd0, 0xde, 0xee, 0xe4, 0xf0, - 0xac, 0x06, 0x61, 0x13, 0x0f, 0x7d, 0x04, 0x86, 0xa2, 0xd0, 0x27, 0x33, 0xf8, 0xfa, 0x44, 0x81, - 0x3d, 0x72, 0x42, 0x3c, 0x32, 0x84, 0x79, 0x33, 0x96, 0x70, 0xfb, 0x0f, 0x0b, 0x00, 0x33, 0xad, - 0xd6, 0x4a, 0x14, 0xde, 0x26, 0x6e, 0x82, 0x3e, 0x0b, 0x65, 0x3a, 0x74, 0x35, 0x27, 0x71, 0x18, - 0xb7, 0xe1, 0x0b, 0x3f, 0x3e, 0xc5, 0xdf, 0x64, 0xca, 0x7c, 0x13, 0x3d, 0x71, 0x28, 0xf6, 0xd4, - 0xd6, 0x8b, 0x53, 0xcb, 0xeb, 0xf4, 0xf9, 0x25, 0x92, 0x38, 0x55, 0x24, 0x98, 0x81, 0x6e, 0xc3, - 0x8a, 0x2a, 0x0a, 0x60, 0x20, 0x6e, 0x11, 0x97, 0x75, 0x6c, 0xf8, 0xc2, 0xe2, 0xd4, 0x51, 0x66, - 0xe8, 0x94, 0xee, 0xf9, 0x6a, 0x8b, 0xb8, 0xd5, 0x11, 0xc1, 0x79, 0x80, 0xfe, 0xc3, 0x8c, 0x0f, - 0xda, 0x82, 0xc1, 0x38, 0x71, 0x92, 0x76, 0x3c, 0x51, 0x64, 0x1c, 0xaf, 0xe7, 0xc6, 0x91, 0x51, - 0xad, 0x8e, 0x09, 0x9e, 0x83, 0xfc, 0x3f, 0x16, 0xdc, 0xec, 0xff, 0x68, 0xc1, 0x98, 0x46, 0x5e, - 0xf4, 0xe2, 0x04, 0xfd, 0x4c, 0xc7, 0xe0, 0x4e, 0xf5, 0x37, 0xb8, 0xf4, 0x69, 0x36, 0xb4, 0x27, - 0x05, 0xb3, 0xb2, 0x6c, 0x31, 0x06, 0xb6, 0x09, 0x25, 0x2f, 0x21, 0xcd, 0x78, 0xa2, 0x70, 0xbe, - 0xf8, 0xdc, 0xf0, 0x85, 0x2b, 0x79, 0xbd, 0x67, 0x75, 0x54, 0x30, 0x2d, 0x2d, 0x50, 0xf2, 0x98, - 0x73, 0xb1, 0x7f, 0x6b, 0xc4, 0x7c, 0x3f, 0x3a, 0xe0, 0xe8, 0x45, 0x18, 0x8e, 0xc3, 0x76, 0xe4, - 0x12, 0x4c, 0x5a, 0x61, 0x3c, 0x61, 0x9d, 0x2f, 0xd2, 0xa9, 0x47, 0x67, 0xea, 0xaa, 0x6e, 0xc6, - 0x26, 0x0e, 0xfa, 0x86, 0x05, 0x23, 0x35, 0x12, 0x27, 0x5e, 0xc0, 0xf8, 0xcb, 0xce, 0xaf, 0x1d, - 0xb9, 0xf3, 0xb2, 0x71, 0x4e, 0x13, 0xaf, 0x9e, 0x16, 0x2f, 0x32, 0x62, 0x34, 0xc6, 0x38, 0xc5, - 0x9f, 0xae, 0xb8, 0x1a, 0x89, 0xdd, 0xc8, 0x6b, 0xd1, 0xff, 0x6c, 0xce, 0x18, 0x2b, 0x6e, 0x4e, - 0x83, 0xb0, 0x89, 0x87, 0x02, 0x28, 0xd1, 0x15, 0x15, 0x4f, 0x0c, 0xb0, 0xfe, 0x2f, 0x1c, 0xad, - 0xff, 0x62, 0x50, 0xe9, 0x62, 0xd5, 0xa3, 0x4f, 0xff, 0xc5, 0x98, 0xb3, 0x41, 0x5f, 0xb7, 0x60, - 0x42, 0xac, 0x78, 0x4c, 0xf8, 0x80, 0xde, 0xda, 0xf0, 0x12, 0xe2, 0x7b, 0x71, 0x32, 0x51, 0x62, - 0x7d, 0x98, 0xee, 0x6f, 0x6e, 0xcd, 0x47, 0x61, 0xbb, 0x75, 0xcd, 0x0b, 0x6a, 0xd5, 0xf3, 0x82, - 0xd3, 0xc4, 0x6c, 0x0f, 0xc2, 0xb8, 0x27, 0x4b, 0xf4, 0x2d, 0x0b, 0xce, 0x06, 0x4e, 0x93, 0xc4, - 0x2d, 0x87, 0x7e, 0x5a, 0x0e, 0xae, 0xfa, 0x8e, 0xbb, 0xc9, 0x7a, 0x34, 0x78, 0xb8, 0x1e, 0xd9, - 0xa2, 0x47, 0x67, 0xaf, 0xf7, 0x24, 0x8d, 0xef, 0xc3, 0x16, 0xfd, 0xba, 0x05, 0xe3, 0x61, 0xd4, - 0xda, 0x70, 0x02, 0x52, 0x93, 0xd0, 0x78, 0x62, 0x88, 0x2d, 0xbd, 0xcf, 0x1c, 0xed, 0x13, 0x2d, - 0x67, 0xc9, 0x2e, 0x85, 0x81, 0x97, 0x84, 0xd1, 0x2a, 0x49, 0x12, 0x2f, 0x68, 0xc4, 0xd5, 0x33, - 0x7b, 0xbb, 0x93, 0xe3, 0x1d, 0x58, 0xb8, 0xb3, 0x3f, 0xe8, 0x67, 0x61, 0x38, 0xde, 0x09, 0xdc, - 0x5b, 0x5e, 0x50, 0x0b, 0xef, 0xc6, 0x13, 0xe5, 0x3c, 0x96, 0xef, 0xaa, 0x22, 0x28, 0x16, 0xa0, - 0x66, 0x80, 0x4d, 0x6e, 0xdd, 0x3f, 0x9c, 0x9e, 0x4a, 0x95, 0xbc, 0x3f, 0x9c, 0x9e, 0x4c, 0xf7, - 0x61, 0x8b, 0x7e, 0xc9, 0x82, 0xd1, 0xd8, 0x6b, 0x04, 0x4e, 0xd2, 0x8e, 0xc8, 0x35, 0xb2, 0x13, - 0x4f, 0x00, 0xeb, 0xc8, 0xd5, 0x23, 0x8e, 0x8a, 0x41, 0xb2, 0x7a, 0x46, 0xf4, 0x71, 0xd4, 0x6c, - 0x8d, 0x71, 0x9a, 0x6f, 0xb7, 0x85, 0xa6, 0xa7, 0xf5, 0x70, 0xbe, 0x0b, 0x4d, 0x4f, 0xea, 0x9e, - 0x2c, 0xd1, 0x4f, 0xc3, 0x49, 0xde, 0xa4, 0x46, 0x36, 0x9e, 0x18, 0x61, 0x82, 0xf6, 0xf4, 0xde, - 0xee, 0xe4, 0xc9, 0xd5, 0x0c, 0x0c, 0x77, 0x60, 0xa3, 0x3b, 0x30, 0xd9, 0x22, 0x51, 0xd3, 0x4b, - 0x96, 0x03, 0x7f, 0x47, 0x8a, 0x6f, 0x37, 0x6c, 0x91, 0x9a, 0xe8, 0x4e, 0x3c, 0x31, 0x7a, 0xde, - 0x7a, 0xae, 0x5c, 0xfd, 0xb0, 0xe8, 0xe6, 0xe4, 0xca, 0xfd, 0xd1, 0xf1, 0x7e, 0xf4, 0xec, 0x7f, - 0x55, 0x80, 0x93, 0xd9, 0x8d, 0x13, 0xfd, 0xa6, 0x05, 0x27, 0x6e, 0xdf, 0x4d, 0xd6, 0xc2, 0x4d, - 0x12, 0xc4, 0xd5, 0x1d, 0x2a, 0xde, 0xd8, 0x96, 0x31, 0x7c, 0xc1, 0xcd, 0x77, 0x8b, 0x9e, 0xba, - 0x9a, 0xe6, 0x72, 0x29, 0x48, 0xa2, 0x9d, 0xea, 0xe3, 0xe2, 0xed, 0x4e, 0x5c, 0xbd, 0xb5, 0x66, - 0x42, 0x71, 0xb6, 0x53, 0x67, 0xbf, 0x6a, 0xc1, 0xe9, 0x6e, 0x24, 0xd0, 0x49, 0x28, 0x6e, 0x92, - 0x1d, 0xae, 0x95, 0x61, 0xfa, 0x13, 0xbd, 0x01, 0xa5, 0x2d, 0xc7, 0x6f, 0x13, 0xa1, 0xdd, 0xcc, - 0x1f, 0xed, 0x45, 0x54, 0xcf, 0x30, 0xa7, 0xfa, 0x13, 0x85, 0x8b, 0x96, 0xfd, 0x6f, 0x8b, 0x30, - 0x6c, 0xec, 0x6f, 0x0f, 0x40, 0x63, 0x0b, 0x53, 0x1a, 0xdb, 0x52, 0x6e, 0x5b, 0x73, 0x4f, 0x95, - 0xed, 0x6e, 0x46, 0x65, 0x5b, 0xce, 0x8f, 0xe5, 0x7d, 0x75, 0x36, 0x94, 0x40, 0x25, 0x6c, 0x51, - 0x8d, 0x9c, 0x6e, 0xfd, 0x03, 0x79, 0x7c, 0xc2, 0x65, 0x49, 0xae, 0x3a, 0xba, 0xb7, 0x3b, 0x59, - 0x51, 0x7f, 0xb1, 0x66, 0x64, 0x7f, 0xdf, 0x82, 0xd3, 0x46, 0x1f, 0x67, 0xc3, 0xa0, 0xe6, 0xb1, - 0x4f, 0x7b, 0x1e, 0x06, 0x92, 0x9d, 0x96, 0x54, 0xfb, 0xd5, 0x48, 0xad, 0xed, 0xb4, 0x08, 0x66, - 0x10, 0xaa, 0xe8, 0x37, 0x49, 0x1c, 0x3b, 0x0d, 0x92, 0x55, 0xf4, 0x97, 0x78, 0x33, 0x96, 0x70, - 0x14, 0x01, 0xf2, 0x9d, 0x38, 0x59, 0x8b, 0x9c, 0x20, 0x66, 0xe4, 0xd7, 0xbc, 0x26, 0x11, 0x03, - 0xfc, 0xff, 0xf7, 0x37, 0x63, 0xe8, 0x13, 0xd5, 0xc7, 0xf6, 0x76, 0x27, 0xd1, 0x62, 0x07, 0x25, - 0xdc, 0x85, 0xba, 0xfd, 0x2d, 0x0b, 0x1e, 0xeb, 0xae, 0x8b, 0xa1, 0x67, 0x61, 0x90, 0x9b, 0x7c, - 0xe2, 0xed, 0xf4, 0x27, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x34, 0x54, 0xd4, 0x3e, 0x21, 0xde, 0x71, - 0x5c, 0xa0, 0x56, 0xf4, 0xe6, 0xa2, 0x71, 0xe8, 0xa0, 0xd1, 0x3f, 0x42, 0x73, 0x53, 0x83, 0xc6, - 0x8c, 0x24, 0x06, 0xb1, 0xff, 0xd4, 0x82, 0x13, 0x46, 0xaf, 0x1e, 0x80, 0x6a, 0x1e, 0xa4, 0x55, - 0xf3, 0x85, 0xdc, 0xe6, 0x73, 0x0f, 0xdd, 0xfc, 0xeb, 0x16, 0x9c, 0x35, 0xb0, 0x96, 0x9c, 0xc4, - 0xdd, 0xb8, 0xb4, 0xdd, 0x8a, 0x48, 0x4c, 0xcd, 0x69, 0xf4, 0xb4, 0x21, 0xb7, 0xaa, 0xc3, 0x82, - 0x42, 0xf1, 0x1a, 0xd9, 0xe1, 0x42, 0xec, 0x79, 0x28, 0xf3, 0xc9, 0x19, 0x46, 0x62, 0xc4, 0xd5, - 0xbb, 0x2d, 0x8b, 0x76, 0xac, 0x30, 0x90, 0x0d, 0x83, 0x4c, 0x38, 0xd1, 0xc5, 0x4a, 0xb7, 0x21, - 0xa0, 0x1f, 0xf1, 0x26, 0x6b, 0xc1, 0x02, 0x62, 0x2f, 0xa7, 0xba, 0xb3, 0x12, 0x11, 0xf6, 0x71, - 0x6b, 0x97, 0x3d, 0xe2, 0xd7, 0x62, 0x6a, 0x36, 0x38, 0x41, 0x10, 0x26, 0xc2, 0x02, 0x30, 0xcc, - 0x86, 0x19, 0xdd, 0x8c, 0x4d, 0x1c, 0x7b, 0xaf, 0xc0, 0x8c, 0x0f, 0xb5, 0xac, 0xc9, 0x83, 0xb0, - 0x5c, 0xa3, 0x94, 0x1c, 0x5c, 0xc9, 0x4f, 0x28, 0x91, 0xde, 0xd6, 0xeb, 0x5b, 0x19, 0x51, 0x88, - 0x73, 0xe5, 0x7a, 0x7f, 0x0b, 0xf6, 0x77, 0x0b, 0x30, 0x99, 0x7e, 0xa0, 0x43, 0x92, 0x52, 0x73, - 0xc9, 0x60, 0x94, 0x3d, 0xa0, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x18, 0x15, 0x8e, 0x53, 0x18, - 0x99, 0xb2, 0xb2, 0xb8, 0x8f, 0xac, 0x7c, 0x56, 0x8d, 0xfa, 0x40, 0x46, 0x38, 0xa5, 0xf7, 0x8b, - 0xf3, 0x30, 0x10, 0x27, 0xa4, 0x35, 0x51, 0x4a, 0xcb, 0x9a, 0xd5, 0x84, 0xb4, 0x30, 0x83, 0xd8, - 0xff, 0xad, 0x00, 0x8f, 0xa7, 0xc7, 0x50, 0x8b, 0xf7, 0x4f, 0xa6, 0xc4, 0xfb, 0x47, 0x4d, 0xf1, - 0x7e, 0x6f, 0x77, 0xf2, 0xc9, 0x1e, 0x8f, 0xfd, 0xd0, 0x48, 0x7f, 0x34, 0x9f, 0x19, 0xc5, 0xe9, - 0xf4, 0x28, 0xde, 0xdb, 0x9d, 0x7c, 0xba, 0xc7, 0x3b, 0x66, 0x86, 0xf9, 0x59, 0x18, 0x8c, 0x88, - 0x13, 0x87, 0x81, 0x18, 0x68, 0xf5, 0x39, 0x30, 0x6b, 0xc5, 0x02, 0x6a, 0xff, 0x69, 0x39, 0x3b, - 0xd8, 0xf3, 0xfc, 0x80, 0x2d, 0x8c, 0x90, 0x07, 0x03, 0x4c, 0x65, 0xe7, 0xa2, 0xe1, 0xda, 0xd1, - 0x96, 0x11, 0x15, 0xf1, 0x8a, 0x74, 0xb5, 0x4c, 0xbf, 0x1a, 0x6d, 0xc2, 0x8c, 0x05, 0xda, 0x86, - 0xb2, 0x2b, 0x35, 0xe9, 0x42, 0x1e, 0x67, 0x4e, 0x42, 0x8f, 0xd6, 0x1c, 0x47, 0xa8, 0x2c, 0x56, - 0xea, 0xb7, 0xe2, 0x86, 0x08, 0x14, 0x1b, 0x5e, 0x22, 0x3e, 0xeb, 0x11, 0x6d, 0xa5, 0x79, 0xcf, - 0x78, 0xc5, 0x21, 0xba, 0x41, 0xcc, 0x7b, 0x09, 0xa6, 0xf4, 0xd1, 0x97, 0x2d, 0x18, 0x8e, 0xdd, - 0xe6, 0x4a, 0x14, 0x6e, 0x79, 0x35, 0x12, 0x09, 0x4d, 0xe9, 0x88, 0xa2, 0x69, 0x75, 0x76, 0x49, - 0x12, 0xd4, 0x7c, 0xb9, 0xed, 0xaa, 0x21, 0xd8, 0xe4, 0x4b, 0x2d, 0x88, 0xc7, 0xc5, 0xbb, 0xcf, - 0x11, 0xd7, 0xa3, 0x7b, 0x9b, 0x34, 0x98, 0xd8, 0x4c, 0x39, 0xb2, 0xe6, 0x38, 0xd7, 0x76, 0x37, - 0xe9, 0x7a, 0xd3, 0x1d, 0x7a, 0x72, 0x6f, 0x77, 0xf2, 0xf1, 0xd9, 0xee, 0x3c, 0x71, 0xaf, 0xce, - 0xb0, 0x01, 0x6b, 0xb5, 0x7d, 0x1f, 0x93, 0x3b, 0x6d, 0xc2, 0x8e, 0x43, 0x72, 0x18, 0xb0, 0x15, - 0x4d, 0x30, 0x33, 0x60, 0x06, 0x04, 0x9b, 0x7c, 0xd1, 0x1d, 0x18, 0x6c, 0x3a, 0x49, 0xe4, 0x6d, - 0x8b, 0x33, 0x90, 0x23, 0xea, 0xf2, 0x4b, 0x8c, 0x96, 0x66, 0xce, 0xb6, 0x7e, 0xde, 0x88, 0x05, - 0x23, 0xd4, 0x84, 0x52, 0x93, 0x44, 0x0d, 0x32, 0x51, 0xce, 0xe3, 0xbc, 0x77, 0x89, 0x92, 0xd2, - 0x0c, 0x2b, 0x54, 0xf3, 0x61, 0x6d, 0x98, 0x73, 0x41, 0x6f, 0x40, 0x39, 0x26, 0x3e, 0x71, 0xa9, - 0xee, 0x52, 0x61, 0x1c, 0x3f, 0xd6, 0xa7, 0x1e, 0xe7, 0xac, 0x13, 0x7f, 0x55, 0x3c, 0xca, 0x17, - 0x98, 0xfc, 0x87, 0x15, 0x49, 0xfb, 0x3f, 0x5b, 0x80, 0xd2, 0x12, 0xe6, 0x01, 0x68, 0x8f, 0x77, - 0xd2, 0xda, 0xe3, 0x62, 0x9e, 0x2a, 0x40, 0x0f, 0x05, 0xf2, 0xbd, 0x32, 0x64, 0x64, 0xf3, 0x75, - 0x12, 0x27, 0xa4, 0xf6, 0x81, 0x3c, 0xfd, 0x40, 0x9e, 0x7e, 0x20, 0x4f, 0x95, 0x3c, 0x5d, 0xcf, - 0xc8, 0xd3, 0x57, 0x8c, 0x55, 0xaf, 0xbd, 0x97, 0x6f, 0x2a, 0xf7, 0xa6, 0xd9, 0x03, 0x03, 0x81, - 0x4a, 0x82, 0xab, 0xab, 0xcb, 0xd7, 0xbb, 0x0a, 0xd0, 0x37, 0xd3, 0x02, 0xf4, 0xa8, 0x2c, 0x1e, - 0xb8, 0xc8, 0xfc, 0xeb, 0x05, 0x78, 0x22, 0x2d, 0x4a, 0x70, 0xe8, 0xfb, 0x61, 0x3b, 0xa1, 0x5a, - 0x32, 0xfa, 0x55, 0x0b, 0x4e, 0x36, 0xd3, 0xe6, 0x69, 0x2c, 0x4e, 0x01, 0x3f, 0x95, 0x9b, 0x9c, - 0xcb, 0xd8, 0xbf, 0xd5, 0x09, 0x21, 0xf3, 0x4e, 0x66, 0x00, 0x31, 0xee, 0xe8, 0x0b, 0x7a, 0x03, - 0x2a, 0x4d, 0x67, 0xfb, 0x46, 0xab, 0xe6, 0x24, 0xd2, 0x40, 0xe9, 0x6d, 0x57, 0xb6, 0x13, 0xcf, - 0x9f, 0xe2, 0xbe, 0xdd, 0xa9, 0x85, 0x20, 0x59, 0x8e, 0x56, 0x93, 0xc8, 0x0b, 0x1a, 0xfc, 0xec, - 0x67, 0x49, 0x92, 0xc1, 0x9a, 0xa2, 0xfd, 0x37, 0xad, 0xac, 0xa0, 0x55, 0xa3, 0x13, 0x39, 0x09, - 0x69, 0xec, 0xa0, 0xcf, 0x41, 0x89, 0x5a, 0x12, 0x72, 0x54, 0x6e, 0xe5, 0x29, 0xfd, 0x8d, 0x2f, - 0xa1, 0x37, 0x02, 0xfa, 0x2f, 0xc6, 0x9c, 0xa9, 0xfd, 0xe7, 0xa5, 0xec, 0x86, 0xc7, 0x3c, 0x7d, - 0x17, 0x00, 0x1a, 0xe1, 0x1a, 0x69, 0xb6, 0x7c, 0x3a, 0x2c, 0x16, 0x3b, 0x2e, 0x56, 0xc6, 0xf3, - 0xbc, 0x82, 0x60, 0x03, 0x0b, 0xfd, 0x65, 0x0b, 0xa0, 0x21, 0x17, 0x96, 0xdc, 0xcc, 0x6e, 0xe4, - 0xf9, 0x3a, 0x7a, 0xd9, 0xea, 0xbe, 0x28, 0x86, 0xd8, 0x60, 0x8e, 0x7e, 0xc1, 0x82, 0x72, 0x22, - 0xbb, 0xcf, 0xc5, 0xfb, 0x5a, 0x9e, 0x3d, 0x91, 0x2f, 0xad, 0xf7, 0x75, 0x35, 0x24, 0x8a, 0x2f, - 0xfa, 0x4b, 0x16, 0x40, 0xbc, 0x13, 0xb8, 0x2b, 0xa1, 0xef, 0xb9, 0x3b, 0x42, 0xea, 0xdf, 0xcc, - 0xd5, 0xc0, 0x57, 0xd4, 0xab, 0x63, 0x74, 0x34, 0xf4, 0x7f, 0x6c, 0x70, 0x46, 0x9f, 0x87, 0x72, - 0x2c, 0xa6, 0x9b, 0x90, 0xf3, 0x6b, 0xf9, 0x1e, 0x33, 0x70, 0xda, 0x42, 0x44, 0x88, 0x7f, 0x58, - 0xf1, 0x44, 0xbf, 0x6c, 0xc1, 0x89, 0x56, 0xfa, 0x50, 0x48, 0x88, 0xf4, 0xfc, 0x64, 0x40, 0xe6, - 0xd0, 0xa9, 0x7a, 0x6a, 0x6f, 0x77, 0xf2, 0x44, 0xa6, 0x11, 0x67, 0x7b, 0x61, 0x7f, 0xb7, 0x90, - 0x3a, 0x9a, 0x55, 0x67, 0x26, 0x6c, 0x32, 0xbb, 0xd2, 0x5c, 0x95, 0x6b, 0x33, 0xd7, 0xc9, 0xac, - 0x8c, 0x61, 0x3d, 0x99, 0x55, 0x53, 0x8c, 0x0d, 0xe6, 0x74, 0xdb, 0x1e, 0x77, 0xb2, 0x27, 0x33, - 0x62, 0x7d, 0xbd, 0x91, 0x67, 0x97, 0x3a, 0x0f, 0xd2, 0x9f, 0x10, 0x5d, 0x1b, 0xef, 0x00, 0xe1, - 0xce, 0x2e, 0xd9, 0xdf, 0x4d, 0x1f, 0x07, 0x1b, 0x53, 0xa3, 0x8f, 0xa3, 0xee, 0x6f, 0x58, 0x30, - 0x1c, 0x85, 0xbe, 0xef, 0x05, 0x0d, 0x3a, 0x8d, 0x85, 0x2c, 0x7e, 0xfd, 0x58, 0xc4, 0xa1, 0x98, - 0xaf, 0x6c, 0xf3, 0xc7, 0x9a, 0x27, 0x36, 0x3b, 0x60, 0x7f, 0xd1, 0x82, 0x89, 0x5e, 0xcb, 0x0d, - 0x11, 0x78, 0x52, 0xce, 0x25, 0xe5, 0xe8, 0x5d, 0x0e, 0xe6, 0x88, 0x4f, 0xd4, 0x39, 0x59, 0xb9, - 0xfa, 0x8c, 0x78, 0xcd, 0x27, 0x57, 0x7a, 0xa3, 0xe2, 0xfb, 0xd1, 0xb1, 0x7f, 0xa3, 0x90, 0x1d, - 0x51, 0x25, 0x6e, 0xbf, 0x6d, 0x75, 0x18, 0x25, 0x9f, 0x3a, 0x0e, 0x11, 0xc7, 0xcc, 0x17, 0xe5, - 0xef, 0xed, 0x8d, 0xf3, 0x10, 0x1d, 0x4a, 0xf6, 0xbf, 0x1e, 0x80, 0xfb, 0xf4, 0x4c, 0xb9, 0x0c, - 0xac, 0x5e, 0x2e, 0x83, 0x83, 0x7b, 0x21, 0xbe, 0x66, 0xc1, 0xa0, 0x4f, 0xf5, 0x23, 0x7e, 0x2c, - 0x3e, 0x7c, 0xa1, 0x76, 0x5c, 0x63, 0xcf, 0xd5, 0xb0, 0x98, 0x3b, 0x35, 0xd5, 0xc9, 0x18, 0x6f, - 0xc4, 0xa2, 0x0f, 0xe8, 0x3b, 0x56, 0xfa, 0x8c, 0x9d, 0x47, 0xa9, 0x78, 0xc7, 0xd6, 0x27, 0xe3, - 0xe0, 0x9e, 0x77, 0x4c, 0x1f, 0x09, 0xf7, 0x38, 0xd2, 0x47, 0x53, 0x00, 0x75, 0x2f, 0x70, 0x7c, - 0xef, 0x2d, 0x6a, 0xe7, 0x95, 0x98, 0x13, 0x80, 0x6d, 0x5a, 0x97, 0x55, 0x2b, 0x36, 0x30, 0xce, - 0xfe, 0x45, 0x18, 0x36, 0xde, 0xbc, 0x8b, 0x2f, 0xf6, 0xb4, 0xe9, 0x8b, 0xad, 0x18, 0x2e, 0xd4, - 0xb3, 0xaf, 0xc0, 0xc9, 0x6c, 0x07, 0x0f, 0xf2, 0xbc, 0xfd, 0x9b, 0x83, 0xd9, 0x83, 0xf1, 0x35, - 0x12, 0x35, 0x69, 0xd7, 0x3e, 0xb0, 0x8f, 0x3f, 0xb0, 0x8f, 0x3f, 0xb0, 0x8f, 0xe5, 0x1f, 0x7b, - 0xaf, 0x04, 0x29, 0xcd, 0x80, 0xf7, 0xee, 0x23, 0x30, 0x14, 0x91, 0x56, 0x78, 0x03, 0x2f, 0x0a, - 0x89, 0xab, 0xa3, 0x53, 0x79, 0x33, 0x96, 0x70, 0x2a, 0x99, 0x5b, 0x4e, 0xb2, 0x21, 0x44, 0xae, - 0x92, 0xcc, 0x2b, 0x4e, 0xb2, 0x81, 0x19, 0x04, 0xbd, 0x02, 0x63, 0x89, 0x13, 0x35, 0x48, 0x82, - 0xc9, 0x16, 0x1b, 0x04, 0xe1, 0x6c, 0x78, 0x4c, 0xe0, 0x8e, 0xad, 0xa5, 0xa0, 0x38, 0x83, 0x8d, - 0xee, 0xc0, 0xc0, 0x06, 0xf1, 0x9b, 0xc2, 0x80, 0x5f, 0xcd, 0x4f, 0x22, 0xb2, 0x77, 0xbd, 0x42, - 0xfc, 0x26, 0x5f, 0xaf, 0xf4, 0x17, 0x66, 0xac, 0xe8, 0xd7, 0xa9, 0x6c, 0xb6, 0xe3, 0x24, 0x6c, - 0x7a, 0x6f, 0x49, 0xb3, 0xfe, 0x53, 0x39, 0x33, 0xbe, 0x26, 0xe9, 0x73, 0xdb, 0x53, 0xfd, 0xc5, - 0x9a, 0x33, 0xeb, 0x47, 0xcd, 0x8b, 0x98, 0x99, 0xbe, 0x33, 0x01, 0xc7, 0xd2, 0x8f, 0x39, 0x49, - 0x9f, 0xf7, 0x43, 0xfd, 0xc5, 0x9a, 0x33, 0xda, 0x81, 0xc1, 0x96, 0xdf, 0x6e, 0x78, 0xc1, 0xc4, - 0x30, 0xeb, 0xc3, 0x8d, 0x9c, 0xfb, 0xb0, 0xc2, 0x88, 0xf3, 0xc3, 0x15, 0xfe, 0x1b, 0x0b, 0x86, - 0xe8, 0x19, 0x28, 0xb9, 0x1b, 0x4e, 0x94, 0x4c, 0x8c, 0xb0, 0x49, 0xa3, 0x6c, 0xe0, 0x59, 0xda, - 0x88, 0x39, 0x0c, 0x3d, 0x0d, 0xc5, 0x88, 0xd4, 0x59, 0x50, 0x94, 0xe1, 0x2e, 0xc7, 0xa4, 0x8e, - 0x69, 0xbb, 0xfd, 0xb7, 0x0b, 0x69, 0xe5, 0x22, 0xfd, 0xde, 0x7c, 0xb6, 0xbb, 0xed, 0x28, 0x96, - 0x76, 0xb2, 0x31, 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x45, 0x0b, 0x86, 0x6e, 0xc7, 0x61, 0x10, - 0x90, 0x44, 0x08, 0xf2, 0x9b, 0x39, 0x0f, 0xc5, 0x55, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, - 0x97, 0x76, 0x97, 0x6c, 0xbb, 0x7e, 0xbb, 0xd6, 0xe1, 0x25, 0xbd, 0xc4, 0x9b, 0xb1, 0x84, 0x53, - 0x54, 0x2f, 0xe0, 0xa8, 0x03, 0x69, 0xd4, 0x85, 0x40, 0xa0, 0x0a, 0xb8, 0xfd, 0xdb, 0x25, 0x38, - 0xd3, 0x75, 0x71, 0xd0, 0x6d, 0x9f, 0x6d, 0xac, 0x97, 0x3d, 0x9f, 0x48, 0xdf, 0x3f, 0xdb, 0xf6, - 0x6f, 0xaa, 0x56, 0x6c, 0x60, 0xa0, 0x9f, 0x07, 0x68, 0x39, 0x91, 0xd3, 0x24, 0x62, 0xbb, 0x2b, - 0x1e, 0x7d, 0x77, 0xa5, 0xfd, 0x58, 0x91, 0x34, 0xb5, 0xb5, 0xa5, 0x9a, 0x62, 0x6c, 0xb0, 0x44, - 0x1f, 0x87, 0xe1, 0x88, 0xf8, 0xc4, 0x89, 0x59, 0x4c, 0x5d, 0x36, 0x40, 0x18, 0x6b, 0x10, 0x36, - 0xf1, 0xd0, 0xb3, 0x2a, 0x4c, 0x22, 0xe3, 0x52, 0x4e, 0x87, 0x4a, 0xa0, 0xb7, 0x2d, 0x18, 0xab, - 0x7b, 0x3e, 0xd1, 0xdc, 0x45, 0x38, 0xef, 0xf2, 0xd1, 0x5f, 0xf2, 0xb2, 0x49, 0x57, 0x4b, 0xc8, - 0x54, 0x73, 0x8c, 0x33, 0xec, 0xe9, 0x67, 0xde, 0x22, 0x11, 0x13, 0xad, 0x83, 0xe9, 0xcf, 0x7c, - 0x93, 0x37, 0x63, 0x09, 0x47, 0x33, 0x70, 0xa2, 0xe5, 0xc4, 0xf1, 0x6c, 0x44, 0x6a, 0x24, 0x48, - 0x3c, 0xc7, 0xe7, 0xc1, 0xb6, 0x65, 0x1d, 0x6c, 0xb7, 0x92, 0x06, 0xe3, 0x2c, 0x3e, 0xfa, 0x34, - 0x3c, 0xee, 0x35, 0x82, 0x30, 0x22, 0x4b, 0x5e, 0x1c, 0x7b, 0x41, 0x43, 0x4f, 0x03, 0x26, 0x29, - 0xcb, 0xd5, 0x49, 0x41, 0xea, 0xf1, 0x85, 0xee, 0x68, 0xb8, 0xd7, 0xf3, 0xe8, 0x79, 0x28, 0xc7, - 0x9b, 0x5e, 0x6b, 0x36, 0xaa, 0xc5, 0xec, 0xa0, 0xb3, 0xac, 0x4f, 0x67, 0x56, 0x45, 0x3b, 0x56, - 0x18, 0xf6, 0xaf, 0x14, 0xd2, 0xe6, 0x9d, 0xb9, 0x7e, 0x50, 0x4c, 0x57, 0x49, 0x72, 0xd3, 0x89, - 0xa4, 0xe9, 0x7f, 0xc4, 0x70, 0x5d, 0x41, 0xf7, 0xa6, 0x13, 0x99, 0xeb, 0x8d, 0x31, 0xc0, 0x92, - 0x13, 0xba, 0x0d, 0x03, 0x89, 0xef, 0xe4, 0x14, 0xdf, 0x6f, 0x70, 0xd4, 0xd6, 0xf6, 0xe2, 0x4c, - 0x8c, 0x19, 0x0f, 0xf4, 0x14, 0x55, 0x5f, 0xd7, 0x65, 0x4c, 0x8f, 0xd0, 0x38, 0xd7, 0x63, 0xcc, - 0x5a, 0xed, 0xff, 0x5b, 0xee, 0x22, 0xf2, 0xd4, 0x1e, 0x83, 0x2e, 0x00, 0x50, 0x4b, 0x68, 0x25, - 0x22, 0x75, 0x6f, 0x5b, 0xec, 0xf1, 0x6a, 0x59, 0x5d, 0x57, 0x10, 0x6c, 0x60, 0xc9, 0x67, 0x56, - 0xdb, 0x75, 0xfa, 0x4c, 0xa1, 0xf3, 0x19, 0x0e, 0xc1, 0x06, 0x16, 0x7a, 0x09, 0x06, 0xbd, 0xa6, - 0xd3, 0x50, 0xa1, 0x47, 0x4f, 0xd1, 0xf5, 0xb4, 0xc0, 0x5a, 0xee, 0xed, 0x4e, 0x8e, 0xa9, 0x0e, - 0xb1, 0x26, 0x2c, 0x70, 0xd1, 0x6f, 0x58, 0x30, 0xe2, 0x86, 0xcd, 0x66, 0x18, 0x70, 0xfb, 0x41, - 0x18, 0x43, 0xb7, 0x8f, 0x6b, 0x07, 0x9e, 0x9a, 0x35, 0x98, 0x71, 0x6b, 0x48, 0x25, 0x22, 0x98, - 0x20, 0x9c, 0xea, 0x95, 0xb9, 0xec, 0x4a, 0xfb, 0x2c, 0xbb, 0xdf, 0xb1, 0x60, 0x9c, 0x3f, 0x6b, - 0x98, 0x35, 0x22, 0xe6, 0x3e, 0x3c, 0xe6, 0xd7, 0xea, 0xb0, 0xf4, 0xd4, 0x91, 0x50, 0x07, 0x1c, - 0x77, 0x76, 0x12, 0xcd, 0xc3, 0x78, 0x3d, 0x8c, 0x5c, 0x62, 0x0e, 0x84, 0x90, 0x19, 0x8a, 0xd0, - 0xe5, 0x2c, 0x02, 0xee, 0x7c, 0x06, 0xdd, 0x84, 0xc7, 0x8c, 0x46, 0x73, 0x1c, 0xb8, 0xd8, 0x38, - 0x27, 0xa8, 0x3d, 0x76, 0xb9, 0x2b, 0x16, 0xee, 0xf1, 0x74, 0xda, 0xf2, 0xaf, 0xf4, 0x61, 0xf9, - 0xbf, 0x09, 0x4f, 0xb8, 0x9d, 0x23, 0xb3, 0x15, 0xb7, 0xd7, 0xe3, 0x84, 0x29, 0x59, 0xe5, 0xea, - 0xff, 0x27, 0x08, 0x3c, 0x31, 0xdb, 0x0b, 0x11, 0xf7, 0xa6, 0x81, 0x3e, 0x07, 0xe5, 0x88, 0xb0, - 0xaf, 0x12, 0x8b, 0x00, 0xf4, 0x23, 0x9a, 0x7b, 0x5a, 0x39, 0xe4, 0x64, 0xb5, 0x58, 0x14, 0x0d, - 0x31, 0x56, 0x1c, 0xcf, 0x7e, 0x12, 0xc6, 0x3b, 0xe6, 0xf3, 0x81, 0x8c, 0xef, 0x39, 0x78, 0xac, - 0xfb, 0xcc, 0x39, 0x90, 0x09, 0xfe, 0x0f, 0x33, 0x71, 0x55, 0x86, 0xa2, 0xd7, 0xc7, 0x71, 0x8e, - 0x03, 0x45, 0x12, 0x6c, 0x09, 0x41, 0x7a, 0xf9, 0x68, 0xa3, 0x77, 0x29, 0xd8, 0xe2, 0x13, 0x9f, - 0xd9, 0xac, 0x97, 0x82, 0x2d, 0x4c, 0x69, 0xa3, 0x77, 0xac, 0x94, 0xa2, 0xc2, 0x0f, 0x81, 0x3e, - 0x73, 0x2c, 0x9a, 0x6d, 0xdf, 0xba, 0x8b, 0xfd, 0x6f, 0x0a, 0x70, 0x7e, 0x3f, 0x22, 0x7d, 0x0c, - 0xdf, 0x33, 0x30, 0x18, 0x33, 0xc7, 0x96, 0x90, 0x4c, 0xc3, 0x54, 0x2a, 0x71, 0x57, 0xd7, 0x9b, - 0x58, 0x80, 0x90, 0x0f, 0xc5, 0xa6, 0xd3, 0x12, 0x67, 0x03, 0x0b, 0x47, 0x8d, 0xa2, 0xa6, 0xff, - 0x1d, 0x7f, 0xc9, 0x69, 0x71, 0x8b, 0xd3, 0x68, 0xc0, 0x94, 0x0d, 0x4a, 0xa0, 0xe4, 0x44, 0x91, - 0x23, 0xbd, 0x28, 0xd7, 0xf2, 0xe1, 0x37, 0x43, 0x49, 0x56, 0xc7, 0xf7, 0x76, 0x27, 0x47, 0x53, - 0x4d, 0x98, 0x33, 0xb3, 0xbf, 0x36, 0x94, 0x8a, 0x24, 0x66, 0xae, 0xb1, 0x18, 0x06, 0xc5, 0x91, - 0x80, 0x95, 0x77, 0xf0, 0x3a, 0x4f, 0x05, 0x61, 0x76, 0x8c, 0x48, 0xa8, 0x13, 0xac, 0xd0, 0x57, - 0x2d, 0x96, 0xb6, 0x26, 0xa3, 0xab, 0x85, 0xf5, 0x70, 0x3c, 0x59, 0x74, 0x66, 0x32, 0x9c, 0x6c, - 0xc4, 0x26, 0x77, 0xba, 0x75, 0xb5, 0x78, 0x02, 0x46, 0xd6, 0x86, 0x90, 0x89, 0x6d, 0x12, 0x8e, - 0xb6, 0xbb, 0xb8, 0xc0, 0x72, 0x48, 0x7d, 0xea, 0xc3, 0xe9, 0xf5, 0x1d, 0x0b, 0xc6, 0xb9, 0xa6, - 0x38, 0xe7, 0xd5, 0xeb, 0x24, 0x22, 0x81, 0x4b, 0xa4, 0xae, 0x7d, 0x44, 0x27, 0xab, 0x3c, 0x87, - 0x59, 0xc8, 0x92, 0xd7, 0x7b, 0x5a, 0x07, 0x08, 0x77, 0x76, 0x06, 0xd5, 0x60, 0xc0, 0x0b, 0xea, - 0xa1, 0xd8, 0xc9, 0xab, 0x47, 0xeb, 0xd4, 0x42, 0x50, 0x0f, 0xf5, 0x6a, 0xa6, 0xff, 0x30, 0xa3, - 0x8e, 0x16, 0xe1, 0x74, 0x24, 0x4e, 0x43, 0xae, 0x78, 0x31, 0xb5, 0x59, 0x17, 0xbd, 0xa6, 0x97, - 0xb0, 0x5d, 0xb8, 0x58, 0x9d, 0xd8, 0xdb, 0x9d, 0x3c, 0x8d, 0xbb, 0xc0, 0x71, 0xd7, 0xa7, 0xd0, - 0x5b, 0x30, 0x24, 0xf3, 0xec, 0xca, 0x79, 0xd8, 0x2d, 0x9d, 0xf3, 0x5f, 0x4d, 0xa6, 0x55, 0x91, - 0x52, 0x27, 0x19, 0xda, 0xff, 0x02, 0xa0, 0xd3, 0x11, 0x85, 0x7e, 0x0e, 0x2a, 0x91, 0xca, 0xfd, - 0xb3, 0xf2, 0x08, 0xa1, 0x92, 0xdf, 0x57, 0x38, 0xc1, 0x94, 0x3e, 0xa0, 0xb3, 0xfc, 0x34, 0x47, - 0xaa, 0xb5, 0xc7, 0xda, 0x5f, 0x95, 0xc3, 0xdc, 0x16, 0x5c, 0xb5, 0x9f, 0x63, 0x27, 0x70, 0x31, - 0xe3, 0x81, 0x22, 0x18, 0xdc, 0x20, 0x8e, 0x9f, 0x6c, 0xe4, 0x73, 0x24, 0x7b, 0x85, 0xd1, 0xca, - 0x46, 0x89, 0xf3, 0x56, 0x2c, 0x38, 0xa1, 0x6d, 0x18, 0xda, 0xe0, 0x13, 0x40, 0x28, 0xd2, 0x4b, - 0x47, 0x1d, 0xdc, 0xd4, 0xac, 0xd2, 0x9f, 0x5b, 0x34, 0x60, 0xc9, 0x8e, 0xf9, 0xcf, 0x0d, 0x1f, - 0x2c, 0x5f, 0xba, 0xf9, 0x05, 0xc8, 0xf7, 0xef, 0x80, 0xfd, 0x2c, 0x8c, 0x44, 0xc4, 0x0d, 0x03, - 0xd7, 0xf3, 0x49, 0x6d, 0x46, 0x1e, 0xb7, 0x1e, 0x24, 0xac, 0xfa, 0x24, 0x35, 0x06, 0xb0, 0x41, - 0x03, 0xa7, 0x28, 0xa2, 0xaf, 0x58, 0x30, 0xa6, 0x12, 0x86, 0xe8, 0x07, 0x21, 0xe2, 0xc0, 0x72, - 0x31, 0xa7, 0xf4, 0x24, 0x46, 0xb3, 0x8a, 0xf6, 0x76, 0x27, 0xc7, 0xd2, 0x6d, 0x38, 0xc3, 0x17, - 0xbd, 0x06, 0x10, 0xae, 0x73, 0x27, 0xf9, 0x4c, 0x22, 0x4e, 0x2f, 0x0f, 0xf2, 0xaa, 0x63, 0x3c, - 0xbf, 0x42, 0x52, 0xc0, 0x06, 0x35, 0x74, 0x0d, 0x80, 0x2f, 0x9b, 0xb5, 0x9d, 0x96, 0xd4, 0xb6, - 0x65, 0x5c, 0x3c, 0xac, 0x2a, 0xc8, 0xbd, 0xdd, 0xc9, 0xce, 0xd3, 0x24, 0xe6, 0x2a, 0x36, 0x1e, - 0x47, 0x3f, 0x0b, 0x43, 0x71, 0xbb, 0xd9, 0x74, 0xd4, 0xd9, 0x66, 0x8e, 0x19, 0x1b, 0x9c, 0xae, - 0x21, 0x8a, 0x78, 0x03, 0x96, 0x1c, 0xd1, 0x6d, 0x2a, 0x54, 0x63, 0x71, 0xcc, 0xc5, 0x56, 0x11, - 0xd7, 0x09, 0x86, 0xd9, 0x3b, 0x7d, 0x42, 0x3c, 0x77, 0x1a, 0x77, 0xc1, 0xb9, 0xb7, 0x3b, 0xf9, - 0x58, 0xba, 0x7d, 0x31, 0x14, 0x39, 0x14, 0x5d, 0x69, 0xa2, 0xab, 0x32, 0xed, 0x9e, 0xbe, 0xb6, - 0xcc, 0x06, 0x7d, 0x4e, 0xa7, 0xdd, 0xb3, 0xe6, 0xde, 0x63, 0x66, 0x3e, 0x6c, 0x07, 0xe9, 0x70, - 0x1f, 0xf1, 0x36, 0x2f, 0xc1, 0x08, 0xd9, 0x4e, 0x48, 0x14, 0x38, 0xfe, 0x0d, 0xbc, 0x28, 0x8f, - 0xe9, 0xd8, 0xa4, 0xbd, 0x64, 0xb4, 0xe3, 0x14, 0x16, 0xb2, 0x95, 0x79, 0x5e, 0xd0, 0x99, 0x41, - 0xdc, 0x3c, 0x97, 0xc6, 0xb8, 0xfd, 0x7f, 0x0a, 0x29, 0x0d, 0x6a, 0x2d, 0x22, 0x04, 0x85, 0x50, - 0x0a, 0xc2, 0x9a, 0x12, 0xd6, 0x57, 0xf3, 0x11, 0xd6, 0xd7, 0xc3, 0x9a, 0x91, 0x4c, 0x4f, 0xff, - 0xc5, 0x98, 0xf3, 0x61, 0xd9, 0xc6, 0x32, 0x2d, 0x9b, 0x01, 0x84, 0x65, 0x90, 0x27, 0x67, 0x95, - 0x6d, 0xbc, 0x6c, 0x32, 0xc2, 0x69, 0xbe, 0x68, 0x13, 0x4a, 0x1b, 0x61, 0x9c, 0x48, 0x7b, 0xe1, - 0x88, 0xa6, 0xc9, 0x95, 0x30, 0x4e, 0xd8, 0xb6, 0xaf, 0x5e, 0x9b, 0xb6, 0xc4, 0x98, 0xf3, 0xb0, - 0xff, 0x8b, 0x95, 0x3a, 0x94, 0xbd, 0xc5, 0x42, 0xdf, 0xb6, 0x48, 0x40, 0xd7, 0xa1, 0x19, 0x8d, - 0xf1, 0x17, 0x32, 0x99, 0x29, 0x1f, 0xee, 0x55, 0xda, 0xe4, 0x2e, 0xa5, 0x30, 0xc5, 0x48, 0x18, - 0x81, 0x1b, 0x5f, 0xb0, 0xd2, 0x39, 0x42, 0x85, 0x3c, 0x2c, 0x02, 0x33, 0x07, 0x6e, 0xdf, 0x74, - 0x23, 0xfb, 0x1d, 0x0b, 0x86, 0xaa, 0x8e, 0xbb, 0x19, 0xd6, 0xeb, 0xe8, 0x79, 0x28, 0xd7, 0xda, - 0x91, 0x99, 0xae, 0xa4, 0xcc, 0xdd, 0x39, 0xd1, 0x8e, 0x15, 0x06, 0x9d, 0xc3, 0x75, 0xc7, 0x95, - 0x99, 0x70, 0x45, 0x3e, 0x87, 0x2f, 0xb3, 0x16, 0x2c, 0x20, 0xe8, 0xe3, 0x30, 0xdc, 0x74, 0xb6, - 0xe5, 0xc3, 0xd9, 0x13, 0xe1, 0x25, 0x0d, 0xc2, 0x26, 0x9e, 0xfd, 0x2f, 0x2d, 0x98, 0xa8, 0x3a, - 0xb1, 0xe7, 0xce, 0xb4, 0x93, 0x8d, 0xaa, 0x97, 0xac, 0xb7, 0xdd, 0x4d, 0x92, 0xf0, 0xf4, 0x47, - 0xda, 0xcb, 0x76, 0x4c, 0x97, 0x92, 0x32, 0xc4, 0x54, 0x2f, 0x6f, 0x88, 0x76, 0xac, 0x30, 0xd0, - 0x5b, 0x30, 0xdc, 0x72, 0xe2, 0xf8, 0x6e, 0x18, 0xd5, 0x30, 0xa9, 0xe7, 0x93, 0x7c, 0xbc, 0x4a, - 0xdc, 0x88, 0x24, 0x98, 0xd4, 0x85, 0x8f, 0x4f, 0xd3, 0xc7, 0x26, 0x33, 0xfb, 0xaf, 0x59, 0x30, - 0xc2, 0xdc, 0x25, 0x73, 0x24, 0x71, 0x3c, 0xbf, 0xa3, 0x82, 0x86, 0xd5, 0x67, 0x05, 0x8d, 0xf3, - 0x30, 0xb0, 0x11, 0x36, 0x49, 0xd6, 0xd5, 0x77, 0x25, 0xa4, 0x66, 0x27, 0x85, 0xa0, 0x17, 0xe9, - 0x38, 0x7b, 0x41, 0xe2, 0xd0, 0x19, 0x27, 0xcf, 0xfc, 0x4e, 0xf0, 0x31, 0x56, 0xcd, 0xd8, 0xc4, - 0xb1, 0x7f, 0xb7, 0x02, 0x43, 0xc2, 0x7b, 0xda, 0x77, 0xc6, 0xa9, 0xb4, 0x7f, 0x0b, 0x3d, 0xed, - 0xdf, 0x18, 0x06, 0x5d, 0x56, 0x9f, 0x47, 0xa8, 0x59, 0xd7, 0x72, 0x71, 0xb7, 0xf3, 0x92, 0x3f, - 0xba, 0x5b, 0xfc, 0x3f, 0x16, 0xac, 0xd0, 0x37, 0x2d, 0x38, 0xe1, 0x86, 0x41, 0x40, 0x5c, 0xad, - 0x03, 0x0c, 0xe4, 0x11, 0x40, 0x33, 0x9b, 0x26, 0xaa, 0xcf, 0xea, 0x33, 0x00, 0x9c, 0x65, 0x8f, - 0x5e, 0x86, 0x51, 0x3e, 0x66, 0x37, 0x53, 0x07, 0x95, 0xba, 0xb0, 0x82, 0x09, 0xc4, 0x69, 0x5c, - 0x34, 0xc5, 0x0f, 0x7c, 0x45, 0x09, 0x83, 0x41, 0xed, 0xf8, 0x31, 0x8a, 0x17, 0x18, 0x18, 0x28, - 0x02, 0x14, 0x91, 0x7a, 0x44, 0xe2, 0x0d, 0xe1, 0x5d, 0x66, 0xfa, 0xc7, 0xd0, 0xe1, 0x32, 0xd8, - 0x70, 0x07, 0x25, 0xdc, 0x85, 0x3a, 0xda, 0x14, 0x06, 0x58, 0x39, 0x0f, 0x91, 0x25, 0x3e, 0x73, - 0x4f, 0x3b, 0x6c, 0x12, 0x4a, 0xf1, 0x86, 0x13, 0xd5, 0x98, 0xde, 0x53, 0xe4, 0x81, 0xda, 0xab, - 0xb4, 0x01, 0xf3, 0x76, 0x34, 0x07, 0x27, 0x33, 0x65, 0x21, 0x62, 0x71, 0xa0, 0xa8, 0x02, 0x9a, - 0x33, 0x05, 0x25, 0x62, 0xdc, 0xf1, 0x84, 0x69, 0x9c, 0x0f, 0xef, 0x63, 0x9c, 0xef, 0xa8, 0x18, - 0xa6, 0x11, 0xb6, 0x1d, 0xbd, 0x9a, 0xcb, 0x00, 0xf4, 0x15, 0xb0, 0xf4, 0xf5, 0x4c, 0xc0, 0xd2, - 0x28, 0xeb, 0xc0, 0xcd, 0x7c, 0x3a, 0x70, 0xf0, 0xe8, 0xa4, 0x87, 0x19, 0x6d, 0xf4, 0xbf, 0x2d, - 0x90, 0xdf, 0x75, 0xd6, 0x71, 0x37, 0x08, 0x9d, 0x32, 0xe8, 0x15, 0x18, 0x53, 0x26, 0xe6, 0x6c, - 0xd8, 0x0e, 0x78, 0xa0, 0x51, 0x51, 0x3b, 0xf5, 0x70, 0x0a, 0x8a, 0x33, 0xd8, 0x68, 0x1a, 0x2a, - 0x74, 0x9c, 0xf8, 0xa3, 0x7c, 0x6b, 0x53, 0x66, 0xec, 0xcc, 0xca, 0x82, 0x78, 0x4a, 0xe3, 0xa0, - 0x10, 0xc6, 0x7d, 0x27, 0x4e, 0x58, 0x0f, 0xa8, 0xc5, 0x79, 0xc8, 0xfc, 0x51, 0x56, 0x15, 0x67, - 0x31, 0x4b, 0x08, 0x77, 0xd2, 0xb6, 0xbf, 0x3f, 0x00, 0xa3, 0x29, 0xc9, 0x78, 0xc0, 0x3d, 0xf1, - 0x79, 0x28, 0xcb, 0x6d, 0x2a, 0x9b, 0xc5, 0xae, 0xf6, 0x32, 0x85, 0x41, 0x37, 0xad, 0x75, 0xe2, - 0x44, 0x24, 0x62, 0x05, 0x37, 0xb2, 0x7b, 0x78, 0x55, 0x83, 0xb0, 0x89, 0xc7, 0x84, 0x72, 0xe2, - 0xc7, 0xb3, 0xbe, 0x47, 0x82, 0x84, 0x77, 0x33, 0x1f, 0xa1, 0xbc, 0xb6, 0xb8, 0x6a, 0x12, 0xd5, - 0x42, 0x39, 0x03, 0xc0, 0x59, 0xf6, 0xe8, 0x4b, 0x16, 0x8c, 0x3a, 0x77, 0x63, 0x5d, 0x44, 0x4e, - 0x84, 0x26, 0x1d, 0x71, 0x93, 0x4a, 0xd5, 0xa5, 0xe3, 0x47, 0xa2, 0xa9, 0x26, 0x9c, 0x66, 0x8a, - 0xbe, 0x6d, 0x01, 0x22, 0xdb, 0xc4, 0x95, 0xc1, 0x53, 0xa2, 0x2f, 0x83, 0x79, 0x58, 0x62, 0x97, - 0x3a, 0xe8, 0x72, 0xa9, 0xde, 0xd9, 0x8e, 0xbb, 0xf4, 0xc1, 0xfe, 0x27, 0x45, 0xb5, 0xa0, 0x74, - 0xbc, 0x9e, 0x63, 0x64, 0xc1, 0x58, 0x87, 0xcf, 0x82, 0xd1, 0x1e, 0xe5, 0x8e, 0x4c, 0x98, 0x74, - 0xd2, 0x41, 0xe1, 0x21, 0x25, 0x1d, 0xfc, 0x82, 0x95, 0xaa, 0xd7, 0x30, 0x7c, 0xe1, 0xb5, 0x7c, - 0x63, 0x05, 0xa7, 0x78, 0x3c, 0x43, 0x46, 0xba, 0xa7, 0x83, 0x1c, 0xa8, 0x34, 0x35, 0xd0, 0x0e, - 0x24, 0x0d, 0xff, 0x43, 0x11, 0x86, 0x8d, 0x9d, 0xb4, 0xab, 0x5a, 0x64, 0x3d, 0x62, 0x6a, 0x51, - 0xe1, 0x00, 0x6a, 0xd1, 0xcf, 0x43, 0xc5, 0x95, 0x52, 0x3e, 0x9f, 0x8a, 0x85, 0xd9, 0xbd, 0x43, - 0x0b, 0x7a, 0xd5, 0x84, 0x35, 0x4f, 0x34, 0x9f, 0x4a, 0x26, 0x10, 0x3b, 0xc4, 0x00, 0xdb, 0x21, - 0xba, 0x45, 0xfb, 0x8b, 0x9d, 0xa2, 0xf3, 0x19, 0x56, 0xd6, 0xa3, 0xe5, 0x89, 0xf7, 0x92, 0x11, - 0xbd, 0xbc, 0xac, 0xc7, 0xca, 0x82, 0x6c, 0xc6, 0x26, 0x8e, 0xfd, 0x7d, 0x4b, 0x7d, 0xdc, 0x07, - 0x90, 0x57, 0x7b, 0x3b, 0x9d, 0x57, 0x7b, 0x29, 0x97, 0x61, 0xee, 0x91, 0x50, 0x7b, 0x1d, 0x86, - 0x66, 0xc3, 0x66, 0xd3, 0x09, 0x6a, 0xe8, 0xc7, 0x60, 0xc8, 0xe5, 0x3f, 0xc5, 0x39, 0x0a, 0x73, - 0x9f, 0x09, 0x28, 0x96, 0x30, 0xf4, 0x14, 0x0c, 0x38, 0x51, 0x43, 0x9e, 0x9d, 0xb0, 0x08, 0x8c, - 0x99, 0xa8, 0x11, 0x63, 0xd6, 0x6a, 0xbf, 0x5d, 0x04, 0x98, 0x0d, 0x9b, 0x2d, 0x27, 0x22, 0xb5, - 0xb5, 0x90, 0x55, 0x4c, 0x3a, 0x56, 0xa7, 0x93, 0x36, 0x96, 0x1e, 0x65, 0xc7, 0x93, 0xe1, 0x7c, - 0x28, 0x3e, 0x68, 0xe7, 0xc3, 0xd7, 0x2c, 0x40, 0xf4, 0x8b, 0x84, 0x01, 0x09, 0x12, 0xed, 0x4d, - 0x9d, 0x86, 0x8a, 0x2b, 0x5b, 0x85, 0xd6, 0xa2, 0xd7, 0x9f, 0x04, 0x60, 0x8d, 0xd3, 0x87, 0xf9, - 0xf9, 0x8c, 0x14, 0x8e, 0xc5, 0x74, 0xd0, 0x22, 0x13, 0xa9, 0x42, 0x56, 0xda, 0xbf, 0x57, 0x80, - 0xc7, 0xf8, 0x7e, 0xb7, 0xe4, 0x04, 0x4e, 0x83, 0x34, 0x69, 0xaf, 0xfa, 0xf5, 0x8f, 0xbb, 0xd4, - 0xee, 0xf1, 0x64, 0x10, 0xe2, 0x51, 0x17, 0x06, 0x9f, 0xd0, 0x7c, 0x0a, 0x2f, 0x04, 0x5e, 0x82, - 0x19, 0x71, 0x14, 0x43, 0x59, 0xd6, 0xbf, 0x15, 0x82, 0x2e, 0x27, 0x46, 0x6a, 0xcd, 0x8b, 0x4d, - 0x89, 0x60, 0xc5, 0x88, 0x6a, 0x85, 0x7e, 0xe8, 0x6e, 0x62, 0xd2, 0x0a, 0x99, 0x50, 0x33, 0x62, - 0xc0, 0x16, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0xef, 0x59, 0x90, 0x15, 0xf7, 0x46, 0x6d, 0x18, 0xeb, - 0xbe, 0xb5, 0x61, 0x0e, 0x50, 0x9c, 0xe5, 0x67, 0x60, 0xd8, 0x49, 0xe8, 0x0e, 0xcd, 0x6d, 0xda, - 0xe2, 0xe1, 0xce, 0xd4, 0x97, 0xc2, 0x9a, 0x57, 0xf7, 0x98, 0x2d, 0x6b, 0x92, 0xb3, 0xff, 0xe7, - 0x00, 0x8c, 0x77, 0x04, 0x96, 0xa3, 0x8b, 0x30, 0xe2, 0x8a, 0xe9, 0xd1, 0xc2, 0xa4, 0x2e, 0x5e, - 0xc6, 0x08, 0x4c, 0xd2, 0x30, 0x9c, 0xc2, 0xec, 0x63, 0x82, 0x2e, 0xc0, 0xa9, 0x88, 0x5a, 0xd1, - 0x6d, 0x32, 0x53, 0x4f, 0x48, 0xb4, 0x4a, 0xdc, 0x30, 0xa8, 0xf1, 0x0a, 0x46, 0xc5, 0xea, 0xe3, - 0x7b, 0xbb, 0x93, 0xa7, 0x70, 0x27, 0x18, 0x77, 0x7b, 0x06, 0xb5, 0x60, 0xd4, 0x37, 0x15, 0x2c, - 0xa1, 0x5d, 0x1f, 0x4a, 0x37, 0x53, 0x1b, 0x70, 0xaa, 0x19, 0xa7, 0x19, 0xa4, 0xb5, 0xb4, 0xd2, - 0x43, 0xd2, 0xd2, 0x7e, 0x51, 0x6b, 0x69, 0xdc, 0xf9, 0xfb, 0x7a, 0xce, 0x89, 0x05, 0xc7, 0xad, - 0xa6, 0xbd, 0x0a, 0x65, 0x19, 0x18, 0xd3, 0x57, 0x40, 0x89, 0x49, 0xa7, 0x87, 0x44, 0xbb, 0x57, - 0x80, 0x2e, 0x1a, 0x3e, 0x5d, 0x67, 0x7a, 0x3b, 0x4d, 0xad, 0xb3, 0x83, 0x6d, 0xa9, 0x68, 0x9b, - 0x07, 0x05, 0xf1, 0x8d, 0xe3, 0xd3, 0x79, 0x5b, 0x28, 0x3a, 0x4e, 0x48, 0x45, 0x90, 0xab, 0x58, - 0xa1, 0x0b, 0x00, 0x5a, 0x0b, 0x12, 0xf1, 0xc1, 0xca, 0xe7, 0xa8, 0x95, 0x25, 0x6c, 0x60, 0x51, - 0x83, 0xd5, 0x0b, 0xe2, 0xc4, 0xf1, 0xfd, 0x2b, 0x5e, 0x90, 0x88, 0x93, 0x37, 0xb5, 0x43, 0x2e, - 0x68, 0x10, 0x36, 0xf1, 0xce, 0x7e, 0xc2, 0xf8, 0x2e, 0x07, 0xf9, 0x9e, 0x1b, 0xf0, 0xc4, 0xbc, - 0x97, 0xa8, 0xa8, 0x76, 0x35, 0x8f, 0xa8, 0x92, 0xa3, 0xb2, 0x34, 0xac, 0x9e, 0x59, 0x1a, 0x46, - 0x54, 0x79, 0x21, 0x1d, 0x04, 0x9f, 0x8d, 0x2a, 0xb7, 0x2f, 0xc2, 0xe9, 0x79, 0x2f, 0xb9, 0xec, - 0xf9, 0xe4, 0x80, 0x4c, 0xec, 0x2f, 0x95, 0x60, 0xc4, 0xcc, 0x22, 0x3a, 0x48, 0xa2, 0xc9, 0x37, - 0xa8, 0x1e, 0x23, 0xde, 0xce, 0x53, 0x0e, 0xa0, 0x5b, 0x47, 0x4e, 0x69, 0xea, 0x3e, 0x62, 0x86, - 0x2a, 0xa3, 0x79, 0x62, 0xb3, 0x03, 0xe8, 0x2e, 0x94, 0xea, 0x2c, 0xea, 0xb9, 0x98, 0x87, 0x5b, - 0xbb, 0xdb, 0x88, 0xea, 0x65, 0xc6, 0xe3, 0xa6, 0x39, 0x3f, 0xba, 0x43, 0x46, 0xe9, 0x54, 0x1a, - 0x23, 0x1c, 0x50, 0x24, 0xd1, 0x28, 0x8c, 0x5e, 0xa2, 0xbe, 0x74, 0x08, 0x51, 0x9f, 0x12, 0xbc, - 0x83, 0x0f, 0x49, 0xf0, 0xb2, 0x08, 0xf6, 0x64, 0x83, 0xe9, 0x6f, 0x22, 0x7e, 0x79, 0x88, 0x0d, - 0x82, 0x11, 0xc1, 0x9e, 0x02, 0xe3, 0x2c, 0xbe, 0xfd, 0xb5, 0x02, 0x8c, 0xcd, 0x07, 0xed, 0x95, - 0xf9, 0x95, 0xf6, 0xba, 0xef, 0xb9, 0xd7, 0xc8, 0x0e, 0x95, 0x6f, 0x9b, 0x64, 0x67, 0x61, 0x4e, - 0x4c, 0x43, 0x35, 0xf0, 0xd7, 0x68, 0x23, 0xe6, 0x30, 0xba, 0xa2, 0xeb, 0x5e, 0xd0, 0x20, 0x51, - 0x2b, 0xf2, 0xc4, 0xa1, 0x9c, 0xb1, 0xa2, 0x2f, 0x6b, 0x10, 0x36, 0xf1, 0x28, 0xed, 0xf0, 0x6e, - 0x40, 0xa2, 0xac, 0x36, 0xb8, 0x4c, 0x1b, 0x31, 0x87, 0x51, 0xa4, 0x24, 0x6a, 0xc7, 0x89, 0xf8, - 0xa2, 0x0a, 0x69, 0x8d, 0x36, 0x62, 0x0e, 0xa3, 0xcb, 0x25, 0x6e, 0xaf, 0x33, 0xd7, 0x7b, 0x26, - 0xe2, 0x78, 0x95, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0x9b, 0x64, 0x67, 0x8e, 0xda, 0x65, 0x99, 0x9c, - 0x80, 0x6b, 0xbc, 0x19, 0x4b, 0x38, 0x2b, 0x99, 0x94, 0x1e, 0x8e, 0x1f, 0xba, 0x92, 0x49, 0xe9, - 0xee, 0xf7, 0xb0, 0xf0, 0x7e, 0xcd, 0x82, 0x11, 0x33, 0x60, 0x06, 0x35, 0x32, 0x8a, 0xe2, 0x72, - 0x47, 0xf9, 0xbb, 0x9f, 0xea, 0x76, 0xd7, 0x47, 0xc3, 0x4b, 0xc2, 0x56, 0xfc, 0x02, 0x09, 0x1a, - 0x5e, 0x40, 0x98, 0x5b, 0x95, 0x07, 0xda, 0xa4, 0xa2, 0x71, 0x66, 0xc3, 0x1a, 0x39, 0x84, 0xa6, - 0x69, 0xdf, 0x82, 0xf1, 0x8e, 0x44, 0x90, 0x3e, 0xf6, 0xe7, 0x7d, 0xd3, 0xf0, 0x6c, 0x0c, 0xc3, - 0x94, 0x30, 0x8f, 0x92, 0x8c, 0xd1, 0x2c, 0x8c, 0x73, 0x1d, 0x82, 0x72, 0x5a, 0x75, 0x37, 0x48, - 0x53, 0x25, 0xf7, 0xb0, 0x13, 0xe0, 0x9b, 0x59, 0x20, 0xee, 0xc4, 0xb7, 0xbf, 0x6e, 0xc1, 0x68, - 0x2a, 0x37, 0x27, 0x27, 0x4d, 0x82, 0xad, 0xb4, 0x90, 0xc5, 0x6f, 0xb1, 0x20, 0xd6, 0x22, 0xdb, - 0x91, 0xf4, 0x4a, 0xd3, 0x20, 0x6c, 0xe2, 0xd9, 0xef, 0x14, 0xa0, 0x2c, 0x5d, 0xea, 0x7d, 0x74, - 0xe5, 0xab, 0x16, 0x8c, 0xaa, 0x53, 0x77, 0x76, 0x9c, 0x53, 0xc8, 0x23, 0x5a, 0x9b, 0xf6, 0x40, - 0x05, 0x18, 0x06, 0xf5, 0x50, 0xab, 0xb5, 0xd8, 0x64, 0x86, 0xd3, 0xbc, 0xd1, 0x4d, 0x80, 0x78, - 0x27, 0x4e, 0x48, 0xd3, 0x38, 0x58, 0xb2, 0x8d, 0x15, 0x37, 0xe5, 0x86, 0x11, 0xa1, 0xeb, 0xeb, - 0x7a, 0x58, 0x23, 0xab, 0x0a, 0x53, 0xeb, 0x21, 0xba, 0x0d, 0x1b, 0x94, 0xec, 0xbf, 0x5f, 0x80, - 0x93, 0xd9, 0x2e, 0xa1, 0xd7, 0x61, 0x44, 0x72, 0x37, 0xee, 0x2d, 0x91, 0x71, 0x04, 0x23, 0xd8, - 0x80, 0xdd, 0xdb, 0x9d, 0x9c, 0xec, 0xbc, 0x37, 0x66, 0xca, 0x44, 0xc1, 0x29, 0x62, 0xdc, 0xf5, - 0x21, 0x7c, 0x74, 0xd5, 0x9d, 0x99, 0x56, 0x4b, 0xf8, 0x2f, 0x0c, 0xd7, 0x87, 0x09, 0xc5, 0x19, - 0x6c, 0xb4, 0x02, 0xa7, 0x8d, 0x96, 0xeb, 0xc4, 0x6b, 0x6c, 0xac, 0x87, 0x91, 0x34, 0x4f, 0x9e, - 0xd2, 0xa1, 0x39, 0x9d, 0x38, 0xb8, 0xeb, 0x93, 0x74, 0xcb, 0x74, 0x9d, 0x96, 0xe3, 0x7a, 0xc9, - 0x8e, 0x38, 0x29, 0x53, 0xb2, 0x69, 0x56, 0xb4, 0x63, 0x85, 0x61, 0x2f, 0xc1, 0x40, 0x9f, 0x33, - 0xa8, 0x2f, 0xb5, 0xf8, 0x55, 0x28, 0x53, 0x72, 0x52, 0x47, 0xca, 0x83, 0x64, 0x08, 0x65, 0x59, - 0x7a, 0x1c, 0xd9, 0x50, 0xf4, 0x1c, 0xe9, 0x5d, 0x52, 0xaf, 0xb5, 0x10, 0xc7, 0x6d, 0x66, 0x69, - 0x52, 0x20, 0x7a, 0x06, 0x8a, 0x64, 0xbb, 0x95, 0x75, 0x23, 0x5d, 0xda, 0x6e, 0x79, 0x11, 0x89, - 0x29, 0x12, 0xd9, 0x6e, 0xa1, 0xb3, 0x50, 0xf0, 0x6a, 0x62, 0x93, 0x02, 0x81, 0x53, 0x58, 0x98, - 0xc3, 0x05, 0xaf, 0x66, 0x6f, 0x43, 0x45, 0xd5, 0x3a, 0x47, 0x9b, 0x52, 0x76, 0x5b, 0x79, 0xc4, - 0xc0, 0x48, 0xba, 0x3d, 0xa4, 0x76, 0x1b, 0x40, 0x67, 0x42, 0xe5, 0x25, 0x5f, 0xce, 0xc3, 0x80, - 0x1b, 0x8a, 0x04, 0xca, 0xb2, 0x26, 0xc3, 0x84, 0x36, 0x83, 0xd8, 0xb7, 0x60, 0xec, 0x5a, 0x10, - 0xde, 0x65, 0xc5, 0x5c, 0x59, 0xa9, 0x19, 0x4a, 0xb8, 0x4e, 0x7f, 0x64, 0x55, 0x04, 0x06, 0xc5, - 0x1c, 0xa6, 0xaa, 0xa4, 0x14, 0x7a, 0x55, 0x49, 0xb1, 0xbf, 0x60, 0xc1, 0x49, 0x95, 0xcf, 0x21, - 0xa5, 0xf1, 0x45, 0x18, 0x59, 0x6f, 0x7b, 0x7e, 0x4d, 0xfc, 0xcf, 0xda, 0xfa, 0x55, 0x03, 0x86, - 0x53, 0x98, 0xd4, 0x32, 0x59, 0xf7, 0x02, 0x27, 0xda, 0x59, 0xd1, 0xe2, 0x5f, 0x49, 0x84, 0xaa, - 0x82, 0x60, 0x03, 0xcb, 0xfe, 0xaa, 0xd9, 0x05, 0x91, 0x41, 0xd2, 0xc7, 0xc8, 0xde, 0x80, 0x92, - 0xab, 0xbc, 0x91, 0x87, 0x2a, 0xb2, 0xa5, 0x92, 0x77, 0xd9, 0x89, 0x34, 0xa7, 0x66, 0xff, 0xb3, - 0x02, 0x8c, 0xa6, 0xca, 0x27, 0x20, 0x1f, 0xca, 0xc4, 0x67, 0xe7, 0x61, 0x72, 0x8a, 0x1d, 0xb5, - 0xa6, 0x9a, 0x5a, 0x16, 0x97, 0x04, 0x5d, 0xac, 0x38, 0x3c, 0x1a, 0x4e, 0x9f, 0x8b, 0x30, 0x22, - 0x3b, 0xf4, 0x69, 0xa7, 0xe9, 0x8b, 0x55, 0xa8, 0x26, 0xc0, 0x25, 0x03, 0x86, 0x53, 0x98, 0xf6, - 0xef, 0x17, 0x61, 0x82, 0x1f, 0x20, 0xd6, 0x54, 0x5c, 0xc6, 0x92, 0xd4, 0xb2, 0xfe, 0x8a, 0x2e, - 0x72, 0xc2, 0x07, 0x72, 0xfd, 0xa8, 0xf5, 0x44, 0xbb, 0x33, 0xea, 0x2b, 0x62, 0xe0, 0x57, 0x33, - 0x11, 0x03, 0x7c, 0xb3, 0x6d, 0x1c, 0x53, 0x8f, 0x7e, 0xb8, 0x42, 0x08, 0xfe, 0x4e, 0x01, 0x4e, - 0x64, 0x8a, 0xb5, 0xa2, 0xb7, 0xd3, 0xe5, 0xd8, 0xac, 0x3c, 0x8e, 0x99, 0xee, 0x5b, 0x32, 0xf4, - 0x60, 0x45, 0xd9, 0x1e, 0xd2, 0x52, 0xb1, 0xff, 0xa0, 0x00, 0x63, 0xe9, 0x2a, 0xb3, 0x8f, 0xe0, - 0x48, 0x7d, 0x14, 0x2a, 0xac, 0x76, 0x23, 0xbb, 0x19, 0x87, 0x9f, 0x66, 0xf1, 0x12, 0x83, 0xb2, - 0x11, 0x6b, 0xf8, 0x23, 0x51, 0xeb, 0xce, 0xfe, 0xbb, 0x16, 0x9c, 0xe1, 0x6f, 0x99, 0x9d, 0x87, - 0x7f, 0xb5, 0xdb, 0xe8, 0xbe, 0x91, 0x6f, 0x07, 0x33, 0xc5, 0x79, 0xf6, 0x1b, 0x5f, 0x76, 0x23, - 0x87, 0xe8, 0x6d, 0x7a, 0x2a, 0x3c, 0x82, 0x9d, 0x3d, 0xd0, 0x64, 0xb0, 0xff, 0xa0, 0x08, 0xfa, - 0x12, 0x12, 0xe4, 0x89, 0xdc, 0x94, 0x5c, 0x8a, 0x14, 0xad, 0xee, 0x04, 0xae, 0xbe, 0xee, 0xa4, - 0x9c, 0x49, 0x4d, 0xf9, 0x25, 0x0b, 0x86, 0xbd, 0xc0, 0x4b, 0x3c, 0x87, 0x29, 0xcf, 0xf9, 0x5c, - 0xa2, 0xa0, 0xd8, 0x2d, 0x70, 0xca, 0x61, 0x64, 0x1e, 0x81, 0x2a, 0x66, 0xd8, 0xe4, 0x8c, 0x3e, - 0x2b, 0x82, 0xfa, 0x8a, 0xb9, 0x65, 0x55, 0x95, 0x33, 0x91, 0x7c, 0x2d, 0x28, 0x45, 0x24, 0x89, - 0x72, 0x4a, 0x46, 0xc4, 0x94, 0x94, 0xaa, 0x49, 0xa7, 0xaf, 0x83, 0xa3, 0xcd, 0x98, 0x33, 0xb2, - 0x63, 0x40, 0x9d, 0x63, 0x71, 0xc0, 0x80, 0xa9, 0x69, 0xa8, 0x38, 0xed, 0x24, 0x6c, 0xd2, 0x61, - 0x12, 0xa7, 0xb4, 0x3a, 0x24, 0x4c, 0x02, 0xb0, 0xc6, 0xb1, 0xdf, 0x2e, 0x41, 0x26, 0x59, 0x04, - 0x6d, 0x9b, 0x17, 0xe8, 0x58, 0xf9, 0x5e, 0xa0, 0xa3, 0x3a, 0xd3, 0xed, 0x12, 0x1d, 0xd4, 0x80, - 0x52, 0x6b, 0xc3, 0x89, 0xa5, 0x6e, 0xfc, 0xaa, 0x1c, 0xa6, 0x15, 0xda, 0x78, 0x6f, 0x77, 0xf2, - 0xa7, 0xfb, 0x3b, 0x6b, 0xa1, 0x73, 0x75, 0x9a, 0xe7, 0x5e, 0x6b, 0xd6, 0x8c, 0x06, 0xe6, 0xf4, - 0x0f, 0x72, 0x8d, 0xc4, 0x17, 0x45, 0x81, 0x4f, 0x4c, 0xe2, 0xb6, 0x9f, 0x88, 0xd9, 0xf0, 0x6a, - 0x8e, 0xab, 0x8c, 0x13, 0xd6, 0x69, 0x8e, 0xfc, 0x3f, 0x36, 0x98, 0xa2, 0xd7, 0xa1, 0x12, 0x27, - 0x4e, 0x94, 0x1c, 0x32, 0x31, 0x49, 0x0d, 0xfa, 0xaa, 0x24, 0x82, 0x35, 0x3d, 0xf4, 0x1a, 0xab, - 0xd9, 0xe6, 0xc5, 0x1b, 0x87, 0x8c, 0xc5, 0x95, 0xf5, 0xdd, 0x04, 0x05, 0x6c, 0x50, 0xa3, 0xa6, - 0x07, 0x9b, 0xdb, 0x3c, 0x00, 0xa5, 0xcc, 0x6c, 0x4b, 0x25, 0x0a, 0xb1, 0x82, 0x60, 0x03, 0xcb, - 0xfe, 0x71, 0x48, 0xe7, 0xe9, 0xa2, 0x49, 0x99, 0x16, 0xcc, 0xcf, 0x9e, 0x58, 0x4c, 0x6d, 0x2a, - 0x83, 0xf7, 0x77, 0x2c, 0x30, 0x93, 0x89, 0xd1, 0x1d, 0x9e, 0xb5, 0x6c, 0xe5, 0x71, 0xe8, 0x6e, - 0xd0, 0x9d, 0x5a, 0x72, 0x5a, 0x19, 0xef, 0x8f, 0x4c, 0x5d, 0x3e, 0xfb, 0x09, 0x28, 0x4b, 0xe8, - 0x81, 0x94, 0xba, 0xcf, 0xc3, 0xa9, 0xec, 0xf5, 0x82, 0xe2, 0xac, 0xb9, 0x11, 0x85, 0xed, 0x56, - 0xd6, 0x90, 0x64, 0xd7, 0xcf, 0x61, 0x0e, 0xa3, 0xe6, 0xd8, 0xa6, 0x17, 0xd4, 0xb2, 0x86, 0xe4, - 0x35, 0x2f, 0xa8, 0x61, 0x06, 0xe9, 0xe3, 0x1a, 0xa5, 0x7f, 0x6a, 0xc1, 0xf9, 0xfd, 0x6e, 0x41, - 0x44, 0x4f, 0xc1, 0xc0, 0x5d, 0x27, 0x92, 0x05, 0x2f, 0x99, 0xa0, 0xbc, 0xe5, 0x44, 0x01, 0x66, - 0xad, 0x68, 0x07, 0x06, 0x79, 0xd6, 0xab, 0xd0, 0xd6, 0x5f, 0xcd, 0xf7, 0x4e, 0xc6, 0x6b, 0xc4, - 0x30, 0x17, 0x78, 0xc6, 0x2d, 0x16, 0x0c, 0xed, 0xf7, 0x2d, 0x40, 0xcb, 0x5b, 0x24, 0x8a, 0xbc, - 0x9a, 0x91, 0xa7, 0x8b, 0x5e, 0x82, 0x91, 0xdb, 0xab, 0xcb, 0xd7, 0x57, 0x42, 0x2f, 0x60, 0x79, - 0xfb, 0x46, 0xa6, 0xd3, 0x55, 0xa3, 0x1d, 0xa7, 0xb0, 0xd0, 0x2c, 0x8c, 0xdf, 0xbe, 0x43, 0x8d, - 0x5f, 0xb3, 0x8a, 0x75, 0x41, 0x1f, 0x77, 0x5e, 0x7d, 0x35, 0x03, 0xc4, 0x9d, 0xf8, 0x68, 0x19, - 0xce, 0x34, 0xb9, 0xb9, 0xc1, 0x8b, 0xcf, 0x72, 0xdb, 0x43, 0x25, 0x3a, 0x3c, 0xb1, 0xb7, 0x3b, - 0x79, 0x66, 0xa9, 0x1b, 0x02, 0xee, 0xfe, 0x9c, 0xfd, 0x6e, 0x01, 0x86, 0x8d, 0x9b, 0x44, 0xfb, - 0xb0, 0xc1, 0x33, 0xa9, 0x1b, 0x85, 0x3e, 0x53, 0x37, 0x9e, 0x83, 0x72, 0x2b, 0xf4, 0x3d, 0xd7, - 0x53, 0x95, 0x58, 0x58, 0xc1, 0xc0, 0x15, 0xd1, 0x86, 0x15, 0x14, 0xdd, 0x85, 0x8a, 0xba, 0x5d, - 0x4f, 0xa4, 0x8b, 0xe6, 0x75, 0xbe, 0xa3, 0x24, 0x95, 0xbe, 0x35, 0x4f, 0xf3, 0x42, 0x36, 0x0c, - 0xb2, 0x99, 0x2f, 0xe3, 0xd0, 0x58, 0x1e, 0x0f, 0x5b, 0x12, 0x31, 0x16, 0x10, 0xfb, 0xcb, 0x43, - 0x70, 0xba, 0x5b, 0x91, 0x3b, 0xf4, 0x39, 0x18, 0xe4, 0x7d, 0xcc, 0xa7, 0x8e, 0x6a, 0x37, 0x1e, - 0xf3, 0x8c, 0xa0, 0xe8, 0x16, 0xfb, 0x8d, 0x05, 0x4f, 0xc1, 0xdd, 0x77, 0xd6, 0x85, 0xce, 0x74, - 0x3c, 0xdc, 0x17, 0x1d, 0xcd, 0x7d, 0xd1, 0xe1, 0xdc, 0x7d, 0x67, 0x1d, 0x6d, 0x43, 0xa9, 0xe1, - 0x25, 0xc4, 0x11, 0x96, 0xc3, 0xad, 0x63, 0x61, 0x4e, 0x1c, 0x2e, 0x9a, 0xd9, 0x4f, 0xcc, 0x19, - 0xa2, 0xef, 0x58, 0x70, 0x62, 0x3d, 0x9d, 0x16, 0x25, 0xb6, 0x50, 0xe7, 0x18, 0x0a, 0x19, 0xa6, - 0x19, 0xf1, 0xf2, 0xd0, 0x99, 0x46, 0x9c, 0xed, 0x0e, 0xfa, 0x45, 0x0b, 0x86, 0xea, 0x9e, 0x6f, - 0x54, 0xe9, 0x3a, 0x86, 0x8f, 0x73, 0x99, 0x31, 0xd0, 0x6a, 0x06, 0xff, 0x1f, 0x63, 0xc9, 0xb9, - 0x97, 0x0f, 0x76, 0xf0, 0xa8, 0x3e, 0xd8, 0xa1, 0x87, 0x64, 0x2b, 0xfe, 0x72, 0x01, 0x9e, 0xe9, - 0xe3, 0x1b, 0x99, 0x99, 0x2c, 0xd6, 0x3e, 0x99, 0x2c, 0xe7, 0x61, 0x20, 0x22, 0xad, 0x30, 0xbb, - 0xdf, 0xb1, 0x70, 0x2f, 0x06, 0x41, 0x4f, 0x43, 0xd1, 0x69, 0x79, 0x62, 0xbb, 0x53, 0x9b, 0xf4, - 0xcc, 0xca, 0x02, 0xa6, 0xed, 0xf4, 0x4b, 0x57, 0xd6, 0x65, 0xb2, 0x5e, 0x3e, 0xa5, 0xda, 0x7b, - 0xe5, 0xfe, 0x71, 0xeb, 0x4d, 0x41, 0xb1, 0xe6, 0x6b, 0x2f, 0xc3, 0xd9, 0xde, 0x33, 0x04, 0xbd, - 0x08, 0xc3, 0xeb, 0x91, 0x13, 0xb8, 0x1b, 0xec, 0x5a, 0x03, 0x39, 0x26, 0x2c, 0x7f, 0x41, 0x37, - 0x63, 0x13, 0xc7, 0xfe, 0xfd, 0x42, 0x77, 0x8a, 0x5c, 0x08, 0x1c, 0x64, 0x84, 0xc5, 0xf8, 0x15, - 0x7a, 0x8c, 0xdf, 0x1d, 0x28, 0x27, 0x2c, 0x7d, 0x82, 0xd4, 0x85, 0x24, 0xc9, 0x2d, 0x3d, 0x91, - 0xed, 0x35, 0x6b, 0x82, 0x38, 0x56, 0x6c, 0xa8, 0xc8, 0xf7, 0x75, 0x81, 0x2f, 0x21, 0xf2, 0x33, - 0x87, 0x86, 0x73, 0x70, 0xd2, 0xa8, 0x57, 0xca, 0xa3, 0xc7, 0xb9, 0xef, 0x5b, 0xa5, 0x54, 0xad, - 0x64, 0xe0, 0xb8, 0xe3, 0x09, 0xfb, 0xd7, 0x0a, 0xf0, 0x44, 0x4f, 0xc9, 0xa6, 0x1d, 0xf4, 0xd6, - 0x7d, 0x1c, 0xf4, 0x47, 0x9e, 0xa0, 0xe6, 0x00, 0x0f, 0x3c, 0x98, 0x01, 0x7e, 0x1e, 0xca, 0x5e, - 0x10, 0x13, 0xb7, 0x1d, 0xf1, 0x41, 0x33, 0x62, 0x29, 0x17, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x1f, - 0xf6, 0x9e, 0x6a, 0x74, 0x97, 0xfb, 0x91, 0x1d, 0xa5, 0x97, 0x61, 0xd4, 0x69, 0xb5, 0x38, 0x1e, - 0x73, 0x86, 0x66, 0x92, 0x24, 0x67, 0x4c, 0x20, 0x4e, 0xe3, 0x1a, 0x73, 0x78, 0xb0, 0xd7, 0x1c, - 0xb6, 0xff, 0xc4, 0x82, 0x0a, 0x26, 0x75, 0x5e, 0xe7, 0x16, 0xdd, 0x16, 0x43, 0x64, 0xe5, 0x51, - 0x6e, 0x84, 0xdd, 0xd1, 0xef, 0xb1, 0x32, 0x1c, 0xdd, 0x06, 0xbb, 0xb3, 0xf6, 0x6e, 0xe1, 0x40, - 0xb5, 0x77, 0x55, 0xf5, 0xd5, 0x62, 0xef, 0xea, 0xab, 0xf6, 0xbb, 0x43, 0xf4, 0xf5, 0x5a, 0xe1, - 0x6c, 0x44, 0x6a, 0x31, 0xfd, 0xbe, 0xed, 0xc8, 0xcf, 0x5e, 0x5d, 0x7a, 0x03, 0x2f, 0x62, 0xda, - 0x9e, 0x3a, 0xf1, 0x28, 0x1c, 0x28, 0x45, 0xac, 0xb8, 0x6f, 0x8a, 0xd8, 0xcb, 0x30, 0x1a, 0xc7, - 0x1b, 0x2b, 0x91, 0xb7, 0xe5, 0x24, 0xd4, 0xb4, 0x10, 0xb1, 0x34, 0x3a, 0xad, 0x63, 0xf5, 0x8a, - 0x06, 0xe2, 0x34, 0x2e, 0x9a, 0x87, 0x71, 0x9d, 0xa8, 0x45, 0xa2, 0x84, 0x85, 0xce, 0xf0, 0x99, - 0xa0, 0xb2, 0x2a, 0x74, 0x6a, 0x97, 0x40, 0xc0, 0x9d, 0xcf, 0x50, 0x89, 0x95, 0x6a, 0xa4, 0x1d, - 0x19, 0x4c, 0x4b, 0xac, 0x14, 0x1d, 0xda, 0x97, 0x8e, 0x27, 0xd0, 0x12, 0x9c, 0xe2, 0x13, 0x83, - 0xdd, 0x95, 0xad, 0xde, 0x88, 0x87, 0x3a, 0x3d, 0x29, 0x08, 0x9d, 0x9a, 0xef, 0x44, 0xc1, 0xdd, - 0x9e, 0xa3, 0x76, 0x83, 0x6a, 0x5e, 0x98, 0x13, 0xc6, 0xba, 0xb2, 0x1b, 0x14, 0x99, 0x85, 0x1a, - 0x36, 0xf1, 0xd0, 0xa7, 0xe1, 0x71, 0xfd, 0x97, 0x07, 0x29, 0xf2, 0x13, 0xac, 0x39, 0x91, 0x03, - 0xab, 0x6a, 0x7d, 0xce, 0x77, 0x45, 0xab, 0xe1, 0x5e, 0xcf, 0xa3, 0x75, 0x38, 0xab, 0x40, 0x97, - 0xa8, 0x91, 0xd6, 0x8a, 0xbc, 0x98, 0x54, 0x9d, 0x98, 0xdc, 0x88, 0x7c, 0x96, 0x35, 0x5b, 0xd1, - 0x97, 0x16, 0xcc, 0x7b, 0xc9, 0x95, 0x6e, 0x98, 0x78, 0x11, 0xdf, 0x87, 0x0a, 0x9a, 0x86, 0x0a, - 0x09, 0x9c, 0x75, 0x9f, 0x2c, 0xcf, 0x2e, 0xb0, 0x5c, 0x5a, 0xe3, 0xc0, 0xec, 0x92, 0x04, 0x60, - 0x8d, 0xa3, 0xdc, 0xb7, 0x23, 0x3d, 0x2f, 0xb9, 0x58, 0x81, 0xd3, 0x0d, 0xb7, 0x45, 0xf5, 0x00, - 0xcf, 0x25, 0x33, 0x2e, 0x73, 0x61, 0xd2, 0x0f, 0xc3, 0x6b, 0x0f, 0xab, 0xd8, 0x84, 0xf9, 0xd9, - 0x95, 0x0e, 0x1c, 0xdc, 0xf5, 0x49, 0xba, 0xc6, 0x5a, 0x51, 0xb8, 0xbd, 0x33, 0x71, 0x2a, 0xbd, - 0xc6, 0x56, 0x68, 0x23, 0xe6, 0x30, 0x74, 0x15, 0x10, 0x0b, 0x74, 0xb9, 0x92, 0x24, 0x2d, 0xa5, - 0x78, 0x4c, 0x9c, 0x66, 0xaf, 0x74, 0x56, 0x3c, 0x81, 0x2e, 0x77, 0x60, 0xe0, 0x2e, 0x4f, 0xd9, - 0x7f, 0x6c, 0xc1, 0xa8, 0x5a, 0xaf, 0x0f, 0x20, 0xd4, 0xcb, 0x4f, 0x87, 0x7a, 0xcd, 0x1f, 0x5d, - 0xe2, 0xb1, 0x9e, 0xf7, 0x88, 0x17, 0xf8, 0xf2, 0x30, 0x80, 0x96, 0x8a, 0x6a, 0x43, 0xb2, 0x7a, - 0x6e, 0x48, 0x8f, 0xac, 0x44, 0xea, 0x96, 0x38, 0x57, 0x7a, 0xb8, 0x89, 0x73, 0xab, 0x70, 0x46, - 0xaa, 0x0b, 0xfc, 0x48, 0xe6, 0x4a, 0x18, 0x2b, 0x01, 0x57, 0xae, 0x3e, 0x2d, 0x08, 0x9d, 0x59, - 0xe8, 0x86, 0x84, 0xbb, 0x3f, 0x9b, 0xd2, 0x52, 0x86, 0xf6, 0xd3, 0x52, 0xf4, 0x9a, 0x5e, 0xac, - 0xcb, 0xca, 0xa1, 0x99, 0x35, 0xbd, 0x78, 0x79, 0x15, 0x6b, 0x9c, 0xee, 0x82, 0xbd, 0x92, 0x93, - 0x60, 0x87, 0x03, 0x0b, 0x76, 0x29, 0x62, 0x86, 0x7b, 0x8a, 0x18, 0x79, 0x0a, 0x34, 0xd2, 0xf3, - 0x14, 0xe8, 0x15, 0x18, 0xf3, 0x82, 0x0d, 0x12, 0x79, 0x09, 0xa9, 0xb1, 0xb5, 0xc0, 0xc4, 0x4f, - 0x59, 0x6f, 0xeb, 0x0b, 0x29, 0x28, 0xce, 0x60, 0xa7, 0xe5, 0xe2, 0x58, 0x1f, 0x72, 0xb1, 0xc7, - 0x6e, 0x74, 0x22, 0x9f, 0xdd, 0xe8, 0xe4, 0xd1, 0x77, 0xa3, 0xf1, 0x63, 0xdd, 0x8d, 0x50, 0x2e, - 0xbb, 0x51, 0x5f, 0x82, 0xde, 0x30, 0xe8, 0x4e, 0xef, 0x63, 0xd0, 0xf5, 0xda, 0x8a, 0xce, 0x1c, - 0x7a, 0x2b, 0xea, 0xbe, 0xcb, 0x3c, 0x76, 0xa8, 0x5d, 0xe6, 0x2b, 0x05, 0x38, 0xa3, 0xe5, 0x30, - 0x9d, 0xfd, 0x5e, 0x9d, 0x4a, 0x22, 0x56, 0x7c, 0x9a, 0x47, 0xed, 0x18, 0x91, 0x87, 0x3a, 0x88, - 0x51, 0x41, 0xb0, 0x81, 0xc5, 0x02, 0xf8, 0x48, 0xc4, 0x8a, 0x16, 0x65, 0x85, 0xf4, 0xac, 0x68, - 0xc7, 0x0a, 0x83, 0xce, 0x2f, 0xfa, 0x5b, 0x04, 0x45, 0x67, 0x6b, 0x05, 0xcc, 0x6a, 0x10, 0x36, - 0xf1, 0xd0, 0x73, 0x9c, 0x09, 0x13, 0x10, 0x54, 0x50, 0x8f, 0x88, 0x6b, 0x55, 0xa4, 0x4c, 0x50, - 0x50, 0xd9, 0x1d, 0x16, 0xa9, 0x59, 0xea, 0xec, 0x0e, 0xf3, 0x34, 0x2a, 0x0c, 0xfb, 0x7f, 0x59, - 0xf0, 0x44, 0xd7, 0xa1, 0x78, 0x00, 0x9b, 0xef, 0x76, 0x7a, 0xf3, 0x5d, 0xcd, 0xcb, 0xdc, 0x30, - 0xde, 0xa2, 0xc7, 0x46, 0xfc, 0xef, 0x2d, 0x18, 0xd3, 0xf8, 0x0f, 0xe0, 0x55, 0xbd, 0xf4, 0xab, - 0xe6, 0x67, 0x59, 0x55, 0x3a, 0xde, 0xed, 0x8f, 0xd9, 0xbb, 0x71, 0x1f, 0xc6, 0x8c, 0x2b, 0xab, - 0x23, 0xed, 0x73, 0x76, 0xbf, 0x03, 0x83, 0xac, 0xd2, 0x6f, 0x9c, 0x8f, 0x2f, 0x25, 0xcd, 0x9f, - 0x85, 0x60, 0x6b, 0x5f, 0x0a, 0xfb, 0x1b, 0x63, 0xc1, 0x90, 0x95, 0xd4, 0xf2, 0x62, 0x2a, 0xcd, - 0x6b, 0x22, 0xe6, 0x51, 0x97, 0xd4, 0x12, 0xed, 0x58, 0x61, 0xd8, 0x4d, 0x98, 0x48, 0x13, 0x9f, - 0x23, 0x75, 0xe6, 0x9f, 0xef, 0xeb, 0x35, 0xa7, 0xa1, 0xe2, 0xb0, 0xa7, 0x16, 0xdb, 0x4e, 0xf6, - 0x26, 0xae, 0x19, 0x09, 0xc0, 0x1a, 0xc7, 0xfe, 0x2d, 0x0b, 0x4e, 0x75, 0x79, 0x99, 0x1c, 0x63, - 0x3d, 0x13, 0x2d, 0x05, 0xba, 0x6d, 0xb8, 0x1f, 0x81, 0xa1, 0x1a, 0xa9, 0x3b, 0xd2, 0x03, 0x6c, - 0xc8, 0xdc, 0x39, 0xde, 0x8c, 0x25, 0xdc, 0xfe, 0xef, 0x16, 0x9c, 0x48, 0xf7, 0x35, 0xa6, 0x52, - 0x93, 0xbf, 0xcc, 0x9c, 0x17, 0xbb, 0xe1, 0x16, 0x89, 0x76, 0xe8, 0x9b, 0xf3, 0x5e, 0x2b, 0xa9, - 0x39, 0xd3, 0x81, 0x81, 0xbb, 0x3c, 0xc5, 0xaa, 0xea, 0xd4, 0xd4, 0x68, 0xcb, 0x99, 0x72, 0x33, - 0xcf, 0x99, 0xa2, 0x3f, 0xa6, 0xe9, 0x38, 0x52, 0x2c, 0xb1, 0xc9, 0xdf, 0x7e, 0x7f, 0x00, 0x54, - 0x30, 0x38, 0x73, 0xbf, 0xe5, 0xe4, 0xbc, 0x4c, 0x15, 0x6d, 0x2f, 0xf6, 0x51, 0xb4, 0x5d, 0x4e, - 0x86, 0x81, 0xfb, 0xb9, 0xc6, 0xf8, 0xe9, 0x85, 0x79, 0x48, 0xa8, 0xde, 0x70, 0x4d, 0x83, 0xb0, - 0x89, 0x47, 0x7b, 0xe2, 0x7b, 0x5b, 0x84, 0x3f, 0x34, 0x98, 0xee, 0xc9, 0xa2, 0x04, 0x60, 0x8d, - 0x43, 0x7b, 0x52, 0xf3, 0xea, 0x75, 0x61, 0x8a, 0xab, 0x9e, 0xd0, 0xd1, 0xc1, 0x0c, 0xc2, 0x0b, - 0xa5, 0x85, 0x9b, 0x42, 0x3b, 0x35, 0x0a, 0xa5, 0x85, 0x9b, 0x98, 0x41, 0xa8, 0x3e, 0x15, 0x84, - 0x51, 0x93, 0xdd, 0x94, 0x56, 0x53, 0x5c, 0x84, 0x56, 0xaa, 0xf4, 0xa9, 0xeb, 0x9d, 0x28, 0xb8, - 0xdb, 0x73, 0x74, 0x06, 0xb6, 0x22, 0x52, 0xf3, 0xdc, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xd2, - 0x81, 0x81, 0xbb, 0x3c, 0x85, 0x66, 0xe0, 0x84, 0x0c, 0xe6, 0x97, 0xf9, 0x8e, 0xc3, 0xe9, 0xfc, - 0x2a, 0x9c, 0x06, 0xe3, 0x2c, 0x3e, 0x95, 0x36, 0x4d, 0x91, 0xea, 0xcc, 0x94, 0x58, 0x43, 0xda, - 0xc8, 0x14, 0x68, 0xac, 0x30, 0xec, 0x2f, 0x16, 0xe9, 0xee, 0xd8, 0xa3, 0x1e, 0xf3, 0x03, 0x73, - 0x96, 0xa7, 0x67, 0xe4, 0x40, 0x1f, 0x33, 0xf2, 0x25, 0x18, 0xb9, 0x1d, 0x87, 0x81, 0x72, 0x44, - 0x97, 0x7a, 0x3a, 0xa2, 0x0d, 0xac, 0xee, 0x8e, 0xe8, 0xc1, 0xbc, 0x1c, 0xd1, 0x43, 0x87, 0x74, - 0x44, 0x7f, 0xb7, 0x04, 0xaa, 0xa2, 0xe9, 0x75, 0x92, 0xdc, 0x0d, 0xa3, 0x4d, 0x2f, 0x68, 0xb0, - 0x24, 0x88, 0xef, 0x58, 0x30, 0xc2, 0xd7, 0xcb, 0xa2, 0x19, 0x48, 0x5c, 0xcf, 0xa9, 0xf2, 0x66, - 0x8a, 0xd9, 0xd4, 0x9a, 0xc1, 0x28, 0x73, 0x11, 0x87, 0x09, 0xc2, 0xa9, 0x1e, 0xa1, 0x9f, 0x03, - 0x90, 0xe7, 0x96, 0x75, 0x29, 0x32, 0x17, 0xf2, 0xe9, 0x1f, 0x26, 0x75, 0xad, 0x9b, 0xae, 0x29, - 0x26, 0xd8, 0x60, 0x88, 0xbe, 0x92, 0xbd, 0x49, 0xf2, 0xb3, 0xc7, 0x32, 0x36, 0xfd, 0x84, 0x58, - 0x63, 0x18, 0xf2, 0x82, 0x06, 0x9d, 0x27, 0xc2, 0x77, 0xff, 0xe1, 0x6e, 0x09, 0x44, 0x8b, 0xa1, - 0x53, 0xab, 0x3a, 0xbe, 0x13, 0xb8, 0x24, 0x5a, 0xe0, 0xe8, 0xe6, 0xcd, 0x50, 0xac, 0x01, 0x4b, - 0x42, 0x1d, 0xa5, 0x65, 0x4b, 0xfd, 0x94, 0x96, 0x3d, 0xfb, 0x49, 0x18, 0xef, 0xf8, 0x98, 0x07, - 0x8a, 0xa8, 0x3e, 0x7c, 0x30, 0xb6, 0xfd, 0xcf, 0x07, 0xf5, 0xa6, 0x75, 0x3d, 0xac, 0xf1, 0x02, - 0xa7, 0x91, 0xfe, 0xa2, 0x42, 0xf7, 0xcc, 0x71, 0x8a, 0x18, 0xb7, 0x4b, 0xa9, 0x46, 0x6c, 0xb2, - 0xa4, 0x73, 0xb4, 0xe5, 0x44, 0x24, 0x38, 0xee, 0x39, 0xba, 0xa2, 0x98, 0x60, 0x83, 0x21, 0xda, - 0x48, 0x85, 0x54, 0x5e, 0x3e, 0x7a, 0x48, 0x25, 0xcb, 0x4f, 0xee, 0x56, 0x24, 0xf1, 0x9b, 0x16, - 0x8c, 0x05, 0xa9, 0x99, 0x2b, 0xfc, 0x38, 0x6b, 0xc7, 0xb1, 0x2a, 0x78, 0x41, 0xec, 0x74, 0x1b, - 0xce, 0xf0, 0xef, 0xb6, 0xa5, 0x95, 0x0e, 0xb8, 0xa5, 0xe9, 0x4a, 0xc9, 0x83, 0xbd, 0x2a, 0x25, - 0xa3, 0x40, 0xd5, 0x76, 0x1f, 0xca, 0xbd, 0xb6, 0x3b, 0x74, 0xa9, 0xeb, 0x7e, 0x0b, 0x2a, 0x6e, - 0x44, 0x9c, 0xe4, 0x90, 0x65, 0xbe, 0x99, 0x13, 0x7b, 0x56, 0x12, 0xc0, 0x9a, 0x96, 0xfd, 0xef, - 0x8a, 0x70, 0x52, 0x8e, 0x88, 0x8c, 0xc0, 0xa2, 0xfb, 0x23, 0xe7, 0xab, 0x95, 0x5b, 0xb5, 0x3f, - 0x5e, 0x91, 0x00, 0xac, 0x71, 0xa8, 0x3e, 0xd6, 0x8e, 0xc9, 0x72, 0x8b, 0x04, 0x8b, 0xde, 0x7a, - 0x2c, 0xfc, 0x8f, 0x6a, 0xa1, 0xdc, 0xd0, 0x20, 0x6c, 0xe2, 0x51, 0x65, 0x9c, 0xeb, 0xc5, 0x71, - 0x36, 0x7a, 0x53, 0xe8, 0xdb, 0x58, 0xc2, 0xd1, 0xaf, 0x74, 0xbd, 0x20, 0x22, 0x9f, 0xb8, 0xe5, - 0x8e, 0xc0, 0xb3, 0x03, 0xde, 0x0c, 0xf1, 0xb6, 0x05, 0x27, 0x36, 0x53, 0x09, 0x64, 0x52, 0x24, - 0x1f, 0x31, 0xd5, 0x39, 0x9d, 0x95, 0xa6, 0xa7, 0x70, 0xba, 0x3d, 0xc6, 0x59, 0xee, 0xf6, 0xff, - 0xb0, 0xc0, 0x14, 0x4f, 0xfd, 0x69, 0x56, 0xc6, 0x1d, 0x57, 0x85, 0x7d, 0xee, 0xb8, 0x92, 0x4a, - 0x58, 0xb1, 0x3f, 0xa5, 0x7f, 0xe0, 0x00, 0x4a, 0x7f, 0xa9, 0xa7, 0xd6, 0xf6, 0x34, 0x14, 0xdb, - 0x5e, 0x4d, 0xe8, 0xed, 0xda, 0xdb, 0xb8, 0x30, 0x87, 0x69, 0xbb, 0xfd, 0x8f, 0x4b, 0xda, 0x4e, - 0x17, 0xe1, 0xb6, 0x3f, 0x12, 0xaf, 0x5d, 0x57, 0x99, 0xeb, 0xfc, 0xcd, 0xaf, 0x77, 0x64, 0xae, - 0xff, 0xe4, 0xc1, 0xa3, 0xa9, 0xf9, 0x00, 0xf5, 0x4a, 0x5c, 0x1f, 0xda, 0x27, 0x94, 0xfa, 0x36, - 0x94, 0xa9, 0x69, 0xc3, 0x0e, 0xdc, 0xca, 0xa9, 0x4e, 0x95, 0xaf, 0x88, 0xf6, 0x7b, 0xbb, 0x93, - 0x3f, 0x71, 0xf0, 0x6e, 0xc9, 0xa7, 0xb1, 0xa2, 0x8f, 0x62, 0xa8, 0xd0, 0xdf, 0x2c, 0xea, 0x5b, - 0x18, 0x4d, 0x37, 0x94, 0x2c, 0x92, 0x80, 0x5c, 0x42, 0xca, 0x35, 0x1f, 0x14, 0x40, 0x85, 0x5d, - 0x4e, 0xc3, 0x98, 0x72, 0xdb, 0x6a, 0x45, 0xc5, 0x5e, 0x4b, 0xc0, 0xbd, 0xdd, 0xc9, 0x97, 0x0f, - 0xce, 0x54, 0x3d, 0x8e, 0x35, 0x0b, 0xfb, 0x9d, 0x01, 0x3d, 0x77, 0x45, 0xc1, 0x82, 0x1f, 0x89, - 0xb9, 0x7b, 0x31, 0x33, 0x77, 0xcf, 0x77, 0xcc, 0xdd, 0x31, 0x7d, 0x89, 0x4a, 0x6a, 0x36, 0x3e, - 0xe8, 0x0d, 0x76, 0x7f, 0x3b, 0x9e, 0x69, 0x16, 0x77, 0xda, 0x5e, 0x44, 0xe2, 0x95, 0xa8, 0x1d, - 0x78, 0x41, 0x43, 0xdc, 0x5b, 0x69, 0x68, 0x16, 0x29, 0x30, 0xce, 0xe2, 0xb3, 0x3b, 0x2f, 0x77, - 0x02, 0xf7, 0x96, 0xb3, 0xc5, 0x67, 0x95, 0x91, 0xc3, 0xbd, 0x2a, 0xda, 0xb1, 0xc2, 0xb0, 0xdf, - 0x65, 0xbe, 0x5b, 0x23, 0xdd, 0x84, 0xce, 0x09, 0x9f, 0xdd, 0x06, 0xc4, 0x13, 0xc0, 0xd5, 0x9c, - 0xe0, 0x57, 0x00, 0x71, 0x18, 0xba, 0x0b, 0x43, 0xeb, 0xbc, 0xba, 0x7e, 0x3e, 0x15, 0xe3, 0x44, - 0xa9, 0x7e, 0x56, 0xd4, 0x55, 0xd6, 0xed, 0xbf, 0xa7, 0x7f, 0x62, 0xc9, 0xcd, 0x7e, 0x6f, 0x00, - 0x4e, 0x64, 0xee, 0x8b, 0x49, 0xd5, 0xaf, 0x29, 0xec, 0x5b, 0xbf, 0xe6, 0x33, 0x00, 0x35, 0xd2, - 0xf2, 0xc3, 0x1d, 0xa6, 0xe6, 0x0c, 0x1c, 0x58, 0xcd, 0x51, 0x9a, 0xf1, 0x9c, 0xa2, 0x82, 0x0d, - 0x8a, 0x22, 0xeb, 0x9d, 0x97, 0xc3, 0xc9, 0x64, 0xbd, 0x1b, 0x45, 0x1b, 0x07, 0x1f, 0x6c, 0xd1, - 0x46, 0x0f, 0x4e, 0xf0, 0x2e, 0xaa, 0xa4, 0x8e, 0x43, 0xe4, 0x6e, 0xb0, 0x08, 0xd9, 0xb9, 0x34, - 0x19, 0x9c, 0xa5, 0xfb, 0x30, 0xaf, 0x83, 0x42, 0x1f, 0x85, 0x8a, 0xfc, 0xce, 0xf1, 0x44, 0x45, - 0x27, 0xc6, 0xc9, 0x69, 0xc0, 0xae, 0x69, 0x12, 0x3f, 0xed, 0x6f, 0x14, 0xa8, 0x56, 0xca, 0xff, - 0xa9, 0x04, 0xe7, 0x67, 0x61, 0xd0, 0x69, 0x27, 0x1b, 0x61, 0xc7, 0x95, 0x01, 0x33, 0xac, 0x15, - 0x0b, 0x28, 0x5a, 0x84, 0x81, 0x9a, 0x4e, 0x5a, 0x3d, 0xc8, 0x28, 0xea, 0x03, 0x3e, 0x27, 0x21, - 0x98, 0x51, 0x41, 0x4f, 0xc1, 0x40, 0xe2, 0x34, 0x52, 0x77, 0xaf, 0xae, 0x39, 0x8d, 0x18, 0xb3, - 0x56, 0x73, 0xd3, 0x1c, 0xd8, 0x67, 0xd3, 0x7c, 0x19, 0x46, 0x63, 0xaf, 0x11, 0x38, 0x49, 0x3b, - 0x22, 0x86, 0x33, 0x49, 0xc7, 0x07, 0x98, 0x40, 0x9c, 0xc6, 0xb5, 0xdf, 0xaf, 0xc0, 0xe9, 0x6e, - 0x77, 0xe4, 0xe7, 0x1d, 0x0d, 0xdf, 0x8d, 0xc7, 0x83, 0x8b, 0x86, 0xef, 0xc1, 0xdd, 0x37, 0xa2, - 0xe1, 0x7d, 0x23, 0x1a, 0xfe, 0x2b, 0x16, 0x54, 0x54, 0x10, 0xb8, 0x08, 0x64, 0x7d, 0x3d, 0xff, - 0x1e, 0xa8, 0x88, 0x60, 0x11, 0x0b, 0x2c, 0xff, 0x62, 0xcd, 0xfc, 0xf8, 0xc2, 0xe3, 0xef, 0xdb, - 0xa1, 0x03, 0x85, 0xc7, 0xab, 0xdc, 0x81, 0x52, 0x1e, 0xb9, 0x03, 0x3d, 0x3e, 0x55, 0xd7, 0xdc, - 0x81, 0x6f, 0x5a, 0x30, 0xec, 0xbc, 0xd5, 0x8e, 0xc8, 0x1c, 0xd9, 0x5a, 0x6e, 0xc5, 0x42, 0xc0, - 0xbe, 0x91, 0x7f, 0x07, 0x66, 0x34, 0x13, 0x51, 0xdb, 0x58, 0x37, 0x60, 0xb3, 0x0b, 0xa9, 0x5c, - 0x81, 0xa1, 0x3c, 0x72, 0x05, 0xba, 0x75, 0x67, 0xdf, 0x5c, 0x81, 0x97, 0x61, 0xd4, 0xf5, 0xc3, - 0x80, 0xac, 0x44, 0x61, 0x12, 0xba, 0xa1, 0x2f, 0x94, 0x69, 0x25, 0x12, 0x66, 0x4d, 0x20, 0x4e, - 0xe3, 0xf6, 0x4a, 0x34, 0xa8, 0x1c, 0x35, 0xd1, 0x00, 0x1e, 0x52, 0xa2, 0xc1, 0x9f, 0x15, 0x60, - 0x72, 0x9f, 0x8f, 0x8a, 0x2e, 0xc2, 0x48, 0x18, 0x35, 0x9c, 0xc0, 0x7b, 0x8b, 0x27, 0xb5, 0x96, - 0xd2, 0xa5, 0x33, 0x96, 0x0d, 0x18, 0x4e, 0x61, 0xca, 0x50, 0xe4, 0xc1, 0x1e, 0xa1, 0xc8, 0x1f, - 0x87, 0xe1, 0x84, 0x38, 0x4d, 0x11, 0x77, 0x21, 0x0c, 0x20, 0xed, 0x50, 0xd2, 0x20, 0x6c, 0xe2, - 0xd1, 0x69, 0x34, 0xe6, 0xb8, 0x2e, 0x89, 0x63, 0x19, 0x6b, 0x2c, 0x0e, 0x67, 0x72, 0x0b, 0x64, - 0x66, 0x67, 0x5e, 0x33, 0x29, 0x16, 0x38, 0xc3, 0x92, 0x76, 0xde, 0xf1, 0x7d, 0x9e, 0x56, 0x40, - 0xe4, 0x6d, 0xea, 0xba, 0x04, 0x86, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0xf5, 0x02, 0x3c, 0x7d, 0x5f, - 0xf1, 0xd2, 0x77, 0x18, 0x78, 0x3b, 0x26, 0x51, 0xd6, 0x21, 0x73, 0x23, 0x26, 0x11, 0x66, 0x10, - 0x3e, 0x4a, 0xad, 0x96, 0x71, 0x69, 0x51, 0xde, 0x59, 0x07, 0x7c, 0x94, 0x52, 0x2c, 0x70, 0x86, - 0x65, 0x76, 0x94, 0x06, 0xfa, 0x1c, 0xa5, 0xbf, 0x57, 0x80, 0x67, 0xfa, 0x10, 0xc2, 0x39, 0x66, - 0x67, 0xa4, 0xb3, 0x5b, 0x8a, 0x0f, 0x27, 0xbb, 0xe5, 0xb0, 0xc3, 0xf5, 0x6e, 0x01, 0xce, 0xf6, - 0x96, 0x85, 0xe8, 0xa7, 0xa8, 0x11, 0x25, 0x83, 0x2d, 0xcc, 0xcc, 0x98, 0x53, 0xdc, 0x80, 0x4a, - 0x81, 0x70, 0x16, 0x17, 0x4d, 0x01, 0xb4, 0x9c, 0x64, 0x23, 0xbe, 0xb4, 0xed, 0xc5, 0x89, 0xc8, - 0xe9, 0x1c, 0xe3, 0x47, 0xe1, 0xb2, 0x15, 0x1b, 0x18, 0x94, 0x1d, 0xfb, 0x37, 0x17, 0x5e, 0x0f, - 0x13, 0xfe, 0x10, 0xd7, 0xe3, 0x4e, 0xc9, 0xe2, 0x91, 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0xe6, - 0x6c, 0xe1, 0x1d, 0xe5, 0x0a, 0x1e, 0x63, 0xb7, 0xa8, 0x5a, 0xb1, 0x81, 0x91, 0xcd, 0xf9, 0x29, - 0xf5, 0x91, 0xf3, 0xf3, 0x8f, 0x0a, 0xf0, 0x44, 0xcf, 0xbd, 0xb4, 0xbf, 0x05, 0xf8, 0xe8, 0x25, - 0xfb, 0x1c, 0x6e, 0xee, 0x1c, 0x30, 0x85, 0xe5, 0x4f, 0x7a, 0xcc, 0x34, 0x91, 0xc2, 0x92, 0xdd, - 0x2a, 0xac, 0x83, 0x6e, 0x15, 0x8f, 0xd0, 0x78, 0x76, 0x64, 0xad, 0x0c, 0x1c, 0x20, 0x6b, 0x25, - 0xf3, 0x31, 0x4a, 0x7d, 0x2e, 0xe4, 0xef, 0xf5, 0x1e, 0x5e, 0xaa, 0x7b, 0xf7, 0x75, 0x3c, 0x35, - 0x07, 0x27, 0xbd, 0x80, 0x15, 0x12, 0x5e, 0x6d, 0xaf, 0x8b, 0x8c, 0xdf, 0x42, 0xfa, 0x8e, 0xac, - 0x85, 0x0c, 0x1c, 0x77, 0x3c, 0xf1, 0x08, 0x66, 0x11, 0x1d, 0x72, 0x48, 0x3f, 0x03, 0x15, 0x45, - 0x9b, 0x47, 0x46, 0xaa, 0x0f, 0xda, 0x11, 0x19, 0xa9, 0xbe, 0xa6, 0x81, 0x45, 0x47, 0x62, 0x93, - 0xec, 0x64, 0x67, 0xe6, 0x35, 0xb2, 0xc3, 0xbc, 0xa4, 0xf6, 0xc7, 0x60, 0x44, 0x19, 0x91, 0xfd, - 0x16, 0xba, 0xb5, 0xdf, 0x19, 0x84, 0xd1, 0x54, 0x19, 0x8b, 0xd4, 0x99, 0x8d, 0xb5, 0xef, 0x99, - 0x0d, 0x8b, 0x74, 0x6d, 0x07, 0xb2, 0x94, 0xb4, 0x11, 0xe9, 0xda, 0x0e, 0x08, 0xe6, 0x30, 0x6a, - 0xba, 0xd7, 0xa2, 0x1d, 0xdc, 0x0e, 0x44, 0x44, 0x9a, 0x32, 0xdd, 0xe7, 0x58, 0x2b, 0x16, 0x50, - 0xf4, 0x05, 0x0b, 0x46, 0x62, 0x76, 0x20, 0xc8, 0x4f, 0xbc, 0xc4, 0x07, 0xbd, 0x9a, 0xc7, 0x3d, - 0xcd, 0xa2, 0x64, 0x0b, 0x73, 0x66, 0x9b, 0x2d, 0x38, 0xc5, 0x11, 0x7d, 0xc9, 0x32, 0x6f, 0xa8, - 0x1e, 0xcc, 0x23, 0x92, 0x32, 0x5b, 0x25, 0x84, 0x1f, 0x95, 0xdc, 0xff, 0xa2, 0x6a, 0x7d, 0x71, - 0xfd, 0xd0, 0x83, 0xbb, 0xb8, 0xfe, 0xa3, 0x50, 0x69, 0x3a, 0x81, 0x57, 0x27, 0x71, 0xc2, 0x4f, - 0x88, 0x64, 0xf1, 0x22, 0xd9, 0x88, 0x35, 0x9c, 0x6e, 0x76, 0x31, 0x7b, 0xb1, 0xc4, 0x38, 0xd2, - 0x61, 0x9b, 0xdd, 0xaa, 0x6e, 0xc6, 0x26, 0x8e, 0x79, 0xfe, 0x04, 0x0f, 0xf5, 0xfc, 0x69, 0x78, - 0x9f, 0xf3, 0xa7, 0x7f, 0x60, 0xc1, 0x99, 0xae, 0x5f, 0xed, 0xd1, 0x8d, 0x51, 0xb2, 0xbf, 0x55, - 0x82, 0x53, 0x5d, 0xea, 0xd1, 0xa0, 0x9d, 0x63, 0xbb, 0x71, 0x5d, 0x14, 0xbc, 0x19, 0xed, 0x39, - 0x89, 0x0f, 0x76, 0xfa, 0xab, 0x4f, 0x60, 0x8b, 0x0f, 0xf6, 0x04, 0xd6, 0x98, 0x96, 0x03, 0x0f, - 0x75, 0x5a, 0x96, 0xee, 0x3f, 0x2d, 0xd1, 0x6f, 0x5b, 0x30, 0xd1, 0xec, 0x51, 0x04, 0x51, 0x9c, - 0xaa, 0xdc, 0x3c, 0x9e, 0x12, 0x8b, 0xd5, 0xa7, 0xf6, 0x76, 0x27, 0x7b, 0xd6, 0x9e, 0xc4, 0x3d, - 0x7b, 0x65, 0xbf, 0x5f, 0x04, 0x56, 0x0c, 0x89, 0x95, 0x1f, 0xd9, 0x41, 0x9f, 0x37, 0xcb, 0x5a, - 0x59, 0x79, 0x95, 0x60, 0xe2, 0xc4, 0x55, 0x59, 0x2c, 0x3e, 0x82, 0xdd, 0xaa, 0x64, 0x65, 0x85, - 0x56, 0xa1, 0x0f, 0xa1, 0xe5, 0xcb, 0xfa, 0x61, 0xc5, 0xfc, 0xeb, 0x87, 0x55, 0xb2, 0xb5, 0xc3, - 0xee, 0xff, 0x89, 0x07, 0x1e, 0xc9, 0x4f, 0xfc, 0x37, 0x2c, 0x2e, 0x78, 0x32, 0x5f, 0x41, 0x6b, - 0x06, 0xd6, 0x7d, 0x34, 0x83, 0xe7, 0xd9, 0x4d, 0x7f, 0xf5, 0x2b, 0xc4, 0xf1, 0x85, 0x06, 0x61, - 0x5e, 0xda, 0xc7, 0xda, 0xb1, 0xc2, 0x60, 0x77, 0x73, 0xf8, 0x7e, 0x78, 0xf7, 0x52, 0xb3, 0x95, - 0xec, 0x08, 0x5d, 0x42, 0xdf, 0xcd, 0xa1, 0x20, 0xd8, 0xc0, 0xb2, 0xff, 0x56, 0x81, 0xcf, 0x40, - 0xe1, 0x57, 0xbd, 0x98, 0x29, 0x04, 0xdf, 0xbf, 0x4b, 0xf2, 0x73, 0x00, 0xae, 0xba, 0xe4, 0x4b, - 0x1c, 0x78, 0x5f, 0x39, 0xf2, 0x25, 0x49, 0x82, 0x9e, 0x7e, 0x0d, 0xdd, 0x86, 0x0d, 0x7e, 0x29, - 0x59, 0x5a, 0xdc, 0x57, 0x96, 0xa6, 0xc4, 0xca, 0xc0, 0x3e, 0xbb, 0xdd, 0x9f, 0x59, 0x90, 0xd2, - 0x88, 0x50, 0x0b, 0x4a, 0xb4, 0xbb, 0x3b, 0xf9, 0xdc, 0x5f, 0x66, 0x92, 0xa6, 0xa2, 0x51, 0x4c, - 0x7b, 0xf6, 0x13, 0x73, 0x46, 0xc8, 0x17, 0xee, 0xd7, 0x42, 0x1e, 0x77, 0xec, 0x99, 0x0c, 0xaf, - 0x84, 0xe1, 0x26, 0xf7, 0xda, 0x68, 0x57, 0xae, 0x7d, 0x11, 0xc6, 0x3b, 0x3a, 0xc5, 0x6a, 0x3e, - 0x87, 0xf2, 0xd2, 0x36, 0x63, 0xba, 0xb2, 0x1c, 0x28, 0xcc, 0x61, 0xf6, 0xbb, 0x16, 0x9c, 0xcc, - 0x92, 0x47, 0xdf, 0xb6, 0x60, 0x3c, 0xce, 0xd2, 0x3b, 0xae, 0xb1, 0x53, 0xa1, 0x49, 0x1d, 0x20, - 0xdc, 0xd9, 0x09, 0xfb, 0xcf, 0xc5, 0xe4, 0xbf, 0xe5, 0x05, 0xb5, 0xf0, 0xae, 0x52, 0x4c, 0xac, - 0x9e, 0x8a, 0x09, 0x5d, 0x8f, 0xee, 0x06, 0xa9, 0xb5, 0xfd, 0x8e, 0xe4, 0xab, 0x55, 0xd1, 0x8e, - 0x15, 0x46, 0xea, 0xfa, 0xf6, 0xe2, 0xbe, 0xd7, 0xb7, 0xbf, 0x04, 0x23, 0xe6, 0xc5, 0x84, 0x62, - 0x5e, 0x32, 0x85, 0xdc, 0xbc, 0xc3, 0x10, 0xa7, 0xb0, 0x32, 0x57, 0x53, 0x97, 0xf6, 0xbd, 0x9a, - 0xfa, 0x39, 0x28, 0x8b, 0x6b, 0x96, 0x65, 0x00, 0x1f, 0xcf, 0xec, 0x12, 0x6d, 0x58, 0x41, 0xa9, - 0x34, 0x69, 0x3a, 0x41, 0xdb, 0xf1, 0xe9, 0x08, 0x89, 0x74, 0x54, 0xb5, 0x0c, 0x97, 0x14, 0x04, - 0x1b, 0x58, 0xf4, 0x8d, 0x13, 0xaf, 0x49, 0x5e, 0x0b, 0x03, 0x19, 0xfa, 0xa2, 0xcf, 0xb4, 0x45, - 0x3b, 0x56, 0x18, 0xf6, 0x7f, 0xb5, 0x20, 0x7b, 0x47, 0x6c, 0xea, 0x94, 0xc3, 0xda, 0x37, 0x05, - 0x36, 0x9d, 0x40, 0x57, 0xe8, 0x2b, 0x81, 0xce, 0xcc, 0x6d, 0x2b, 0xde, 0x37, 0xb7, 0xed, 0xc7, - 0xf4, 0xcd, 0x21, 0x3c, 0x09, 0x6e, 0xb8, 0xdb, 0xad, 0x21, 0xc8, 0x86, 0x41, 0xd7, 0x51, 0x45, - 0x12, 0x46, 0xb8, 0xed, 0x30, 0x3b, 0xc3, 0x90, 0x04, 0xa4, 0xba, 0xfe, 0xde, 0x0f, 0xce, 0x7d, - 0xe8, 0x7b, 0x3f, 0x38, 0xf7, 0xa1, 0x3f, 0xfa, 0xc1, 0xb9, 0x0f, 0x7d, 0x61, 0xef, 0x9c, 0xf5, - 0xde, 0xde, 0x39, 0xeb, 0x7b, 0x7b, 0xe7, 0xac, 0x3f, 0xda, 0x3b, 0x67, 0xbd, 0xbf, 0x77, 0xce, - 0xfa, 0xe6, 0x7f, 0x3a, 0xf7, 0xa1, 0xd7, 0xba, 0x86, 0x2a, 0xd1, 0x1f, 0x2f, 0xb8, 0xb5, 0xe9, - 0xad, 0x0b, 0x2c, 0x5a, 0x86, 0xae, 0x86, 0x69, 0x63, 0x0a, 0x4c, 0xcb, 0xd5, 0xf0, 0xff, 0x02, - 0x00, 0x00, 0xff, 0xff, 0xbe, 0x71, 0xe6, 0x5d, 0x8f, 0xc7, 0x00, 0x00, + // 9939 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0xc7, + 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0xdc, 0xa1, 0xef, 0x8e, 0x04, 0x8f, 0xe4, 0xe1, + 0x32, 0x2c, 0x53, 0x54, 0x44, 0x02, 0xe6, 0x89, 0x52, 0x2e, 0xa6, 0x4d, 0x19, 0x0b, 0xdc, 0xe1, + 0x70, 0x07, 0x1c, 0xc0, 0x06, 0xee, 0x4e, 0x22, 0x4d, 0x51, 0x83, 0xd9, 0xde, 0xc5, 0x1c, 0x66, + 0x67, 0xf6, 0x66, 0x66, 0x71, 0x00, 0x2d, 0xcb, 0x92, 0x2d, 0xc5, 0x4a, 0xf4, 0x41, 0x85, 0xfa, + 0x61, 0x39, 0x1f, 0x8e, 0x62, 0xbb, 0x5c, 0x71, 0x25, 0xac, 0x38, 0x95, 0x1f, 0x71, 0xbe, 0x7e, + 0xd8, 0xce, 0x0f, 0xa6, 0x94, 0x54, 0x54, 0x15, 0x97, 0xe5, 0xc4, 0x0e, 0x4c, 0x21, 0x95, 0x4a, + 0x2a, 0x55, 0x71, 0x55, 0x3e, 0xfe, 0xe4, 0xca, 0x55, 0x49, 0xf5, 0x77, 0xcf, 0xec, 0xee, 0x61, + 0x01, 0x0c, 0xee, 0x4e, 0x2a, 0xfe, 0xdb, 0xed, 0xf7, 0xe6, 0xbd, 0x9e, 0x9e, 0xee, 0xd7, 0xef, + 0xbd, 0x7e, 0xef, 0x35, 0x2c, 0x36, 0xbc, 0x64, 0xa3, 0xbd, 0x3e, 0xe5, 0x86, 0xcd, 0x69, 0x27, + 0x6a, 0x84, 0xad, 0x28, 0xbc, 0xcd, 0x7e, 0xbc, 0xe0, 0xd6, 0xa6, 0xb7, 0x2e, 0x4c, 0xb7, 0x36, + 0x1b, 0xd3, 0x4e, 0xcb, 0x8b, 0xa7, 0x9d, 0x56, 0xcb, 0xf7, 0x5c, 0x27, 0xf1, 0xc2, 0x60, 0x7a, + 0xeb, 0x45, 0xc7, 0x6f, 0x6d, 0x38, 0x2f, 0x4e, 0x37, 0x48, 0x40, 0x22, 0x27, 0x21, 0xb5, 0xa9, + 0x56, 0x14, 0x26, 0x21, 0xfa, 0x49, 0x4d, 0x6d, 0x4a, 0x52, 0x63, 0x3f, 0xde, 0x74, 0x6b, 0x53, + 0x5b, 0x17, 0xa6, 0x5a, 0x9b, 0x8d, 0x29, 0x4a, 0x6d, 0xca, 0xa0, 0x36, 0x25, 0xa9, 0x9d, 0x7d, + 0xc1, 0xe8, 0x4b, 0x23, 0x6c, 0x84, 0xd3, 0x8c, 0xe8, 0x7a, 0xbb, 0xce, 0xfe, 0xb1, 0x3f, 0xec, + 0x17, 0x67, 0x76, 0xd6, 0xde, 0xbc, 0x18, 0x4f, 0x79, 0x21, 0xed, 0xde, 0xb4, 0x1b, 0x46, 0x64, + 0x7a, 0xab, 0xa3, 0x43, 0x67, 0xaf, 0x68, 0x1c, 0xb2, 0x9d, 0x90, 0x20, 0xf6, 0xc2, 0x20, 0x7e, + 0x81, 0x76, 0x81, 0x44, 0x5b, 0x24, 0x32, 0x5f, 0xcf, 0x40, 0xe8, 0x46, 0xe9, 0x25, 0x4d, 0xa9, + 0xe9, 0xb8, 0x1b, 0x5e, 0x40, 0xa2, 0x1d, 0xfd, 0x78, 0x93, 0x24, 0x4e, 0xb7, 0xa7, 0xa6, 0x7b, + 0x3d, 0x15, 0xb5, 0x83, 0xc4, 0x6b, 0x92, 0x8e, 0x07, 0x3e, 0xb1, 0xdf, 0x03, 0xb1, 0xbb, 0x41, + 0x9a, 0x4e, 0xc7, 0x73, 0x1f, 0xeb, 0xf5, 0x5c, 0x3b, 0xf1, 0xfc, 0x69, 0x2f, 0x48, 0xe2, 0x24, + 0xca, 0x3e, 0x64, 0xdf, 0x81, 0xd1, 0x99, 0x5b, 0xab, 0x33, 0xed, 0x64, 0x63, 0x36, 0x0c, 0xea, + 0x5e, 0x03, 0x7d, 0x1c, 0x86, 0x5d, 0xbf, 0x1d, 0x27, 0x24, 0xba, 0xee, 0x34, 0xc9, 0x84, 0x75, + 0xde, 0x7a, 0xae, 0x52, 0x3d, 0xf5, 0xde, 0xee, 0xe4, 0x87, 0xf6, 0x76, 0x27, 0x87, 0x67, 0x35, + 0x08, 0x9b, 0x78, 0xe8, 0x23, 0x30, 0x14, 0x85, 0x3e, 0x99, 0xc1, 0xd7, 0x27, 0x0a, 0xec, 0x91, + 0x13, 0xe2, 0x91, 0x21, 0xcc, 0x9b, 0xb1, 0x84, 0xdb, 0x7f, 0x58, 0x00, 0x98, 0x69, 0xb5, 0x56, + 0xa2, 0xf0, 0x36, 0x71, 0x13, 0xf4, 0x59, 0x28, 0xd3, 0xa1, 0xab, 0x39, 0x89, 0xc3, 0xb8, 0x0d, + 0x5f, 0xf8, 0xf1, 0x29, 0xfe, 0x26, 0x53, 0xe6, 0x9b, 0xe8, 0x89, 0x43, 0xb1, 0xa7, 0xb6, 0x5e, + 0x9c, 0x5a, 0x5e, 0xa7, 0xcf, 0x2f, 0x91, 0xc4, 0xa9, 0x22, 0xc1, 0x0c, 0x74, 0x1b, 0x56, 0x54, + 0x51, 0x00, 0x03, 0x71, 0x8b, 0xb8, 0xac, 0x63, 0xc3, 0x17, 0x16, 0xa7, 0x8e, 0x32, 0x43, 0xa7, + 0x74, 0xcf, 0x57, 0x5b, 0xc4, 0xad, 0x8e, 0x08, 0xce, 0x03, 0xf4, 0x1f, 0x66, 0x7c, 0xd0, 0x16, + 0x0c, 0xc6, 0x89, 0x93, 0xb4, 0xe3, 0x89, 0x22, 0xe3, 0x78, 0x3d, 0x37, 0x8e, 0x8c, 0x6a, 0x75, + 0x4c, 0xf0, 0x1c, 0xe4, 0xff, 0xb1, 0xe0, 0x66, 0xff, 0x27, 0x0b, 0xc6, 0x34, 0xf2, 0xa2, 0x17, + 0x27, 0xe8, 0x67, 0x3a, 0x06, 0x77, 0xaa, 0xbf, 0xc1, 0xa5, 0x4f, 0xb3, 0xa1, 0x3d, 0x29, 0x98, + 0x95, 0x65, 0x8b, 0x31, 0xb0, 0x4d, 0x28, 0x79, 0x09, 0x69, 0xc6, 0x13, 0x85, 0xf3, 0xc5, 0xe7, + 0x86, 0x2f, 0x5c, 0xc9, 0xeb, 0x3d, 0xab, 0xa3, 0x82, 0x69, 0x69, 0x81, 0x92, 0xc7, 0x9c, 0x8b, + 0xfd, 0x5b, 0x23, 0xe6, 0xfb, 0xd1, 0x01, 0x47, 0x2f, 0xc2, 0x70, 0x1c, 0xb6, 0x23, 0x97, 0x60, + 0xd2, 0x0a, 0xe3, 0x09, 0xeb, 0x7c, 0x91, 0x4e, 0x3d, 0x3a, 0x53, 0x57, 0x75, 0x33, 0x36, 0x71, + 0xd0, 0x37, 0x2c, 0x18, 0xa9, 0x91, 0x38, 0xf1, 0x02, 0xc6, 0x5f, 0x76, 0x7e, 0xed, 0xc8, 0x9d, + 0x97, 0x8d, 0x73, 0x9a, 0x78, 0xf5, 0xb4, 0x78, 0x91, 0x11, 0xa3, 0x31, 0xc6, 0x29, 0xfe, 0x74, + 0xc5, 0xd5, 0x48, 0xec, 0x46, 0x5e, 0x8b, 0xfe, 0x67, 0x73, 0xc6, 0x58, 0x71, 0x73, 0x1a, 0x84, + 0x4d, 0x3c, 0x14, 0x40, 0x89, 0xae, 0xa8, 0x78, 0x62, 0x80, 0xf5, 0x7f, 0xe1, 0x68, 0xfd, 0x17, + 0x83, 0x4a, 0x17, 0xab, 0x1e, 0x7d, 0xfa, 0x2f, 0xc6, 0x9c, 0x0d, 0xfa, 0xba, 0x05, 0x13, 0x62, + 0xc5, 0x63, 0xc2, 0x07, 0xf4, 0xd6, 0x86, 0x97, 0x10, 0xdf, 0x8b, 0x93, 0x89, 0x12, 0xeb, 0xc3, + 0x74, 0x7f, 0x73, 0x6b, 0x3e, 0x0a, 0xdb, 0xad, 0x6b, 0x5e, 0x50, 0xab, 0x9e, 0x17, 0x9c, 0x26, + 0x66, 0x7b, 0x10, 0xc6, 0x3d, 0x59, 0xa2, 0x6f, 0x59, 0x70, 0x36, 0x70, 0x9a, 0x24, 0x6e, 0x39, + 0xf4, 0xd3, 0x72, 0x70, 0xd5, 0x77, 0xdc, 0x4d, 0xd6, 0xa3, 0xc1, 0xc3, 0xf5, 0xc8, 0x16, 0x3d, + 0x3a, 0x7b, 0xbd, 0x27, 0x69, 0x7c, 0x1f, 0xb6, 0xe8, 0xd7, 0x2d, 0x18, 0x0f, 0xa3, 0xd6, 0x86, + 0x13, 0x90, 0x9a, 0x84, 0xc6, 0x13, 0x43, 0x6c, 0xe9, 0x7d, 0xe6, 0x68, 0x9f, 0x68, 0x39, 0x4b, + 0x76, 0x29, 0x0c, 0xbc, 0x24, 0x8c, 0x56, 0x49, 0x92, 0x78, 0x41, 0x23, 0xae, 0x9e, 0xd9, 0xdb, + 0x9d, 0x1c, 0xef, 0xc0, 0xc2, 0x9d, 0xfd, 0x41, 0x3f, 0x0b, 0xc3, 0xf1, 0x4e, 0xe0, 0xde, 0xf2, + 0x82, 0x5a, 0x78, 0x37, 0x9e, 0x28, 0xe7, 0xb1, 0x7c, 0x57, 0x15, 0x41, 0xb1, 0x00, 0x35, 0x03, + 0x6c, 0x72, 0xeb, 0xfe, 0xe1, 0xf4, 0x54, 0xaa, 0xe4, 0xfd, 0xe1, 0xf4, 0x64, 0xba, 0x0f, 0x5b, + 0xf4, 0x4b, 0x16, 0x8c, 0xc6, 0x5e, 0x23, 0x70, 0x92, 0x76, 0x44, 0xae, 0x91, 0x9d, 0x78, 0x02, + 0x58, 0x47, 0xae, 0x1e, 0x71, 0x54, 0x0c, 0x92, 0xd5, 0x33, 0xa2, 0x8f, 0xa3, 0x66, 0x6b, 0x8c, + 0xd3, 0x7c, 0xbb, 0x2d, 0x34, 0x3d, 0xad, 0x87, 0xf3, 0x5d, 0x68, 0x7a, 0x52, 0xf7, 0x64, 0x89, + 0x7e, 0x1a, 0x4e, 0xf2, 0x26, 0x35, 0xb2, 0xf1, 0xc4, 0x08, 0x13, 0xb4, 0xa7, 0xf7, 0x76, 0x27, + 0x4f, 0xae, 0x66, 0x60, 0xb8, 0x03, 0x1b, 0xdd, 0x81, 0xc9, 0x16, 0x89, 0x9a, 0x5e, 0xb2, 0x1c, + 0xf8, 0x3b, 0x52, 0x7c, 0xbb, 0x61, 0x8b, 0xd4, 0x44, 0x77, 0xe2, 0x89, 0xd1, 0xf3, 0xd6, 0x73, + 0xe5, 0xea, 0x87, 0x45, 0x37, 0x27, 0x57, 0xee, 0x8f, 0x8e, 0xf7, 0xa3, 0x67, 0xff, 0xeb, 0x02, + 0x9c, 0xcc, 0x6e, 0x9c, 0xe8, 0x37, 0x2d, 0x38, 0x71, 0xfb, 0x6e, 0xb2, 0x16, 0x6e, 0x92, 0x20, + 0xae, 0xee, 0x50, 0xf1, 0xc6, 0xb6, 0x8c, 0xe1, 0x0b, 0x6e, 0xbe, 0x5b, 0xf4, 0xd4, 0xd5, 0x34, + 0x97, 0x4b, 0x41, 0x12, 0xed, 0x54, 0x1f, 0x17, 0x6f, 0x77, 0xe2, 0xea, 0xad, 0x35, 0x13, 0x8a, + 0xb3, 0x9d, 0x3a, 0xfb, 0x55, 0x0b, 0x4e, 0x77, 0x23, 0x81, 0x4e, 0x42, 0x71, 0x93, 0xec, 0x70, + 0xad, 0x0c, 0xd3, 0x9f, 0xe8, 0x0d, 0x28, 0x6d, 0x39, 0x7e, 0x9b, 0x08, 0xed, 0x66, 0xfe, 0x68, + 0x2f, 0xa2, 0x7a, 0x86, 0x39, 0xd5, 0x9f, 0x28, 0x5c, 0xb4, 0xec, 0x7f, 0x57, 0x84, 0x61, 0x63, + 0x7f, 0x7b, 0x00, 0x1a, 0x5b, 0x98, 0xd2, 0xd8, 0x96, 0x72, 0xdb, 0x9a, 0x7b, 0xaa, 0x6c, 0x77, + 0x33, 0x2a, 0xdb, 0x72, 0x7e, 0x2c, 0xef, 0xab, 0xb3, 0xa1, 0x04, 0x2a, 0x61, 0x8b, 0x6a, 0xe4, + 0x74, 0xeb, 0x1f, 0xc8, 0xe3, 0x13, 0x2e, 0x4b, 0x72, 0xd5, 0xd1, 0xbd, 0xdd, 0xc9, 0x8a, 0xfa, + 0x8b, 0x35, 0x23, 0xfb, 0xfb, 0x16, 0x9c, 0x36, 0xfa, 0x38, 0x1b, 0x06, 0x35, 0x8f, 0x7d, 0xda, + 0xf3, 0x30, 0x90, 0xec, 0xb4, 0xa4, 0xda, 0xaf, 0x46, 0x6a, 0x6d, 0xa7, 0x45, 0x30, 0x83, 0x50, + 0x45, 0xbf, 0x49, 0xe2, 0xd8, 0x69, 0x90, 0xac, 0xa2, 0xbf, 0xc4, 0x9b, 0xb1, 0x84, 0xa3, 0x08, + 0x90, 0xef, 0xc4, 0xc9, 0x5a, 0xe4, 0x04, 0x31, 0x23, 0xbf, 0xe6, 0x35, 0x89, 0x18, 0xe0, 0xbf, + 0xd8, 0xdf, 0x8c, 0xa1, 0x4f, 0x54, 0x1f, 0xdb, 0xdb, 0x9d, 0x44, 0x8b, 0x1d, 0x94, 0x70, 0x17, + 0xea, 0xf6, 0xb7, 0x2c, 0x78, 0xac, 0xbb, 0x2e, 0x86, 0x9e, 0x85, 0x41, 0x6e, 0xf2, 0x89, 0xb7, + 0xd3, 0x9f, 0x84, 0xb5, 0x62, 0x01, 0x45, 0xd3, 0x50, 0x51, 0xfb, 0x84, 0x78, 0xc7, 0x71, 0x81, + 0x5a, 0xd1, 0x9b, 0x8b, 0xc6, 0xa1, 0x83, 0x46, 0xff, 0x08, 0xcd, 0x4d, 0x0d, 0x1a, 0x33, 0x92, + 0x18, 0xc4, 0xfe, 0x53, 0x0b, 0x4e, 0x18, 0xbd, 0x7a, 0x00, 0xaa, 0x79, 0x90, 0x56, 0xcd, 0x17, + 0x72, 0x9b, 0xcf, 0x3d, 0x74, 0xf3, 0xaf, 0x5b, 0x70, 0xd6, 0xc0, 0x5a, 0x72, 0x12, 0x77, 0xe3, + 0xd2, 0x76, 0x2b, 0x22, 0x31, 0x35, 0xa7, 0xd1, 0xd3, 0x86, 0xdc, 0xaa, 0x0e, 0x0b, 0x0a, 0xc5, + 0x6b, 0x64, 0x87, 0x0b, 0xb1, 0xe7, 0xa1, 0xcc, 0x27, 0x67, 0x18, 0x89, 0x11, 0x57, 0xef, 0xb6, + 0x2c, 0xda, 0xb1, 0xc2, 0x40, 0x36, 0x0c, 0x32, 0xe1, 0x44, 0x17, 0x2b, 0xdd, 0x86, 0x80, 0x7e, + 0xc4, 0x9b, 0xac, 0x05, 0x0b, 0x88, 0xbd, 0x9c, 0xea, 0xce, 0x4a, 0x44, 0xd8, 0xc7, 0xad, 0x5d, + 0xf6, 0x88, 0x5f, 0x8b, 0xa9, 0xd9, 0xe0, 0x04, 0x41, 0x98, 0x08, 0x0b, 0xc0, 0x30, 0x1b, 0x66, + 0x74, 0x33, 0x36, 0x71, 0xec, 0xbd, 0x02, 0x33, 0x3e, 0xd4, 0xb2, 0x26, 0x0f, 0xc2, 0x72, 0x8d, + 0x52, 0x72, 0x70, 0x25, 0x3f, 0xa1, 0x44, 0x7a, 0x5b, 0xaf, 0x6f, 0x65, 0x44, 0x21, 0xce, 0x95, + 0xeb, 0xfd, 0x2d, 0xd8, 0xdf, 0x2d, 0xc0, 0x64, 0xfa, 0x81, 0x0e, 0x49, 0x4a, 0xcd, 0x25, 0x83, + 0x51, 0xd6, 0x41, 0x61, 0xe0, 0x63, 0x13, 0xaf, 0x87, 0x30, 0x2a, 0x1c, 0xa7, 0x30, 0x32, 0x65, + 0x65, 0x71, 0x1f, 0x59, 0xf9, 0xac, 0x1a, 0xf5, 0x81, 0x8c, 0x70, 0x4a, 0xef, 0x17, 0xe7, 0x61, + 0x20, 0x4e, 0x48, 0x6b, 0xa2, 0x94, 0x96, 0x35, 0xab, 0x09, 0x69, 0x61, 0x06, 0xb1, 0xff, 0x7b, + 0x01, 0x1e, 0x4f, 0x8f, 0xa1, 0x16, 0xef, 0x9f, 0x4c, 0x89, 0xf7, 0x8f, 0x9a, 0xe2, 0xfd, 0xde, + 0xee, 0xe4, 0x93, 0x3d, 0x1e, 0xfb, 0xa1, 0x91, 0xfe, 0x68, 0x3e, 0x33, 0x8a, 0xd3, 0xe9, 0x51, + 0xbc, 0xb7, 0x3b, 0xf9, 0x74, 0x8f, 0x77, 0xcc, 0x0c, 0xf3, 0xb3, 0x30, 0x18, 0x11, 0x27, 0x0e, + 0x03, 0x31, 0xd0, 0xea, 0x73, 0x60, 0xd6, 0x8a, 0x05, 0xd4, 0xfe, 0xd3, 0x72, 0x76, 0xb0, 0xe7, + 0xb9, 0x83, 0x2d, 0x8c, 0x90, 0x07, 0x03, 0x4c, 0x65, 0xe7, 0xa2, 0xe1, 0xda, 0xd1, 0x96, 0x11, + 0x15, 0xf1, 0x8a, 0x74, 0xb5, 0x4c, 0xbf, 0x1a, 0x6d, 0xc2, 0x8c, 0x05, 0xda, 0x86, 0xb2, 0x2b, + 0x35, 0xe9, 0x42, 0x1e, 0x3e, 0x27, 0xa1, 0x47, 0x6b, 0x8e, 0x23, 0x54, 0x16, 0x2b, 0xf5, 0x5b, + 0x71, 0x43, 0x04, 0x8a, 0x0d, 0x2f, 0x11, 0x9f, 0xf5, 0x88, 0xb6, 0xd2, 0xbc, 0x67, 0xbc, 0xe2, + 0x10, 0xdd, 0x20, 0xe6, 0xbd, 0x04, 0x53, 0xfa, 0xe8, 0xcb, 0x16, 0x0c, 0xc7, 0x6e, 0x73, 0x25, + 0x0a, 0xb7, 0xbc, 0x1a, 0x89, 0x84, 0xa6, 0x74, 0x44, 0xd1, 0xb4, 0x3a, 0xbb, 0x24, 0x09, 0x6a, + 0xbe, 0xdc, 0x76, 0xd5, 0x10, 0x6c, 0xf2, 0xa5, 0x16, 0xc4, 0xe3, 0xe2, 0xdd, 0xe7, 0x88, 0xeb, + 0xd1, 0xbd, 0x4d, 0x1a, 0x4c, 0x6c, 0xa6, 0x1c, 0x59, 0x73, 0x9c, 0x6b, 0xbb, 0x9b, 0x74, 0xbd, + 0xe9, 0x0e, 0x3d, 0xb9, 0xb7, 0x3b, 0xf9, 0xf8, 0x6c, 0x77, 0x9e, 0xb8, 0x57, 0x67, 0xd8, 0x80, + 0xb5, 0xda, 0xbe, 0x8f, 0xc9, 0x9d, 0x36, 0x61, 0xee, 0x90, 0x1c, 0x06, 0x6c, 0x45, 0x13, 0xcc, + 0x0c, 0x98, 0x01, 0xc1, 0x26, 0x5f, 0x74, 0x07, 0x06, 0x9b, 0x4e, 0x12, 0x79, 0xdb, 0xc2, 0x07, + 0x72, 0x44, 0x5d, 0x7e, 0x89, 0xd1, 0xd2, 0xcc, 0xd9, 0xd6, 0xcf, 0x1b, 0xb1, 0x60, 0x84, 0x9a, + 0x50, 0x6a, 0x92, 0xa8, 0x41, 0x26, 0xca, 0x79, 0xf8, 0x7b, 0x97, 0x28, 0x29, 0xcd, 0xb0, 0x42, + 0x35, 0x1f, 0xd6, 0x86, 0x39, 0x17, 0xf4, 0x06, 0x94, 0x63, 0xe2, 0x13, 0x97, 0xea, 0x2e, 0x15, + 0xc6, 0xf1, 0x63, 0x7d, 0xea, 0x71, 0xce, 0x3a, 0xf1, 0x57, 0xc5, 0xa3, 0x7c, 0x81, 0xc9, 0x7f, + 0x58, 0x91, 0xb4, 0xff, 0x8b, 0x05, 0x28, 0x2d, 0x61, 0x1e, 0x80, 0xf6, 0x78, 0x27, 0xad, 0x3d, + 0x2e, 0xe6, 0xa9, 0x02, 0xf4, 0x50, 0x20, 0xdf, 0x2b, 0x43, 0x46, 0x36, 0x5f, 0x27, 0x71, 0x42, + 0x6a, 0x1f, 0xc8, 0xd3, 0x0f, 0xe4, 0xe9, 0x07, 0xf2, 0x54, 0xc9, 0xd3, 0xf5, 0x8c, 0x3c, 0x7d, + 0xc5, 0x58, 0xf5, 0xfa, 0xf4, 0xf2, 0x4d, 0x75, 0xbc, 0x69, 0xf6, 0xc0, 0x40, 0xa0, 0x92, 0xe0, + 0xea, 0xea, 0xf2, 0xf5, 0xae, 0x02, 0xf4, 0xcd, 0xb4, 0x00, 0x3d, 0x2a, 0x8b, 0x07, 0x2e, 0x32, + 0xff, 0x66, 0x01, 0x9e, 0x48, 0x8b, 0x12, 0x1c, 0xfa, 0x7e, 0xd8, 0x4e, 0xa8, 0x96, 0x8c, 0x7e, + 0xd5, 0x82, 0x93, 0xcd, 0xb4, 0x79, 0x1a, 0x0b, 0x2f, 0xe0, 0xa7, 0x72, 0x93, 0x73, 0x19, 0xfb, + 0xb7, 0x3a, 0x21, 0x64, 0xde, 0xc9, 0x0c, 0x20, 0xc6, 0x1d, 0x7d, 0x41, 0x6f, 0x40, 0xa5, 0xe9, + 0x6c, 0xdf, 0x68, 0xd5, 0x9c, 0x44, 0x1a, 0x28, 0xbd, 0xed, 0xca, 0x76, 0xe2, 0xf9, 0x53, 0xfc, + 0x6c, 0x77, 0x6a, 0x21, 0x48, 0x96, 0xa3, 0xd5, 0x24, 0xf2, 0x82, 0x06, 0xf7, 0xfd, 0x2c, 0x49, + 0x32, 0x58, 0x53, 0xb4, 0xff, 0xb6, 0x95, 0x15, 0xb4, 0x6a, 0x74, 0x22, 0x27, 0x21, 0x8d, 0x1d, + 0xf4, 0x39, 0x28, 0x51, 0x4b, 0x42, 0x8e, 0xca, 0xad, 0x3c, 0xa5, 0xbf, 0xf1, 0x25, 0xf4, 0x46, + 0x40, 0xff, 0xc5, 0x98, 0x33, 0xb5, 0xff, 0xbc, 0x94, 0xdd, 0xf0, 0xd8, 0x49, 0xdf, 0x05, 0x80, + 0x46, 0xb8, 0x46, 0x9a, 0x2d, 0x9f, 0x0e, 0x8b, 0xc5, 0xdc, 0xc5, 0xca, 0x78, 0x9e, 0x57, 0x10, + 0x6c, 0x60, 0xa1, 0xbf, 0x6a, 0x01, 0x34, 0xe4, 0xc2, 0x92, 0x9b, 0xd9, 0x8d, 0x3c, 0x5f, 0x47, + 0x2f, 0x5b, 0xdd, 0x17, 0xc5, 0x10, 0x1b, 0xcc, 0xd1, 0x2f, 0x58, 0x50, 0x4e, 0x64, 0xf7, 0xb9, + 0x78, 0x5f, 0xcb, 0xb3, 0x27, 0xf2, 0xa5, 0xf5, 0xbe, 0xae, 0x86, 0x44, 0xf1, 0x45, 0x7f, 0xc5, + 0x02, 0x88, 0x77, 0x02, 0x77, 0x25, 0xf4, 0x3d, 0x77, 0x47, 0x48, 0xfd, 0x9b, 0xb9, 0x1a, 0xf8, + 0x8a, 0x7a, 0x75, 0x8c, 0x8e, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0xf3, 0x50, 0x8e, 0xc5, 0x74, + 0x13, 0x72, 0x7e, 0x2d, 0x5f, 0x37, 0x03, 0xa7, 0x2d, 0x44, 0x84, 0xf8, 0x87, 0x15, 0x4f, 0xf4, + 0xcb, 0x16, 0x9c, 0x68, 0xa5, 0x9d, 0x42, 0x42, 0xa4, 0xe7, 0x27, 0x03, 0x32, 0x4e, 0xa7, 0xea, + 0xa9, 0xbd, 0xdd, 0xc9, 0x13, 0x99, 0x46, 0x9c, 0xed, 0x85, 0xfd, 0xdd, 0x42, 0xca, 0x35, 0xab, + 0x7c, 0x26, 0x6c, 0x32, 0xbb, 0xd2, 0x5c, 0x95, 0x6b, 0x33, 0xd7, 0xc9, 0xac, 0x8c, 0x61, 0x3d, + 0x99, 0x55, 0x53, 0x8c, 0x0d, 0xe6, 0x74, 0xdb, 0x1e, 0x77, 0xb2, 0x9e, 0x19, 0xb1, 0xbe, 0xde, + 0xc8, 0xb3, 0x4b, 0x9d, 0x8e, 0xf4, 0x27, 0x44, 0xd7, 0xc6, 0x3b, 0x40, 0xb8, 0xb3, 0x4b, 0xf6, + 0x77, 0xd3, 0xee, 0x60, 0x63, 0x6a, 0xf4, 0xe1, 0xea, 0xfe, 0x86, 0x05, 0xc3, 0x51, 0xe8, 0xfb, + 0x5e, 0xd0, 0xa0, 0xd3, 0x58, 0xc8, 0xe2, 0xd7, 0x8f, 0x45, 0x1c, 0x8a, 0xf9, 0xca, 0x36, 0x7f, + 0xac, 0x79, 0x62, 0xb3, 0x03, 0xf6, 0x17, 0x2d, 0x98, 0xe8, 0xb5, 0xdc, 0x10, 0x81, 0x27, 0xe5, + 0x5c, 0x52, 0x07, 0xbd, 0xcb, 0xc1, 0x1c, 0xf1, 0x89, 0xf2, 0x93, 0x95, 0xab, 0xcf, 0x88, 0xd7, + 0x7c, 0x72, 0xa5, 0x37, 0x2a, 0xbe, 0x1f, 0x1d, 0xfb, 0x37, 0x0a, 0xd9, 0x11, 0x55, 0xe2, 0xf6, + 0xdb, 0x56, 0x87, 0x51, 0xf2, 0xa9, 0xe3, 0x10, 0x71, 0xcc, 0x7c, 0x51, 0xe7, 0xbd, 0xbd, 0x71, + 0x1e, 0xe2, 0x81, 0x92, 0xfd, 0x6f, 0x06, 0xe0, 0x3e, 0x3d, 0x53, 0x47, 0x06, 0x56, 0xaf, 0x23, + 0x83, 0x83, 0x9f, 0x42, 0x7c, 0xcd, 0x82, 0x41, 0x9f, 0xea, 0x47, 0xdc, 0x2d, 0x3e, 0x7c, 0xa1, + 0x76, 0x5c, 0x63, 0xcf, 0xd5, 0xb0, 0x98, 0x1f, 0x6a, 0x2a, 0xcf, 0x18, 0x6f, 0xc4, 0xa2, 0x0f, + 0xe8, 0x3b, 0x56, 0xda, 0xc7, 0xce, 0xa3, 0x54, 0xbc, 0x63, 0xeb, 0x93, 0xe1, 0xb8, 0xe7, 0x1d, + 0xd3, 0x2e, 0xe1, 0x1e, 0x2e, 0x7d, 0x34, 0x05, 0x50, 0xf7, 0x02, 0xc7, 0xf7, 0xde, 0xa2, 0x76, + 0x5e, 0x89, 0x1d, 0x02, 0xb0, 0x4d, 0xeb, 0xb2, 0x6a, 0xc5, 0x06, 0xc6, 0xd9, 0xbf, 0x0c, 0xc3, + 0xc6, 0x9b, 0x77, 0x39, 0x8b, 0x3d, 0x6d, 0x9e, 0xc5, 0x56, 0x8c, 0x23, 0xd4, 0xb3, 0xaf, 0xc0, + 0xc9, 0x6c, 0x07, 0x0f, 0xf2, 0xbc, 0xfd, 0x9b, 0x83, 0x59, 0xc7, 0xf8, 0x1a, 0x89, 0x9a, 0xb4, + 0x6b, 0x1f, 0xd8, 0xc7, 0x1f, 0xd8, 0xc7, 0x1f, 0xd8, 0xc7, 0xf2, 0x8f, 0xbd, 0x57, 0x82, 0x94, + 0x66, 0xc0, 0x7b, 0xf7, 0x11, 0x18, 0x8a, 0x48, 0x2b, 0xbc, 0x81, 0x17, 0x85, 0xc4, 0xd5, 0xd1, + 0xa9, 0xbc, 0x19, 0x4b, 0x38, 0x95, 0xcc, 0x2d, 0x27, 0xd9, 0x10, 0x22, 0x57, 0x49, 0xe6, 0x15, + 0x27, 0xd9, 0xc0, 0x0c, 0x82, 0x5e, 0x81, 0xb1, 0xc4, 0x89, 0x1a, 0x24, 0xc1, 0x64, 0x8b, 0x0d, + 0x82, 0x38, 0x6c, 0x78, 0x4c, 0xe0, 0x8e, 0xad, 0xa5, 0xa0, 0x38, 0x83, 0x8d, 0xee, 0xc0, 0xc0, + 0x06, 0xf1, 0x9b, 0xc2, 0x80, 0x5f, 0xcd, 0x4f, 0x22, 0xb2, 0x77, 0xbd, 0x42, 0xfc, 0x26, 0x5f, + 0xaf, 0xf4, 0x17, 0x66, 0xac, 0xe8, 0xd7, 0xa9, 0x6c, 0xb6, 0xe3, 0x24, 0x6c, 0x7a, 0x6f, 0x49, + 0xb3, 0xfe, 0x53, 0x39, 0x33, 0xbe, 0x26, 0xe9, 0x73, 0xdb, 0x53, 0xfd, 0xc5, 0x9a, 0x33, 0xeb, + 0x47, 0xcd, 0x8b, 0x98, 0x99, 0xbe, 0x33, 0x01, 0xc7, 0xd2, 0x8f, 0x39, 0x49, 0x9f, 0xf7, 0x43, + 0xfd, 0xc5, 0x9a, 0x33, 0xda, 0x81, 0xc1, 0x96, 0xdf, 0x6e, 0x78, 0xc1, 0xc4, 0x30, 0xeb, 0xc3, + 0x8d, 0x9c, 0xfb, 0xb0, 0xc2, 0x88, 0x73, 0xe7, 0x0a, 0xff, 0x8d, 0x05, 0x43, 0xf4, 0x0c, 0x94, + 0xdc, 0x0d, 0x27, 0x4a, 0x26, 0x46, 0xd8, 0xa4, 0x51, 0x36, 0xf0, 0x2c, 0x6d, 0xc4, 0x1c, 0x86, + 0x9e, 0x86, 0x62, 0x44, 0xea, 0x2c, 0x28, 0xca, 0x38, 0x2e, 0xc7, 0xa4, 0x8e, 0x69, 0xbb, 0xfd, + 0x77, 0x0b, 0x69, 0xe5, 0x22, 0xfd, 0xde, 0x7c, 0xb6, 0xbb, 0xed, 0x28, 0x96, 0x76, 0xb2, 0x31, + 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x45, 0x0b, 0x86, 0x6e, 0xc7, 0x61, 0x10, 0x90, 0x44, 0x08, + 0xf2, 0x9b, 0x39, 0x0f, 0xc5, 0x55, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, 0x97, 0x76, 0x97, + 0x6c, 0xbb, 0x7e, 0xbb, 0xd6, 0x71, 0x4a, 0x7a, 0x89, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0x5e, 0xc0, + 0x51, 0x07, 0xd2, 0xa8, 0x0b, 0x81, 0x40, 0x15, 0x70, 0xfb, 0xb7, 0x4b, 0x70, 0xa6, 0xeb, 0xe2, + 0xa0, 0xdb, 0x3e, 0xdb, 0x58, 0x2f, 0x7b, 0x3e, 0x91, 0x67, 0xff, 0x6c, 0xdb, 0xbf, 0xa9, 0x5a, + 0xb1, 0x81, 0x81, 0x7e, 0x1e, 0xa0, 0xe5, 0x44, 0x4e, 0x93, 0x88, 0xed, 0xae, 0x78, 0xf4, 0xdd, + 0x95, 0xf6, 0x63, 0x45, 0xd2, 0xd4, 0xd6, 0x96, 0x6a, 0x8a, 0xb1, 0xc1, 0x12, 0x7d, 0x1c, 0x86, + 0x23, 0xe2, 0x13, 0x27, 0x66, 0x31, 0x75, 0xd9, 0x00, 0x61, 0xac, 0x41, 0xd8, 0xc4, 0x43, 0xcf, + 0xaa, 0x30, 0x89, 0xcc, 0x91, 0x72, 0x3a, 0x54, 0x02, 0xbd, 0x6d, 0xc1, 0x58, 0xdd, 0xf3, 0x89, + 0xe6, 0x2e, 0xc2, 0x79, 0x97, 0x8f, 0xfe, 0x92, 0x97, 0x4d, 0xba, 0x5a, 0x42, 0xa6, 0x9a, 0x63, + 0x9c, 0x61, 0x4f, 0x3f, 0xf3, 0x16, 0x89, 0x98, 0x68, 0x1d, 0x4c, 0x7f, 0xe6, 0x9b, 0xbc, 0x19, + 0x4b, 0x38, 0x9a, 0x81, 0x13, 0x2d, 0x27, 0x8e, 0x67, 0x23, 0x52, 0x23, 0x41, 0xe2, 0x39, 0x3e, + 0x0f, 0xb6, 0x2d, 0xeb, 0x60, 0xbb, 0x95, 0x34, 0x18, 0x67, 0xf1, 0xd1, 0xa7, 0xe1, 0x71, 0xaf, + 0x11, 0x84, 0x11, 0x59, 0xf2, 0xe2, 0xd8, 0x0b, 0x1a, 0x7a, 0x1a, 0x30, 0x49, 0x59, 0xae, 0x4e, + 0x0a, 0x52, 0x8f, 0x2f, 0x74, 0x47, 0xc3, 0xbd, 0x9e, 0x47, 0xcf, 0x43, 0x39, 0xde, 0xf4, 0x5a, + 0xb3, 0x51, 0x2d, 0x66, 0x8e, 0xce, 0xb2, 0xf6, 0xce, 0xac, 0x8a, 0x76, 0xac, 0x30, 0xec, 0x5f, + 0x29, 0xa4, 0xcd, 0x3b, 0x73, 0xfd, 0xa0, 0x98, 0xae, 0x92, 0xe4, 0xa6, 0x13, 0x49, 0xd3, 0xff, + 0x88, 0xe1, 0xba, 0x82, 0xee, 0x4d, 0x27, 0x32, 0xd7, 0x1b, 0x63, 0x80, 0x25, 0x27, 0x74, 0x1b, + 0x06, 0x12, 0xdf, 0xc9, 0x29, 0xbe, 0xdf, 0xe0, 0xa8, 0xad, 0xed, 0xc5, 0x99, 0x18, 0x33, 0x1e, + 0xe8, 0x29, 0xaa, 0xbe, 0xae, 0xcb, 0x98, 0x1e, 0xa1, 0x71, 0xae, 0xc7, 0x98, 0xb5, 0xda, 0xff, + 0xaf, 0xdc, 0x45, 0xe4, 0xa9, 0x3d, 0x06, 0x5d, 0x00, 0xa0, 0x96, 0xd0, 0x4a, 0x44, 0xea, 0xde, + 0xb6, 0xd8, 0xe3, 0xd5, 0xb2, 0xba, 0xae, 0x20, 0xd8, 0xc0, 0x92, 0xcf, 0xac, 0xb6, 0xeb, 0xf4, + 0x99, 0x42, 0xe7, 0x33, 0x1c, 0x82, 0x0d, 0x2c, 0xf4, 0x12, 0x0c, 0x7a, 0x4d, 0xa7, 0xa1, 0x42, + 0x8f, 0x9e, 0xa2, 0xeb, 0x69, 0x81, 0xb5, 0xdc, 0xdb, 0x9d, 0x1c, 0x53, 0x1d, 0x62, 0x4d, 0x58, + 0xe0, 0xa2, 0xdf, 0xb0, 0x60, 0xc4, 0x0d, 0x9b, 0xcd, 0x30, 0xe0, 0xf6, 0x83, 0x30, 0x86, 0x6e, + 0x1f, 0xd7, 0x0e, 0x3c, 0x35, 0x6b, 0x30, 0xe3, 0xd6, 0x90, 0x4a, 0x44, 0x30, 0x41, 0x38, 0xd5, + 0x2b, 0x73, 0xd9, 0x95, 0xf6, 0x59, 0x76, 0xbf, 0x63, 0xc1, 0x38, 0x7f, 0xd6, 0x30, 0x6b, 0x44, + 0xcc, 0x7d, 0x78, 0xcc, 0xaf, 0xd5, 0x61, 0xe9, 0x29, 0x97, 0x50, 0x07, 0x1c, 0x77, 0x76, 0x12, + 0xcd, 0xc3, 0x78, 0x3d, 0x8c, 0x5c, 0x62, 0x0e, 0x84, 0x90, 0x19, 0x8a, 0xd0, 0xe5, 0x2c, 0x02, + 0xee, 0x7c, 0x06, 0xdd, 0x84, 0xc7, 0x8c, 0x46, 0x73, 0x1c, 0xb8, 0xd8, 0x38, 0x27, 0xa8, 0x3d, + 0x76, 0xb9, 0x2b, 0x16, 0xee, 0xf1, 0x74, 0xda, 0xf2, 0xaf, 0xf4, 0x61, 0xf9, 0xbf, 0x09, 0x4f, + 0xb8, 0x9d, 0x23, 0xb3, 0x15, 0xb7, 0xd7, 0xe3, 0x84, 0x29, 0x59, 0xe5, 0xea, 0x5f, 0x10, 0x04, + 0x9e, 0x98, 0xed, 0x85, 0x88, 0x7b, 0xd3, 0x40, 0x9f, 0x83, 0x72, 0x44, 0xd8, 0x57, 0x89, 0x45, + 0x00, 0xfa, 0x11, 0xcd, 0x3d, 0xad, 0x1c, 0x72, 0xb2, 0x5a, 0x2c, 0x8a, 0x86, 0x18, 0x2b, 0x8e, + 0x67, 0x3f, 0x09, 0xe3, 0x1d, 0xf3, 0xf9, 0x40, 0xc6, 0xf7, 0x1c, 0x3c, 0xd6, 0x7d, 0xe6, 0x1c, + 0xc8, 0x04, 0xff, 0xc7, 0x99, 0xb8, 0x2a, 0x43, 0xd1, 0xeb, 0xc3, 0x9d, 0xe3, 0x40, 0x91, 0x04, + 0x5b, 0x42, 0x90, 0x5e, 0x3e, 0xda, 0xe8, 0x5d, 0x0a, 0xb6, 0xf8, 0xc4, 0x67, 0x36, 0xeb, 0xa5, + 0x60, 0x0b, 0x53, 0xda, 0xe8, 0x1d, 0x2b, 0xa5, 0xa8, 0x70, 0x27, 0xd0, 0x67, 0x8e, 0x45, 0xb3, + 0xed, 0x5b, 0x77, 0xb1, 0xff, 0x6d, 0x01, 0xce, 0xef, 0x47, 0xa4, 0x8f, 0xe1, 0x7b, 0x06, 0x06, + 0x63, 0x76, 0xb0, 0x25, 0x24, 0xd3, 0x30, 0x95, 0x4a, 0xfc, 0xa8, 0xeb, 0x4d, 0x2c, 0x40, 0xc8, + 0x87, 0x62, 0xd3, 0x69, 0x09, 0xdf, 0xc0, 0xc2, 0x51, 0xa3, 0xa8, 0xe9, 0x7f, 0xc7, 0x5f, 0x72, + 0x5a, 0xdc, 0xe2, 0x34, 0x1a, 0x30, 0x65, 0x83, 0x12, 0x28, 0x39, 0x51, 0xe4, 0xc8, 0x53, 0x94, + 0x6b, 0xf9, 0xf0, 0x9b, 0xa1, 0x24, 0xab, 0xe3, 0x7b, 0xbb, 0x93, 0xa3, 0xa9, 0x26, 0xcc, 0x99, + 0xd9, 0x5f, 0x1b, 0x4a, 0x45, 0x12, 0xb3, 0xa3, 0xb1, 0x18, 0x06, 0x85, 0x4b, 0xc0, 0xca, 0x3b, + 0x78, 0x9d, 0xa7, 0x82, 0x30, 0x3b, 0x46, 0x24, 0xd4, 0x09, 0x56, 0xe8, 0xab, 0x16, 0x4b, 0x5b, + 0x93, 0xd1, 0xd5, 0xc2, 0x7a, 0x38, 0x9e, 0x2c, 0x3a, 0x33, 0x19, 0x4e, 0x36, 0x62, 0x93, 0x3b, + 0xdd, 0xba, 0x5a, 0x3c, 0x01, 0x23, 0x6b, 0x43, 0xc8, 0xc4, 0x36, 0x09, 0x47, 0xdb, 0x5d, 0x8e, + 0xc0, 0x72, 0x48, 0x7d, 0xea, 0xe3, 0xd0, 0xeb, 0x3b, 0x16, 0x8c, 0x73, 0x4d, 0x71, 0xce, 0xab, + 0xd7, 0x49, 0x44, 0x02, 0x97, 0x48, 0x5d, 0xfb, 0x88, 0x87, 0xac, 0xd2, 0x0f, 0xb3, 0x90, 0x25, + 0xaf, 0xf7, 0xb4, 0x0e, 0x10, 0xee, 0xec, 0x0c, 0xaa, 0xc1, 0x80, 0x17, 0xd4, 0x43, 0xb1, 0x93, + 0x57, 0x8f, 0xd6, 0xa9, 0x85, 0xa0, 0x1e, 0xea, 0xd5, 0x4c, 0xff, 0x61, 0x46, 0x1d, 0x2d, 0xc2, + 0xe9, 0x48, 0x78, 0x43, 0xae, 0x78, 0x31, 0xb5, 0x59, 0x17, 0xbd, 0xa6, 0x97, 0xb0, 0x5d, 0xb8, + 0x58, 0x9d, 0xd8, 0xdb, 0x9d, 0x3c, 0x8d, 0xbb, 0xc0, 0x71, 0xd7, 0xa7, 0xd0, 0x5b, 0x30, 0x24, + 0xf3, 0xec, 0xca, 0x79, 0xd8, 0x2d, 0x9d, 0xf3, 0x5f, 0x4d, 0xa6, 0x55, 0x91, 0x52, 0x27, 0x19, + 0xda, 0x6f, 0x0f, 0x43, 0xe7, 0x41, 0x14, 0xfa, 0x39, 0xa8, 0x44, 0x2a, 0xf7, 0xcf, 0xca, 0x23, + 0x84, 0x4a, 0x7e, 0x5f, 0x71, 0x08, 0xa6, 0xf4, 0x01, 0x9d, 0xe5, 0xa7, 0x39, 0x52, 0xad, 0x3d, + 0xd6, 0xe7, 0x55, 0x39, 0xcc, 0x6d, 0xc1, 0x55, 0x9f, 0x73, 0xec, 0x04, 0x2e, 0x66, 0x3c, 0x50, + 0x04, 0x83, 0x1b, 0xc4, 0xf1, 0x93, 0x8d, 0x7c, 0x5c, 0xb2, 0x57, 0x18, 0xad, 0x6c, 0x94, 0x38, + 0x6f, 0xc5, 0x82, 0x13, 0xda, 0x86, 0xa1, 0x0d, 0x3e, 0x01, 0x84, 0x22, 0xbd, 0x74, 0xd4, 0xc1, + 0x4d, 0xcd, 0x2a, 0xfd, 0xb9, 0x45, 0x03, 0x96, 0xec, 0xd8, 0xf9, 0xb9, 0x71, 0x06, 0xcb, 0x97, + 0x6e, 0x7e, 0x01, 0xf2, 0xfd, 0x1f, 0xc0, 0x7e, 0x16, 0x46, 0x22, 0xe2, 0x86, 0x81, 0xeb, 0xf9, + 0xa4, 0x36, 0x23, 0xdd, 0xad, 0x07, 0x09, 0xab, 0x3e, 0x49, 0x8d, 0x01, 0x6c, 0xd0, 0xc0, 0x29, + 0x8a, 0xe8, 0x2b, 0x16, 0x8c, 0xa9, 0x84, 0x21, 0xfa, 0x41, 0x88, 0x70, 0x58, 0x2e, 0xe6, 0x94, + 0x9e, 0xc4, 0x68, 0x56, 0xd1, 0xde, 0xee, 0xe4, 0x58, 0xba, 0x0d, 0x67, 0xf8, 0xa2, 0xd7, 0x00, + 0xc2, 0x75, 0x7e, 0x48, 0x3e, 0x93, 0x08, 0xef, 0xe5, 0x41, 0x5e, 0x75, 0x8c, 0xe7, 0x57, 0x48, + 0x0a, 0xd8, 0xa0, 0x86, 0xae, 0x01, 0xf0, 0x65, 0xb3, 0xb6, 0xd3, 0x92, 0xda, 0xb6, 0x8c, 0x8b, + 0x87, 0x55, 0x05, 0xb9, 0xb7, 0x3b, 0xd9, 0xe9, 0x4d, 0x62, 0x47, 0xc5, 0xc6, 0xe3, 0xe8, 0x67, + 0x61, 0x28, 0x6e, 0x37, 0x9b, 0x8e, 0xf2, 0x6d, 0xe6, 0x98, 0xb1, 0xc1, 0xe9, 0x1a, 0xa2, 0x88, + 0x37, 0x60, 0xc9, 0x11, 0xdd, 0xa6, 0x42, 0x35, 0x16, 0x6e, 0x2e, 0xb6, 0x8a, 0xb8, 0x4e, 0x30, + 0xcc, 0xde, 0xe9, 0x13, 0xe2, 0xb9, 0xd3, 0xb8, 0x0b, 0xce, 0xbd, 0xdd, 0xc9, 0xc7, 0xd2, 0xed, + 0x8b, 0xa1, 0xc8, 0xa1, 0xe8, 0x4a, 0x13, 0x5d, 0x95, 0x69, 0xf7, 0xf4, 0xb5, 0x65, 0x36, 0xe8, + 0x73, 0x3a, 0xed, 0x9e, 0x35, 0xf7, 0x1e, 0x33, 0xf3, 0x61, 0xb4, 0x04, 0xa7, 0xdc, 0x30, 0x48, + 0xa2, 0xd0, 0xf7, 0x79, 0x2d, 0x09, 0x6e, 0xf8, 0x70, 0xdf, 0xe7, 0x93, 0xa2, 0xdb, 0xa7, 0x66, + 0x3b, 0x51, 0x70, 0xb7, 0xe7, 0xec, 0x20, 0x1d, 0x3d, 0x24, 0x06, 0xe7, 0x25, 0x18, 0x21, 0xdb, + 0x09, 0x89, 0x02, 0xc7, 0xbf, 0x81, 0x17, 0xa5, 0xd7, 0x8f, 0xad, 0x81, 0x4b, 0x46, 0x3b, 0x4e, + 0x61, 0x21, 0x5b, 0x59, 0xfb, 0x05, 0x9d, 0x68, 0xc4, 0xad, 0x7d, 0x69, 0xdb, 0xdb, 0xff, 0xb7, + 0x90, 0x52, 0xc8, 0xd6, 0x22, 0x42, 0x50, 0x08, 0xa5, 0x20, 0xac, 0x29, 0xd9, 0x7f, 0x35, 0x1f, + 0xd9, 0x7f, 0x3d, 0xac, 0x19, 0xb9, 0xf9, 0xf4, 0x5f, 0x8c, 0x39, 0x1f, 0x96, 0xbc, 0x2c, 0xb3, + 0xbc, 0x19, 0x40, 0x18, 0x1a, 0x79, 0x72, 0x56, 0xc9, 0xcb, 0xcb, 0x26, 0x23, 0x9c, 0xe6, 0x8b, + 0x36, 0xa1, 0xb4, 0x11, 0xc6, 0x89, 0x34, 0x3f, 0x8e, 0x68, 0xe9, 0x5c, 0x09, 0xe3, 0x84, 0x69, + 0x11, 0xea, 0xb5, 0x69, 0x4b, 0x8c, 0x39, 0x0f, 0xfb, 0xbf, 0x5a, 0x29, 0x1f, 0xef, 0x2d, 0x16, + 0x49, 0xb7, 0x45, 0x02, 0xba, 0xac, 0xcd, 0xe0, 0x8e, 0xbf, 0x94, 0x49, 0x74, 0xf9, 0x70, 0xaf, + 0x4a, 0x29, 0x77, 0x29, 0x85, 0x29, 0x46, 0xc2, 0x88, 0x03, 0xf9, 0x82, 0x95, 0x4e, 0x39, 0x2a, + 0xe4, 0x61, 0x60, 0x98, 0x29, 0x75, 0xfb, 0x66, 0x2f, 0xd9, 0xef, 0x58, 0x30, 0x54, 0x75, 0xdc, + 0xcd, 0xb0, 0x5e, 0x47, 0xcf, 0x43, 0xb9, 0xd6, 0x8e, 0xcc, 0xec, 0x27, 0x65, 0x3d, 0xcf, 0x89, + 0x76, 0xac, 0x30, 0xe8, 0x1c, 0xae, 0x3b, 0xae, 0x4c, 0xac, 0x2b, 0xf2, 0x39, 0x7c, 0x99, 0xb5, + 0x60, 0x01, 0x41, 0x1f, 0x87, 0xe1, 0xa6, 0xb3, 0x2d, 0x1f, 0xce, 0x3a, 0x98, 0x97, 0x34, 0x08, + 0x9b, 0x78, 0xf6, 0xbf, 0xb2, 0x60, 0xa2, 0xea, 0xc4, 0x9e, 0x3b, 0xd3, 0x4e, 0x36, 0xaa, 0x5e, + 0xb2, 0xde, 0x76, 0x37, 0x49, 0xc2, 0xb3, 0x29, 0x69, 0x2f, 0xdb, 0x31, 0x5d, 0x4a, 0xca, 0xae, + 0x53, 0xbd, 0xbc, 0x21, 0xda, 0xb1, 0xc2, 0x40, 0x6f, 0xc1, 0x70, 0xcb, 0x89, 0xe3, 0xbb, 0x61, + 0x54, 0xc3, 0xa4, 0x9e, 0x4f, 0x2e, 0xf3, 0x2a, 0x71, 0x23, 0x92, 0x60, 0x52, 0x17, 0x47, 0x86, + 0x9a, 0x3e, 0x36, 0x99, 0xd9, 0x7f, 0xc3, 0x82, 0x11, 0x76, 0xfa, 0x32, 0x47, 0x12, 0xc7, 0xf3, + 0x3b, 0x0a, 0x72, 0x58, 0x7d, 0x16, 0xe4, 0x38, 0x0f, 0x03, 0x1b, 0x61, 0x93, 0x64, 0x4f, 0x0e, + 0xaf, 0x84, 0xd4, 0x8a, 0xa5, 0x10, 0xf4, 0x22, 0x1d, 0x67, 0x2f, 0x48, 0x1c, 0x3a, 0xe3, 0xa4, + 0x0b, 0xf1, 0x04, 0x1f, 0x63, 0xd5, 0x8c, 0x4d, 0x1c, 0xfb, 0x77, 0x2b, 0x30, 0x24, 0x0e, 0x63, + 0xfb, 0x4e, 0x60, 0x95, 0xe6, 0x74, 0xa1, 0xa7, 0x39, 0x1d, 0xc3, 0xa0, 0xcb, 0xca, 0xfd, 0x08, + 0xad, 0xed, 0x5a, 0x2e, 0xa7, 0xf7, 0xbc, 0x82, 0x90, 0xee, 0x16, 0xff, 0x8f, 0x05, 0x2b, 0xf4, + 0x4d, 0x0b, 0x4e, 0xb8, 0x61, 0x10, 0x10, 0x57, 0xab, 0x14, 0x03, 0x79, 0xc4, 0xe3, 0xcc, 0xa6, + 0x89, 0x6a, 0xd7, 0x7f, 0x06, 0x80, 0xb3, 0xec, 0xd1, 0xcb, 0x30, 0xca, 0xc7, 0xec, 0x66, 0xca, + 0xef, 0xa9, 0xeb, 0x34, 0x98, 0x40, 0x9c, 0xc6, 0x45, 0x53, 0xdc, 0x7f, 0x2c, 0x2a, 0x22, 0x0c, + 0xea, 0x73, 0x24, 0xa3, 0x16, 0x82, 0x81, 0x81, 0x22, 0x40, 0x11, 0xa9, 0x47, 0x24, 0xde, 0x10, + 0x87, 0xd5, 0x4c, 0x9d, 0x19, 0x3a, 0x5c, 0x42, 0x1c, 0xee, 0xa0, 0x84, 0xbb, 0x50, 0x47, 0x9b, + 0xc2, 0x9e, 0x2b, 0xe7, 0x21, 0xb2, 0xc4, 0x67, 0xee, 0x69, 0xd6, 0x4d, 0x42, 0x29, 0xde, 0x70, + 0xa2, 0x1a, 0x53, 0xa3, 0x8a, 0x3c, 0xee, 0x7b, 0x95, 0x36, 0x60, 0xde, 0x8e, 0xe6, 0xe0, 0x64, + 0xa6, 0xca, 0x44, 0x2c, 0xfc, 0x93, 0x2a, 0x3e, 0x3a, 0x53, 0x9f, 0x22, 0xc6, 0x1d, 0x4f, 0x98, + 0xb6, 0xfe, 0xf0, 0x3e, 0xb6, 0xfe, 0x8e, 0x0a, 0x89, 0x1a, 0x61, 0xdb, 0xd1, 0xab, 0xb9, 0x0c, + 0x40, 0x5f, 0xf1, 0x4f, 0x5f, 0xcf, 0xc4, 0x3f, 0x8d, 0xb2, 0x0e, 0xdc, 0xcc, 0xa7, 0x03, 0x07, + 0x0f, 0x76, 0x7a, 0x98, 0xc1, 0x4b, 0xff, 0xc7, 0x02, 0xf9, 0x5d, 0x67, 0x1d, 0x77, 0x83, 0xd0, + 0x29, 0x83, 0x5e, 0x81, 0x31, 0x65, 0xb1, 0xce, 0x86, 0xed, 0x80, 0xc7, 0x2d, 0x15, 0xf5, 0x19, + 0x21, 0x4e, 0x41, 0x71, 0x06, 0x1b, 0x4d, 0x43, 0x85, 0x8e, 0x13, 0x7f, 0x94, 0x6f, 0x6d, 0xca, + 0x2a, 0x9e, 0x59, 0x59, 0x10, 0x4f, 0x69, 0x1c, 0x14, 0xc2, 0xb8, 0xef, 0xc4, 0x09, 0xeb, 0x01, + 0x35, 0x60, 0x0f, 0x99, 0x8e, 0xca, 0x8a, 0xec, 0x2c, 0x66, 0x09, 0xe1, 0x4e, 0xda, 0xf6, 0xf7, + 0x07, 0x60, 0x34, 0x25, 0x19, 0x0f, 0xb8, 0x27, 0x3e, 0x0f, 0x65, 0xb9, 0x4d, 0x65, 0x93, 0xe2, + 0xd5, 0x5e, 0xa6, 0x30, 0xe8, 0xa6, 0xb5, 0x4e, 0x9c, 0x88, 0x44, 0xac, 0x7e, 0x47, 0x76, 0x0f, + 0xaf, 0x6a, 0x10, 0x36, 0xf1, 0x98, 0x50, 0x4e, 0xfc, 0x78, 0xd6, 0xf7, 0x48, 0x90, 0xf0, 0x6e, + 0xe6, 0x23, 0x94, 0xd7, 0x16, 0x57, 0x4d, 0xa2, 0x5a, 0x28, 0x67, 0x00, 0x38, 0xcb, 0x1e, 0x7d, + 0xc9, 0x82, 0x51, 0xe7, 0x6e, 0xac, 0x6b, 0xd2, 0x89, 0x48, 0xa7, 0x23, 0x6e, 0x52, 0xa9, 0x32, + 0x77, 0xdc, 0xc3, 0x9a, 0x6a, 0xc2, 0x69, 0xa6, 0xe8, 0xdb, 0x16, 0x20, 0xb2, 0x4d, 0x5c, 0x19, + 0x8b, 0x25, 0xfa, 0x32, 0x98, 0x87, 0x61, 0x77, 0xa9, 0x83, 0x2e, 0x97, 0xea, 0x9d, 0xed, 0xb8, + 0x4b, 0x1f, 0xec, 0x7f, 0x56, 0x54, 0x0b, 0x4a, 0x87, 0xff, 0x39, 0x46, 0x52, 0x8d, 0x75, 0xf8, + 0xa4, 0x1a, 0x7d, 0x40, 0xdd, 0x91, 0x58, 0x93, 0xce, 0x61, 0x28, 0x3c, 0xa4, 0x1c, 0x86, 0x5f, + 0xb0, 0x52, 0xe5, 0x1f, 0x86, 0x2f, 0xbc, 0x96, 0x6f, 0xe8, 0xe1, 0x14, 0x0f, 0x8f, 0xc8, 0x48, + 0xf7, 0x74, 0xcc, 0x04, 0x95, 0xa6, 0x06, 0xda, 0x81, 0xa4, 0xe1, 0x7f, 0x2c, 0xc2, 0xb0, 0xb1, + 0x93, 0x76, 0x55, 0x8b, 0xac, 0x47, 0x4c, 0x2d, 0x2a, 0x1c, 0x40, 0x2d, 0xfa, 0x79, 0xa8, 0xb8, + 0x52, 0xca, 0xe7, 0x53, 0x00, 0x31, 0xbb, 0x77, 0x68, 0x41, 0xaf, 0x9a, 0xb0, 0xe6, 0x89, 0xe6, + 0x53, 0xb9, 0x09, 0x62, 0x87, 0x18, 0x60, 0x3b, 0x44, 0xb7, 0xe4, 0x01, 0xb1, 0x53, 0x74, 0x3e, + 0xc3, 0xaa, 0x84, 0xb4, 0x3c, 0xf1, 0x5e, 0x32, 0x40, 0x98, 0x57, 0x09, 0x59, 0x59, 0x90, 0xcd, + 0xd8, 0xc4, 0xb1, 0xbf, 0x6f, 0xa9, 0x8f, 0xfb, 0x00, 0xd2, 0x74, 0x6f, 0xa7, 0xd3, 0x74, 0x2f, + 0xe5, 0x32, 0xcc, 0x3d, 0xf2, 0x73, 0xaf, 0xc3, 0xd0, 0x6c, 0xd8, 0x6c, 0x3a, 0x41, 0x0d, 0xfd, + 0x18, 0x0c, 0xb9, 0xfc, 0xa7, 0xf0, 0xa3, 0xb0, 0xd3, 0x38, 0x01, 0xc5, 0x12, 0x86, 0x9e, 0x82, + 0x01, 0x27, 0x6a, 0x48, 0xdf, 0x09, 0x0b, 0xe8, 0x98, 0x89, 0x1a, 0x31, 0x66, 0xad, 0xf6, 0xdb, + 0x45, 0x80, 0xd9, 0xb0, 0xd9, 0x72, 0x22, 0x52, 0x5b, 0x0b, 0x59, 0x01, 0xa6, 0x63, 0x3d, 0xc3, + 0xd2, 0xc6, 0xd2, 0xa3, 0x7c, 0x8e, 0x65, 0x9c, 0x65, 0x14, 0x1f, 0xf4, 0x59, 0xc6, 0xd7, 0x2c, + 0x40, 0xf4, 0x8b, 0x84, 0x01, 0x09, 0x12, 0x7d, 0x38, 0x3b, 0x0d, 0x15, 0x57, 0xb6, 0x0a, 0xad, + 0x45, 0xaf, 0x3f, 0x09, 0xc0, 0x1a, 0xa7, 0x0f, 0xf3, 0xf3, 0x19, 0x29, 0x1c, 0x8b, 0xe9, 0x18, + 0x48, 0x26, 0x52, 0x85, 0xac, 0xb4, 0x7f, 0xaf, 0x00, 0x8f, 0xf1, 0xfd, 0x6e, 0xc9, 0x09, 0x9c, + 0x06, 0x69, 0xd2, 0x5e, 0xf5, 0x7b, 0xdc, 0xee, 0x52, 0xbb, 0xc7, 0x93, 0x31, 0x8d, 0x47, 0x5d, + 0x18, 0x7c, 0x42, 0xf3, 0x29, 0xbc, 0x10, 0x78, 0x09, 0x66, 0xc4, 0x51, 0x0c, 0x65, 0x59, 0x4e, + 0x57, 0x08, 0xba, 0x9c, 0x18, 0xa9, 0x35, 0x2f, 0x36, 0x25, 0x82, 0x15, 0x23, 0xaa, 0x15, 0xfa, + 0xa1, 0xbb, 0x89, 0x49, 0x2b, 0x64, 0x42, 0xcd, 0x08, 0x29, 0x5b, 0x14, 0xed, 0x58, 0x61, 0xd8, + 0xbf, 0x67, 0x41, 0x56, 0xdc, 0x1b, 0xa5, 0x66, 0xac, 0xfb, 0x96, 0x9a, 0x39, 0x40, 0xad, 0x97, + 0x9f, 0x81, 0x61, 0x27, 0xa1, 0x3b, 0x34, 0xb7, 0x69, 0x8b, 0x87, 0x73, 0xd1, 0x2f, 0x85, 0x35, + 0xaf, 0xee, 0x31, 0x5b, 0xd6, 0x24, 0x67, 0xff, 0xaf, 0x01, 0x18, 0xef, 0x88, 0x53, 0x47, 0x17, + 0x61, 0xc4, 0x15, 0xd3, 0xa3, 0x85, 0x49, 0x5d, 0xbc, 0x8c, 0x11, 0xe7, 0xa4, 0x61, 0x38, 0x85, + 0xd9, 0xc7, 0x04, 0x5d, 0x80, 0x53, 0x11, 0xb5, 0xa2, 0xdb, 0x64, 0xa6, 0x9e, 0x90, 0x68, 0x95, + 0xb8, 0x61, 0x50, 0xe3, 0x05, 0x91, 0x8a, 0xd5, 0xc7, 0xf7, 0x76, 0x27, 0x4f, 0xe1, 0x4e, 0x30, + 0xee, 0xf6, 0x0c, 0x6a, 0xc1, 0xa8, 0x6f, 0x2a, 0x58, 0x42, 0xbb, 0x3e, 0x94, 0x6e, 0xa6, 0x36, + 0xe0, 0x54, 0x33, 0x4e, 0x33, 0x48, 0x6b, 0x69, 0xa5, 0x87, 0xa4, 0xa5, 0xfd, 0xa2, 0xd6, 0xd2, + 0xf8, 0x59, 0xf2, 0xeb, 0x39, 0xe7, 0x29, 0x1c, 0xb7, 0x9a, 0xf6, 0x2a, 0x94, 0x65, 0x9c, 0x4d, + 0x5f, 0xf1, 0x29, 0x26, 0x9d, 0x1e, 0x12, 0xed, 0x5e, 0x01, 0xba, 0x68, 0xf8, 0x74, 0x9d, 0xe9, + 0xed, 0x34, 0xb5, 0xce, 0x0e, 0xb6, 0xa5, 0xa2, 0x6d, 0x1e, 0x63, 0xc4, 0x37, 0x8e, 0x4f, 0xe7, + 0x6d, 0xa1, 0xe8, 0xb0, 0x23, 0x15, 0x90, 0xae, 0x42, 0x8f, 0x2e, 0x00, 0x68, 0x2d, 0x48, 0x84, + 0x1b, 0xab, 0x23, 0x4c, 0xad, 0x2c, 0x61, 0x03, 0x8b, 0x1a, 0xac, 0x5e, 0x10, 0x27, 0x8e, 0xef, + 0x5f, 0xf1, 0x82, 0x44, 0x78, 0xde, 0xd4, 0x0e, 0xb9, 0xa0, 0x41, 0xd8, 0xc4, 0x3b, 0xfb, 0x09, + 0xe3, 0xbb, 0x1c, 0xe4, 0x7b, 0x6e, 0xc0, 0x13, 0xf3, 0x5e, 0xa2, 0x82, 0xe4, 0xd5, 0x3c, 0xa2, + 0x4a, 0x8e, 0x4a, 0xfa, 0xb0, 0x7a, 0x26, 0x7d, 0x18, 0x41, 0xea, 0x85, 0x74, 0x4c, 0x7d, 0x36, + 0x48, 0xdd, 0xbe, 0x08, 0xa7, 0xe7, 0xbd, 0xe4, 0xb2, 0xe7, 0x93, 0x03, 0x32, 0xb1, 0xbf, 0x54, + 0x82, 0x11, 0x33, 0x29, 0xe9, 0x20, 0x79, 0x2b, 0xdf, 0xa0, 0x7a, 0x8c, 0x78, 0x3b, 0x4f, 0x1d, + 0x00, 0xdd, 0x3a, 0x72, 0x86, 0x54, 0xf7, 0x11, 0x33, 0x54, 0x19, 0xcd, 0x13, 0x9b, 0x1d, 0x40, + 0x77, 0xa1, 0x54, 0x67, 0x41, 0xd4, 0xc5, 0x3c, 0x4e, 0xc9, 0xbb, 0x8d, 0xa8, 0x5e, 0x66, 0x3c, + 0x0c, 0x9b, 0xf3, 0xa3, 0x3b, 0x64, 0x94, 0xce, 0xcc, 0x31, 0xa2, 0x0b, 0x45, 0x4e, 0x8e, 0xc2, + 0xe8, 0x25, 0xea, 0x4b, 0x87, 0x10, 0xf5, 0x29, 0xc1, 0x3b, 0xf8, 0x90, 0x04, 0x2f, 0x0b, 0x88, + 0x4f, 0x36, 0x98, 0xfe, 0x26, 0xc2, 0xa1, 0x87, 0xd8, 0x20, 0x18, 0x01, 0xf1, 0x29, 0x30, 0xce, + 0xe2, 0xdb, 0x5f, 0x2b, 0xc0, 0xd8, 0x7c, 0xd0, 0x5e, 0x99, 0x5f, 0x69, 0xaf, 0xfb, 0x9e, 0x7b, + 0x8d, 0xec, 0x50, 0xf9, 0xb6, 0x49, 0x76, 0x16, 0xe6, 0xc4, 0x34, 0x54, 0x03, 0x7f, 0x8d, 0x36, + 0x62, 0x0e, 0xa3, 0x2b, 0xba, 0xee, 0x05, 0x0d, 0x12, 0xb5, 0x22, 0x4f, 0x38, 0xe5, 0x8c, 0x15, + 0x7d, 0x59, 0x83, 0xb0, 0x89, 0x47, 0x69, 0x87, 0x77, 0x03, 0x12, 0x65, 0xb5, 0xc1, 0x65, 0xda, + 0x88, 0x39, 0x8c, 0x22, 0x25, 0x51, 0x3b, 0x4e, 0xc4, 0x17, 0x55, 0x48, 0x6b, 0xb4, 0x11, 0x73, + 0x18, 0x5d, 0x2e, 0x71, 0x7b, 0x9d, 0x9d, 0xe4, 0x67, 0x02, 0x98, 0x57, 0x79, 0x33, 0x96, 0x70, + 0x8a, 0xba, 0x49, 0x76, 0xe6, 0xa8, 0x5d, 0x96, 0x49, 0x31, 0xb8, 0xc6, 0x9b, 0xb1, 0x84, 0xb3, + 0x0a, 0x4c, 0xe9, 0xe1, 0xf8, 0xa1, 0xab, 0xc0, 0x94, 0xee, 0x7e, 0x0f, 0x0b, 0xef, 0xd7, 0x2c, + 0x18, 0x31, 0xe3, 0x6f, 0x50, 0x23, 0xa3, 0x28, 0x2e, 0x77, 0x54, 0xd3, 0xfb, 0xa9, 0x6e, 0x57, + 0x87, 0x34, 0xbc, 0x24, 0x6c, 0xc5, 0x2f, 0x90, 0xa0, 0xe1, 0x05, 0x84, 0x1d, 0xab, 0xf2, 0xb8, + 0x9d, 0x54, 0x70, 0xcf, 0x6c, 0x58, 0x23, 0x87, 0xd0, 0x34, 0xed, 0x5b, 0x30, 0xde, 0x91, 0x57, + 0xd2, 0xc7, 0xfe, 0xbc, 0x6f, 0x56, 0x9f, 0x8d, 0x61, 0x98, 0x12, 0xe6, 0x41, 0x97, 0x31, 0x9a, + 0x85, 0x71, 0xae, 0x43, 0x50, 0x4e, 0xab, 0xee, 0x06, 0x69, 0xaa, 0x5c, 0x21, 0xe6, 0x01, 0xbe, + 0x99, 0x05, 0xe2, 0x4e, 0x7c, 0xfb, 0xeb, 0x16, 0x8c, 0xa6, 0x52, 0x7d, 0x72, 0xd2, 0x24, 0xd8, + 0x4a, 0x0b, 0x59, 0x38, 0x18, 0x8b, 0x89, 0x2d, 0xb2, 0x1d, 0x49, 0xaf, 0x34, 0x0d, 0xc2, 0x26, + 0x9e, 0xfd, 0x4e, 0x01, 0xca, 0xf2, 0x48, 0xbd, 0x8f, 0xae, 0x7c, 0xd5, 0x82, 0x51, 0xe5, 0x75, + 0x67, 0xee, 0x9c, 0x42, 0x1e, 0xc1, 0xdf, 0xb4, 0x07, 0x2a, 0x5e, 0x31, 0xa8, 0x87, 0x5a, 0xad, + 0xc5, 0x26, 0x33, 0x9c, 0xe6, 0x8d, 0x6e, 0x02, 0xc4, 0x3b, 0x71, 0x42, 0x9a, 0x86, 0x63, 0xc9, + 0x36, 0x56, 0xdc, 0x94, 0x1b, 0x46, 0x84, 0xae, 0xaf, 0xeb, 0x61, 0x8d, 0xac, 0x2a, 0x4c, 0xad, + 0x87, 0xe8, 0x36, 0x6c, 0x50, 0xb2, 0xff, 0x61, 0x01, 0x4e, 0x66, 0xbb, 0x84, 0x5e, 0x87, 0x11, + 0xc9, 0xdd, 0xb8, 0x06, 0x45, 0xc6, 0x11, 0x8c, 0x60, 0x03, 0x76, 0x6f, 0x77, 0x72, 0xb2, 0xf3, + 0x1a, 0x9a, 0x29, 0x13, 0x05, 0xa7, 0x88, 0xf1, 0xa3, 0x0f, 0x71, 0x46, 0x57, 0xdd, 0x99, 0x69, + 0xb5, 0xc4, 0xf9, 0x85, 0x71, 0xf4, 0x61, 0x42, 0x71, 0x06, 0x1b, 0xad, 0xc0, 0x69, 0xa3, 0xe5, + 0x3a, 0xf1, 0x1a, 0x1b, 0xeb, 0x61, 0x24, 0xcd, 0x93, 0xa7, 0x74, 0xa4, 0x4f, 0x27, 0x0e, 0xee, + 0xfa, 0x24, 0xdd, 0x32, 0x5d, 0xa7, 0xe5, 0xb8, 0x5e, 0xb2, 0x23, 0x3c, 0x65, 0x4a, 0x36, 0xcd, + 0x8a, 0x76, 0xac, 0x30, 0xec, 0x25, 0x18, 0xe8, 0x73, 0x06, 0xf5, 0xa5, 0x16, 0xbf, 0x0a, 0x65, + 0x4a, 0x4e, 0xea, 0x48, 0x79, 0x90, 0x0c, 0xa1, 0x2c, 0x2b, 0x99, 0x23, 0x1b, 0x8a, 0x9e, 0x23, + 0x4f, 0x97, 0xd4, 0x6b, 0x2d, 0xc4, 0x71, 0x9b, 0x59, 0x9a, 0x14, 0x88, 0x9e, 0x81, 0x22, 0xd9, + 0x6e, 0x65, 0x8f, 0x91, 0x2e, 0x6d, 0xb7, 0xbc, 0x88, 0xc4, 0x14, 0x89, 0x6c, 0xb7, 0xd0, 0x59, + 0x28, 0x78, 0x35, 0xb1, 0x49, 0x81, 0xc0, 0x29, 0x2c, 0xcc, 0xe1, 0x82, 0x57, 0xb3, 0xb7, 0xa1, + 0xa2, 0x4a, 0xa7, 0xa3, 0x4d, 0x29, 0xbb, 0xad, 0x3c, 0x62, 0x60, 0x24, 0xdd, 0x1e, 0x52, 0xbb, + 0x0d, 0xa0, 0x13, 0xab, 0xf2, 0x92, 0x2f, 0xe7, 0x61, 0xc0, 0x0d, 0x45, 0x3e, 0x66, 0x59, 0x93, + 0x61, 0x42, 0x9b, 0x41, 0xec, 0x5b, 0x30, 0x76, 0x2d, 0x08, 0xef, 0xb2, 0xda, 0xb0, 0xac, 0x72, + 0x0d, 0x25, 0x5c, 0xa7, 0x3f, 0xb2, 0x2a, 0x02, 0x83, 0x62, 0x0e, 0x53, 0x45, 0x57, 0x0a, 0xbd, + 0x8a, 0xae, 0xd8, 0x5f, 0xb0, 0xe0, 0xa4, 0x4a, 0x0f, 0x91, 0xd2, 0xf8, 0x22, 0x8c, 0xac, 0xb7, + 0x3d, 0xbf, 0x26, 0xfe, 0x67, 0x6d, 0xfd, 0xaa, 0x01, 0xc3, 0x29, 0x4c, 0x6a, 0x99, 0xac, 0x7b, + 0x81, 0x13, 0xed, 0xac, 0x68, 0xf1, 0xaf, 0x24, 0x42, 0x55, 0x41, 0xb0, 0x81, 0x65, 0x7f, 0xd5, + 0xec, 0x82, 0x48, 0x48, 0xe9, 0x63, 0x64, 0x6f, 0x40, 0xc9, 0x55, 0xa7, 0x91, 0x87, 0xaa, 0xd9, + 0xa5, 0x72, 0x81, 0x99, 0x47, 0x9a, 0x53, 0xb3, 0xff, 0x45, 0x01, 0x46, 0x53, 0xd5, 0x18, 0x90, + 0x0f, 0x65, 0xe2, 0x33, 0x7f, 0x98, 0x9c, 0x62, 0x47, 0x2d, 0xd1, 0xa6, 0x96, 0xc5, 0x25, 0x41, + 0x17, 0x2b, 0x0e, 0x8f, 0xc6, 0xa1, 0xcf, 0x45, 0x18, 0x91, 0x1d, 0xfa, 0xb4, 0xd3, 0xf4, 0xc5, + 0x2a, 0x54, 0x13, 0xe0, 0x92, 0x01, 0xc3, 0x29, 0x4c, 0xfb, 0xf7, 0x8b, 0x30, 0xc1, 0x1d, 0x88, + 0x35, 0x15, 0x97, 0xb1, 0x24, 0xb5, 0xac, 0xbf, 0xa6, 0x6b, 0xa6, 0xf0, 0x81, 0x5c, 0x3f, 0x6a, + 0x79, 0xd2, 0xee, 0x8c, 0xfa, 0x8a, 0x18, 0xf8, 0xd5, 0x4c, 0xc4, 0x00, 0xdf, 0x6c, 0x1b, 0xc7, + 0xd4, 0xa3, 0x1f, 0xae, 0x10, 0x82, 0xbf, 0x57, 0x80, 0x13, 0x99, 0xda, 0xaf, 0xe8, 0xed, 0x74, + 0x75, 0x37, 0x2b, 0x0f, 0x37, 0xd3, 0x7d, 0x2b, 0x90, 0x1e, 0xac, 0xc6, 0xdb, 0x43, 0x5a, 0x2a, + 0xf6, 0x1f, 0x14, 0x60, 0x2c, 0x5d, 0xb4, 0xf6, 0x11, 0x1c, 0xa9, 0x8f, 0x42, 0x85, 0x95, 0x82, + 0x64, 0x17, 0xed, 0x70, 0x6f, 0x16, 0xaf, 0x58, 0x28, 0x1b, 0xb1, 0x86, 0x3f, 0x12, 0xa5, 0xf3, + 0xec, 0xbf, 0x6f, 0xc1, 0x19, 0xfe, 0x96, 0xd9, 0x79, 0xf8, 0xd7, 0xbb, 0x8d, 0xee, 0x1b, 0xf9, + 0x76, 0x30, 0x53, 0xeb, 0x67, 0xbf, 0xf1, 0x65, 0x17, 0x7c, 0x88, 0xde, 0xa6, 0xa7, 0xc2, 0x23, + 0xd8, 0xd9, 0x03, 0x4d, 0x06, 0xfb, 0x0f, 0x8a, 0xa0, 0xef, 0x34, 0x41, 0x9e, 0x48, 0x75, 0xc9, + 0xa5, 0xe6, 0xd1, 0xea, 0x4e, 0xe0, 0xea, 0xdb, 0x53, 0xca, 0x99, 0x4c, 0x97, 0x5f, 0xb2, 0x60, + 0xd8, 0x0b, 0xbc, 0xc4, 0x73, 0x98, 0xf2, 0x9c, 0xcf, 0x9d, 0x0c, 0x8a, 0xdd, 0x02, 0xa7, 0x1c, + 0x46, 0xa6, 0x0b, 0x54, 0x31, 0xc3, 0x26, 0x67, 0xf4, 0x59, 0x11, 0xd4, 0x57, 0xcc, 0x2d, 0x49, + 0xab, 0x9c, 0x89, 0xe4, 0x6b, 0x41, 0x29, 0x22, 0x49, 0x94, 0x53, 0x6e, 0x23, 0xa6, 0xa4, 0x54, + 0x89, 0x3b, 0x7d, 0xbb, 0x1c, 0x6d, 0xc6, 0x9c, 0x91, 0x1d, 0x03, 0xea, 0x1c, 0x8b, 0x03, 0x06, + 0x4c, 0x4d, 0x43, 0xc5, 0x69, 0x27, 0x61, 0x93, 0x0e, 0x93, 0xf0, 0xd2, 0xea, 0x90, 0x30, 0x09, + 0xc0, 0x1a, 0xc7, 0x7e, 0xbb, 0x04, 0x99, 0xdc, 0x13, 0xb4, 0x6d, 0xde, 0xc7, 0x63, 0xe5, 0x7b, + 0x1f, 0x8f, 0xea, 0x4c, 0xb7, 0x3b, 0x79, 0x50, 0x03, 0x4a, 0xad, 0x0d, 0x27, 0x96, 0xba, 0xf1, + 0xab, 0x72, 0x98, 0x56, 0x68, 0xe3, 0xbd, 0xdd, 0xc9, 0x9f, 0xee, 0xcf, 0xd7, 0x42, 0xe7, 0xea, + 0x34, 0x4f, 0xe5, 0xd6, 0xac, 0x19, 0x0d, 0xcc, 0xe9, 0x1f, 0xe4, 0x56, 0x8a, 0x2f, 0x8a, 0x7a, + 0xa1, 0x98, 0xc4, 0x6d, 0x3f, 0x11, 0xb3, 0xe1, 0xd5, 0x1c, 0x57, 0x19, 0x27, 0xac, 0xb3, 0x26, + 0xf9, 0x7f, 0x6c, 0x30, 0x45, 0xaf, 0x43, 0x25, 0x4e, 0x9c, 0x28, 0x39, 0x64, 0x9e, 0x93, 0x1a, + 0xf4, 0x55, 0x49, 0x04, 0x6b, 0x7a, 0xe8, 0x35, 0x56, 0x02, 0xce, 0x8b, 0x37, 0x0e, 0x19, 0x8b, + 0x2b, 0xcb, 0xc5, 0x09, 0x0a, 0xd8, 0xa0, 0x46, 0x4d, 0x0f, 0x36, 0xb7, 0x79, 0x00, 0x4a, 0x99, + 0xd9, 0x96, 0x4a, 0x14, 0x62, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0xe3, 0x90, 0x4e, 0xfb, 0x45, 0x93, + 0x32, 0xcb, 0x98, 0xfb, 0x9e, 0x58, 0x4c, 0x6d, 0x2a, 0x21, 0xf8, 0x77, 0x2c, 0x30, 0x73, 0x93, + 0xd1, 0x1d, 0x9e, 0x04, 0x6d, 0xe5, 0xe1, 0x74, 0x37, 0xe8, 0x4e, 0x2d, 0x39, 0xad, 0xcc, 0xe9, + 0x8f, 0xcc, 0x84, 0x3e, 0xfb, 0x09, 0x28, 0x4b, 0xe8, 0x81, 0x94, 0xba, 0xcf, 0xc3, 0xa9, 0xec, + 0x6d, 0x85, 0xc2, 0xd7, 0xdc, 0x88, 0xc2, 0x76, 0x2b, 0x6b, 0x48, 0xb2, 0xdb, 0xec, 0x30, 0x87, + 0x51, 0x73, 0x6c, 0xd3, 0x0b, 0x6a, 0x59, 0x43, 0xf2, 0x9a, 0x17, 0xd4, 0x30, 0x83, 0xf4, 0x71, + 0x2b, 0xd3, 0x3f, 0xb7, 0xe0, 0xfc, 0x7e, 0x97, 0x2a, 0xa2, 0xa7, 0x60, 0xe0, 0xae, 0x13, 0xc9, + 0xfa, 0x99, 0x4c, 0x50, 0xde, 0x72, 0xa2, 0x00, 0xb3, 0x56, 0xb4, 0x03, 0x83, 0x3c, 0x89, 0x56, + 0x68, 0xeb, 0xaf, 0xe6, 0x7b, 0xc5, 0xe3, 0x35, 0x62, 0x98, 0x0b, 0x3c, 0x81, 0x17, 0x0b, 0x86, + 0xf6, 0xfb, 0x16, 0xa0, 0xe5, 0x2d, 0x12, 0x45, 0x5e, 0xcd, 0x48, 0xfb, 0x45, 0x2f, 0xc1, 0xc8, + 0xed, 0xd5, 0xe5, 0xeb, 0x2b, 0xa1, 0x17, 0xb0, 0x32, 0x00, 0x46, 0xa6, 0xd3, 0x55, 0xa3, 0x1d, + 0xa7, 0xb0, 0xd0, 0x2c, 0x8c, 0xdf, 0xbe, 0x43, 0x8d, 0x5f, 0xb3, 0x28, 0x76, 0x41, 0xbb, 0x3b, + 0xaf, 0xbe, 0x9a, 0x01, 0xe2, 0x4e, 0x7c, 0xb4, 0x0c, 0x67, 0x9a, 0xdc, 0xdc, 0xe0, 0xb5, 0x6c, + 0xb9, 0xed, 0xa1, 0x12, 0x1d, 0x9e, 0xd8, 0xdb, 0x9d, 0x3c, 0xb3, 0xd4, 0x0d, 0x01, 0x77, 0x7f, + 0xce, 0x7e, 0xb7, 0x00, 0xc3, 0xc6, 0xc5, 0xa4, 0x7d, 0xd8, 0xe0, 0x99, 0xd4, 0x8d, 0x42, 0x9f, + 0xa9, 0x1b, 0xcf, 0x41, 0xb9, 0x15, 0xfa, 0x9e, 0xeb, 0xa9, 0xc2, 0x2e, 0xac, 0xfe, 0xe0, 0x8a, + 0x68, 0xc3, 0x0a, 0x8a, 0xee, 0x42, 0x45, 0x5d, 0xd6, 0x27, 0xb2, 0x4f, 0xf3, 0xf2, 0xef, 0x28, + 0x49, 0xa5, 0x2f, 0xe1, 0xd3, 0xbc, 0x90, 0x0d, 0x83, 0x6c, 0xe6, 0xcb, 0x38, 0x34, 0x96, 0xc7, + 0xc3, 0x96, 0x44, 0x8c, 0x05, 0xc4, 0xfe, 0xf2, 0x10, 0x9c, 0xee, 0x56, 0x33, 0x0f, 0x7d, 0x0e, + 0x06, 0x79, 0x1f, 0xf3, 0x29, 0xcb, 0xda, 0x8d, 0xc7, 0x3c, 0x23, 0x28, 0xba, 0xc5, 0x7e, 0x63, + 0xc1, 0x53, 0x70, 0xf7, 0x9d, 0x75, 0xa1, 0x33, 0x1d, 0x0f, 0xf7, 0x45, 0x47, 0x73, 0x5f, 0x74, + 0x38, 0x77, 0xdf, 0x59, 0x47, 0xdb, 0x50, 0x6a, 0x78, 0x09, 0x71, 0x84, 0xe5, 0x70, 0xeb, 0x58, + 0x98, 0x13, 0x87, 0x8b, 0x66, 0xf6, 0x13, 0x73, 0x86, 0xe8, 0x3b, 0x16, 0x9c, 0x58, 0x4f, 0xa7, + 0x45, 0x89, 0x2d, 0xd4, 0x39, 0x86, 0xba, 0x88, 0x69, 0x46, 0xbc, 0xda, 0x74, 0xa6, 0x11, 0x67, + 0xbb, 0x83, 0x7e, 0xd1, 0x82, 0xa1, 0xba, 0xe7, 0x1b, 0x45, 0xbf, 0x8e, 0xe1, 0xe3, 0x5c, 0x66, + 0x0c, 0xb4, 0x9a, 0xc1, 0xff, 0xc7, 0x58, 0x72, 0xee, 0x75, 0x06, 0x3b, 0x78, 0xd4, 0x33, 0xd8, + 0xa1, 0x87, 0x64, 0x2b, 0xfe, 0x72, 0x01, 0x9e, 0xe9, 0xe3, 0x1b, 0x99, 0x99, 0x2c, 0xd6, 0x3e, + 0x99, 0x2c, 0xe7, 0x61, 0x20, 0x22, 0xad, 0x30, 0xbb, 0xdf, 0xb1, 0x70, 0x2f, 0x06, 0x41, 0x4f, + 0x43, 0xd1, 0x69, 0x79, 0x62, 0xbb, 0x53, 0x9b, 0xf4, 0xcc, 0xca, 0x02, 0xa6, 0xed, 0xf4, 0x4b, + 0x57, 0xd6, 0x65, 0xb2, 0x5e, 0x3e, 0x95, 0xdf, 0x7b, 0xe5, 0xfe, 0x71, 0xeb, 0x4d, 0x41, 0xb1, + 0xe6, 0x6b, 0x2f, 0xc3, 0xd9, 0xde, 0x33, 0x04, 0xbd, 0x08, 0xc3, 0xeb, 0x91, 0x13, 0xb8, 0x1b, + 0xec, 0x96, 0x04, 0x39, 0x26, 0x2c, 0x7f, 0x41, 0x37, 0x63, 0x13, 0xc7, 0xfe, 0xfd, 0x42, 0x77, + 0x8a, 0x5c, 0x08, 0x1c, 0x64, 0x84, 0xc5, 0xf8, 0x15, 0x7a, 0x8c, 0xdf, 0x1d, 0x28, 0x27, 0x2c, + 0x7d, 0x82, 0xd4, 0x85, 0x24, 0xc9, 0x2d, 0x3d, 0x91, 0xed, 0x35, 0x6b, 0x82, 0x38, 0x56, 0x6c, + 0xa8, 0xc8, 0xf7, 0x75, 0xbd, 0x30, 0x21, 0xf2, 0x33, 0x4e, 0xc3, 0x39, 0x38, 0x69, 0x94, 0x3f, + 0xe5, 0xd1, 0xe3, 0xfc, 0xec, 0x5b, 0xa5, 0x54, 0xad, 0x64, 0xe0, 0xb8, 0xe3, 0x09, 0xfb, 0xd7, + 0x0a, 0xf0, 0x44, 0x4f, 0xc9, 0xa6, 0x0f, 0xe8, 0xad, 0xfb, 0x1c, 0xd0, 0x1f, 0x79, 0x82, 0x9a, + 0x03, 0x3c, 0xf0, 0x60, 0x06, 0xf8, 0x79, 0x28, 0x7b, 0x41, 0x4c, 0xdc, 0x76, 0xc4, 0x07, 0xcd, + 0x88, 0xa5, 0x5c, 0x10, 0xed, 0x58, 0x61, 0xd8, 0x7f, 0xd8, 0x7b, 0xaa, 0xd1, 0x5d, 0xee, 0x47, + 0x76, 0x94, 0x5e, 0x86, 0x51, 0xa7, 0xd5, 0xe2, 0x78, 0xec, 0x30, 0x34, 0x93, 0x24, 0x39, 0x63, + 0x02, 0x71, 0x1a, 0xd7, 0x98, 0xc3, 0x83, 0xbd, 0xe6, 0xb0, 0xfd, 0x27, 0x16, 0x54, 0x30, 0xa9, + 0xf3, 0xb2, 0xb9, 0xe8, 0xb6, 0x18, 0x22, 0x2b, 0x8f, 0xea, 0x25, 0xec, 0xca, 0x7f, 0x8f, 0x55, + 0xf5, 0xe8, 0x36, 0xd8, 0x9d, 0xa5, 0x7c, 0x0b, 0x07, 0x2a, 0xe5, 0xab, 0x8a, 0xb9, 0x16, 0x7b, + 0x17, 0x73, 0xb5, 0xdf, 0x1d, 0xa2, 0xaf, 0xd7, 0x0a, 0x67, 0x23, 0x52, 0x8b, 0xe9, 0xf7, 0x6d, + 0x47, 0x7e, 0xf6, 0x26, 0xd4, 0x1b, 0x78, 0x11, 0xd3, 0xf6, 0x94, 0xc7, 0xa3, 0x70, 0xa0, 0x14, + 0xb1, 0xe2, 0xbe, 0x29, 0x62, 0x2f, 0xc3, 0x68, 0x1c, 0x6f, 0xac, 0x44, 0xde, 0x96, 0x93, 0x50, + 0xd3, 0x42, 0xc4, 0xd2, 0xe8, 0xb4, 0x8e, 0xd5, 0x2b, 0x1a, 0x88, 0xd3, 0xb8, 0x68, 0x1e, 0xc6, + 0x75, 0xa2, 0x16, 0x89, 0x12, 0x16, 0x3a, 0xc3, 0x67, 0x82, 0xca, 0xaa, 0xd0, 0xa9, 0x5d, 0x02, + 0x01, 0x77, 0x3e, 0x43, 0x25, 0x56, 0xaa, 0x91, 0x76, 0x64, 0x30, 0x2d, 0xb1, 0x52, 0x74, 0x68, + 0x5f, 0x3a, 0x9e, 0x40, 0x4b, 0x70, 0x8a, 0x4f, 0x0c, 0x76, 0xf5, 0xb6, 0x7a, 0xa3, 0xa1, 0x74, + 0xd5, 0x88, 0xf9, 0x4e, 0x14, 0xdc, 0xed, 0x39, 0x6a, 0x37, 0xa8, 0xe6, 0x85, 0x39, 0x61, 0xac, + 0x2b, 0xbb, 0x41, 0x91, 0x59, 0xa8, 0x61, 0x13, 0x0f, 0x7d, 0x1a, 0x1e, 0xd7, 0x7f, 0x79, 0x90, + 0x22, 0xf7, 0x60, 0xcd, 0x89, 0x1c, 0x58, 0x55, 0x3a, 0x74, 0xbe, 0x2b, 0x5a, 0x0d, 0xf7, 0x7a, + 0x1e, 0xad, 0xc3, 0x59, 0x05, 0xba, 0x44, 0x8d, 0xb4, 0x56, 0xe4, 0xc5, 0xa4, 0xea, 0xc4, 0xe4, + 0x46, 0xe4, 0xb3, 0xac, 0xd9, 0x8a, 0xbe, 0x03, 0x61, 0xde, 0x4b, 0xae, 0x74, 0xc3, 0xc4, 0x8b, + 0xf8, 0x3e, 0x54, 0xd0, 0x34, 0x54, 0x48, 0xe0, 0xac, 0xfb, 0x64, 0x79, 0x76, 0x81, 0xe5, 0xd2, + 0x1a, 0x0e, 0xb3, 0x4b, 0x12, 0x80, 0x35, 0x8e, 0x3a, 0xbe, 0x1d, 0xe9, 0x79, 0x67, 0xc6, 0x0a, + 0x9c, 0x6e, 0xb8, 0x2d, 0xaa, 0x07, 0x78, 0x2e, 0x99, 0x71, 0xd9, 0x11, 0x26, 0xfd, 0x30, 0xbc, + 0x9c, 0x87, 0x8a, 0x4d, 0x98, 0x9f, 0x5d, 0xe9, 0xc0, 0xc1, 0x5d, 0x9f, 0xa4, 0x6b, 0xac, 0x15, + 0x85, 0xdb, 0x3b, 0x13, 0xa7, 0xd2, 0x6b, 0x6c, 0x85, 0x36, 0x62, 0x0e, 0x43, 0x57, 0x01, 0xb1, + 0x40, 0x97, 0x2b, 0x49, 0xd2, 0x52, 0x8a, 0xc7, 0xc4, 0x69, 0xf6, 0x4a, 0x67, 0xc5, 0x13, 0xe8, + 0x72, 0x07, 0x06, 0xee, 0xf2, 0x94, 0xfd, 0xc7, 0x16, 0x8c, 0xaa, 0xf5, 0xfa, 0x00, 0x42, 0xbd, + 0xfc, 0x74, 0xa8, 0xd7, 0xfc, 0xd1, 0x25, 0x1e, 0xeb, 0x79, 0x8f, 0x78, 0x81, 0x2f, 0x0f, 0x03, + 0x68, 0xa9, 0xa8, 0x36, 0x24, 0xab, 0xe7, 0x86, 0xf4, 0xc8, 0x4a, 0xa4, 0x6e, 0x89, 0x73, 0xa5, + 0x87, 0x9b, 0x38, 0xb7, 0x0a, 0x67, 0xa4, 0xba, 0xc0, 0x5d, 0x32, 0x57, 0xc2, 0x58, 0x09, 0xb8, + 0x72, 0xf5, 0x69, 0x41, 0xe8, 0xcc, 0x42, 0x37, 0x24, 0xdc, 0xfd, 0xd9, 0x94, 0x96, 0x32, 0xb4, + 0x9f, 0x96, 0xa2, 0xd7, 0xf4, 0x62, 0x5d, 0x16, 0x22, 0xcd, 0xac, 0xe9, 0xc5, 0xcb, 0xab, 0x58, + 0xe3, 0x74, 0x17, 0xec, 0x95, 0x9c, 0x04, 0x3b, 0x1c, 0x58, 0xb0, 0x4b, 0x11, 0x33, 0xdc, 0x53, + 0xc4, 0x48, 0x2f, 0xd0, 0x48, 0x4f, 0x2f, 0xd0, 0x2b, 0x30, 0xe6, 0x05, 0x1b, 0x24, 0xf2, 0x12, + 0x52, 0x63, 0x6b, 0x81, 0x89, 0x9f, 0xb2, 0xde, 0xd6, 0x17, 0x52, 0x50, 0x9c, 0xc1, 0x4e, 0xcb, + 0xc5, 0xb1, 0x3e, 0xe4, 0x62, 0x8f, 0xdd, 0xe8, 0x44, 0x3e, 0xbb, 0xd1, 0xc9, 0xa3, 0xef, 0x46, + 0xe3, 0xc7, 0xba, 0x1b, 0xa1, 0x5c, 0x76, 0xa3, 0xbe, 0x04, 0xbd, 0x61, 0xd0, 0x9d, 0xde, 0xc7, + 0xa0, 0xeb, 0xb5, 0x15, 0x9d, 0x39, 0xf4, 0x56, 0xd4, 0x7d, 0x97, 0x79, 0xec, 0x50, 0xbb, 0xcc, + 0x57, 0x0a, 0x70, 0x46, 0xcb, 0x61, 0x3a, 0xfb, 0xbd, 0x3a, 0x95, 0x44, 0xac, 0x96, 0x35, 0x8f, + 0xda, 0x31, 0x22, 0x0f, 0x75, 0x10, 0xa3, 0x82, 0x60, 0x03, 0x8b, 0x05, 0xf0, 0x91, 0x88, 0x15, + 0x2d, 0xca, 0x0a, 0xe9, 0x59, 0xd1, 0x8e, 0x15, 0x06, 0x9d, 0x5f, 0xf4, 0xb7, 0x08, 0x8a, 0xce, + 0xd6, 0x0a, 0x98, 0xd5, 0x20, 0x6c, 0xe2, 0xa1, 0xe7, 0x38, 0x13, 0x26, 0x20, 0xa8, 0xa0, 0x1e, + 0x11, 0xb7, 0xb4, 0x48, 0x99, 0xa0, 0xa0, 0xb2, 0x3b, 0x2c, 0x52, 0xb3, 0xd4, 0xd9, 0x1d, 0x76, + 0xd2, 0xa8, 0x30, 0xec, 0xff, 0x6d, 0xc1, 0x13, 0x5d, 0x87, 0xe2, 0x01, 0x6c, 0xbe, 0xdb, 0xe9, + 0xcd, 0x77, 0x35, 0x2f, 0x73, 0xc3, 0x78, 0x8b, 0x1e, 0x1b, 0xf1, 0x7f, 0xb0, 0x60, 0x4c, 0xe3, + 0x3f, 0x80, 0x57, 0xf5, 0xd2, 0xaf, 0x9a, 0x9f, 0x65, 0x55, 0xe9, 0x78, 0xb7, 0x3f, 0x66, 0xef, + 0xc6, 0xcf, 0x30, 0x66, 0x5c, 0x59, 0x1d, 0x69, 0x1f, 0xdf, 0xfd, 0x0e, 0x0c, 0xb2, 0xc2, 0xc1, + 0x71, 0x3e, 0x67, 0x29, 0x69, 0xfe, 0x2c, 0x04, 0x5b, 0x9f, 0xa5, 0xb0, 0xbf, 0x31, 0x16, 0x0c, + 0x59, 0x49, 0x2d, 0x2f, 0xa6, 0xd2, 0xbc, 0x26, 0x62, 0x1e, 0x75, 0x49, 0x2d, 0xd1, 0x8e, 0x15, + 0x86, 0xdd, 0x84, 0x89, 0x34, 0xf1, 0x39, 0x52, 0x67, 0xe7, 0xf3, 0x7d, 0xbd, 0xe6, 0x34, 0x54, + 0x1c, 0xf6, 0xd4, 0x62, 0xdb, 0xc9, 0x5e, 0xec, 0x35, 0x23, 0x01, 0x58, 0xe3, 0xd8, 0xbf, 0x65, + 0xc1, 0xa9, 0x2e, 0x2f, 0x93, 0x63, 0xac, 0x67, 0xa2, 0xa5, 0x40, 0xb7, 0x0d, 0xf7, 0x23, 0x30, + 0x54, 0x23, 0x75, 0x47, 0x9e, 0x00, 0x1b, 0x32, 0x77, 0x8e, 0x37, 0x63, 0x09, 0xb7, 0xff, 0x87, + 0x05, 0x27, 0xd2, 0x7d, 0x8d, 0xa9, 0xd4, 0xe4, 0x2f, 0x33, 0xe7, 0xc5, 0x6e, 0xb8, 0x45, 0xa2, + 0x1d, 0xfa, 0xe6, 0xbc, 0xd7, 0x4a, 0x6a, 0xce, 0x74, 0x60, 0xe0, 0x2e, 0x4f, 0xb1, 0xaa, 0x3a, + 0x35, 0x35, 0xda, 0x72, 0xa6, 0xdc, 0xcc, 0x73, 0xa6, 0xe8, 0x8f, 0x69, 0x1e, 0x1c, 0x29, 0x96, + 0xd8, 0xe4, 0x6f, 0xbf, 0x3f, 0x00, 0x2a, 0x18, 0x9c, 0x1d, 0xbf, 0xe5, 0x74, 0x78, 0x99, 0xaa, + 0x01, 0x5f, 0xec, 0xa3, 0x06, 0xbc, 0x9c, 0x0c, 0x03, 0xf7, 0x3b, 0x1a, 0xe3, 0xde, 0x0b, 0xd3, + 0x49, 0xa8, 0xde, 0x70, 0x4d, 0x83, 0xb0, 0x89, 0x47, 0x7b, 0xe2, 0x7b, 0x5b, 0x84, 0x3f, 0x34, + 0x98, 0xee, 0xc9, 0xa2, 0x04, 0x60, 0x8d, 0x43, 0x7b, 0x52, 0xf3, 0xea, 0x75, 0x61, 0x8a, 0xab, + 0x9e, 0xd0, 0xd1, 0xc1, 0x0c, 0xc2, 0x0b, 0xa5, 0x85, 0x9b, 0x42, 0x3b, 0x35, 0x0a, 0xa5, 0x85, + 0x9b, 0x98, 0x41, 0xa8, 0x3e, 0x15, 0x84, 0x51, 0x93, 0x5d, 0xbc, 0x56, 0x53, 0x5c, 0x84, 0x56, + 0xaa, 0xf4, 0xa9, 0xeb, 0x9d, 0x28, 0xb8, 0xdb, 0x73, 0x74, 0x06, 0xb6, 0x22, 0x52, 0xf3, 0xdc, + 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xd2, 0x81, 0x81, 0xbb, 0x3c, 0x85, 0x66, 0xe0, 0x84, 0x0c, + 0xe6, 0x97, 0xf9, 0x8e, 0xc3, 0xe9, 0xfc, 0x2a, 0x9c, 0x06, 0xe3, 0x2c, 0x3e, 0x95, 0x36, 0x4d, + 0x91, 0xea, 0xcc, 0x94, 0x58, 0x43, 0xda, 0xc8, 0x14, 0x68, 0xac, 0x30, 0xec, 0x2f, 0x16, 0xe9, + 0xee, 0xd8, 0xa3, 0xbc, 0xf3, 0x03, 0x3b, 0x2c, 0x4f, 0xcf, 0xc8, 0x81, 0x3e, 0x66, 0xe4, 0x4b, + 0x30, 0x72, 0x3b, 0x0e, 0x03, 0x75, 0x10, 0x5d, 0xea, 0x79, 0x10, 0x6d, 0x60, 0x75, 0x3f, 0x88, + 0x1e, 0xcc, 0xeb, 0x20, 0x7a, 0xe8, 0x90, 0x07, 0xd1, 0xdf, 0x2d, 0x81, 0x2a, 0x90, 0x7a, 0x9d, + 0x24, 0x77, 0xc3, 0x68, 0xd3, 0x0b, 0x1a, 0x2c, 0x09, 0xe2, 0x3b, 0x16, 0x8c, 0xf0, 0xf5, 0xb2, + 0x68, 0x06, 0x12, 0xd7, 0x73, 0xaa, 0xbc, 0x99, 0x62, 0x36, 0xb5, 0x66, 0x30, 0xca, 0xdc, 0xeb, + 0x61, 0x82, 0x70, 0xaa, 0x47, 0xe8, 0xe7, 0x00, 0xa4, 0xdf, 0xb2, 0x2e, 0x45, 0xe6, 0x42, 0x3e, + 0xfd, 0xc3, 0xa4, 0xae, 0x75, 0xd3, 0x35, 0xc5, 0x04, 0x1b, 0x0c, 0xd1, 0x57, 0xb2, 0x17, 0x53, + 0x7e, 0xf6, 0x58, 0xc6, 0xa6, 0x9f, 0x10, 0x6b, 0x0c, 0x43, 0x5e, 0xd0, 0xa0, 0xf3, 0x44, 0x9c, + 0xdd, 0x7f, 0xb8, 0x5b, 0x02, 0xd1, 0x62, 0xe8, 0xd4, 0xaa, 0x8e, 0xef, 0x04, 0x2e, 0x89, 0x16, + 0x38, 0xba, 0x79, 0xd1, 0x14, 0x6b, 0xc0, 0x92, 0x50, 0x47, 0x69, 0xd9, 0x52, 0x3f, 0xa5, 0x65, + 0xcf, 0x7e, 0x12, 0xc6, 0x3b, 0x3e, 0xe6, 0x81, 0x22, 0xaa, 0x0f, 0x1f, 0x8c, 0x6d, 0xff, 0xcb, + 0x41, 0xbd, 0x69, 0x5d, 0x0f, 0x6b, 0xbc, 0xc0, 0x69, 0xa4, 0xbf, 0xa8, 0xd0, 0x3d, 0x73, 0x9c, + 0x22, 0xc6, 0x65, 0x55, 0xaa, 0x11, 0x9b, 0x2c, 0xe9, 0x1c, 0x6d, 0x39, 0x11, 0x09, 0x8e, 0x7b, + 0x8e, 0xae, 0x28, 0x26, 0xd8, 0x60, 0x88, 0x36, 0x52, 0x21, 0x95, 0x97, 0x8f, 0x1e, 0x52, 0xc9, + 0xf2, 0x93, 0xbb, 0x15, 0x49, 0xfc, 0xa6, 0x05, 0x63, 0x41, 0x6a, 0xe6, 0x8a, 0x73, 0x9c, 0xb5, + 0xe3, 0x58, 0x15, 0xbc, 0xbe, 0x76, 0xba, 0x0d, 0x67, 0xf8, 0x77, 0xdb, 0xd2, 0x4a, 0x07, 0xdc, + 0xd2, 0x74, 0xa5, 0xe4, 0xc1, 0x5e, 0x95, 0x92, 0x51, 0xa0, 0x4a, 0xc5, 0x0f, 0xe5, 0x5e, 0x2a, + 0x1e, 0xba, 0x94, 0x89, 0xbf, 0x05, 0x15, 0x37, 0x22, 0x4e, 0x72, 0xc8, 0xaa, 0xe1, 0xec, 0x10, + 0x7b, 0x56, 0x12, 0xc0, 0x9a, 0x96, 0xfd, 0xef, 0x8b, 0x70, 0x52, 0x8e, 0x88, 0x8c, 0xc0, 0xa2, + 0xfb, 0x23, 0xe7, 0xab, 0x95, 0x5b, 0xb5, 0x3f, 0x5e, 0x91, 0x00, 0xac, 0x71, 0xa8, 0x3e, 0xd6, + 0x8e, 0xc9, 0x72, 0x8b, 0x04, 0x8b, 0xde, 0x7a, 0x2c, 0xce, 0x1f, 0xd5, 0x42, 0xb9, 0xa1, 0x41, + 0xd8, 0xc4, 0xa3, 0xca, 0x38, 0xd7, 0x8b, 0xe3, 0x6c, 0xf4, 0xa6, 0xd0, 0xb7, 0xb1, 0x84, 0xa3, + 0x5f, 0xe9, 0x7a, 0xdf, 0x44, 0x3e, 0x71, 0xcb, 0x1d, 0x81, 0x67, 0x07, 0xbc, 0x68, 0xe2, 0x6d, + 0x0b, 0x4e, 0x6c, 0xa6, 0x12, 0xc8, 0xa4, 0x48, 0x3e, 0x62, 0xaa, 0x73, 0x3a, 0x2b, 0x4d, 0x4f, + 0xe1, 0x74, 0x7b, 0x8c, 0xb3, 0xdc, 0xed, 0xff, 0x69, 0x81, 0x29, 0x9e, 0xfa, 0xd3, 0xac, 0x8c, + 0x2b, 0xb3, 0x0a, 0xfb, 0x5c, 0x99, 0x25, 0x95, 0xb0, 0x62, 0x7f, 0x4a, 0xff, 0xc0, 0x01, 0x94, + 0xfe, 0x52, 0x4f, 0xad, 0xed, 0x69, 0x28, 0xb6, 0xbd, 0x9a, 0xd0, 0xdb, 0xf5, 0x69, 0xe3, 0xc2, + 0x1c, 0xa6, 0xed, 0xf6, 0x3f, 0x2d, 0x69, 0x3b, 0x5d, 0x84, 0xdb, 0xfe, 0x48, 0xbc, 0x76, 0x5d, + 0x65, 0xae, 0xf3, 0x37, 0xbf, 0xde, 0x91, 0xb9, 0xfe, 0x93, 0x07, 0x8f, 0xa6, 0xe6, 0x03, 0xd4, + 0x2b, 0x71, 0x7d, 0x68, 0x9f, 0x50, 0xea, 0xdb, 0x50, 0xa6, 0xa6, 0x0d, 0x73, 0xb8, 0x95, 0x53, + 0x9d, 0x2a, 0x5f, 0x11, 0xed, 0xf7, 0x76, 0x27, 0x7f, 0xe2, 0xe0, 0xdd, 0x92, 0x4f, 0x63, 0x45, + 0x1f, 0xc5, 0x50, 0xa1, 0xbf, 0x59, 0xd4, 0xb7, 0x30, 0x9a, 0x6e, 0x28, 0x59, 0x24, 0x01, 0xb9, + 0x84, 0x94, 0x6b, 0x3e, 0x28, 0x80, 0x0a, 0xbb, 0xeb, 0x86, 0x31, 0xe5, 0xb6, 0xd5, 0x8a, 0x8a, + 0xbd, 0x96, 0x80, 0x7b, 0xbb, 0x93, 0x2f, 0x1f, 0x9c, 0xa9, 0x7a, 0x1c, 0x6b, 0x16, 0xf6, 0x3b, + 0x03, 0x7a, 0xee, 0x8a, 0x82, 0x05, 0x3f, 0x12, 0x73, 0xf7, 0x62, 0x66, 0xee, 0x9e, 0xef, 0x98, + 0xbb, 0x63, 0xfa, 0x4e, 0x96, 0xd4, 0x6c, 0x7c, 0xd0, 0x1b, 0xec, 0xfe, 0x76, 0x3c, 0xd3, 0x2c, + 0xee, 0xb4, 0xbd, 0x88, 0xc4, 0x2b, 0x51, 0x3b, 0xf0, 0x82, 0x86, 0xb8, 0x06, 0xd3, 0xd0, 0x2c, + 0x52, 0x60, 0x9c, 0xc5, 0x67, 0x57, 0x68, 0xee, 0x04, 0xee, 0x2d, 0x67, 0x8b, 0xcf, 0x2a, 0x23, + 0x87, 0x7b, 0x55, 0xb4, 0x63, 0x85, 0x61, 0xbf, 0xcb, 0xce, 0x6e, 0x8d, 0x74, 0x13, 0x3a, 0x27, + 0x7c, 0x76, 0xb9, 0x10, 0x4f, 0x00, 0x57, 0x73, 0x82, 0xdf, 0x28, 0xc4, 0x61, 0xe8, 0x2e, 0x0c, + 0xad, 0xf3, 0xea, 0xfa, 0xf9, 0x54, 0x8c, 0x13, 0xa5, 0xfa, 0x59, 0x51, 0x57, 0x59, 0xb7, 0xff, + 0x9e, 0xfe, 0x89, 0x25, 0x37, 0xfb, 0xbd, 0x01, 0x38, 0x91, 0xb9, 0x7e, 0x26, 0x55, 0xbf, 0xa6, + 0xb0, 0x6f, 0xfd, 0x9a, 0xcf, 0x00, 0xd4, 0x48, 0xcb, 0x0f, 0x77, 0x98, 0x9a, 0x33, 0x70, 0x60, + 0x35, 0x47, 0x69, 0xc6, 0x73, 0x8a, 0x0a, 0x36, 0x28, 0x8a, 0xac, 0x77, 0x5e, 0x0e, 0x27, 0x93, + 0xf5, 0x6e, 0x14, 0x6d, 0x1c, 0x7c, 0xb0, 0x45, 0x1b, 0x3d, 0x38, 0xc1, 0xbb, 0xa8, 0x92, 0x3a, + 0x0e, 0x91, 0xbb, 0xc1, 0x22, 0x64, 0xe7, 0xd2, 0x64, 0x70, 0x96, 0xee, 0xc3, 0xbc, 0x5d, 0x0a, + 0x7d, 0x14, 0x2a, 0xf2, 0x3b, 0xc7, 0x13, 0x15, 0x9d, 0x18, 0x27, 0xa7, 0x01, 0xbb, 0xf5, 0x49, + 0xfc, 0xb4, 0xbf, 0x51, 0xa0, 0x5a, 0x29, 0xff, 0xa7, 0x12, 0x9c, 0x9f, 0x85, 0x41, 0xa7, 0x9d, + 0x6c, 0x84, 0x1d, 0x57, 0x06, 0xcc, 0xb0, 0x56, 0x2c, 0xa0, 0x68, 0x11, 0x06, 0x6a, 0x3a, 0x69, + 0xf5, 0x20, 0xa3, 0xa8, 0x1d, 0x7c, 0x4e, 0x42, 0x30, 0xa3, 0x82, 0x9e, 0x82, 0x81, 0xc4, 0x69, + 0xa4, 0xae, 0x72, 0x5d, 0x73, 0x1a, 0x31, 0x66, 0xad, 0xe6, 0xa6, 0x39, 0xb0, 0xcf, 0xa6, 0xf9, + 0x32, 0x8c, 0xc6, 0x5e, 0x23, 0x70, 0x92, 0x76, 0x44, 0x8c, 0xc3, 0x24, 0x1d, 0x1f, 0x60, 0x02, + 0x71, 0x1a, 0xd7, 0x7e, 0xbf, 0x02, 0xa7, 0xbb, 0x5d, 0xb9, 0x9f, 0x77, 0x34, 0x7c, 0x37, 0x1e, + 0x0f, 0x2e, 0x1a, 0xbe, 0x07, 0x77, 0xdf, 0x88, 0x86, 0xf7, 0x8d, 0x68, 0xf8, 0xaf, 0x58, 0x50, + 0x51, 0x41, 0xe0, 0x22, 0x90, 0xf5, 0xf5, 0xfc, 0x7b, 0xa0, 0x22, 0x82, 0x45, 0x2c, 0xb0, 0xfc, + 0x8b, 0x35, 0xf3, 0xe3, 0x0b, 0x8f, 0xbf, 0x6f, 0x87, 0x0e, 0x14, 0x1e, 0xaf, 0x72, 0x07, 0x4a, + 0x79, 0xe4, 0x0e, 0xf4, 0xf8, 0x54, 0x5d, 0x73, 0x07, 0xbe, 0x69, 0xc1, 0xb0, 0xf3, 0x56, 0x3b, + 0x22, 0x73, 0x64, 0x6b, 0xb9, 0x15, 0x0b, 0x01, 0xfb, 0x46, 0xfe, 0x1d, 0x98, 0xd1, 0x4c, 0x44, + 0x6d, 0x63, 0xdd, 0x80, 0xcd, 0x2e, 0xa4, 0x72, 0x05, 0x86, 0xf2, 0xc8, 0x15, 0xe8, 0xd6, 0x9d, + 0x7d, 0x73, 0x05, 0x5e, 0x86, 0x51, 0xd7, 0x0f, 0x03, 0xb2, 0x12, 0x85, 0x49, 0xe8, 0x86, 0xbe, + 0x50, 0xa6, 0x95, 0x48, 0x98, 0x35, 0x81, 0x38, 0x8d, 0xdb, 0x2b, 0xd1, 0xa0, 0x72, 0xd4, 0x44, + 0x03, 0x78, 0x48, 0x89, 0x06, 0x7f, 0x56, 0x80, 0xc9, 0x7d, 0x3e, 0x2a, 0xba, 0x08, 0x23, 0x61, + 0xd4, 0x70, 0x02, 0xef, 0x2d, 0x9e, 0xd4, 0x5a, 0x4a, 0x97, 0xce, 0x58, 0x36, 0x60, 0x38, 0x85, + 0x29, 0x43, 0x91, 0x07, 0x7b, 0x84, 0x22, 0x7f, 0x1c, 0x86, 0x13, 0xe2, 0x34, 0x45, 0xdc, 0x85, + 0x30, 0x80, 0xf4, 0x81, 0x92, 0x06, 0x61, 0x13, 0x8f, 0x4e, 0xa3, 0x31, 0xc7, 0x75, 0x49, 0x1c, + 0xcb, 0x58, 0x63, 0xe1, 0x9c, 0xc9, 0x2d, 0x90, 0x99, 0xf9, 0xbc, 0x66, 0x52, 0x2c, 0x70, 0x86, + 0x25, 0xed, 0xbc, 0xe3, 0xfb, 0x3c, 0xad, 0x80, 0xc8, 0xcb, 0xd9, 0x75, 0x09, 0x0c, 0x0d, 0xc2, + 0x26, 0x9e, 0xfd, 0xeb, 0x05, 0x78, 0xfa, 0xbe, 0xe2, 0xa5, 0xef, 0x30, 0xf0, 0x76, 0x4c, 0xa2, + 0xec, 0x81, 0xcc, 0x8d, 0x98, 0x44, 0x98, 0x41, 0xf8, 0x28, 0xb5, 0x5a, 0xc6, 0xa5, 0x45, 0x79, + 0x67, 0x1d, 0xf0, 0x51, 0x4a, 0xb1, 0xc0, 0x19, 0x96, 0xd9, 0x51, 0x1a, 0xe8, 0x73, 0x94, 0xfe, + 0x41, 0x01, 0x9e, 0xe9, 0x43, 0x08, 0xe7, 0x98, 0x9d, 0x91, 0xce, 0x6e, 0x29, 0x3e, 0x9c, 0xec, + 0x96, 0xc3, 0x0e, 0xd7, 0xbb, 0x05, 0x38, 0xdb, 0x5b, 0x16, 0xa2, 0x9f, 0xa2, 0x46, 0x94, 0x0c, + 0xb6, 0x30, 0x33, 0x63, 0x4e, 0x71, 0x03, 0x2a, 0x05, 0xc2, 0x59, 0x5c, 0x34, 0x05, 0xd0, 0x72, + 0x92, 0x8d, 0xf8, 0xd2, 0xb6, 0x17, 0x27, 0x22, 0xa7, 0x73, 0x8c, 0xbb, 0xc2, 0x65, 0x2b, 0x36, + 0x30, 0x28, 0x3b, 0xf6, 0x6f, 0x2e, 0xbc, 0x1e, 0x26, 0xfc, 0x21, 0xae, 0xc7, 0x9d, 0x92, 0xc5, + 0x23, 0x0d, 0x10, 0xce, 0xe2, 0x52, 0x76, 0xec, 0xb0, 0x85, 0x77, 0x94, 0x2b, 0x78, 0x8c, 0xdd, + 0xa2, 0x6a, 0xc5, 0x06, 0x46, 0x36, 0xe7, 0xa7, 0xd4, 0x47, 0xce, 0xcf, 0x3f, 0x29, 0xc0, 0x13, + 0x3d, 0xf7, 0xd2, 0xfe, 0x16, 0xe0, 0xa3, 0x97, 0xec, 0x73, 0xb8, 0xb9, 0x73, 0xc0, 0x14, 0x96, + 0x3f, 0xe9, 0x31, 0xd3, 0x44, 0x0a, 0x4b, 0x76, 0xab, 0xb0, 0x0e, 0xba, 0x55, 0x3c, 0x42, 0xe3, + 0xd9, 0x91, 0xb5, 0x32, 0x70, 0x80, 0xac, 0x95, 0xcc, 0xc7, 0x28, 0xf5, 0xb9, 0x90, 0xbf, 0xd7, + 0x7b, 0x78, 0xa9, 0xee, 0xdd, 0x97, 0x7b, 0x6a, 0x0e, 0x4e, 0x7a, 0x01, 0x2b, 0x24, 0xbc, 0xda, + 0x5e, 0x17, 0x19, 0xbf, 0x85, 0xf4, 0x1d, 0x59, 0x0b, 0x19, 0x38, 0xee, 0x78, 0xe2, 0x11, 0xcc, + 0x22, 0x3a, 0xe4, 0x90, 0x7e, 0x06, 0x2a, 0x8a, 0x36, 0x8f, 0x8c, 0x54, 0x1f, 0xb4, 0x23, 0x32, + 0x52, 0x7d, 0x4d, 0x03, 0x8b, 0x8e, 0xc4, 0x26, 0xd9, 0xc9, 0xce, 0xcc, 0x6b, 0x64, 0x87, 0x9d, + 0x92, 0xda, 0x1f, 0x83, 0x11, 0x65, 0x44, 0xf6, 0x5b, 0xe8, 0xd6, 0x7e, 0x67, 0x10, 0x46, 0x53, + 0x65, 0x2c, 0x52, 0x3e, 0x1b, 0x6b, 0x5f, 0x9f, 0x0d, 0x8b, 0x74, 0x6d, 0x07, 0xb2, 0x94, 0xb4, + 0x11, 0xe9, 0xda, 0x0e, 0x08, 0xe6, 0x30, 0x6a, 0xba, 0xd7, 0xa2, 0x1d, 0xdc, 0x0e, 0x44, 0x44, + 0x9a, 0x32, 0xdd, 0xe7, 0x58, 0x2b, 0x16, 0x50, 0xf4, 0x05, 0x0b, 0x46, 0x62, 0xe6, 0x10, 0xe4, + 0x1e, 0x2f, 0xf1, 0x41, 0xaf, 0xe6, 0x71, 0xed, 0xb3, 0x28, 0xd9, 0xc2, 0x0e, 0xb3, 0xcd, 0x16, + 0x9c, 0xe2, 0x88, 0xbe, 0x64, 0x99, 0x17, 0x5e, 0x0f, 0xe6, 0x11, 0x49, 0x99, 0xad, 0x12, 0xc2, + 0x5d, 0x25, 0xf7, 0xbf, 0xf7, 0x5a, 0xdf, 0x83, 0x3f, 0xf4, 0xe0, 0xee, 0xc1, 0xff, 0x28, 0x54, + 0x9a, 0x4e, 0xe0, 0xd5, 0x49, 0x9c, 0x70, 0x0f, 0x91, 0x2c, 0x5e, 0x24, 0x1b, 0xb1, 0x86, 0xd3, + 0xcd, 0x2e, 0x66, 0x2f, 0x96, 0x18, 0x2e, 0x1d, 0xb6, 0xd9, 0xad, 0xea, 0x66, 0x6c, 0xe2, 0x98, + 0xfe, 0x27, 0x78, 0xa8, 0xfe, 0xa7, 0xe1, 0x7d, 0xfc, 0x4f, 0xff, 0xc8, 0x82, 0x33, 0x5d, 0xbf, + 0xda, 0xa3, 0x1b, 0xa3, 0x64, 0x7f, 0xab, 0x04, 0xa7, 0xba, 0xd4, 0xa3, 0x41, 0x3b, 0xc7, 0x76, + 0x81, 0xbb, 0x28, 0x78, 0x33, 0xda, 0x73, 0x12, 0x1f, 0xcc, 0xfb, 0xab, 0x3d, 0xb0, 0xc5, 0x07, + 0xeb, 0x81, 0x35, 0xa6, 0xe5, 0xc0, 0x43, 0x9d, 0x96, 0xa5, 0xfb, 0x4f, 0x4b, 0xf4, 0xdb, 0x16, + 0x4c, 0x34, 0x7b, 0x14, 0x41, 0x14, 0x5e, 0x95, 0x9b, 0xc7, 0x53, 0x62, 0xb1, 0xfa, 0xd4, 0xde, + 0xee, 0x64, 0xcf, 0xda, 0x93, 0xb8, 0x67, 0xaf, 0xec, 0xf7, 0x8b, 0xc0, 0x8a, 0x21, 0xb1, 0xf2, + 0x23, 0x3b, 0xe8, 0xf3, 0x66, 0x59, 0x2b, 0x2b, 0xaf, 0x12, 0x4c, 0x9c, 0xb8, 0x2a, 0x8b, 0xc5, + 0x47, 0xb0, 0x5b, 0x95, 0xac, 0xac, 0xd0, 0x2a, 0xf4, 0x21, 0xb4, 0x7c, 0x59, 0x3f, 0xac, 0x98, + 0x7f, 0xfd, 0xb0, 0x4a, 0xb6, 0x76, 0xd8, 0xfd, 0x3f, 0xf1, 0xc0, 0x23, 0xf9, 0x89, 0xff, 0x96, + 0xc5, 0x05, 0x4f, 0xe6, 0x2b, 0x68, 0xcd, 0xc0, 0xba, 0x8f, 0x66, 0xf0, 0x3c, 0xbb, 0xe9, 0xaf, + 0x7e, 0x85, 0x38, 0xbe, 0xd0, 0x20, 0xcc, 0x4b, 0xfb, 0x58, 0x3b, 0x56, 0x18, 0xec, 0x6e, 0x0e, + 0xdf, 0x0f, 0xef, 0x5e, 0x6a, 0xb6, 0x92, 0x1d, 0xa1, 0x4b, 0xe8, 0xbb, 0x39, 0x14, 0x04, 0x1b, + 0x58, 0xf6, 0xdf, 0x29, 0xf0, 0x19, 0x28, 0xce, 0x55, 0x2f, 0x66, 0x0a, 0xc1, 0xf7, 0x7f, 0x24, + 0xf9, 0x39, 0x00, 0x57, 0x5d, 0xf2, 0x25, 0x1c, 0xde, 0x57, 0x8e, 0x7c, 0x49, 0x92, 0xa0, 0xa7, + 0x5f, 0x43, 0xb7, 0x61, 0x83, 0x5f, 0x4a, 0x96, 0x16, 0xf7, 0x95, 0xa5, 0x29, 0xb1, 0x32, 0xb0, + 0xcf, 0x6e, 0xf7, 0x67, 0x16, 0xa4, 0x34, 0x22, 0xd4, 0x82, 0x12, 0xed, 0xee, 0x4e, 0x3e, 0xf7, + 0x97, 0x99, 0xa4, 0xa9, 0x68, 0x14, 0xd3, 0x9e, 0xfd, 0xc4, 0x9c, 0x11, 0xf2, 0xc5, 0xf1, 0x6b, + 0x21, 0x8f, 0x3b, 0xf6, 0x4c, 0x86, 0x57, 0xc2, 0x70, 0x93, 0x9f, 0xda, 0xe8, 0xa3, 0x5c, 0xfb, + 0x22, 0x8c, 0x77, 0x74, 0x8a, 0xd5, 0x7c, 0x0e, 0xe5, 0xa5, 0x6d, 0xc6, 0x74, 0x65, 0x39, 0x50, + 0x98, 0xc3, 0xec, 0x77, 0x2d, 0x38, 0x99, 0x25, 0x8f, 0xbe, 0x6d, 0xc1, 0x78, 0x9c, 0xa5, 0x77, + 0x5c, 0x63, 0xa7, 0x42, 0x93, 0x3a, 0x40, 0xb8, 0xb3, 0x13, 0xf6, 0x9f, 0x8b, 0xc9, 0x7f, 0xcb, + 0x0b, 0x6a, 0xe1, 0x5d, 0xa5, 0x98, 0x58, 0x3d, 0x15, 0x13, 0xba, 0x1e, 0xdd, 0x0d, 0x52, 0x6b, + 0xfb, 0x1d, 0xc9, 0x57, 0xab, 0xa2, 0x1d, 0x2b, 0x8c, 0xd4, 0xf5, 0xed, 0xc5, 0x7d, 0xaf, 0x6f, + 0x7f, 0x09, 0x46, 0xcc, 0x8b, 0x09, 0xc5, 0xbc, 0x64, 0x0a, 0xb9, 0x79, 0x87, 0x21, 0x4e, 0x61, + 0x65, 0xae, 0xa6, 0x2e, 0xed, 0x7b, 0x35, 0xf5, 0x73, 0x50, 0x16, 0xd7, 0x2c, 0xcb, 0x00, 0x3e, + 0x9e, 0xd9, 0x25, 0xda, 0xb0, 0x82, 0x52, 0x69, 0xd2, 0x74, 0x82, 0xb6, 0xe3, 0xd3, 0x11, 0x12, + 0xe9, 0xa8, 0x6a, 0x19, 0x2e, 0x29, 0x08, 0x36, 0xb0, 0xe8, 0x1b, 0x27, 0x5e, 0x93, 0xbc, 0x16, + 0x06, 0x32, 0xf4, 0x45, 0xfb, 0xb4, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0x7f, 0xb3, 0x20, 0x7b, 0x47, + 0x6c, 0xca, 0xcb, 0x61, 0xed, 0x9b, 0x02, 0x9b, 0x4e, 0xa0, 0x2b, 0xf4, 0x95, 0x40, 0x67, 0xe6, + 0xb6, 0x15, 0xef, 0x9b, 0xdb, 0xf6, 0x63, 0xfa, 0xe6, 0x10, 0x9e, 0x04, 0x37, 0xdc, 0xed, 0xd6, + 0x10, 0x64, 0xc3, 0xa0, 0xeb, 0xa8, 0x22, 0x09, 0x23, 0xdc, 0x76, 0x98, 0x9d, 0x61, 0x48, 0x02, + 0x52, 0x5d, 0x7f, 0xef, 0x07, 0xe7, 0x3e, 0xf4, 0xbd, 0x1f, 0x9c, 0xfb, 0xd0, 0x1f, 0xfd, 0xe0, + 0xdc, 0x87, 0xbe, 0xb0, 0x77, 0xce, 0x7a, 0x6f, 0xef, 0x9c, 0xf5, 0xbd, 0xbd, 0x73, 0xd6, 0x1f, + 0xed, 0x9d, 0xb3, 0xde, 0xdf, 0x3b, 0x67, 0x7d, 0xf3, 0x3f, 0x9f, 0xfb, 0xd0, 0x6b, 0x5d, 0x43, + 0x95, 0xe8, 0x8f, 0x17, 0xdc, 0xda, 0xf4, 0xd6, 0x05, 0x16, 0x2d, 0x43, 0x57, 0xc3, 0xb4, 0x31, + 0x05, 0xa6, 0xe5, 0x6a, 0xf8, 0xff, 0x01, 0x00, 0x00, 0xff, 0xff, 0x0b, 0xac, 0xd6, 0xaa, 0xde, + 0xc7, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -7005,6 +7007,11 @@ func (m *ApplicationStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i -= len(m.ControllerNamespace) + copy(dAtA[i:], m.ControllerNamespace) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.ControllerNamespace))) + i-- + dAtA[i] = 0x6a if len(m.SourceTypes) > 0 { for iNdEx := len(m.SourceTypes) - 1; iNdEx >= 0; iNdEx-- { i -= len(m.SourceTypes[iNdEx]) @@ -13832,6 +13839,8 @@ func (m *ApplicationStatus) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } + l = len(m.ControllerNamespace) + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -16694,6 +16703,7 @@ func (this *ApplicationStatus) String() string { `Summary:` + strings.Replace(strings.Replace(this.Summary.String(), "ApplicationSummary", "ApplicationSummary", 1), `&`, ``, 1) + `,`, `ResourceHealthSource:` + fmt.Sprintf("%v", this.ResourceHealthSource) + `,`, `SourceTypes:` + fmt.Sprintf("%v", this.SourceTypes) + `,`, + `ControllerNamespace:` + fmt.Sprintf("%v", this.ControllerNamespace) + `,`, `}`, }, "") return s @@ -25788,6 +25798,38 @@ func (m *ApplicationStatus) Unmarshal(dAtA []byte) error { } m.SourceTypes = append(m.SourceTypes, ApplicationSourceType(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ControllerNamespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ControllerNamespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index c5c56a14d83a7..7cad9d73d7cc2 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -572,6 +572,9 @@ message ApplicationStatus { // SourceTypes specifies the type of the sources included in the application repeated string sourceTypes = 12; + + // ControllerNamespace indicates the namespace in which the application controller is located + optional string controllerNamespace = 13; } // ApplicationSummary contains information about URLs and container images used by an application diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index c6aab58f821ad..6e5a6815f59ed 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -2082,6 +2082,13 @@ func schema_pkg_apis_application_v1alpha1_ApplicationStatus(ref common.Reference }, }, }, + "controllerNamespace": { + SchemaProps: spec.SchemaProps{ + Description: "ControllerNamespace indicates the namespace in which the application controller is located", + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 48cd6c13b7f35..15d090f458a9f 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -893,6 +893,8 @@ type ApplicationStatus struct { ResourceHealthSource ResourceHealthLocation `json:"resourceHealthSource,omitempty" protobuf:"bytes,11,opt,name=resourceHealthSource"` // SourceTypes specifies the type of the sources included in the application SourceTypes []ApplicationSourceType `json:"sourceTypes,omitempty" protobuf:"bytes,12,opt,name=sourceTypes"` + // ControllerNamespace indicates the namespace in which the application controller is located + ControllerNamespace string `json:"controllerNamespace,omitempty" protobuf:"bytes,13,opt,name=controllerNamespace"` } // JWTTokens represents a list of JWT tokens From 488583fedd6fb8f9f0b8d97f3540b8686a2bc83d Mon Sep 17 00:00:00 2001 From: Brett Lentz Date: Sat, 27 May 2023 20:46:16 -0400 Subject: [PATCH 024/252] test: add tests to validate helm ranges (#4047) (#13662) Signed-off-by: Brett Lentz Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- util/helm/index_test.go | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/util/helm/index_test.go b/util/helm/index_test.go index 152fceae02c6d..dd7fc0b8bfa06 100644 --- a/util/helm/index_test.go +++ b/util/helm/index_test.go @@ -9,7 +9,7 @@ import ( var index = Index{ Entries: map[string]Entries{ - "argo-cd": { + "argo-cd": { {Version: "~0.7.3"}, {Version: "0.7.2"}, {Version: "0.7.1"}, @@ -57,4 +57,28 @@ func TestEntries_MaxVersion(t *testing.T) { assert.NoError(t, err) assert.Equal(t, semver.MustParse("0.7.2"), version) }) + t.Run("Constraint", func(t *testing.T) { + constraints, _ := semver.NewConstraint("> 0.0.0") + version, err := entries.MaxVersion(constraints) + assert.NoError(t, err) + assert.Equal(t, semver.MustParse("0.7.2"), version) + }) + t.Run("Constraint", func(t *testing.T) { + constraints, _ := semver.NewConstraint(">0.5.0,<0.7.0") + version, err := entries.MaxVersion(constraints) + assert.NoError(t, err) + assert.Equal(t, semver.MustParse("0.5.4"), version) + }) + t.Run("Constraint", func(t *testing.T) { + constraints, _ := semver.NewConstraint("0.7.*") + version, err := entries.MaxVersion(constraints) + assert.NoError(t, err) + assert.Equal(t, semver.MustParse("0.7.2"), version) + }) + t.Run("Constraint", func(t *testing.T) { + constraints, _ := semver.NewConstraint("*") + version, err := entries.MaxVersion(constraints) + assert.NoError(t, err) + assert.Equal(t, semver.MustParse("0.7.2"), version) + }) } From b6dba43907680220c6ea5082e993f24958440817 Mon Sep 17 00:00:00 2001 From: Nicholas Morey Date: Sat, 27 May 2023 18:55:12 -0600 Subject: [PATCH 025/252] docs: add helm values declarative syntax (#13661) The Helm section of the user guide is missing an example of using `source.helm.values`. Signed-off-by: Nicholas Morey --- docs/user-guide/helm.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md index d65316b71d0bd..554eab2ba31ae 100644 --- a/docs/user-guide/helm.md +++ b/docs/user-guide/helm.md @@ -50,6 +50,29 @@ source: - values-production.yaml ``` +## Values + +Argo CD supports the equivalent of a values file directly in the Application manifest using the `source.helm.values` key. + +``` +source: + helm: + values: | + ingress: + enabled: true + path: / + hosts: + - mydomain.example.com + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + labels: {} + tls: + - secretName: mydomain-tls + hosts: + - mydomain.example.com +``` + ## Helm Parameters Helm has the ability to set parameter values, which override any values in From 47554e4c1d0edc99f86332eec70e901c82858c81 Mon Sep 17 00:00:00 2001 From: Alexander Matyushentsev Date: Sat, 27 May 2023 18:55:46 -0600 Subject: [PATCH 026/252] feat: support referencing secret in any field of oidc config (#13475) Signed-off-by: Alexander Matyushentsev --- util/dex/config.go | 52 +++++------------------------- util/settings/settings.go | 59 +++++++++++++++++++++++++++++++--- util/settings/settings_test.go | 4 ++- 3 files changed, 65 insertions(+), 50 deletions(-) diff --git a/util/dex/config.go b/util/dex/config.go index 02f83c16c55cc..6f09eb2c46080 100644 --- a/util/dex/config.go +++ b/util/dex/config.go @@ -9,20 +9,20 @@ import ( "github.com/argoproj/argo-cd/v2/util/settings" ) -func GenerateDexConfigYAML(settings *settings.ArgoCDSettings, disableTls bool) ([]byte, error) { - if !settings.IsDexConfigured() { +func GenerateDexConfigYAML(argocdSettings *settings.ArgoCDSettings, disableTls bool) ([]byte, error) { + if !argocdSettings.IsDexConfigured() { return nil, nil } - redirectURL, err := settings.RedirectURL() + redirectURL, err := argocdSettings.RedirectURL() if err != nil { return nil, fmt.Errorf("failed to infer redirect url from config: %v", err) } var dexCfg map[string]interface{} - err = yaml.Unmarshal([]byte(settings.DexConfig), &dexCfg) + err = yaml.Unmarshal([]byte(argocdSettings.DexConfig), &dexCfg) if err != nil { return nil, fmt.Errorf("failed to unmarshal dex.config from configmap: %v", err) } - dexCfg["issuer"] = settings.IssuerURL() + dexCfg["issuer"] = argocdSettings.IssuerURL() dexCfg["storage"] = map[string]interface{}{ "type": "memory", } @@ -58,7 +58,7 @@ func GenerateDexConfigYAML(settings *settings.ArgoCDSettings, disableTls bool) ( argoCDStaticClient := map[string]interface{}{ "id": common.ArgoCDClientAppID, "name": common.ArgoCDClientAppName, - "secret": settings.DexOAuth2ClientSecret(), + "secret": argocdSettings.DexOAuth2ClientSecret(), "redirectURIs": []string{ redirectURL, }, @@ -80,7 +80,7 @@ func GenerateDexConfigYAML(settings *settings.ArgoCDSettings, disableTls bool) ( dexCfg["staticClients"] = []interface{}{argoCDStaticClient, argoCDCLIStaticClient} } - dexRedirectURL, err := settings.DexRedirectURL() + dexRedirectURL, err := argocdSettings.DexRedirectURL() if err != nil { return nil, err } @@ -106,46 +106,10 @@ func GenerateDexConfigYAML(settings *settings.ArgoCDSettings, disableTls bool) ( connectors[i] = connector } dexCfg["connectors"] = connectors - dexCfg = replaceMapSecrets(dexCfg, settings.Secrets) + dexCfg = settings.ReplaceMapSecrets(dexCfg, argocdSettings.Secrets) return yaml.Marshal(dexCfg) } -// replaceMapSecrets takes a json object and recursively looks for any secret key references in the -// object and replaces the value with the secret value -func replaceMapSecrets(obj map[string]interface{}, secretValues map[string]string) map[string]interface{} { - newObj := make(map[string]interface{}) - for k, v := range obj { - switch val := v.(type) { - case map[string]interface{}: - newObj[k] = replaceMapSecrets(val, secretValues) - case []interface{}: - newObj[k] = replaceListSecrets(val, secretValues) - case string: - newObj[k] = settings.ReplaceStringSecret(val, secretValues) - default: - newObj[k] = val - } - } - return newObj -} - -func replaceListSecrets(obj []interface{}, secretValues map[string]string) []interface{} { - newObj := make([]interface{}, len(obj)) - for i, v := range obj { - switch val := v.(type) { - case map[string]interface{}: - newObj[i] = replaceMapSecrets(val, secretValues) - case []interface{}: - newObj[i] = replaceListSecrets(val, secretValues) - case string: - newObj[i] = settings.ReplaceStringSecret(val, secretValues) - default: - newObj[i] = val - } - } - return newObj -} - // needsRedirectURI returns whether or not the given connector type needs a redirectURI // Update this list as necessary, as new connectors are added // https://dexidp.io/docs/connectors/ diff --git a/util/settings/settings.go b/util/settings/settings.go index 2ecf28690cd84..54d076ea4a3de 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -1680,13 +1680,26 @@ func (a *ArgoCDSettings) oidcConfig() *oidcConfig { if a.OIDCConfigRAW == "" { return nil } - config, err := unmarshalOIDCConfig(a.OIDCConfigRAW) + configMap := map[string]interface{}{} + err := yaml.Unmarshal([]byte(a.OIDCConfigRAW), &configMap) if err != nil { log.Warnf("invalid oidc config: %v", err) return nil } - config.ClientSecret = ReplaceStringSecret(config.ClientSecret, a.Secrets) - config.ClientID = ReplaceStringSecret(config.ClientID, a.Secrets) + + configMap = ReplaceMapSecrets(configMap, a.Secrets) + data, err := yaml.Marshal(configMap) + if err != nil { + log.Warnf("invalid oidc config: %v", err) + return nil + } + + config, err := unmarshalOIDCConfig(string(data)) + if err != nil { + log.Warnf("invalid oidc config: %v", err) + return nil + } + return &config } @@ -1977,8 +1990,44 @@ func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoC return cdSettings, nil } -// ReplaceStringSecret checks if given string is a secret key reference ( starts with $ ) and returns corresponding value from provided map -func ReplaceStringSecret(val string, secretValues map[string]string) string { +// ReplaceMapSecrets takes a json object and recursively looks for any secret key references in the +// object and replaces the value with the secret value +func ReplaceMapSecrets(obj map[string]interface{}, secretValues map[string]string) map[string]interface{} { + newObj := make(map[string]interface{}) + for k, v := range obj { + switch val := v.(type) { + case map[string]interface{}: + newObj[k] = ReplaceMapSecrets(val, secretValues) + case []interface{}: + newObj[k] = replaceListSecrets(val, secretValues) + case string: + newObj[k] = replaceStringSecret(val, secretValues) + default: + newObj[k] = val + } + } + return newObj +} + +func replaceListSecrets(obj []interface{}, secretValues map[string]string) []interface{} { + newObj := make([]interface{}, len(obj)) + for i, v := range obj { + switch val := v.(type) { + case map[string]interface{}: + newObj[i] = ReplaceMapSecrets(val, secretValues) + case []interface{}: + newObj[i] = replaceListSecrets(val, secretValues) + case string: + newObj[i] = replaceStringSecret(val, secretValues) + default: + newObj[i] = val + } + } + return newObj +} + +// replaceStringSecret checks if given string is a secret key reference ( starts with $ ) and returns corresponding value from provided map +func replaceStringSecret(val string, secretValues map[string]string) string { if val == "" || !strings.HasPrefix(val, "$") { return val } diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go index 5326dca25c2ff..d4adf580434da 100644 --- a/util/settings/settings_test.go +++ b/util/settings/settings_test.go @@ -1139,7 +1139,7 @@ func TestDownloadArgoCDBinaryUrls(t *testing.T) { func TestSecretKeyRef(t *testing.T) { data := map[string]string{ "oidc.config": `name: Okta -issuer: https://dev-123456.oktapreview.com +issuer: $acme:issuerSecret clientID: aaaabbbbccccddddeee clientSecret: $acme:clientSecret # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] @@ -1176,6 +1176,7 @@ requestedIDTokenClaims: {"groups": {"essential": true}}`, }, }, Data: map[string][]byte{ + "issuerSecret": []byte("https://dev-123456.oktapreview.com"), "clientSecret": []byte("deadbeef"), }, } @@ -1186,6 +1187,7 @@ requestedIDTokenClaims: {"groups": {"essential": true}}`, assert.NoError(t, err) oidcConfig := settings.OIDCConfig() + assert.Equal(t, oidcConfig.Issuer, "https://dev-123456.oktapreview.com") assert.Equal(t, oidcConfig.ClientSecret, "deadbeef") } From 3b369eaf466904c1992673323dbce0a853d130a2 Mon Sep 17 00:00:00 2001 From: Fish-pro Date: Sun, 28 May 2023 08:57:16 +0800 Subject: [PATCH 027/252] chore: Clean up repeated package import (#13685) Signed-off-by: Zechun Chen Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- cmd/argocd/commands/app.go | 13 ++++++------- cmd/argocd/commands/initialize/cmd.go | 3 +-- cmd/argocd/commands/project.go | 3 +-- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index 39758dbc76337..79c89cdc2d57d 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -39,7 +39,6 @@ import ( clusterpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster" projectpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/project" "github.com/argoproj/argo-cd/v2/pkg/apiclient/settings" - settingspkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/settings" argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" repoapiclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/reposerver/repository" @@ -547,7 +546,7 @@ func appURLDefault(acdClient argocdclient.Client, appName string) string { func appURL(ctx context.Context, acdClient argocdclient.Client, appName string) string { conn, settingsIf := acdClient.NewSettingsClientOrDie() defer argoio.Close(conn) - argoSettings, err := settingsIf.Get(ctx, &settingspkg.SettingsQuery{}) + argoSettings, err := settingsIf.Get(ctx, &settings.SettingsQuery{}) errors.CheckError(err) if argoSettings.URL != "" { @@ -955,7 +954,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) conn, settingsIf := clientset.NewSettingsClientOrDie() defer argoio.Close(conn) - argoSettings, err := settingsIf.Get(ctx, &settingspkg.SettingsQuery{}) + argoSettings, err := settingsIf.Get(ctx, &settings.SettingsQuery{}) errors.CheckError(err) diffOption := &DifferenceOption{} if revision != "" { @@ -1020,7 +1019,7 @@ type DifferenceOption struct { } // findandPrintDiff ... Prints difference between application current state and state stored in git or locally, returns boolean as true if difference is found else returns false -func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settingspkg.Settings, appName string, diffOptions *DifferenceOption) bool { +func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, appName string, diffOptions *DifferenceOption) bool { var foundDiffs bool liveObjs, err := cmdutil.LiveObjects(resources.Items) errors.CheckError(err) @@ -1680,7 +1679,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) conn, settingsIf := acdClient.NewSettingsClientOrDie() - argoSettings, err := settingsIf.Get(ctx, &settingspkg.SettingsQuery{}) + argoSettings, err := settingsIf.Get(ctx, &settings.SettingsQuery{}) errors.CheckError(err) argoio.Close(conn) @@ -1756,7 +1755,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) conn, settingsIf := acdClient.NewSettingsClientOrDie() defer argoio.Close(conn) - argoSettings, err := settingsIf.Get(ctx, &settingspkg.SettingsQuery{}) + argoSettings, err := settingsIf.Get(ctx, &settings.SettingsQuery{}) errors.CheckError(err) foundDiffs := false fmt.Printf("====== Previewing differences between live and desired state of application %s ======\n", appQualifiedName) @@ -2366,7 +2365,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob settingsConn, settingsIf := clientset.NewSettingsClientOrDie() defer argoio.Close(settingsConn) - argoSettings, err := settingsIf.Get(context.Background(), &settingspkg.SettingsQuery{}) + argoSettings, err := settingsIf.Get(context.Background(), &settings.SettingsQuery{}) errors.CheckError(err) clusterConn, clusterIf := clientset.NewClusterClientOrDie() diff --git a/cmd/argocd/commands/initialize/cmd.go b/cmd/argocd/commands/initialize/cmd.go index 76a6470f07002..8f9da9f68783f 100644 --- a/cmd/argocd/commands/initialize/cmd.go +++ b/cmd/argocd/commands/initialize/cmd.go @@ -3,12 +3,11 @@ package initialize import ( "github.com/spf13/cobra" "github.com/spf13/pflag" - flag "github.com/spf13/pflag" "github.com/argoproj/argo-cd/v2/util/cli" ) -func RetrieveContextIfChanged(contextFlag *flag.Flag) string { +func RetrieveContextIfChanged(contextFlag *pflag.Flag) string { if contextFlag != nil && contextFlag.Changed { return contextFlag.Value.String() } diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 56f6363b06bf0..4f08665eb437b 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -14,7 +14,6 @@ import ( log "github.com/sirupsen/logrus" "github.com/spf13/cobra" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" @@ -454,7 +453,7 @@ func modifyResourcesList(list *[]metav1.GroupKind, add bool, listDesc string, gr } } fmt.Printf("Group '%s' and kind '%s' is added to %s resources\n", group, kind, listDesc) - *list = append(*list, v1.GroupKind{Group: group, Kind: kind}) + *list = append(*list, metav1.GroupKind{Group: group, Kind: kind}) return true } else { index := -1 From f40e7772c5cf686769e8607b4fbc8dae5fee0723 Mon Sep 17 00:00:00 2001 From: Michael Kotelnikov <36506417+michaelkotelnikov@users.noreply.github.com> Date: Sun, 28 May 2023 04:06:02 +0300 Subject: [PATCH 028/252] docs: Fixed titles in app deletion doc (#13469) Signed-off-by: michaelkot97 --- docs/user-guide/app_deletion.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/user-guide/app_deletion.md b/docs/user-guide/app_deletion.md index 9cdcf4b1c43eb..fdf16d17aa03a 100644 --- a/docs/user-guide/app_deletion.md +++ b/docs/user-guide/app_deletion.md @@ -22,7 +22,7 @@ or argocd app delete APPNAME ``` -# Deletion Using `kubectl` +## Deletion Using `kubectl` To perform a non-cascade delete, make sure the finalizer is unset and then delete the app: @@ -38,7 +38,7 @@ kubectl patch app APPNAME -p '{"metadata": {"finalizers": ["resources-finalizer kubectl delete app APPNAME ``` -# About The Deletion Finalizer +## About The Deletion Finalizer ```yaml metadata: From fe86d68c78fe1425adf90b8d389647cf64c11ca6 Mon Sep 17 00:00:00 2001 From: Brian Fox <878612+onematchfox@users.noreply.github.com> Date: Sun, 28 May 2023 03:09:30 +0200 Subject: [PATCH 029/252] fix: ensure repositories are correctly marked with `inherited` creds in CLI output (#13428) * tests: ensure `InheritedCreds` is propagated via repo API endpoints Signed-off-by: OneMatchFox <878612+onematchfox@users.noreply.github.com> * fix: ensure `InheritedCreds` is propagated via repo API endpoints Signed-off-by: OneMatchFox <878612+onematchfox@users.noreply.github.com> * tests: add e2e test for `argocd repo get` with inherited credentials Signed-off-by: OneMatchFox <878612+onematchfox@users.noreply.github.com> * fix(cli): prioritise value of `InheritedCreds` over `HasCredentials()` Since the API does not return sensitive information `HasCredentials()` will return false for all scenarios except when username/password is used as credentials. Given the current logic this means that the code will never even check `InheritedCreds` resulting in an output of `false` for `CREDS` column (in the case of inherited credentials). Note: There remains a bug in this code in that any repo that has explicit (sensitive) credentials (e.g. SSH private key) will still be displayed as `CREDS = false`. Signed-off-by: OneMatchFox <878612+onematchfox@users.noreply.github.com> --------- Signed-off-by: OneMatchFox <878612+onematchfox@users.noreply.github.com> --- cmd/argocd/commands/repo.go | 12 +++----- server/repository/repository.go | 2 ++ server/repository/repository_test.go | 46 ++++++++++++++++++++++------ test/e2e/fixture/fixture.go | 7 +++++ test/e2e/repo_management_test.go | 34 ++++++++++++++++++++ 5 files changed, 85 insertions(+), 16 deletions(-) diff --git a/cmd/argocd/commands/repo.go b/cmd/argocd/commands/repo.go index df5ab1655ed5e..09f51ae4d5aeb 100644 --- a/cmd/argocd/commands/repo.go +++ b/cmd/argocd/commands/repo.go @@ -3,6 +3,7 @@ package commands import ( "fmt" "os" + "strconv" "text/tabwriter" log "github.com/sirupsen/logrus" @@ -250,15 +251,12 @@ func printRepoTable(repos appsv1.Repositories) { _, _ = fmt.Fprintf(w, "TYPE\tNAME\tREPO\tINSECURE\tOCI\tLFS\tCREDS\tSTATUS\tMESSAGE\tPROJECT\n") for _, r := range repos { var hasCreds string - if !r.HasCredentials() { - hasCreds = "false" + if r.InheritedCreds { + hasCreds = "inherited" } else { - if r.InheritedCreds { - hasCreds = "inherited" - } else { - hasCreds = "true" - } + hasCreds = strconv.FormatBool(r.HasCredentials()) } + _, _ = fmt.Fprintf(w, "%s\t%s\t%s\t%v\t%v\t%v\t%s\t%s\t%s\t%s\n", r.Type, r.Name, r.Repo, r.IsInsecure(), r.EnableOCI, r.EnableLFS, hasCreds, r.ConnectionState.Status, r.ConnectionState.Message, r.Project) } _ = w.Flush() diff --git a/server/repository/repository.go b/server/repository/repository.go index 7c87db6f5d47f..fa6a8e93c5277 100644 --- a/server/repository/repository.go +++ b/server/repository/repository.go @@ -163,6 +163,7 @@ func (s *Server) Get(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.R GitHubAppEnterpriseBaseURL: repo.GitHubAppEnterpriseBaseURL, Proxy: repo.Proxy, Project: repo.Project, + InheritedCreds: repo.InheritedCreds, } item.ConnectionState = s.getConnectionState(ctx, item.Repo, q.ForceRefresh) @@ -196,6 +197,7 @@ func (s *Server) ListRepositories(ctx context.Context, q *repositorypkg.RepoQuer Proxy: repo.Proxy, Project: repo.Project, ForceHttpBasicAuth: repo.ForceHttpBasicAuth, + InheritedCreds: repo.InheritedCreds, }) } } diff --git a/server/repository/repository_test.go b/server/repository/repository_test.go index 939096dc0f3c8..11667319e57a0 100644 --- a/server/repository/repository_test.go +++ b/server/repository/repository_test.go @@ -90,15 +90,16 @@ var ( }, } fakeRepo = appsv1.Repository{ - Repo: "https://test", - Type: "test", - Name: "test", - Username: "argo", - Insecure: false, - EnableLFS: false, - EnableOCI: false, - Proxy: "test", - Project: "argocd", + Repo: "https://test", + Type: "test", + Name: "test", + Username: "argo", + Insecure: false, + EnableLFS: false, + EnableOCI: false, + Proxy: "test", + Project: "argocd", + InheritedCreds: true, } guestbookApp = &appsv1.Application{ TypeMeta: metav1.TypeMeta{ @@ -208,6 +209,33 @@ func TestRepositoryServer(t *testing.T) { assert.Equal(t, repo.Repo, url) }) + t.Run("Test_GetInherited", func(t *testing.T) { + repoServerClient := mocks.RepoServerServiceClient{} + repoServerClient.On("TestRepository", mock.Anything, mock.Anything).Return(&apiclient.TestRepositoryResponse{}, nil) + repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} + + url := "https://test" + db := &dbmocks.ArgoDB{} + testRepo := &appsv1.Repository{ + Repo: url, + Type: "git", + Username: "foo", + InheritedCreds: true, + } + db.On("GetRepository", context.TODO(), url).Return(testRepo, nil) + db.On("RepositoryExists", context.TODO(), url).Return(true, nil) + + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + repo, err := s.Get(context.TODO(), &repository.RepoQuery{ + Repo: url, + }) + assert.Nil(t, err) + + testRepo.ConnectionState = repo.ConnectionState // overwrite connection state on our test object to simplify comparison below + + assert.Equal(t, testRepo, repo) + }) + t.Run("Test_GetWithErrorShouldReturn403", func(t *testing.T) { repoServerClient := mocks.RepoServerServiceClient{} repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go index c5048ccb7cd10..cd694c0593a63 100644 --- a/test/e2e/fixture/fixture.go +++ b/test/e2e/fixture/fixture.go @@ -92,6 +92,7 @@ type ACL struct { const ( RepoURLTypeFile = "file" RepoURLTypeHTTPS = "https" + RepoURLTypeHTTPSOrg = "https-org" RepoURLTypeHTTPSClientCert = "https-cc" RepoURLTypeHTTPSSubmodule = "https-sub" RepoURLTypeHTTPSSubmoduleParent = "https-par" @@ -103,6 +104,8 @@ const ( RepoURLTypeHelmOCI = "helm-oci" GitUsername = "admin" GitPassword = "password" + GithubAppID = "2978632978" + GithubAppInstallationID = "7893789433789" GpgGoodKeyID = "D56C4FCA57A46444" HelmOCIRegistryURL = "localhost:5000/myrepo" ) @@ -251,6 +254,7 @@ const ( EnvRepoURLTypeSSHSubmodule = "ARGOCD_E2E_REPO_SSH_SUBMODULE" EnvRepoURLTypeSSHSubmoduleParent = "ARGOCD_E2E_REPO_SSH_SUBMODULE_PARENT" EnvRepoURLTypeHTTPS = "ARGOCD_E2E_REPO_HTTPS" + EnvRepoURLTypeHTTPSOrg = "ARGOCD_E2E_REPO_HTTPS_ORG" EnvRepoURLTypeHTTPSClientCert = "ARGOCD_E2E_REPO_HTTPS_CLIENT_CERT" EnvRepoURLTypeHTTPSSubmodule = "ARGOCD_E2E_REPO_HTTPS_SUBMODULE" EnvRepoURLTypeHTTPSSubmoduleParent = "ARGOCD_E2E_REPO_HTTPS_SUBMODULE_PARENT" @@ -272,6 +276,9 @@ func RepoURL(urlType RepoURLType) string { // Git server via HTTPS case RepoURLTypeHTTPS: return GetEnvWithDefault(EnvRepoURLTypeHTTPS, "https://localhost:9443/argo-e2e/testdata.git") + // Git "organisation" via HTTPS + case RepoURLTypeHTTPSOrg: + return GetEnvWithDefault(EnvRepoURLTypeHTTPSOrg, "https://localhost:9443/argo-e2e") // Git server via HTTPS - Client Cert protected case RepoURLTypeHTTPSClientCert: return GetEnvWithDefault(EnvRepoURLTypeHTTPSClientCert, "https://localhost:9444/argo-e2e/testdata.git") diff --git a/test/e2e/repo_management_test.go b/test/e2e/repo_management_test.go index 30b304c8b7b2e..70b14d5682299 100644 --- a/test/e2e/repo_management_test.go +++ b/test/e2e/repo_management_test.go @@ -7,9 +7,11 @@ import ( "github.com/stretchr/testify/assert" repositorypkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/repository" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/repos" + . "github.com/argoproj/argo-cd/v2/util/errors" argoio "github.com/argoproj/argo-cd/v2/util/io" "github.com/argoproj/argo-cd/v2/util/settings" ) @@ -52,6 +54,38 @@ func TestAddRemovePublicRepo(t *testing.T) { }) } +func TestGetRepoWithInheritedCreds(t *testing.T) { + app.Given(t).And(func() { + // create repo credentials + FailOnErr(fixture.RunCli("repocreds", "add", fixture.RepoURL(fixture.RepoURLTypeHTTPSOrg), "--github-app-id", fixture.GithubAppID, "--github-app-installation-id", fixture.GithubAppInstallationID, "--github-app-private-key-path", repos.CertKeyPath)) + + repoUrl := fixture.RepoURL(fixture.RepoURLTypeHTTPS) + + // Hack: First we need to create repo with valid credentials + FailOnErr(fixture.RunCli("repo", "add", repoUrl, "--username", fixture.GitUsername, "--password", fixture.GitPassword, "--insecure-skip-server-verification")) + + // Then, we remove username/password so that the repo inherits the credentials from our repocreds + conn, repoClient, err := fixture.ArgoCDClientset.NewRepoClient() + assert.NoError(t, err) + defer argoio.Close(conn) + + _, err = repoClient.UpdateRepository(context.Background(), &repositorypkg.RepoUpdateRequest{ + Repo: &v1alpha1.Repository{ + Repo: repoUrl, + }, + }) + assert.NoError(t, err) + + // CLI output should indicate that repo has inherited credentials + out, err := fixture.RunCli("repo", "get", repoUrl) + assert.NoError(t, err) + assert.Contains(t, out, "inherited") + + _, err = fixture.RunCli("repo", "rm", repoUrl) + assert.NoError(t, err) + }) +} + func TestUpsertExistingRepo(t *testing.T) { app.Given(t).And(func() { fixture.SetRepos(settings.RepositoryCredentials{URL: fixture.RepoURL(fixture.RepoURLTypeFile)}) From 6bd178debc37e6d3302bec9189c7878b537d03bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 28 May 2023 01:11:19 +0000 Subject: [PATCH 030/252] chore(deps): bump slsa-framework/slsa-github-generator (#13656) Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index c568e08710b32..1700ddb216322 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -86,7 +86,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }} # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 with: image: ghcr.io/argoproj/argo-cd/argocd digest: ${{ needs.build-and-publish.outputs.image-digest }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 85aa873cb6b45..ce1087cb7a419 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -38,7 +38,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator if: github.repository == 'argoproj/argo-cd' - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 with: image: quay.io/argoproj/argocd digest: ${{ needs.argocd-image.outputs.image-digest }} @@ -120,7 +120,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" provenance-name: "argocd-cli.intoto.jsonl" From 79adf05a2c475f6179c3f8241f330c39bb22ee8f Mon Sep 17 00:00:00 2001 From: Murat Akdeniz Date: Sun, 28 May 2023 03:12:20 +0200 Subject: [PATCH 031/252] docs: Custom Style Class name update (#13392) Signed-off-by: Murat Akdeniz --- docs/operator-manual/custom-styles.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/custom-styles.md b/docs/operator-manual/custom-styles.md index 21fa79efeeb2f..8f2499a2d636a 100644 --- a/docs/operator-manual/custom-styles.md +++ b/docs/operator-manual/custom-styles.md @@ -56,7 +56,7 @@ metadata: name: argocd-styles-cm data: my-styles.css: | - .nav-bar { + .sidebar { background: linear-gradient(to bottom, #999, #777, #333, #222, #111); } ``` From d01d67b2fcd9de3b2db61e9b316517d7b524889e Mon Sep 17 00:00:00 2001 From: Thomas Decaux Date: Sat, 27 May 2023 21:14:01 -0400 Subject: [PATCH 032/252] fix: health-checks for Elasticsearch (#13322) * fix: health-checks for Elasticsearch Signed-off-by: Thomas Decaux Signed-off-by: ebuildy * fix tests Signed-off-by: ebuildy --------- Signed-off-by: Thomas Decaux Signed-off-by: ebuildy --- .../elasticsearch.k8s.elastic.co/Elasticsearch/health.lua | 2 +- .../elasticsearch.k8s.elastic.co/Elasticsearch/health_test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health.lua b/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health.lua index 3bac570b0c4d7..2670862b41602 100644 --- a/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health.lua +++ b/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health.lua @@ -17,7 +17,7 @@ if obj.status ~= nil then hs.message = "Elasticsearch Cluster status is Green" return hs elseif obj.status.health == "yellow" then - hs.status = "Degraded" + hs.status = "Progressing" hs.message = "Elasticsearch Cluster status is Yellow. Check the status of indices, replicas and shards" return hs elseif obj.status.health == "red" then diff --git a/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health_test.yaml b/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health_test.yaml index 0a0ef51d16f6c..015bc145d8ff8 100644 --- a/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health_test.yaml +++ b/resource_customizations/elasticsearch.k8s.elastic.co/Elasticsearch/health_test.yaml @@ -4,7 +4,7 @@ tests: message: "Elasticsearch Cluster status is Green" inputPath: testdata/ready_green.yaml - healthStatus: - status: Degraded + status: Progressing message: "Elasticsearch Cluster status is Yellow. Check the status of indices, replicas and shards" inputPath: testdata/ready_yellow.yaml - healthStatus: From 96567956d002f63e956fa9f5988628b782e7a91d Mon Sep 17 00:00:00 2001 From: Calchan Date: Sat, 27 May 2023 19:15:03 -0600 Subject: [PATCH 033/252] fix: add optional safer Git file generator globbing (#13313) (#13314) Signed-off-by: Denis Dupeyron Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- applicationset/services/repo_service.go | 27 +- applicationset/services/repo_service_test.go | 2 +- .../commands/applicationset_controller.go | 4 +- .../Generators-Git-File-Globbing.md | 85 +++++ .../applicationset/Generators-Git.md | 2 + go.mod | 1 + go.sum | 2 + ...-applicationset-controller-deployment.yaml | 8 +- manifests/core-install.yaml | 6 + manifests/ha/install.yaml | 6 + manifests/ha/namespace-install.yaml | 6 + manifests/install.yaml | 6 + manifests/namespace-install.yaml | 6 + mkdocs.yml | 1 + reposerver/apiclient/repository.pb.go | 321 ++++++++++-------- reposerver/repository/repository.go | 3 +- reposerver/repository/repository.proto | 1 + reposerver/repository/repository_test.go | 2 +- util/git/client.go | 47 ++- util/git/git_test.go | 51 +++ util/git/mocks/Client.go | 4 +- 21 files changed, 425 insertions(+), 166 deletions(-) create mode 100644 docs/operator-manual/applicationset/Generators-Git-File-Globbing.md diff --git a/applicationset/services/repo_service.go b/applicationset/services/repo_service.go index cff5f7846f7bd..6697756a54af1 100644 --- a/applicationset/services/repo_service.go +++ b/applicationset/services/repo_service.go @@ -18,10 +18,11 @@ type RepositoryDB interface { } type argoCDService struct { - repositoriesDB RepositoryDB - storecreds git.CredsStore - submoduleEnabled bool - repoServerClientSet apiclient.Clientset + repositoriesDB RepositoryDB + storecreds git.CredsStore + submoduleEnabled bool + repoServerClientSet apiclient.Clientset + newFileGlobbingEnabled bool } type Repos interface { @@ -33,11 +34,12 @@ type Repos interface { GetDirectories(ctx context.Context, repoURL string, revision string) ([]string, error) } -func NewArgoCDService(db db.ArgoDB, submoduleEnabled bool, repoClientset apiclient.Clientset) (Repos, error) { +func NewArgoCDService(db db.ArgoDB, submoduleEnabled bool, repoClientset apiclient.Clientset, newFileGlobbingEnabled bool) (Repos, error) { return &argoCDService{ - repositoriesDB: db.(RepositoryDB), - submoduleEnabled: submoduleEnabled, - repoServerClientSet: repoClientset, + repositoriesDB: db.(RepositoryDB), + submoduleEnabled: submoduleEnabled, + repoServerClientSet: repoClientset, + newFileGlobbingEnabled: newFileGlobbingEnabled, }, nil } @@ -48,10 +50,11 @@ func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision s } fileRequest := &apiclient.GitFilesRequest{ - Repo: repo, - SubmoduleEnabled: a.submoduleEnabled, - Revision: revision, - Path: pattern, + Repo: repo, + SubmoduleEnabled: a.submoduleEnabled, + Revision: revision, + Path: pattern, + NewGitFileGlobbingEnabled: a.newFileGlobbingEnabled, } closer, client, err := a.repoServerClientSet.NewRepoServerClient() if err != nil { diff --git a/applicationset/services/repo_service_test.go b/applicationset/services/repo_service_test.go index 7df653a6e04ea..62f8c11c172d0 100644 --- a/applicationset/services/repo_service_test.go +++ b/applicationset/services/repo_service_test.go @@ -185,7 +185,7 @@ func TestGetFiles(t *testing.T) { } func TestNewArgoCDService(t *testing.T) { - service, err := NewArgoCDService(&db_mocks.ArgoDB{}, false, &repo_mocks.Clientset{}) + service, err := NewArgoCDService(&db_mocks.ArgoDB{}, false, &repo_mocks.Clientset{}, false) assert.NoError(t, err, err) assert.NotNil(t, service) } diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go index 741e9b4349cdd..eae22d7907014 100644 --- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go +++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go @@ -58,6 +58,7 @@ func NewCommand() *cobra.Command { debugLog bool dryRun bool enableProgressiveSyncs bool + enableNewGitFileGlobbing bool repoServerPlaintext bool repoServerStrictTLS bool repoServerTimeoutSeconds int @@ -141,7 +142,7 @@ func NewCommand() *cobra.Command { } repoClientset := apiclient.NewRepoServerClientset(argocdRepoServer, repoServerTimeoutSeconds, tlsConfig) - argoCDService, err := services.NewArgoCDService(argoCDDB, getSubmoduleEnabled(), repoClientset) + argoCDService, err := services.NewArgoCDService(argoCDDB, getSubmoduleEnabled(), repoClientset, enableNewGitFileGlobbing) errors.CheckError(err) terminalGenerators := map[string]generators.Generator{ @@ -224,6 +225,7 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") command.Flags().BoolVar(&dryRun, "dry-run", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN", false), "Enable dry run mode") command.Flags().BoolVar(&enableProgressiveSyncs, "enable-progressive-syncs", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS", false), "Enable use of the experimental progressive syncs feature.") + command.Flags().BoolVar(&enableNewGitFileGlobbing, "enable-new-git-file-globbing", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING", false), "Enable new globbing in Git files generator.") command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT", false), "Disable TLS on connections to repo server") command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS", false), "Whether to use strict validation of the TLS cert presented by the repo server") command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS", 60, 0, math.MaxInt64), "Repo server RPC call timeout seconds.") diff --git a/docs/operator-manual/applicationset/Generators-Git-File-Globbing.md b/docs/operator-manual/applicationset/Generators-Git-File-Globbing.md new file mode 100644 index 0000000000000..4f8967b5937fa --- /dev/null +++ b/docs/operator-manual/applicationset/Generators-Git-File-Globbing.md @@ -0,0 +1,85 @@ +# Git File Generator Globbing + +## Problem Statement + +The original and default implementation of the Git file generator does very greedy globbing. This can trigger errors or catch users off-guard. For example, consider the following repository layout: + +``` +└── cluster-charts/ + ├── cluster1 + │ ├── mychart/ + │ │  ├── charts/ + │ │   │   └── mysubchart/ + │ │ │ ├── values.yaml + │ │   │   └── etc… + │ │   ├── values.yaml + │ │ └── etc… + │ └── myotherchart/ + │ ├── values.yaml + │ └── etc… + └── cluster2 + └── etc… +``` + +In `cluster1` we have two charts, one of them with a subchart. + +Assuming we need the ApplicationSet to template values in the `values.yaml`, then we need to use a Git file generator instead of a directory generator. The value of the `path` key of the Git file generator should be set to: + +``` +path: cluster-charts/*/*/values.yaml +``` + +However, the default implementation will interpret the above pattern as: + +``` +path: cluster-charts/**/values.yaml +``` + +Meaning, for `mychart` in `cluster1`, that it will pick up both the chart's `values.yaml` but also the one from its subchart. This will most likely fail, and even if it didn't it would be wrong. + +There are multiple other ways this undesirable globbing can fail. For example: + +``` +path: some-path/*.yaml +``` + +This will return all YAML files in any directory at any level under `some-path`, instead of only those directly under it. + +## Enabling the New Globbing + +Since some users may rely on the old behavior it was decided to make the fix optional and not enabled by default. + +It can be enabled in any of these ways: + +1. Pass `--enable-new-git-file-globbing` to the ApplicationSet controller args. +1. Set `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING=true` in the ApplicationSet controller environment variables. +1. Set `applicationsetcontroller.enable.new.git.file.globbing: true` in the Argo CD ConfigMap. + +Note that the default may change in the future. + +## Usage + +The new Git file generator globbing uses the `doublestar` package. You can find it [here](https://github.com/bmatcuk/doublestar). + +Below is a short excerpt from its documentation. + +doublestar patterns match files and directories recursively. For example, if +you had the following directory structure: + +```bash +grandparent +`-- parent + |-- child1 + `-- child2 +``` + +You could find the children with patterns such as: `**/child*`, +`grandparent/**/child?`, `**/parent/*`, or even just `**` by itself (which will +return all files and directories recursively). + +Bash's globstar is doublestar's inspiration and, as such, works similarly. +Note that the doublestar must appear as a path component by itself. A pattern +such as `/path**` is invalid and will be treated the same as `/path*`, but +`/path*/**` should achieve the desired result. Additionally, `/path/**` will +match all directories and files under the path directory, but `/path/**/` will +only match directories. diff --git a/docs/operator-manual/applicationset/Generators-Git.md b/docs/operator-manual/applicationset/Generators-Git.md index bed3f89e910b3..4c470a78f47a7 100644 --- a/docs/operator-manual/applicationset/Generators-Git.md +++ b/docs/operator-manual/applicationset/Generators-Git.md @@ -288,6 +288,8 @@ The filename can always be accessed using `{{path.filename}}`. **Note**: If the `pathParamPrefix` option is specified, all `path`-related parameter names above will be prefixed with the specified value and a dot separator. E.g., if `pathParamPrefix` is `myRepo`, then the generated parameter name would be `myRepo.path` instead of `path`. Using this option is necessary in a Matrix generator where both child generators are Git generators (to avoid conflicts when merging the child generators’ items). +**Note**: The default behavior of the Git file generator is very greedy. Please see [Git File Generator Globbing](./Generators-Git-File-Globbing.md) for more information. + ## Webhook Configuration When using a Git generator, ApplicationSet polls Git repositories every three minutes to detect changes. To eliminate diff --git a/go.mod b/go.mod index 91e1e6913120e..883abc396258c 100644 --- a/go.mod +++ b/go.mod @@ -14,6 +14,7 @@ require ( github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d github.com/aws/aws-sdk-go v1.44.164 + github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 github.com/casbin/casbin/v2 v2.60.0 diff --git a/go.sum b/go.sum index 5409ccf441dc1..0cb42a177aeb5 100644 --- a/go.sum +++ b/go.sum @@ -168,6 +168,8 @@ github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJm github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/bmatcuk/doublestar/v4 v4.6.0 h1:HTuxyug8GyFbRkrffIpzNCSK4luc0TY3wzXvzIZhEXc= +github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml index 7cf04df9790fd..02b2951a91d88 100644 --- a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml +++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml @@ -91,6 +91,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -162,4 +168,4 @@ spec: - key: tls.key path: tls.key - key: ca.crt - path: ca.crt \ No newline at end of file + path: ca.crt diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 7d232dfe0b730..5c57cdedc68f8 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -16723,6 +16723,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 1a7cacb097d67..3cf32a4f77be0 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -17944,6 +17944,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index d8f4612b36e2c..7513c1cd71c6a 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1587,6 +1587,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: diff --git a/manifests/install.yaml b/manifests/install.yaml index e4f6abbe573a1..c9b1641bc2c46 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -17061,6 +17061,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 935fdf5f21adb..85fd7bed72f71 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -704,6 +704,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: diff --git a/mkdocs.yml b/mkdocs.yml index 8738987a9a3c9..0fd384bc697b9 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -107,6 +107,7 @@ nav: - Controlling Resource Modification: operator-manual/applicationset/Controlling-Resource-Modification.md - Application Pruning & Resource Deletion: operator-manual/applicationset/Application-Deletion.md - Progressive Syncs: operator-manual/applicationset/Progressive-Syncs.md + - Git File Generator Globbing: operator-manual/applicationset/Generators-Git-File-Globbing.md - Server Configuration Parameters: - operator-manual/server-commands/argocd-server.md - operator-manual/server-commands/argocd-application-controller.md diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 784c0ecc52d34..68967f0b9eac3 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -1904,13 +1904,14 @@ func (m *HelmChartsResponse) GetItems() []*HelmChart { } type GitFilesRequest struct { - Repo *v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"` - SubmoduleEnabled bool `protobuf:"varint,2,opt,name=submoduleEnabled,proto3" json:"submoduleEnabled,omitempty"` - Revision string `protobuf:"bytes,3,opt,name=revision,proto3" json:"revision,omitempty"` - Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Repo *v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"` + SubmoduleEnabled bool `protobuf:"varint,2,opt,name=submoduleEnabled,proto3" json:"submoduleEnabled,omitempty"` + Revision string `protobuf:"bytes,3,opt,name=revision,proto3" json:"revision,omitempty"` + Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` + NewGitFileGlobbingEnabled bool `protobuf:"varint,5,opt,name=NewGitFileGlobbingEnabled,proto3" json:"NewGitFileGlobbingEnabled,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *GitFilesRequest) Reset() { *m = GitFilesRequest{} } @@ -1974,6 +1975,13 @@ func (m *GitFilesRequest) GetPath() string { return "" } +func (m *GitFilesRequest) GetNewGitFileGlobbingEnabled() bool { + if m != nil { + return m.NewGitFileGlobbingEnabled + } + return false +} + type GitFilesResponse struct { // Map consisting of path of the path to its contents in bytes Map map[string][]byte `protobuf:"bytes,1,rep,name=map,proto3" json:"map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` @@ -2180,138 +2188,140 @@ func init() { } var fileDescriptor_dd8723cfcc820480 = []byte{ - // 2092 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0x5b, 0x6f, 0x1c, 0x49, - 0x15, 0x9e, 0x9e, 0xf1, 0x65, 0xe6, 0xd8, 0xb1, 0xc7, 0x15, 0x5f, 0x3a, 0xb3, 0x59, 0xcb, 0xdb, - 0x90, 0xc8, 0x24, 0xbb, 0x33, 0xb2, 0xa3, 0xdd, 0xa0, 0x2c, 0x2c, 0xf2, 0x7a, 0x13, 0x3b, 0x9b, - 0x38, 0x31, 0x9d, 0x00, 0x5a, 0x08, 0xa0, 0x72, 0x4f, 0xcd, 0x4c, 0xed, 0xf4, 0x74, 0x57, 0xba, - 0xab, 0x8d, 0x1c, 0x89, 0x07, 0x04, 0xe2, 0x27, 0xf0, 0xc0, 0xff, 0x40, 0x3c, 0x21, 0x9e, 0xb8, - 0x48, 0xbc, 0xac, 0xf8, 0x03, 0xa0, 0x3c, 0xf2, 0x2b, 0x50, 0x5d, 0xfa, 0x3a, 0x6d, 0x27, 0xcb, - 0x38, 0x5e, 0xb1, 0x2f, 0x49, 0xd7, 0xa9, 0x53, 0xe7, 0x9c, 0x3a, 0x75, 0x2e, 0x5f, 0xd5, 0x18, - 0xae, 0x07, 0x84, 0xf9, 0x21, 0x09, 0x8e, 0x49, 0xd0, 0x91, 0x9f, 0x94, 0xfb, 0xc1, 0x49, 0xe6, - 0xb3, 0xcd, 0x02, 0x9f, 0xfb, 0x08, 0x52, 0x4a, 0xeb, 0x61, 0x9f, 0xf2, 0x41, 0x74, 0xd4, 0x76, - 0xfc, 0x51, 0x07, 0x07, 0x7d, 0x9f, 0x05, 0xfe, 0xe7, 0xf2, 0xe3, 0x3d, 0xa7, 0xdb, 0x39, 0xde, - 0xee, 0xb0, 0x61, 0xbf, 0x83, 0x19, 0x0d, 0x3b, 0x98, 0x31, 0x97, 0x3a, 0x98, 0x53, 0xdf, 0xeb, - 0x1c, 0x6f, 0x61, 0x97, 0x0d, 0xf0, 0x56, 0xa7, 0x4f, 0x3c, 0x12, 0x60, 0x4e, 0xba, 0x4a, 0x72, - 0xeb, 0xad, 0xbe, 0xef, 0xf7, 0x5d, 0xd2, 0x91, 0xa3, 0xa3, 0xa8, 0xd7, 0x21, 0x23, 0xc6, 0xb5, - 0x5a, 0xeb, 0x3f, 0xf3, 0xb0, 0x78, 0x80, 0x3d, 0xda, 0x23, 0x21, 0xb7, 0xc9, 0xf3, 0x88, 0x84, - 0x1c, 0x3d, 0x83, 0x29, 0x61, 0x8c, 0x69, 0x6c, 0x18, 0x9b, 0x73, 0xdb, 0xfb, 0xed, 0xd4, 0x9a, - 0x76, 0x6c, 0x8d, 0xfc, 0xf8, 0xb9, 0xd3, 0x6d, 0x1f, 0x6f, 0xb7, 0xd9, 0xb0, 0xdf, 0x16, 0xd6, - 0xb4, 0x33, 0xd6, 0xb4, 0x63, 0x6b, 0xda, 0x76, 0xb2, 0x2d, 0x5b, 0x4a, 0x45, 0x2d, 0xa8, 0x07, - 0xe4, 0x98, 0x86, 0xd4, 0xf7, 0xcc, 0xea, 0x86, 0xb1, 0xd9, 0xb0, 0x93, 0x31, 0x32, 0x61, 0xd6, - 0xf3, 0x77, 0xb1, 0x33, 0x20, 0x66, 0x6d, 0xc3, 0xd8, 0xac, 0xdb, 0xf1, 0x10, 0x6d, 0xc0, 0x1c, - 0x66, 0xec, 0x21, 0x3e, 0x22, 0xee, 0x03, 0x72, 0x62, 0x4e, 0xc9, 0x85, 0x59, 0x92, 0x58, 0x8b, - 0x19, 0x7b, 0x84, 0x47, 0xc4, 0x9c, 0x96, 0xb3, 0xf1, 0x10, 0x5d, 0x85, 0x86, 0x87, 0x47, 0x24, - 0x64, 0xd8, 0x21, 0x66, 0x5d, 0xce, 0xa5, 0x04, 0xf4, 0x4b, 0x58, 0xca, 0x18, 0xfe, 0xc4, 0x8f, - 0x02, 0x87, 0x98, 0x20, 0xb7, 0xfe, 0x78, 0xb2, 0xad, 0xef, 0x14, 0xc5, 0xda, 0xe3, 0x9a, 0xd0, - 0xcf, 0x60, 0x5a, 0x9e, 0xbc, 0x39, 0xb7, 0x51, 0x3b, 0x57, 0x6f, 0x2b, 0xb1, 0xc8, 0x83, 0x59, - 0xe6, 0x46, 0x7d, 0xea, 0x85, 0xe6, 0xbc, 0xd4, 0xf0, 0x74, 0x32, 0x0d, 0xbb, 0xbe, 0xd7, 0xa3, - 0xfd, 0x03, 0xec, 0xe1, 0x3e, 0x19, 0x11, 0x8f, 0x1f, 0x4a, 0xe1, 0x76, 0xac, 0x04, 0xbd, 0x80, - 0xe6, 0x30, 0x0a, 0xb9, 0x3f, 0xa2, 0x2f, 0xc8, 0x63, 0x26, 0xd6, 0x86, 0xe6, 0x25, 0xe9, 0xcd, - 0x47, 0x93, 0x29, 0x7e, 0x50, 0x90, 0x6a, 0x8f, 0xe9, 0x11, 0x41, 0x32, 0x8c, 0x8e, 0xc8, 0x0f, - 0x49, 0x20, 0xa3, 0x6b, 0x41, 0x05, 0x49, 0x86, 0xa4, 0xc2, 0x88, 0xea, 0x51, 0x68, 0x2e, 0x6e, - 0xd4, 0x54, 0x18, 0x25, 0x24, 0xb4, 0x09, 0x8b, 0xc7, 0x24, 0xa0, 0xbd, 0x93, 0x27, 0xb4, 0xef, - 0x61, 0x1e, 0x05, 0xc4, 0x6c, 0xca, 0x50, 0x2c, 0x92, 0xd1, 0x08, 0x2e, 0x0d, 0x88, 0x3b, 0x12, - 0x2e, 0xdf, 0x0d, 0x48, 0x37, 0x34, 0x97, 0xa4, 0x7f, 0xf7, 0x26, 0x3f, 0x41, 0x29, 0xce, 0xce, - 0x4b, 0x17, 0x86, 0x79, 0xbe, 0xad, 0x33, 0x45, 0xe5, 0x08, 0x52, 0x86, 0x15, 0xc8, 0xe8, 0x3a, - 0x2c, 0xf0, 0x00, 0x3b, 0x43, 0xea, 0xf5, 0x0f, 0x08, 0x1f, 0xf8, 0x5d, 0xf3, 0xb2, 0xf4, 0x44, - 0x81, 0x8a, 0x1c, 0x40, 0xc4, 0xc3, 0x47, 0x2e, 0xe9, 0xaa, 0x58, 0x7c, 0x7a, 0xc2, 0x48, 0x68, - 0x2e, 0xcb, 0x5d, 0xdc, 0x6a, 0x67, 0x2a, 0x54, 0xa1, 0x40, 0xb4, 0xef, 0x8e, 0xad, 0xba, 0xeb, - 0xf1, 0xe0, 0xc4, 0x2e, 0x11, 0x87, 0x86, 0x30, 0x27, 0xf6, 0x11, 0x87, 0xc2, 0x8a, 0x0c, 0x85, - 0xfb, 0x93, 0xf9, 0x68, 0x3f, 0x15, 0x68, 0x67, 0xa5, 0xa3, 0x36, 0xa0, 0x01, 0x0e, 0x0f, 0x22, - 0x97, 0x53, 0xe6, 0x12, 0x65, 0x46, 0x68, 0xae, 0x4a, 0x37, 0x95, 0xcc, 0xa0, 0x07, 0x00, 0x01, - 0xe9, 0xc5, 0x7c, 0x6b, 0x72, 0xe7, 0x37, 0xcf, 0xda, 0xb9, 0x9d, 0x70, 0xab, 0x1d, 0x67, 0x96, - 0x0b, 0xe5, 0x62, 0x1b, 0xc4, 0xe1, 0x3a, 0xdb, 0x65, 0x5a, 0x9b, 0x32, 0xc4, 0x4a, 0x66, 0x44, - 0x2c, 0x6a, 0xaa, 0x2c, 0x5a, 0x57, 0x54, 0xb4, 0x66, 0x48, 0xad, 0xbb, 0xb0, 0x76, 0x8a, 0xab, - 0x51, 0x13, 0x6a, 0x43, 0x72, 0x22, 0x4b, 0x74, 0xc3, 0x16, 0x9f, 0x68, 0x19, 0xa6, 0x8f, 0xb1, - 0x1b, 0x11, 0x59, 0x54, 0xeb, 0xb6, 0x1a, 0xdc, 0xa9, 0x7e, 0xdb, 0x68, 0xfd, 0xd6, 0x80, 0xc5, - 0x82, 0xe1, 0x25, 0xeb, 0x7f, 0x9a, 0x5d, 0x7f, 0x0e, 0x61, 0xdc, 0x7b, 0x8a, 0x83, 0x3e, 0xe1, - 0x19, 0x43, 0xac, 0x7f, 0x1a, 0x60, 0x16, 0x3c, 0xfa, 0x23, 0xca, 0x07, 0xf7, 0xa8, 0x4b, 0x42, - 0x74, 0x1b, 0x66, 0x03, 0x45, 0xd3, 0x8d, 0xe7, 0xad, 0x33, 0x0e, 0x62, 0xbf, 0x62, 0xc7, 0xdc, - 0xe8, 0x23, 0xa8, 0x8f, 0x08, 0xc7, 0x5d, 0xcc, 0xb1, 0xb6, 0x7d, 0xa3, 0x6c, 0xa5, 0xd0, 0x72, - 0xa0, 0xf9, 0xf6, 0x2b, 0x76, 0xb2, 0x06, 0xbd, 0x0f, 0xd3, 0xce, 0x20, 0xf2, 0x86, 0xb2, 0xe5, - 0xcc, 0x6d, 0xbf, 0x7d, 0xda, 0xe2, 0x5d, 0xc1, 0xb4, 0x5f, 0xb1, 0x15, 0xf7, 0xc7, 0x33, 0x30, - 0xc5, 0x70, 0xc0, 0xad, 0x7b, 0xb0, 0x5c, 0xa6, 0x42, 0xf4, 0x39, 0x67, 0x40, 0x9c, 0x61, 0x18, - 0x8d, 0xb4, 0x9b, 0x93, 0x31, 0x42, 0x30, 0x15, 0xd2, 0x17, 0xca, 0xd5, 0x35, 0x5b, 0x7e, 0x5b, - 0xdf, 0x82, 0xa5, 0x31, 0x6d, 0xe2, 0x50, 0x95, 0x6d, 0x42, 0xc2, 0xbc, 0x56, 0x6d, 0x45, 0xb0, - 0xf2, 0x54, 0xfa, 0x22, 0x29, 0xf6, 0x17, 0xd1, 0xb9, 0xad, 0x7d, 0x58, 0x2d, 0xaa, 0x0d, 0x99, - 0xef, 0x85, 0x44, 0x84, 0xbe, 0xac, 0x8e, 0x94, 0x74, 0xd3, 0x59, 0x69, 0x45, 0xdd, 0x2e, 0x99, - 0xb1, 0x7e, 0x55, 0x85, 0x55, 0x9b, 0x84, 0xbe, 0x7b, 0x4c, 0xe2, 0xd2, 0x75, 0x31, 0xe0, 0xe3, - 0x27, 0x50, 0xc3, 0x8c, 0xe9, 0x30, 0xb9, 0x7f, 0x6e, 0xed, 0xdd, 0x16, 0x52, 0xd1, 0xbb, 0xb0, - 0x84, 0x47, 0x47, 0xb4, 0x1f, 0xf9, 0x51, 0x18, 0x6f, 0x4b, 0x06, 0x55, 0xc3, 0x1e, 0x9f, 0xb0, - 0x1c, 0x58, 0x1b, 0x73, 0x81, 0x76, 0x67, 0x16, 0x22, 0x19, 0x05, 0x88, 0x54, 0xaa, 0xa4, 0x7a, - 0x9a, 0x92, 0xbf, 0x1a, 0xd0, 0x4c, 0x53, 0x47, 0x8b, 0xbf, 0x0a, 0x8d, 0x91, 0xa6, 0x85, 0xa6, - 0x21, 0xeb, 0x53, 0x4a, 0xc8, 0xa3, 0xa5, 0x6a, 0x11, 0x2d, 0xad, 0xc2, 0x8c, 0x02, 0xb3, 0x7a, - 0x63, 0x7a, 0x94, 0x33, 0x79, 0xaa, 0x60, 0xf2, 0x3a, 0x40, 0x98, 0xd4, 0x2f, 0x73, 0x46, 0xce, - 0x66, 0x28, 0xc8, 0x82, 0x79, 0xd5, 0x5b, 0x6d, 0x12, 0x46, 0x2e, 0x37, 0x67, 0x25, 0x47, 0x8e, - 0x66, 0xf9, 0xb0, 0xf8, 0x90, 0x8a, 0x3d, 0xf4, 0xc2, 0x8b, 0x09, 0xf6, 0x0f, 0x60, 0x4a, 0x28, - 0x13, 0x1b, 0x3b, 0x0a, 0xb0, 0xe7, 0x0c, 0x48, 0xec, 0xab, 0x64, 0x2c, 0xd2, 0x98, 0xe3, 0x7e, - 0x68, 0x56, 0x25, 0x5d, 0x7e, 0x5b, 0x7f, 0xac, 0x2a, 0x4b, 0x77, 0x18, 0x0b, 0xbf, 0x7a, 0x40, - 0x5d, 0xde, 0xe2, 0x6b, 0xe3, 0x2d, 0xbe, 0x60, 0xf2, 0x97, 0x69, 0xf1, 0xe7, 0xd4, 0xa6, 0xac, - 0x08, 0x66, 0x77, 0x18, 0x13, 0x86, 0xa0, 0x2d, 0x98, 0xc2, 0x8c, 0x29, 0x87, 0x17, 0x2a, 0xb2, - 0x66, 0x11, 0xff, 0x6b, 0x93, 0x24, 0x6b, 0xeb, 0x36, 0x34, 0x12, 0xd2, 0xab, 0xd4, 0x36, 0xb2, - 0x6a, 0x37, 0x00, 0x14, 0x86, 0xbd, 0xef, 0xf5, 0x7c, 0x71, 0xa4, 0x22, 0xd8, 0xf5, 0x52, 0xf9, - 0x6d, 0xdd, 0x89, 0x39, 0xa4, 0x6d, 0xef, 0xc2, 0x34, 0xe5, 0x64, 0x14, 0x1b, 0xb7, 0x9a, 0x35, - 0x2e, 0x15, 0x64, 0x2b, 0x26, 0xeb, 0x6f, 0x75, 0xb8, 0x22, 0x4e, 0xec, 0x89, 0x4c, 0x93, 0x1d, - 0xc6, 0x3e, 0x21, 0x1c, 0x53, 0x37, 0xfc, 0x7e, 0x44, 0x82, 0x93, 0x37, 0x1c, 0x18, 0x7d, 0x98, - 0x51, 0x59, 0xa6, 0xeb, 0xdd, 0xb9, 0x5f, 0x67, 0xb4, 0xf8, 0xf4, 0x0e, 0x53, 0x7b, 0x33, 0x77, - 0x98, 0xb2, 0x3b, 0xc5, 0xd4, 0x05, 0xdd, 0x29, 0x4e, 0xbf, 0x56, 0x66, 0x2e, 0xab, 0x33, 0xf9, - 0xcb, 0x6a, 0x09, 0x54, 0x9f, 0x7d, 0x5d, 0xa8, 0x5e, 0x2f, 0x85, 0xea, 0xa3, 0xd2, 0x3c, 0x6e, - 0x48, 0x77, 0x7f, 0x37, 0x1b, 0x81, 0xa7, 0xc6, 0xda, 0x24, 0xa0, 0x1d, 0xde, 0x28, 0x68, 0xff, - 0x41, 0x0e, 0x84, 0xab, 0x6b, 0xf0, 0xfb, 0xaf, 0xb7, 0xa7, 0x33, 0xe0, 0xf8, 0xd7, 0x0e, 0x3c, - 0xff, 0x46, 0x62, 0x26, 0xe6, 0xa7, 0x3e, 0x48, 0x1a, 0xba, 0xe8, 0x43, 0xa2, 0xb5, 0xea, 0xa2, - 0x25, 0xbe, 0xd1, 0x4d, 0x98, 0x12, 0x4e, 0xd6, 0xa0, 0x76, 0x2d, 0xeb, 0x4f, 0x71, 0x12, 0x3b, - 0x8c, 0x3d, 0x61, 0xc4, 0xb1, 0x25, 0x13, 0xba, 0x03, 0x8d, 0x24, 0xf0, 0x75, 0x66, 0x5d, 0xcd, - 0xae, 0x48, 0xf2, 0x24, 0x5e, 0x96, 0xb2, 0x8b, 0xb5, 0x5d, 0x1a, 0x10, 0x47, 0x42, 0xbe, 0xe9, - 0xf1, 0xb5, 0x9f, 0xc4, 0x93, 0xc9, 0xda, 0x84, 0x1d, 0x6d, 0xc1, 0x8c, 0x7a, 0x37, 0x90, 0x19, - 0x34, 0xb7, 0x7d, 0x65, 0xbc, 0x98, 0xc6, 0xab, 0x34, 0xa3, 0xf5, 0x17, 0x03, 0xde, 0x49, 0x03, - 0x22, 0xce, 0xa6, 0x18, 0x75, 0x7f, 0xf5, 0x1d, 0xf7, 0x3a, 0x2c, 0x48, 0x98, 0x9f, 0x3e, 0x1f, - 0xa8, 0x97, 0xac, 0x02, 0xd5, 0xfa, 0x83, 0x01, 0xd7, 0xc6, 0xf7, 0xb1, 0x3b, 0xc0, 0x01, 0x4f, - 0x8e, 0xf7, 0x22, 0xf6, 0x12, 0x37, 0xbc, 0x6a, 0xda, 0xf0, 0x72, 0xfb, 0xab, 0xe5, 0xf7, 0x67, - 0xfd, 0xb9, 0x0a, 0x73, 0x99, 0x00, 0x2a, 0x6b, 0x98, 0x02, 0xf0, 0xc9, 0xb8, 0x95, 0x17, 0x3b, - 0xd9, 0x14, 0x1a, 0x76, 0x86, 0x82, 0x86, 0x00, 0x0c, 0x07, 0x78, 0x44, 0x38, 0x09, 0x44, 0x25, - 0x17, 0x19, 0xff, 0x60, 0xf2, 0xea, 0x72, 0x18, 0xcb, 0xb4, 0x33, 0xe2, 0x05, 0x62, 0x95, 0xaa, - 0x43, 0x5d, 0xbf, 0xf5, 0x08, 0xfd, 0x02, 0x16, 0x7a, 0xd4, 0x25, 0x87, 0xa9, 0x21, 0x33, 0xd2, - 0x90, 0xc7, 0x93, 0x1b, 0x72, 0x2f, 0x2b, 0xd7, 0x2e, 0xa8, 0xb1, 0x6e, 0x40, 0xb3, 0x98, 0x4f, - 0xc2, 0x48, 0x3a, 0xc2, 0xfd, 0xc4, 0x5b, 0x7a, 0x64, 0x21, 0x68, 0x16, 0xf3, 0xc7, 0xfa, 0x57, - 0x15, 0x56, 0x12, 0x71, 0x3b, 0x9e, 0xe7, 0x47, 0x9e, 0x23, 0x9f, 0xe2, 0x4a, 0xcf, 0x62, 0x19, - 0xa6, 0x39, 0xe5, 0x6e, 0x02, 0x7c, 0xe4, 0x40, 0xf4, 0x2e, 0xee, 0xfb, 0x2e, 0xa7, 0x4c, 0x1f, - 0x70, 0x3c, 0x54, 0x67, 0xff, 0x3c, 0xa2, 0x01, 0xe9, 0xca, 0x4a, 0x50, 0xb7, 0x93, 0xb1, 0x98, - 0x13, 0xa8, 0x46, 0xc2, 0x78, 0xe5, 0xcc, 0x64, 0x2c, 0xe3, 0xde, 0x77, 0x5d, 0xe2, 0x08, 0x77, - 0x64, 0x80, 0x7e, 0x81, 0x2a, 0x2f, 0x10, 0x3c, 0xa0, 0x5e, 0x5f, 0xc3, 0x7c, 0x3d, 0x12, 0x76, - 0xe2, 0x20, 0xc0, 0x27, 0x66, 0x5d, 0x3a, 0x40, 0x0d, 0xd0, 0x77, 0xa0, 0x36, 0xc2, 0x4c, 0x37, - 0xba, 0x1b, 0xb9, 0xea, 0x50, 0xe6, 0x81, 0xf6, 0x01, 0x66, 0xaa, 0x13, 0x88, 0x65, 0xad, 0x0f, - 0xa0, 0x1e, 0x13, 0xbe, 0x14, 0x24, 0xfc, 0x1c, 0x2e, 0xe5, 0x8a, 0x0f, 0xfa, 0x0c, 0x56, 0xd3, - 0x88, 0xca, 0x2a, 0xd4, 0x20, 0xf0, 0x9d, 0x57, 0x5a, 0x66, 0x9f, 0x22, 0xc0, 0x7a, 0x0e, 0x4b, - 0x22, 0x64, 0x64, 0xe2, 0x5f, 0xd0, 0xd5, 0xe6, 0x43, 0x68, 0x24, 0x2a, 0x4b, 0x63, 0xa6, 0x05, - 0xf5, 0xe3, 0xf8, 0x89, 0x54, 0xdd, 0x6d, 0x92, 0xb1, 0xb5, 0x03, 0x28, 0x6b, 0xaf, 0xee, 0x40, - 0x37, 0xf3, 0xa0, 0x78, 0xa5, 0xd8, 0x6e, 0x24, 0x7b, 0x8c, 0x89, 0xff, 0x61, 0xc0, 0xe2, 0x1e, - 0x95, 0xaf, 0x1c, 0x17, 0x54, 0xe4, 0x6e, 0x40, 0x33, 0x8c, 0x8e, 0x46, 0x7e, 0x37, 0x72, 0x89, - 0x06, 0x05, 0xba, 0xd3, 0x8f, 0xd1, 0xcf, 0x2a, 0x7e, 0xc2, 0x59, 0x0c, 0xf3, 0x81, 0xbe, 0xe1, - 0xca, 0x6f, 0xeb, 0xd7, 0x06, 0x34, 0xd3, 0xdd, 0x68, 0x7f, 0xdc, 0x56, 0x71, 0xab, 0xbc, 0x71, - 0x2d, 0xeb, 0x8d, 0x22, 0xeb, 0xff, 0x1e, 0xb2, 0xf3, 0xd9, 0x90, 0xfd, 0x93, 0x01, 0x2b, 0x7b, - 0x94, 0xc7, 0xc5, 0x82, 0xfe, 0x9f, 0x79, 0xd6, 0x6a, 0xc3, 0x6a, 0xd1, 0x7c, 0xed, 0xca, 0x65, - 0x98, 0x16, 0x7e, 0x8e, 0x6f, 0xdf, 0x6a, 0xb0, 0xfd, 0x45, 0x03, 0x96, 0xd2, 0xf6, 0x29, 0xfe, - 0xa5, 0x0e, 0x41, 0x8f, 0xa1, 0xb9, 0xa7, 0x7f, 0xfd, 0x8a, 0x5f, 0x3d, 0xd0, 0x59, 0xcf, 0x88, - 0xad, 0xab, 0xe5, 0x93, 0x4a, 0xb5, 0x55, 0x41, 0x0e, 0x5c, 0x29, 0x0a, 0x4c, 0x5f, 0x2c, 0xbf, - 0x79, 0x86, 0xe4, 0x84, 0xeb, 0x55, 0x2a, 0x36, 0x0d, 0xf4, 0x19, 0x2c, 0xe4, 0xdf, 0xd5, 0x50, - 0xae, 0x9e, 0x94, 0x3e, 0xf5, 0xb5, 0xac, 0xb3, 0x58, 0x12, 0xfb, 0x9f, 0x09, 0xf0, 0x9a, 0x7b, - 0x64, 0x42, 0x56, 0x1e, 0x5a, 0x97, 0x3d, 0xc2, 0xb5, 0xbe, 0x71, 0x26, 0x4f, 0x22, 0xfd, 0x43, - 0xa8, 0xc7, 0x8f, 0x32, 0x79, 0x37, 0x17, 0x9e, 0x6a, 0x5a, 0xcd, 0xbc, 0xbc, 0x5e, 0x68, 0x55, - 0xd0, 0x47, 0x6a, 0xb1, 0xb8, 0xb4, 0x8f, 0x2f, 0xce, 0x3c, 0x45, 0xb4, 0x2e, 0x97, 0x5c, 0xff, - 0xad, 0x0a, 0xfa, 0x1e, 0xcc, 0x89, 0xaf, 0x43, 0xfd, 0xbb, 0xd3, 0x6a, 0x5b, 0xfd, 0xcc, 0xd9, - 0x8e, 0x7f, 0xe6, 0x6c, 0xdf, 0x1d, 0x31, 0x7e, 0xd2, 0x2a, 0xb9, 0x9f, 0x6b, 0x01, 0xcf, 0xe0, - 0xd2, 0x1e, 0xe1, 0x29, 0x9c, 0x46, 0xd7, 0x5e, 0xeb, 0xd2, 0xd1, 0xb2, 0x8a, 0x6c, 0xe3, 0x88, - 0xdc, 0xaa, 0xa0, 0xdf, 0x19, 0x70, 0x79, 0x8f, 0xf0, 0x22, 0x40, 0x45, 0xef, 0x95, 0x2b, 0x39, - 0x05, 0xc8, 0xb6, 0x1e, 0x4d, 0x9a, 0xaf, 0x79, 0xb1, 0x56, 0x05, 0xfd, 0xde, 0x80, 0xb5, 0x8c, - 0x61, 0x59, 0xc4, 0x89, 0xb6, 0xce, 0x36, 0xae, 0x04, 0x9d, 0xb6, 0x3e, 0x9d, 0xf0, 0xe7, 0xc4, - 0x8c, 0x48, 0xab, 0x82, 0x0e, 0xe5, 0x99, 0xa4, 0x0d, 0x06, 0xbd, 0x5d, 0xda, 0x49, 0x12, 0xed, - 0xeb, 0xa7, 0x4d, 0x27, 0xe7, 0xf0, 0x29, 0xcc, 0xed, 0x11, 0x1e, 0x57, 0xdd, 0x7c, 0xa4, 0x15, - 0x9a, 0x50, 0x3e, 0x55, 0x8b, 0x85, 0x5a, 0x46, 0xcc, 0x92, 0x92, 0x95, 0xa9, 0x53, 0xf9, 0x5c, - 0x2d, 0x2d, 0xc1, 0xf9, 0x88, 0x29, 0x2f, 0x73, 0x56, 0xe5, 0xe3, 0x9d, 0xbf, 0xbf, 0x5c, 0x37, - 0xbe, 0x78, 0xb9, 0x6e, 0xfc, 0xfb, 0xe5, 0xba, 0xf1, 0xe3, 0x5b, 0xaf, 0xf8, 0x1b, 0x80, 0xcc, - 0x9f, 0x15, 0x60, 0x46, 0x1d, 0x97, 0x12, 0x8f, 0x1f, 0xcd, 0xc8, 0xe0, 0xbf, 0xf5, 0xdf, 0x00, - 0x00, 0x00, 0xff, 0xff, 0x38, 0x69, 0xf2, 0xff, 0x75, 0x20, 0x00, 0x00, + // 2114 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0x5b, 0x6f, 0x1b, 0xc7, + 0x15, 0xe6, 0x92, 0xba, 0x90, 0x47, 0xb2, 0x44, 0x8d, 0x75, 0x59, 0x31, 0x8e, 0xa0, 0x6c, 0x6b, + 0x43, 0xb5, 0x13, 0x12, 0x92, 0x91, 0xb8, 0x70, 0xd2, 0x14, 0x8a, 0x62, 0x4b, 0x8e, 0x2d, 0x5b, + 0x5d, 0xbb, 0x2d, 0xd2, 0xba, 0x2d, 0x86, 0xcb, 0x21, 0xb9, 0xe1, 0x5e, 0xc6, 0xbb, 0xb3, 0x0a, + 0x64, 0xa0, 0x0f, 0x45, 0x8b, 0x02, 0xfd, 0x03, 0x7d, 0xe8, 0xff, 0x28, 0xfa, 0x54, 0xf4, 0xa9, + 0x97, 0xc7, 0xa0, 0x7f, 0xa0, 0x85, 0x1f, 0xfb, 0x2b, 0x8a, 0xb9, 0xec, 0x95, 0x2b, 0xd9, 0x29, + 0x65, 0x19, 0xcd, 0x8b, 0xbd, 0x73, 0xe6, 0xcc, 0x39, 0x67, 0xce, 0x9c, 0xcb, 0x37, 0x43, 0xc1, + 0xb5, 0x80, 0x50, 0x3f, 0x24, 0xc1, 0x31, 0x09, 0x3a, 0xe2, 0xd3, 0x66, 0x7e, 0x70, 0x92, 0xf9, + 0x6c, 0xd3, 0xc0, 0x67, 0x3e, 0x82, 0x94, 0xd2, 0x7a, 0x30, 0xb0, 0xd9, 0x30, 0xea, 0xb6, 0x2d, + 0xdf, 0xed, 0xe0, 0x60, 0xe0, 0xd3, 0xc0, 0xff, 0x42, 0x7c, 0xbc, 0x67, 0xf5, 0x3a, 0xc7, 0x3b, + 0x1d, 0x3a, 0x1a, 0x74, 0x30, 0xb5, 0xc3, 0x0e, 0xa6, 0xd4, 0xb1, 0x2d, 0xcc, 0x6c, 0xdf, 0xeb, + 0x1c, 0x6f, 0x63, 0x87, 0x0e, 0xf1, 0x76, 0x67, 0x40, 0x3c, 0x12, 0x60, 0x46, 0x7a, 0x52, 0x72, + 0xeb, 0xad, 0x81, 0xef, 0x0f, 0x1c, 0xd2, 0x11, 0xa3, 0x6e, 0xd4, 0xef, 0x10, 0x97, 0x32, 0xa5, + 0xd6, 0xf8, 0xcf, 0x3c, 0x2c, 0x1e, 0x62, 0xcf, 0xee, 0x93, 0x90, 0x99, 0xe4, 0x59, 0x44, 0x42, + 0x86, 0x9e, 0xc2, 0x14, 0x37, 0x46, 0xd7, 0x36, 0xb5, 0xad, 0xb9, 0x9d, 0x83, 0x76, 0x6a, 0x4d, + 0x3b, 0xb6, 0x46, 0x7c, 0xfc, 0xc2, 0xea, 0xb5, 0x8f, 0x77, 0xda, 0x74, 0x34, 0x68, 0x73, 0x6b, + 0xda, 0x19, 0x6b, 0xda, 0xb1, 0x35, 0x6d, 0x33, 0xd9, 0x96, 0x29, 0xa4, 0xa2, 0x16, 0xd4, 0x03, + 0x72, 0x6c, 0x87, 0xb6, 0xef, 0xe9, 0xd5, 0x4d, 0x6d, 0xab, 0x61, 0x26, 0x63, 0xa4, 0xc3, 0xac, + 0xe7, 0xef, 0x61, 0x6b, 0x48, 0xf4, 0xda, 0xa6, 0xb6, 0x55, 0x37, 0xe3, 0x21, 0xda, 0x84, 0x39, + 0x4c, 0xe9, 0x03, 0xdc, 0x25, 0xce, 0x7d, 0x72, 0xa2, 0x4f, 0x89, 0x85, 0x59, 0x12, 0x5f, 0x8b, + 0x29, 0x7d, 0x88, 0x5d, 0xa2, 0x4f, 0x8b, 0xd9, 0x78, 0x88, 0xae, 0x40, 0xc3, 0xc3, 0x2e, 0x09, + 0x29, 0xb6, 0x88, 0x5e, 0x17, 0x73, 0x29, 0x01, 0xfd, 0x12, 0x96, 0x32, 0x86, 0x3f, 0xf6, 0xa3, + 0xc0, 0x22, 0x3a, 0x88, 0xad, 0x3f, 0x9a, 0x6c, 0xeb, 0xbb, 0x45, 0xb1, 0xe6, 0xb8, 0x26, 0xf4, + 0x73, 0x98, 0x16, 0x27, 0xaf, 0xcf, 0x6d, 0xd6, 0xce, 0xd5, 0xdb, 0x52, 0x2c, 0xf2, 0x60, 0x96, + 0x3a, 0xd1, 0xc0, 0xf6, 0x42, 0x7d, 0x5e, 0x68, 0x78, 0x32, 0x99, 0x86, 0x3d, 0xdf, 0xeb, 0xdb, + 0x83, 0x43, 0xec, 0xe1, 0x01, 0x71, 0x89, 0xc7, 0x8e, 0x84, 0x70, 0x33, 0x56, 0x82, 0x9e, 0x43, + 0x73, 0x14, 0x85, 0xcc, 0x77, 0xed, 0xe7, 0xe4, 0x11, 0xe5, 0x6b, 0x43, 0xfd, 0x92, 0xf0, 0xe6, + 0xc3, 0xc9, 0x14, 0xdf, 0x2f, 0x48, 0x35, 0xc7, 0xf4, 0xf0, 0x20, 0x19, 0x45, 0x5d, 0xf2, 0x23, + 0x12, 0x88, 0xe8, 0x5a, 0x90, 0x41, 0x92, 0x21, 0xc9, 0x30, 0xb2, 0xd5, 0x28, 0xd4, 0x17, 0x37, + 0x6b, 0x32, 0x8c, 0x12, 0x12, 0xda, 0x82, 0xc5, 0x63, 0x12, 0xd8, 0xfd, 0x93, 0xc7, 0xf6, 0xc0, + 0xc3, 0x2c, 0x0a, 0x88, 0xde, 0x14, 0xa1, 0x58, 0x24, 0x23, 0x17, 0x2e, 0x0d, 0x89, 0xe3, 0x72, + 0x97, 0xef, 0x05, 0xa4, 0x17, 0xea, 0x4b, 0xc2, 0xbf, 0xfb, 0x93, 0x9f, 0xa0, 0x10, 0x67, 0xe6, + 0xa5, 0x73, 0xc3, 0x3c, 0xdf, 0x54, 0x99, 0x22, 0x73, 0x04, 0x49, 0xc3, 0x0a, 0x64, 0x74, 0x0d, + 0x16, 0x58, 0x80, 0xad, 0x91, 0xed, 0x0d, 0x0e, 0x09, 0x1b, 0xfa, 0x3d, 0xfd, 0xb2, 0xf0, 0x44, + 0x81, 0x8a, 0x2c, 0x40, 0xc4, 0xc3, 0x5d, 0x87, 0xf4, 0x64, 0x2c, 0x3e, 0x39, 0xa1, 0x24, 0xd4, + 0x97, 0xc5, 0x2e, 0x6e, 0xb6, 0x33, 0x15, 0xaa, 0x50, 0x20, 0xda, 0x77, 0xc6, 0x56, 0xdd, 0xf1, + 0x58, 0x70, 0x62, 0x96, 0x88, 0x43, 0x23, 0x98, 0xe3, 0xfb, 0x88, 0x43, 0x61, 0x45, 0x84, 0xc2, + 0xbd, 0xc9, 0x7c, 0x74, 0x90, 0x0a, 0x34, 0xb3, 0xd2, 0x51, 0x1b, 0xd0, 0x10, 0x87, 0x87, 0x91, + 0xc3, 0x6c, 0xea, 0x10, 0x69, 0x46, 0xa8, 0xaf, 0x0a, 0x37, 0x95, 0xcc, 0xa0, 0xfb, 0x00, 0x01, + 0xe9, 0xc7, 0x7c, 0x6b, 0x62, 0xe7, 0x37, 0xce, 0xda, 0xb9, 0x99, 0x70, 0xcb, 0x1d, 0x67, 0x96, + 0x73, 0xe5, 0x7c, 0x1b, 0xc4, 0x62, 0x2a, 0xdb, 0x45, 0x5a, 0xeb, 0x22, 0xc4, 0x4a, 0x66, 0x78, + 0x2c, 0x2a, 0xaa, 0x28, 0x5a, 0xeb, 0x32, 0x5a, 0x33, 0xa4, 0xd6, 0x1d, 0x58, 0x3b, 0xc5, 0xd5, + 0xa8, 0x09, 0xb5, 0x11, 0x39, 0x11, 0x25, 0xba, 0x61, 0xf2, 0x4f, 0xb4, 0x0c, 0xd3, 0xc7, 0xd8, + 0x89, 0x88, 0x28, 0xaa, 0x75, 0x53, 0x0e, 0x6e, 0x57, 0xbf, 0xab, 0xb5, 0x7e, 0xab, 0xc1, 0x62, + 0xc1, 0xf0, 0x92, 0xf5, 0x3f, 0xcb, 0xae, 0x3f, 0x87, 0x30, 0xee, 0x3f, 0xc1, 0xc1, 0x80, 0xb0, + 0x8c, 0x21, 0xc6, 0x3f, 0x35, 0xd0, 0x0b, 0x1e, 0xfd, 0xb1, 0xcd, 0x86, 0x77, 0x6d, 0x87, 0x84, + 0xe8, 0x16, 0xcc, 0x06, 0x92, 0xa6, 0x1a, 0xcf, 0x5b, 0x67, 0x1c, 0xc4, 0x41, 0xc5, 0x8c, 0xb9, + 0xd1, 0xc7, 0x50, 0x77, 0x09, 0xc3, 0x3d, 0xcc, 0xb0, 0xb2, 0x7d, 0xb3, 0x6c, 0x25, 0xd7, 0x72, + 0xa8, 0xf8, 0x0e, 0x2a, 0x66, 0xb2, 0x06, 0xbd, 0x0f, 0xd3, 0xd6, 0x30, 0xf2, 0x46, 0xa2, 0xe5, + 0xcc, 0xed, 0xbc, 0x7d, 0xda, 0xe2, 0x3d, 0xce, 0x74, 0x50, 0x31, 0x25, 0xf7, 0x27, 0x33, 0x30, + 0x45, 0x71, 0xc0, 0x8c, 0xbb, 0xb0, 0x5c, 0xa6, 0x82, 0xf7, 0x39, 0x6b, 0x48, 0xac, 0x51, 0x18, + 0xb9, 0xca, 0xcd, 0xc9, 0x18, 0x21, 0x98, 0x0a, 0xed, 0xe7, 0xd2, 0xd5, 0x35, 0x53, 0x7c, 0x1b, + 0xdf, 0x81, 0xa5, 0x31, 0x6d, 0xfc, 0x50, 0xa5, 0x6d, 0x5c, 0xc2, 0xbc, 0x52, 0x6d, 0x44, 0xb0, + 0xf2, 0x44, 0xf8, 0x22, 0x29, 0xf6, 0x17, 0xd1, 0xb9, 0x8d, 0x03, 0x58, 0x2d, 0xaa, 0x0d, 0xa9, + 0xef, 0x85, 0x84, 0x87, 0xbe, 0xa8, 0x8e, 0x36, 0xe9, 0xa5, 0xb3, 0xc2, 0x8a, 0xba, 0x59, 0x32, + 0x63, 0xfc, 0xaa, 0x0a, 0xab, 0x26, 0x09, 0x7d, 0xe7, 0x98, 0xc4, 0xa5, 0xeb, 0x62, 0xc0, 0xc7, + 0x4f, 0xa1, 0x86, 0x29, 0x55, 0x61, 0x72, 0xef, 0xdc, 0xda, 0xbb, 0xc9, 0xa5, 0xa2, 0x77, 0x61, + 0x09, 0xbb, 0x5d, 0x7b, 0x10, 0xf9, 0x51, 0x18, 0x6f, 0x4b, 0x04, 0x55, 0xc3, 0x1c, 0x9f, 0x30, + 0x2c, 0x58, 0x1b, 0x73, 0x81, 0x72, 0x67, 0x16, 0x22, 0x69, 0x05, 0x88, 0x54, 0xaa, 0xa4, 0x7a, + 0x9a, 0x92, 0xbf, 0x69, 0xd0, 0x4c, 0x53, 0x47, 0x89, 0xbf, 0x02, 0x0d, 0x57, 0xd1, 0x42, 0x5d, + 0x13, 0xf5, 0x29, 0x25, 0xe4, 0xd1, 0x52, 0xb5, 0x88, 0x96, 0x56, 0x61, 0x46, 0x82, 0x59, 0xb5, + 0x31, 0x35, 0xca, 0x99, 0x3c, 0x55, 0x30, 0x79, 0x03, 0x20, 0x4c, 0xea, 0x97, 0x3e, 0x23, 0x66, + 0x33, 0x14, 0x64, 0xc0, 0xbc, 0xec, 0xad, 0x26, 0x09, 0x23, 0x87, 0xe9, 0xb3, 0x82, 0x23, 0x47, + 0x33, 0x7c, 0x58, 0x7c, 0x60, 0xf3, 0x3d, 0xf4, 0xc3, 0x8b, 0x09, 0xf6, 0x0f, 0x60, 0x8a, 0x2b, + 0xe3, 0x1b, 0xeb, 0x06, 0xd8, 0xb3, 0x86, 0x24, 0xf6, 0x55, 0x32, 0xe6, 0x69, 0xcc, 0xf0, 0x20, + 0xd4, 0xab, 0x82, 0x2e, 0xbe, 0x8d, 0x3f, 0x55, 0xa5, 0xa5, 0xbb, 0x94, 0x86, 0x6f, 0x1e, 0x50, + 0x97, 0xb7, 0xf8, 0xda, 0x78, 0x8b, 0x2f, 0x98, 0xfc, 0x75, 0x5a, 0xfc, 0x39, 0xb5, 0x29, 0x23, + 0x82, 0xd9, 0x5d, 0x4a, 0xb9, 0x21, 0x68, 0x1b, 0xa6, 0x30, 0xa5, 0xd2, 0xe1, 0x85, 0x8a, 0xac, + 0x58, 0xf8, 0xff, 0xca, 0x24, 0xc1, 0xda, 0xba, 0x05, 0x8d, 0x84, 0xf4, 0x32, 0xb5, 0x8d, 0xac, + 0xda, 0x4d, 0x00, 0x89, 0x61, 0xef, 0x79, 0x7d, 0x9f, 0x1f, 0x29, 0x0f, 0x76, 0xb5, 0x54, 0x7c, + 0x1b, 0xb7, 0x63, 0x0e, 0x61, 0xdb, 0xbb, 0x30, 0x6d, 0x33, 0xe2, 0xc6, 0xc6, 0xad, 0x66, 0x8d, + 0x4b, 0x05, 0x99, 0x92, 0xc9, 0xf8, 0x7b, 0x1d, 0xd6, 0xf9, 0x89, 0x3d, 0x16, 0x69, 0xb2, 0x4b, + 0xe9, 0xa7, 0x84, 0x61, 0xdb, 0x09, 0x7f, 0x10, 0x91, 0xe0, 0xe4, 0x35, 0x07, 0xc6, 0x00, 0x66, + 0x64, 0x96, 0xa9, 0x7a, 0x77, 0xee, 0xd7, 0x19, 0x25, 0x3e, 0xbd, 0xc3, 0xd4, 0x5e, 0xcf, 0x1d, + 0xa6, 0xec, 0x4e, 0x31, 0x75, 0x41, 0x77, 0x8a, 0xd3, 0xaf, 0x95, 0x99, 0xcb, 0xea, 0x4c, 0xfe, + 0xb2, 0x5a, 0x02, 0xd5, 0x67, 0x5f, 0x15, 0xaa, 0xd7, 0x4b, 0xa1, 0xba, 0x5b, 0x9a, 0xc7, 0x0d, + 0xe1, 0xee, 0xef, 0x65, 0x23, 0xf0, 0xd4, 0x58, 0x9b, 0x04, 0xb4, 0xc3, 0x6b, 0x05, 0xed, 0x3f, + 0xcc, 0x81, 0x70, 0x79, 0x0d, 0x7e, 0xff, 0xd5, 0xf6, 0x74, 0x06, 0x1c, 0xff, 0xc6, 0x81, 0xe7, + 0xdf, 0x08, 0xcc, 0x44, 0xfd, 0xd4, 0x07, 0x49, 0x43, 0xe7, 0x7d, 0x88, 0xb7, 0x56, 0x55, 0xb4, + 0xf8, 0x37, 0xba, 0x01, 0x53, 0xdc, 0xc9, 0x0a, 0xd4, 0xae, 0x65, 0xfd, 0xc9, 0x4f, 0x62, 0x97, + 0xd2, 0xc7, 0x94, 0x58, 0xa6, 0x60, 0x42, 0xb7, 0xa1, 0x91, 0x04, 0xbe, 0xca, 0xac, 0x2b, 0xd9, + 0x15, 0x49, 0x9e, 0xc4, 0xcb, 0x52, 0x76, 0xbe, 0xb6, 0x67, 0x07, 0xc4, 0x12, 0x90, 0x6f, 0x7a, + 0x7c, 0xed, 0xa7, 0xf1, 0x64, 0xb2, 0x36, 0x61, 0x47, 0xdb, 0x30, 0x23, 0xdf, 0x0d, 0x44, 0x06, + 0xcd, 0xed, 0xac, 0x8f, 0x17, 0xd3, 0x78, 0x95, 0x62, 0x34, 0xfe, 0xaa, 0xc1, 0x3b, 0x69, 0x40, + 0xc4, 0xd9, 0x14, 0xa3, 0xee, 0x37, 0xdf, 0x71, 0xaf, 0xc1, 0x82, 0x80, 0xf9, 0xe9, 0xf3, 0x81, + 0x7c, 0xc9, 0x2a, 0x50, 0x8d, 0x3f, 0x6a, 0x70, 0x75, 0x7c, 0x1f, 0x7b, 0x43, 0x1c, 0xb0, 0xe4, + 0x78, 0x2f, 0x62, 0x2f, 0x71, 0xc3, 0xab, 0xa6, 0x0d, 0x2f, 0xb7, 0xbf, 0x5a, 0x7e, 0x7f, 0xc6, + 0x5f, 0xaa, 0x30, 0x97, 0x09, 0xa0, 0xb2, 0x86, 0xc9, 0x01, 0x9f, 0x88, 0x5b, 0x71, 0xb1, 0x13, + 0x4d, 0xa1, 0x61, 0x66, 0x28, 0x68, 0x04, 0x40, 0x71, 0x80, 0x5d, 0xc2, 0x48, 0xc0, 0x2b, 0x39, + 0xcf, 0xf8, 0xfb, 0x93, 0x57, 0x97, 0xa3, 0x58, 0xa6, 0x99, 0x11, 0xcf, 0x11, 0xab, 0x50, 0x1d, + 0xaa, 0xfa, 0xad, 0x46, 0xe8, 0x4b, 0x58, 0xe8, 0xdb, 0x0e, 0x39, 0x4a, 0x0d, 0x99, 0x11, 0x86, + 0x3c, 0x9a, 0xdc, 0x90, 0xbb, 0x59, 0xb9, 0x66, 0x41, 0x8d, 0x71, 0x1d, 0x9a, 0xc5, 0x7c, 0xe2, + 0x46, 0xda, 0x2e, 0x1e, 0x24, 0xde, 0x52, 0x23, 0x03, 0x41, 0xb3, 0x98, 0x3f, 0xc6, 0xbf, 0xaa, + 0xb0, 0x92, 0x88, 0xdb, 0xf5, 0x3c, 0x3f, 0xf2, 0x2c, 0xf1, 0x14, 0x57, 0x7a, 0x16, 0xcb, 0x30, + 0xcd, 0x6c, 0xe6, 0x24, 0xc0, 0x47, 0x0c, 0x78, 0xef, 0x62, 0xbe, 0xef, 0x30, 0x9b, 0xaa, 0x03, + 0x8e, 0x87, 0xf2, 0xec, 0x9f, 0x45, 0x76, 0x40, 0x7a, 0xa2, 0x12, 0xd4, 0xcd, 0x64, 0xcc, 0xe7, + 0x38, 0xaa, 0x11, 0x30, 0x5e, 0x3a, 0x33, 0x19, 0x8b, 0xb8, 0xf7, 0x1d, 0x87, 0x58, 0xdc, 0x1d, + 0x19, 0xa0, 0x5f, 0xa0, 0x8a, 0x0b, 0x04, 0x0b, 0x6c, 0x6f, 0xa0, 0x60, 0xbe, 0x1a, 0x71, 0x3b, + 0x71, 0x10, 0xe0, 0x13, 0xbd, 0x2e, 0x1c, 0x20, 0x07, 0xe8, 0x23, 0xa8, 0xb9, 0x98, 0xaa, 0x46, + 0x77, 0x3d, 0x57, 0x1d, 0xca, 0x3c, 0xd0, 0x3e, 0xc4, 0x54, 0x76, 0x02, 0xbe, 0xac, 0xf5, 0x01, + 0xd4, 0x63, 0xc2, 0xd7, 0x82, 0x84, 0x5f, 0xc0, 0xa5, 0x5c, 0xf1, 0x41, 0x9f, 0xc3, 0x6a, 0x1a, + 0x51, 0x59, 0x85, 0x0a, 0x04, 0xbe, 0xf3, 0x52, 0xcb, 0xcc, 0x53, 0x04, 0x18, 0xcf, 0x60, 0x89, + 0x87, 0x8c, 0x48, 0xfc, 0x0b, 0xba, 0xda, 0x7c, 0x08, 0x8d, 0x44, 0x65, 0x69, 0xcc, 0xb4, 0xa0, + 0x7e, 0x1c, 0x3f, 0x91, 0xca, 0xbb, 0x4d, 0x32, 0x36, 0x76, 0x01, 0x65, 0xed, 0x55, 0x1d, 0xe8, + 0x46, 0x1e, 0x14, 0xaf, 0x14, 0xdb, 0x8d, 0x60, 0x8f, 0x31, 0xf1, 0xef, 0xaa, 0xb0, 0xb8, 0x6f, + 0x8b, 0x57, 0x8e, 0x0b, 0x2a, 0x72, 0xd7, 0xa1, 0x19, 0x46, 0x5d, 0xd7, 0xef, 0x45, 0x0e, 0x51, + 0xa0, 0x40, 0x75, 0xfa, 0x31, 0xfa, 0x59, 0xc5, 0x8f, 0x3b, 0x8b, 0x62, 0x36, 0x54, 0x37, 0x5c, + 0xf1, 0x8d, 0x3e, 0x82, 0xf5, 0x87, 0xe4, 0x4b, 0xb5, 0x9f, 0x7d, 0xc7, 0xef, 0x76, 0x6d, 0x6f, + 0x10, 0x2b, 0x99, 0x16, 0x4a, 0x4e, 0x67, 0x30, 0x7e, 0xad, 0x41, 0x33, 0xf5, 0x85, 0xf2, 0xe6, + 0x2d, 0x19, 0xf5, 0xd2, 0x97, 0x57, 0xb3, 0xbe, 0x2c, 0xb2, 0xfe, 0xef, 0x01, 0x3f, 0x9f, 0x0d, + 0xf8, 0x3f, 0x6b, 0xb0, 0xb2, 0x6f, 0xb3, 0xb8, 0xd4, 0xd8, 0xff, 0x67, 0xe7, 0x62, 0xb4, 0x61, + 0xb5, 0x68, 0xbe, 0x72, 0xe5, 0x32, 0x4c, 0xf3, 0x53, 0x8a, 0xef, 0xee, 0x72, 0xb0, 0xf3, 0x55, + 0x03, 0x96, 0xd2, 0xe6, 0xcb, 0xff, 0xb5, 0x2d, 0x82, 0x1e, 0x41, 0x73, 0x5f, 0xfd, 0x76, 0x16, + 0xbf, 0x99, 0xa0, 0xb3, 0x1e, 0x21, 0x5b, 0x57, 0xca, 0x27, 0xa5, 0x6a, 0xa3, 0x82, 0x2c, 0x58, + 0x2f, 0x0a, 0x4c, 0xdf, 0x3b, 0xbf, 0x7d, 0x86, 0xe4, 0x84, 0xeb, 0x65, 0x2a, 0xb6, 0x34, 0xf4, + 0x39, 0x2c, 0xe4, 0x5f, 0xe5, 0x50, 0xae, 0x1a, 0x95, 0x3e, 0x14, 0xb6, 0x8c, 0xb3, 0x58, 0x12, + 0xfb, 0x9f, 0x72, 0xe8, 0x9b, 0x7b, 0xa2, 0x42, 0x46, 0x1e, 0x98, 0x97, 0x3d, 0xe1, 0xb5, 0xbe, + 0x75, 0x26, 0x4f, 0x22, 0xfd, 0x43, 0xa8, 0xc7, 0x4f, 0x3a, 0x79, 0x37, 0x17, 0x1e, 0x7a, 0x5a, + 0xcd, 0xbc, 0xbc, 0x7e, 0x68, 0x54, 0xd0, 0xc7, 0x72, 0x31, 0xbf, 0xf2, 0x8f, 0x2f, 0xce, 0x3c, + 0x64, 0xb4, 0x2e, 0x97, 0x3c, 0x1e, 0x18, 0x15, 0xf4, 0x7d, 0x98, 0xe3, 0x5f, 0x47, 0xea, 0x57, + 0xab, 0xd5, 0xb6, 0xfc, 0x91, 0xb4, 0x1d, 0xff, 0x48, 0xda, 0xbe, 0xe3, 0x52, 0x76, 0xd2, 0x2a, + 0xb9, 0xdd, 0x2b, 0x01, 0x4f, 0xe1, 0xd2, 0x3e, 0x61, 0x29, 0x18, 0x47, 0x57, 0x5f, 0xe9, 0xca, + 0xd2, 0x32, 0x8a, 0x6c, 0xe3, 0x78, 0xde, 0xa8, 0xa0, 0xdf, 0x6b, 0x70, 0x79, 0x9f, 0xb0, 0x22, + 0xbc, 0x45, 0xef, 0x95, 0x2b, 0x39, 0x05, 0x06, 0xb7, 0x1e, 0x4e, 0x9a, 0xaf, 0x79, 0xb1, 0x46, + 0x05, 0xfd, 0x41, 0x83, 0xb5, 0x8c, 0x61, 0x59, 0xbc, 0x8a, 0xb6, 0xcf, 0x36, 0xae, 0x04, 0xdb, + 0xb6, 0x3e, 0x9b, 0xf0, 0xc7, 0xc8, 0x8c, 0x48, 0xa3, 0x82, 0x8e, 0xc4, 0x99, 0xa4, 0xed, 0x09, + 0xbd, 0x5d, 0xda, 0x87, 0x12, 0xed, 0x1b, 0xa7, 0x4d, 0x27, 0xe7, 0xf0, 0x19, 0xcc, 0xed, 0x13, + 0x16, 0x57, 0xdd, 0x7c, 0xa4, 0x15, 0x5a, 0x58, 0x3e, 0x55, 0x8b, 0x85, 0x5a, 0x44, 0xcc, 0x92, + 0x94, 0x95, 0xa9, 0x53, 0xf9, 0x5c, 0x2d, 0x2d, 0xc1, 0xf9, 0x88, 0x29, 0x2f, 0x73, 0x46, 0xe5, + 0x93, 0xdd, 0x7f, 0xbc, 0xd8, 0xd0, 0xbe, 0x7a, 0xb1, 0xa1, 0xfd, 0xfb, 0xc5, 0x86, 0xf6, 0x93, + 0x9b, 0x2f, 0xf9, 0x0b, 0x82, 0xcc, 0x1f, 0x25, 0x60, 0x6a, 0x5b, 0x8e, 0x4d, 0x3c, 0xd6, 0x9d, + 0x11, 0xc1, 0x7f, 0xf3, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf8, 0x86, 0xe4, 0x0d, 0xb3, 0x20, + 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -4668,6 +4678,16 @@ func (m *GitFilesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.NewGitFileGlobbingEnabled { + i-- + if m.NewGitFileGlobbingEnabled { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x28 + } if len(m.Path) > 0 { i -= len(m.Path) copy(dAtA[i:], m.Path) @@ -5662,6 +5682,9 @@ func (m *GitFilesRequest) Size() (n int) { if l > 0 { n += 1 + l + sovRepository(uint64(l)) } + if m.NewGitFileGlobbingEnabled { + n += 2 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -10830,6 +10853,26 @@ func (m *GitFilesRequest) Unmarshal(dAtA []byte) error { } m.Path = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field NewGitFileGlobbingEnabled", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.NewGitFileGlobbingEnabled = bool(v != 0) default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index c509906a26632..b2d8b2b145289 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -2552,6 +2552,7 @@ func (s *Service) GetGitFiles(_ context.Context, request *apiclient.GitFilesRequ repo := request.GetRepo() revision := request.GetRevision() gitPath := request.GetPath() + enableNewGitFileGlobbing := request.GetNewGitFileGlobbingEnabled() if gitPath == "" { gitPath = "." } @@ -2585,7 +2586,7 @@ func (s *Service) GetGitFiles(_ context.Context, request *apiclient.GitFilesRequ } defer io.Close(closer) - gitFiles, err := gitClient.LsFiles(gitPath) + gitFiles, err := gitClient.LsFiles(gitPath, enableNewGitFileGlobbing) if err != nil { return nil, status.Errorf(codes.Internal, "unable to list files. repo %s with revision %s pattern %s: %v", repo.Repo, revision, gitPath, err) } diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index b1c89e3a2282e..8f40867c243c1 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -234,6 +234,7 @@ message GitFilesRequest { bool submoduleEnabled = 2; string revision = 3; string path = 4; + bool NewGitFileGlobbingEnabled = 5; } message GitFilesResponse { diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 8a32be75eda3d..6d4ae3127cb71 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -3026,7 +3026,7 @@ func TestGetGitFiles(t *testing.T) { gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil) gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("Root").Return(root) - gitClient.On("LsFiles", mock.Anything).Once().Return(files, nil) + gitClient.On("LsFiles", mock.Anything, mock.Anything).Once().Return(files, nil) paths.On("GetPath", mock.Anything).Return(root, nil) paths.On("GetPathIfExists", mock.Anything).Return(root, nil) }, root) diff --git a/util/git/client.go b/util/git/client.go index f7ff776cd4f57..0ee4d5dd265fe 100644 --- a/util/git/client.go +++ b/util/git/client.go @@ -17,6 +17,7 @@ import ( "time" argoexec "github.com/argoproj/pkg/exec" + "github.com/bmatcuk/doublestar/v4" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/config" "github.com/go-git/go-git/v5/plumbing" @@ -66,7 +67,7 @@ type Client interface { Checkout(revision string, submoduleEnabled bool) error LsRefs() (*Refs, error) LsRemote(revision string) (string, error) - LsFiles(path string) ([]string, error) + LsFiles(path string, enableNewGitFileGlobbing bool) ([]string, error) LsLargeFiles() ([]string, error) CommitSHA() (string, error) RevisionMetadata(revision string) (*RevisionMetadata, error) @@ -365,14 +366,44 @@ func (m *nativeGitClient) Fetch(revision string) error { } // LsFiles lists the local working tree, including only files that are under source control -func (m *nativeGitClient) LsFiles(path string) ([]string, error) { - out, err := m.runCmd("ls-files", "--full-name", "-z", "--", path) - if err != nil { - return nil, err +func (m *nativeGitClient) LsFiles(path string, enableNewGitFileGlobbing bool) ([]string, error) { + if enableNewGitFileGlobbing { + // This is the new way with safer globbing + err := os.Chdir(m.root) + if err != nil { + return nil, err + } + all_files, err := doublestar.FilepathGlob(path) + if err != nil { + return nil, err + } + var files []string + for _, file := range all_files { + link, err := filepath.EvalSymlinks(file) + if err != nil { + return nil, err + } + absPath, err := filepath.Abs(link) + if err != nil { + return nil, err + } + if strings.HasPrefix(absPath, m.root) { + files = append(files, file) + } else { + log.Warnf("Absolute path for %s is outside of repository, removing it", file) + } + } + return files, nil + } else { + // This is the old and default way + out, err := m.runCmd("ls-files", "--full-name", "-z", "--", path) + if err != nil { + return nil, err + } + // remove last element, which is blank regardless of whether we're using nullbyte or newline + ss := strings.Split(out, "\000") + return ss[:len(ss)-1], nil } - // remove last element, which is blank regardless of whether we're using nullbyte or newline - ss := strings.Split(out, "\000") - return ss[:len(ss)-1], nil } // LsLargeFiles lists all files that have references to LFS storage diff --git a/util/git/git_test.go b/util/git/git_test.go index 3dc87b718ac47..5faf63e9a0775 100644 --- a/util/git/git_test.go +++ b/util/git/git_test.go @@ -411,3 +411,54 @@ func TestListRevisions(t *testing.T) { assert.NotContains(t, lsResult.Branches, testTag) assert.NotContains(t, lsResult.Tags, testBranch) } + +func TestLsFiles(t *testing.T) { + tmpDir1 := t.TempDir() + tmpDir2 := t.TempDir() + + client, err := NewClientExt("", tmpDir1, NopCreds{}, false, false, "") + assert.NoError(t, err) + + err = runCmd(tmpDir1, "git", "init") + assert.NoError(t, err) + + // Prepare files + a, err := os.Create(filepath.Join(tmpDir1, "a.yaml")) + assert.NoError(t, err) + a.Close() + err = os.MkdirAll(filepath.Join(tmpDir1, "subdir"), 0755) + assert.NoError(t, err) + b, err := os.Create(filepath.Join(tmpDir1, "subdir", "b.yaml")) + assert.NoError(t, err) + b.Close() + err = os.MkdirAll(filepath.Join(tmpDir2, "subdir"), 0755) + assert.NoError(t, err) + c, err := os.Create(filepath.Join(tmpDir2, "c.yaml")) + assert.NoError(t, err) + c.Close() + err = os.Symlink(filepath.Join(tmpDir2, "c.yaml"), filepath.Join(tmpDir1, "link.yaml")) + assert.NoError(t, err) + + err = runCmd(tmpDir1, "git", "add", ".") + assert.NoError(t, err) + err = runCmd(tmpDir1, "git", "commit", "-m", "Initial commit") + assert.NoError(t, err) + + // Old and default globbing + expectedResult := []string{"a.yaml", "link.yaml", "subdir/b.yaml"} + lsResult, err := client.LsFiles("*.yaml", false) + assert.NoError(t, err) + assert.Equal(t, lsResult, expectedResult) + + // New and safer globbing, do not return symlinks resolving outside of the repo + expectedResult = []string{"a.yaml"} + lsResult, err = client.LsFiles("*.yaml", true) + assert.NoError(t, err) + assert.Equal(t, lsResult, expectedResult) + + // New globbing, do not return files outside of the repo + var nilResult []string + lsResult, err = client.LsFiles(filepath.Join(tmpDir2, "*.yaml"), true) + assert.NoError(t, err) + assert.Equal(t, lsResult, nilResult) +} diff --git a/util/git/mocks/Client.go b/util/git/mocks/Client.go index 3d4471b1f23c1..51ffebfca37fa 100644 --- a/util/git/mocks/Client.go +++ b/util/git/mocks/Client.go @@ -75,8 +75,8 @@ func (_m *Client) Init() error { return r0 } -// LsFiles provides a mock function with given fields: path -func (_m *Client) LsFiles(path string) ([]string, error) { +// LsFiles provides a mock function with given fields: path, enableNewGitFileGlobbing +func (_m *Client) LsFiles(path string, enableNewGitFileGlobbing bool) ([]string, error) { ret := _m.Called(path) var r0 []string From 64e718c54944f80a9bc33875a5570176f9fac27f Mon Sep 17 00:00:00 2001 From: Thomas Decaux Date: Sat, 27 May 2023 21:27:21 -0400 Subject: [PATCH 034/252] feat: add health-checks for Percona XtraDB cluster (#13093) * feat: Add health-checks for Percona XtraDB cluster Signed-off-by: Thomas Decaux Signed-off-by: ebuildy * add tests Signed-off-by: ebuildy --------- Signed-off-by: Thomas Decaux Signed-off-by: ebuildy --- .../PerconaXtraDBCluster/health.lua | 38 +++++++++++++++++++ .../PerconaXtraDBCluster/health_test.yaml | 25 ++++++++++++ .../PerconaXtraDBCluster/testdata/error.yaml | 24 ++++++++++++ .../testdata/initializing.yaml | 22 +++++++++++ .../PerconaXtraDBCluster/testdata/paused.yaml | 22 +++++++++++ .../PerconaXtraDBCluster/testdata/ready.yaml | 22 +++++++++++ .../testdata/stopping.yaml | 22 +++++++++++ .../testdata/unknown.yaml | 22 +++++++++++ 8 files changed, 197 insertions(+) create mode 100644 resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health.lua create mode 100644 resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health_test.yaml create mode 100644 resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/error.yaml create mode 100644 resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/initializing.yaml create mode 100644 resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/paused.yaml create mode 100644 resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/ready.yaml create mode 100644 resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/stopping.yaml create mode 100644 resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/unknown.yaml diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health.lua b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health.lua new file mode 100644 index 0000000000000..e28ef99f9f05a --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health.lua @@ -0,0 +1,38 @@ +hs = {} +if obj.status ~= nil then + + if obj.status.state == "initializing" then + hs.status = "Progressing" + hs.message = obj.status.ready .. "/" .. obj.status.size .. " node(s) are ready" + return hs + end + + if obj.status.state == "ready" then + hs.status = "Healthy" + hs.message = obj.status.ready .. "/" .. obj.status.size .. " node(s) are ready" + return hs + end + + if obj.status.state == "paused" then + hs.status = "Unknown" + hs.message = "Cluster is paused" + return hs + end + + if obj.status.state == "stopping" then + hs.status = "Degraded" + hs.message = "Cluster is stopping (" .. obj.status.ready .. "/" .. obj.status.size .. " node(s) are ready)" + return hs + end + + if obj.status.state == "error" then + hs.status = "Degraded" + hs.message = "Cluster is on error: " .. table.concat(obj.status.messages, ", ") + return hs + end + +end + +hs.status = "Unknown" +hs.message = "Cluster status is unknown. Ensure your ArgoCD is current and then check for/file a bug report: https://github.com/argoproj/argo-cd/issues" +return hs diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health_test.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health_test.yaml new file mode 100644 index 0000000000000..73b9968ff7a4c --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/health_test.yaml @@ -0,0 +1,25 @@ +tests: +- healthStatus: + status: Progressing + message: "0/1 node(s) are ready" + inputPath: testdata/initializing.yaml +- healthStatus: + status: Healthy + message: "1/1 node(s) are ready" + inputPath: testdata/ready.yaml +- healthStatus: + status: Unknown + message: "Cluster is paused" + inputPath: testdata/paused.yaml +- healthStatus: + status: Degraded + message: "Cluster is stopping (1/2 node(s) are ready)" + inputPath: testdata/stopping.yaml +- healthStatus: + status: Degraded + message: "Cluster is on error: we lost node" + inputPath: testdata/error.yaml +- healthStatus: + status: Unknown + message: "Cluster status is unknown. Ensure your ArgoCD is current and then check for/file a bug report: https://github.com/argoproj/argo-cd/issues" + inputPath: testdata/unknown.yaml diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/error.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/error.yaml new file mode 100644 index 0000000000000..b6f1884be0819 --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/error.yaml @@ -0,0 +1,24 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 1 + size: 2 + status: error + version: 8.0.21-12.1 + ready: 1 + size: 2 + state: error + messages: + - we lost node diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/initializing.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/initializing.yaml new file mode 100644 index 0000000000000..11f3ff046543e --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/initializing.yaml @@ -0,0 +1,22 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 0 + size: 1 + status: initializing + version: 8.0.21-12.1 + ready: 0 + size: 1 + state: initializing diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/paused.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/paused.yaml new file mode 100644 index 0000000000000..46440a23df7e2 --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/paused.yaml @@ -0,0 +1,22 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 1 + size: 1 + status: paused + version: 8.0.21-12.1 + ready: 1 + size: 1 + state: paused diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/ready.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/ready.yaml new file mode 100644 index 0000000000000..bd7d82a2a08fe --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/ready.yaml @@ -0,0 +1,22 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 1 + size: 1 + status: ready + version: 8.0.21-12.1 + ready: 1 + size: 1 + state: ready diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/stopping.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/stopping.yaml new file mode 100644 index 0000000000000..f527445c506a0 --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/stopping.yaml @@ -0,0 +1,22 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 1 + size: 2 + status: stopping + version: 8.0.21-12.1 + ready: 1 + size: 2 + state: stopping diff --git a/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/unknown.yaml b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/unknown.yaml new file mode 100644 index 0000000000000..c12b04682b18e --- /dev/null +++ b/resource_customizations/pxc.percona.com/PerconaXtraDBCluster/testdata/unknown.yaml @@ -0,0 +1,22 @@ +apiVersion: pxc.percona.com/v1 +kind: PerconaXtraDBCluster +metadata: + name: quickstart +spec: {} +status: + backup: {} + haproxy: {} + host: pxc-mysql-pxc + logcollector: {} + observedGeneration: 1 + pmm: {} + proxysql: {} + pxc: + image: '' + ready: 1 + size: 1 + status: dontknow + version: 8.0.21-12.1 + ready: 1 + size: 1 + state: dontknow From cd46c76ef8f95c6525ae7c8f81131a3b0f038d0b Mon Sep 17 00:00:00 2001 From: asingh <11219262+ashutosh16@users.noreply.github.com> Date: Sat, 27 May 2023 18:29:05 -0700 Subject: [PATCH 035/252] fix(ui): Display error msg when live state is empty (#13031) * fix: disply error when live state is empty Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * fix: disply error when live state is empty Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * fix: disply error when live state is empty Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> --------- Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com> --- .../application-node-info.scss | 7 +- .../application-node-info.tsx | 78 +++++++++++++------ 2 files changed, 58 insertions(+), 27 deletions(-) diff --git a/ui/src/app/applications/components/application-node-info/application-node-info.scss b/ui/src/app/applications/components/application-node-info/application-node-info.scss index 1d1fbf941fac7..f50e67279cc52 100644 --- a/ui/src/app/applications/components/application-node-info/application-node-info.scss +++ b/ui/src/app/applications/components/application-node-info/application-node-info.scss @@ -39,7 +39,10 @@ color: $argo-color-gray-8; } } - + &__err_msg { + padding-right: 2em; + color: $argo-failed-color; + } &__container { display: flex; align-items: center; @@ -66,4 +69,4 @@ border-bottom: none; } } -} +} \ No newline at end of file diff --git a/ui/src/app/applications/components/application-node-info/application-node-info.tsx b/ui/src/app/applications/components/application-node-info/application-node-info.tsx index 8ecb965a1ab8b..dbc2ce8703190 100644 --- a/ui/src/app/applications/components/application-node-info/application-node-info.tsx +++ b/ui/src/app/applications/components/application-node-info/application-node-info.tsx @@ -115,6 +115,7 @@ export const ApplicationNodeInfo = (props: { ) }); } + if (props.live) { if (props.node.kind === 'Pod') { const {reason, message, netContainerStatuses} = getPodStateReason(props.live); @@ -184,7 +185,7 @@ export const ApplicationNodeInfo = (props: { } as any); } } - + let showLiveState = true; if (props.links) { attributes.push({ title: 'LINKS', @@ -200,35 +201,62 @@ export const ApplicationNodeInfo = (props: { services.viewPreferences.getPreferences()}> {pref => { const live = deepMerge(props.live, {}) as any; + if (Object.keys(live).length === 0) { + showLiveState = false; + } + if (live?.metadata?.managedFields && pref.appDetails.hideManagedFields) { delete live.metadata.managedFields; } return ( - <> -
- - services.viewPreferences.updatePreferences({ - appDetails: { - ...pref.appDetails, - hideManagedFields: !pref.appDetails.hideManagedFields + + {showLiveState ? ( + +
+ + services.viewPreferences.updatePreferences({ + appDetails: { + ...pref.appDetails, + hideManagedFields: !pref.appDetails.hideManagedFields + } + }) } - }) - } - /> - -
- - services.applications.patchResource(props.application.metadata.name, props.application.metadata.namespace, props.node, patch, patchType) - } - /> - + /> + +
+ + services.applications.patchResource( + props.application.metadata.name, + props.application.metadata.namespace, + props.node, + patch, + patchType + ) + } + /> + + ) : ( +
+ Resource not found in cluster:{' '} + {`${props?.controlled?.state?.targetState?.apiVersion}/${props?.controlled?.state?.targetState?.kind}:${props.node.name}`} +
+ {props?.controlled?.state?.normalizedLiveState?.apiVersion && ( + + Please update your resource specification to use the latest Kubernetes API resources supported by the target cluster. The + recommended syntax is{' '} + {`${props.controlled.state.normalizedLiveState.apiVersion}/${props?.controlled.state.normalizedLiveState?.kind}:${props.node.name}`} + + )} +
+ )} + ); }} From 46e6b798990068efb936fac8d7f4d394eb986935 Mon Sep 17 00:00:00 2001 From: Samuel Suter Date: Sat, 27 May 2023 19:34:52 -0600 Subject: [PATCH 036/252] feat(health): support for external-secrets.io cluster resources (#12957) Support for external-secrets.io/ClusterExternalSecret and external-secrets.io/ClusterSecretStore Signed-off-by: Samuel Suter --- .../ClusterExternalSecret/health.lua | 25 +++++++++++ .../ClusterExternalSecret/health_test.yaml | 21 +++++++++ .../testdata/healthy.yaml | 37 ++++++++++++++++ .../testdata/notready.yaml | 38 ++++++++++++++++ .../partiallyready-multiple-conditions.yaml | 43 +++++++++++++++++++ .../testdata/partiallyready.yaml | 40 +++++++++++++++++ .../testdata/progressing.yaml | 30 +++++++++++++ .../ClusterSecretStore/health.lua | 20 +++++++++ .../ClusterSecretStore/health_test.yaml | 9 ++++ .../ClusterSecretStore/testdata/degraded.yaml | 16 +++++++ .../ClusterSecretStore/testdata/healthy.yaml | 17 ++++++++ 11 files changed, 296 insertions(+) create mode 100644 resource_customizations/external-secrets.io/ClusterExternalSecret/health.lua create mode 100644 resource_customizations/external-secrets.io/ClusterExternalSecret/health_test.yaml create mode 100644 resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/healthy.yaml create mode 100644 resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/notready.yaml create mode 100644 resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready-multiple-conditions.yaml create mode 100644 resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready.yaml create mode 100644 resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/progressing.yaml create mode 100644 resource_customizations/external-secrets.io/ClusterSecretStore/health.lua create mode 100644 resource_customizations/external-secrets.io/ClusterSecretStore/health_test.yaml create mode 100644 resource_customizations/external-secrets.io/ClusterSecretStore/testdata/degraded.yaml create mode 100644 resource_customizations/external-secrets.io/ClusterSecretStore/testdata/healthy.yaml diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/health.lua b/resource_customizations/external-secrets.io/ClusterExternalSecret/health.lua new file mode 100644 index 0000000000000..2157b5c7a78fa --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/health.lua @@ -0,0 +1,25 @@ +hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + -- For ClusterExternalSecret, new statuses are appended to the end of the list + lastStatus = obj.status.conditions[#obj.status.conditions] + if lastStatus.type == "Ready" and lastStatus.status == "True" then + hs.status = "Healthy" + hs.message = lastStatus.message + return hs + end + if lastStatus.type == "PartiallyReady" and lastStatus.status == "True" then + hs.status = "Degraded" + hs.message = lastStatus.message + return hs + end + if lastStatus.type == "NotReady" and lastStatus.status == "True" then + hs.status = "Degraded" + hs.message = lastStatus.message + return hs + end + end +end +hs.status = "Progressing" +hs.message = "Waiting for ClusterExternalSecret" +return hs diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/health_test.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/health_test.yaml new file mode 100644 index 0000000000000..52e4c7c13740f --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/health_test.yaml @@ -0,0 +1,21 @@ +tests: + - healthStatus: + status: Progressing + message: Waiting for ClusterExternalSecret + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: 'one or more namespaces failed' + inputPath: testdata/notready.yaml + - healthStatus: + status: Degraded + message: 'one or more namespaces failed' + inputPath: testdata/partiallyready.yaml + - healthStatus: + status: Degraded + message: 'one or more namespaces failed' + inputPath: testdata/partiallyready-multiple-conditions.yaml + - healthStatus: + status: Healthy + message: '' + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/healthy.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/healthy.yaml new file mode 100644 index 0000000000000..1a5f61b44a48f --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/healthy.yaml @@ -0,0 +1,37 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: ces +spec: + externalSecretName: hello-world-es + externalSecretSpec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /foo + property: key + secretKey: mykey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: secretmanager + target: + creationPolicy: Owner + deletionPolicy: Retain + name: mysecret + template: + data: + somekey: '{{ .somecreds }}' + engineVersion: v2 + type: Opaque + namespaceSelector: + matchLabels: + cool: label +status: + conditions: + - message: one or more namespaces failed + status: "True" + type: PartiallyReady + - status: "True" + type: Ready diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/notready.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/notready.yaml new file mode 100644 index 0000000000000..eeea3069bfb2d --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/notready.yaml @@ -0,0 +1,38 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: ces +spec: + externalSecretName: hello-world-es + externalSecretSpec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /foo + property: key + secretKey: mykey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: secretmanager + target: + creationPolicy: Owner + deletionPolicy: Retain + name: mysecret + template: + data: + somekey: '{{ .somecreds }}' + engineVersion: v2 + type: Opaque + namespaceSelector: + matchLabels: + cool: label +status: + conditions: + - message: one or more namespaces failed + status: "True" + type: NotReady + failedNamespaces: + - namespace: default + reason: external secret already exists in namespace diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready-multiple-conditions.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready-multiple-conditions.yaml new file mode 100644 index 0000000000000..52f6141871de0 --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready-multiple-conditions.yaml @@ -0,0 +1,43 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: ces +spec: + externalSecretName: hello-world-es + externalSecretSpec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /foo + property: key + secretKey: mykey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: secretmanager + target: + creationPolicy: Owner + deletionPolicy: Retain + name: mysecret + template: + data: + somekey: '{{ .somecreds }}' + engineVersion: v2 + type: Opaque + namespaceSelector: + matchLabels: + cool: label +status: + conditions: + - message: one or more namespaces failed + status: "True" + type: NotReady + - message: one or more namespaces failed + status: "True" + type: PartiallyReady + failedNamespaces: + - namespace: default + reason: external secret already exists in namespace + provisionedNamespaces: + - other-namespace diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready.yaml new file mode 100644 index 0000000000000..f6a291526fd7f --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/partiallyready.yaml @@ -0,0 +1,40 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: ces +spec: + externalSecretName: hello-world-es + externalSecretSpec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /foo + property: key + secretKey: mykey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: secretmanager + target: + creationPolicy: Owner + deletionPolicy: Retain + name: mysecret + template: + data: + somekey: '{{ .somecreds }}' + engineVersion: v2 + type: Opaque + namespaceSelector: + matchLabels: + cool: label +status: + conditions: + - message: one or more namespaces failed + status: "True" + type: PartiallyReady + failedNamespaces: + - namespace: default + reason: external secret already exists in namespace + provisionedNamespaces: + - other-namespace diff --git a/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/progressing.yaml b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/progressing.yaml new file mode 100644 index 0000000000000..8e326e413cf8a --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterExternalSecret/testdata/progressing.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: ces +spec: + externalSecretName: hello-world-es + externalSecretSpec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /foo + property: key + secretKey: mykey + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: secretmanager + target: + creationPolicy: Owner + deletionPolicy: Retain + name: mysecret + template: + data: + somekey: '{{ .somecreds }}' + engineVersion: v2 + type: Opaque + namespaceSelector: + matchLabels: + cool: label diff --git a/resource_customizations/external-secrets.io/ClusterSecretStore/health.lua b/resource_customizations/external-secrets.io/ClusterSecretStore/health.lua new file mode 100644 index 0000000000000..14a77a70354ae --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterSecretStore/health.lua @@ -0,0 +1,20 @@ +hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = condition.message + return hs + end + end + end +end +hs.status = "Progressing" +hs.message = "Waiting for ClusterSecretStore" +return hs diff --git a/resource_customizations/external-secrets.io/ClusterSecretStore/health_test.yaml b/resource_customizations/external-secrets.io/ClusterSecretStore/health_test.yaml new file mode 100644 index 0000000000000..6e692158e6e10 --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterSecretStore/health_test.yaml @@ -0,0 +1,9 @@ +tests: + - healthStatus: + status: Degraded + message: 'unable to validate store' + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: 'store validated' + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/degraded.yaml b/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/degraded.yaml new file mode 100644 index 0000000000000..1f00cc4ea61e7 --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/degraded.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: secretmanager +spec: + provider: + aws: + region: us-east-1 + service: SecretsManager +status: + conditions: + - lastTransitionTime: "2023-03-21T22:58:01Z" + message: unable to validate store + reason: ValidationFailed + status: "False" + type: Ready diff --git a/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/healthy.yaml b/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/healthy.yaml new file mode 100644 index 0000000000000..8c99de1326179 --- /dev/null +++ b/resource_customizations/external-secrets.io/ClusterSecretStore/testdata/healthy.yaml @@ -0,0 +1,17 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: secretmanager +spec: + provider: + aws: + region: us-east-1 + service: SecretsManager +status: + capabilities: ReadWrite + conditions: + - lastTransitionTime: "2023-03-22T04:51:03Z" + message: store validated + reason: Valid + status: "True" + type: Ready From d8112886ce225cf6c750f8afa845fd024d42f04b Mon Sep 17 00:00:00 2001 From: Zufar Dhiyaulhaq Date: Sun, 28 May 2023 08:42:23 +0700 Subject: [PATCH 037/252] chore: add GoTo Financial ArgoCD user (#13317) * add GoTo Financial ArgoCD user Signed-off-by: Zufar Dhiyaulhaq * alphabetical order Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Zufar Dhiyaulhaq Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index e16923624572e..0b6c73bf23636 100644 --- a/USERS.md +++ b/USERS.md @@ -101,6 +101,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Glovo](https://www.glovoapp.com) 1. [GMETRI](https://gmetri.com/) 1. [Gojek](https://www.gojek.io/) +1. [GoTo Financial](https://gotofinancial.com/) 1. [Greenpass](https://www.greenpass.com.br/) 1. [Gridfuse](https://gridfuse.com/) 1. [Groww](https://groww.in) From dddee33d64364b9bd3d4903c62b5c8dfe9c3cb21 Mon Sep 17 00:00:00 2001 From: Vincent Le Goff Date: Sun, 28 May 2023 03:54:35 +0200 Subject: [PATCH 038/252] fix(rbac): handle malformed rbac policy (#11964) Signed-off-by: Vincent Le Goff --- util/rbac/rbac.go | 7 ++++++- util/rbac/rbac_test.go | 22 ++++++++++++++++++++-- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index b6a7080ba6a25..d37e602c04fe0 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -468,7 +468,12 @@ func loadPolicyLine(line string, model model.Model) error { return err } - if len(tokens) < 2 || len(tokens[0]) < 1 { + tokenLen := len(tokens) + + if tokenLen < 1 || + tokens[0] == "" || + (tokens[0] == "g" && tokenLen != 3) || + (tokens[0] == "p" && tokenLen != 6) { return fmt.Errorf("invalid RBAC policy: %s", line) } diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index cdad170857202..d0f572d86c248 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -402,8 +402,14 @@ func TestGlobMatchFunc(t *testing.T) { } func TestLoadPolicyLine(t *testing.T) { - t.Run("Valid policy line", func(t *testing.T) { - policy := `p, foo, bar, baz` + t.Run("Valid permission line", func(t *testing.T) { + policy := `p, role:Myrole, applications, *, myproj/*, allow` + model := newBuiltInModel() + err := loadPolicyLine(policy, model) + require.NoError(t, err) + }) + t.Run("Valid grant line", func(t *testing.T) { + policy := `g, your-github-org:your-team, role:org-admin` model := newBuiltInModel() err := loadPolicyLine(policy, model) require.NoError(t, err) @@ -438,4 +444,16 @@ func TestLoadPolicyLine(t *testing.T) { err := loadPolicyLine(policy, model) require.Error(t, err) }) + t.Run("Invalid policy line missing comma", func(t *testing.T) { + policy := "p, role:Myrole, applications, *, myproj/* allow" + model := newBuiltInModel() + err := loadPolicyLine(policy, model) + require.Error(t, err) + }) + t.Run("Invalid policy line missing policy type", func(t *testing.T) { + policy := ", role:Myrole, applications, *, myproj/*, allow" + model := newBuiltInModel() + err := loadPolicyLine(policy, model) + require.Error(t, err) + }) } From 8c797b0629db4a953a6a2d42657add03c7f114a7 Mon Sep 17 00:00:00 2001 From: aSauerwein Date: Sun, 28 May 2023 05:13:18 +0200 Subject: [PATCH 039/252] docs: fix url in kustomize installation example (#13581) Signed-off-by: aSauerwein Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/operator-manual/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/installation.md b/docs/operator-manual/installation.md index 243794fa26bb9..e32c9474c42ee 100644 --- a/docs/operator-manual/installation.md +++ b/docs/operator-manual/installation.md @@ -72,7 +72,7 @@ kind: Kustomization namespace: argocd resources: -- github.com/argoproj/argo-cd/manifests/ha/base?ref=v2.6.2 +- https://raw.githubusercontent.com/argoproj/argo-cd/v2.7.2/manifests/install.yaml ``` For an example of this, see the [kustomization.yaml](https://github.com/argoproj/argoproj-deployments/blob/master/argocd/kustomization.yaml) From 0994ec88459e335866c1a932ebd20ba57337f3af Mon Sep 17 00:00:00 2001 From: Mehdi CHTAYTI <35627953+Syst3m1cAn0maly@users.noreply.github.com> Date: Sun, 28 May 2023 05:56:04 +0200 Subject: [PATCH 040/252] feat(appset): Add target branch support pullrequestgenerator (#13535) * Add support for templates target_branch and target_branch_slug and filter TargetBranchFilter for AppSet PullRequestGenerator Signed-off-by: Syst3m1An0maly * Update PullRequestGenerator documentation Signed-off-by: Syst3m1An0maly * Adjust field number for the new TargetBranchFilter Signed-off-by: Syst3m1An0maly * Add generated api files, Fix e2e failing test Signed-off-by: Syst3m1An0maly --------- Signed-off-by: Syst3m1An0maly --- applicationset/generators/pull_request.go | 14 +- .../generators/pull_request_test.go | 111 +- .../services/pull_request/bitbucket_server.go | 9 +- .../pull_request/bitbucket_server_test.go | 90 +- applicationset/services/pull_request/gitea.go | 9 +- .../services/pull_request/gitea_test.go | 1 + .../services/pull_request/github.go | 9 +- .../services/pull_request/gitlab.go | 9 +- .../services/pull_request/gitlab_test.go | 1 + .../services/pull_request/interface.go | 5 +- applicationset/services/pull_request/utils.go | 9 + .../services/pull_request/utils_test.go | 167 ++- assets/swagger.json | 3 + .../applicationset/Generators-Pull-Request.md | 3 + manifests/core-install.yaml | 6 + manifests/crds/applicationset-crd.yaml | 6 + manifests/ha/install.yaml | 6 + manifests/install.yaml | 6 + .../v1alpha1/applicationset_types.go | 3 +- pkg/apis/application/v1alpha1/generated.pb.go | 1290 +++++++++-------- pkg/apis/application/v1alpha1/generated.proto | 2 + .../application/v1alpha1/openapi_generated.go | 6 + .../v1alpha1/zz_generated.deepcopy.go | 5 + test/e2e/applicationset_test.go | 4 + 24 files changed, 1023 insertions(+), 751 deletions(-) diff --git a/applicationset/generators/pull_request.go b/applicationset/generators/pull_request.go index d0ca89b42273f..80f4fe2703508 100644 --- a/applicationset/generators/pull_request.go +++ b/applicationset/generators/pull_request.go @@ -96,12 +96,14 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha } paramMap := map[string]interface{}{ - "number": strconv.Itoa(pull.Number), - "branch": pull.Branch, - "branch_slug": slug.Make(pull.Branch), - "head_sha": pull.HeadSHA, - "head_short_sha": pull.HeadSHA[:shortSHALength], - "head_short_sha_7": pull.HeadSHA[:shortSHALength7], + "number": strconv.Itoa(pull.Number), + "branch": pull.Branch, + "branch_slug": slug.Make(pull.Branch), + "target_branch": pull.TargetBranch, + "target_branch_slug": slug.Make(pull.TargetBranch), + "head_sha": pull.HeadSHA, + "head_short_sha": pull.HeadSHA[:shortSHALength], + "head_short_sha_7": pull.HeadSHA[:shortSHALength7], } // PR lables will only be supported for Go Template appsets, since fasttemplate will be deprecated. diff --git a/applicationset/generators/pull_request_test.go b/applicationset/generators/pull_request_test.go index ba2ebfab34f01..4ad069657f414 100644 --- a/applicationset/generators/pull_request_test.go +++ b/applicationset/generators/pull_request_test.go @@ -28,9 +28,10 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { ctx, []*pullrequest.PullRequest{ &pullrequest.PullRequest{ - Number: 1, - Branch: "branch1", - HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 1, + Branch: "branch1", + TargetBranch: "master", + HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", }, }, nil, @@ -38,12 +39,14 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "number": "1", - "branch": "branch1", - "branch_slug": "branch1", - "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", - "head_short_sha": "089d92cb", - "head_short_sha_7": "089d92c", + "number": "1", + "branch": "branch1", + "branch_slug": "branch1", + "target_branch": "master", + "target_branch_slug": "master", + "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", + "head_short_sha": "089d92cb", + "head_short_sha_7": "089d92c", }, }, expectedErr: nil, @@ -54,9 +57,10 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { ctx, []*pullrequest.PullRequest{ &pullrequest.PullRequest{ - Number: 2, - Branch: "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", - HeadSHA: "9b34ff5bd418e57d58891eb0aa0728043ca1e8be", + Number: 2, + Branch: "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", + TargetBranch: "feat/anotherreally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", + HeadSHA: "9b34ff5bd418e57d58891eb0aa0728043ca1e8be", }, }, nil, @@ -64,12 +68,14 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "number": "2", - "branch": "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", - "branch_slug": "feat-areally-long-pull-request-name-to-test-argo", - "head_sha": "9b34ff5bd418e57d58891eb0aa0728043ca1e8be", - "head_short_sha": "9b34ff5b", - "head_short_sha_7": "9b34ff5", + "number": "2", + "branch": "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", + "branch_slug": "feat-areally-long-pull-request-name-to-test-argo", + "target_branch": "feat/anotherreally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", + "target_branch_slug": "feat-anotherreally-long-pull-request-name-to-test", + "head_sha": "9b34ff5bd418e57d58891eb0aa0728043ca1e8be", + "head_short_sha": "9b34ff5b", + "head_short_sha_7": "9b34ff5", }, }, expectedErr: nil, @@ -80,9 +86,10 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { ctx, []*pullrequest.PullRequest{ &pullrequest.PullRequest{ - Number: 1, - Branch: "a-very-short-sha", - HeadSHA: "abcd", + Number: 1, + Branch: "a-very-short-sha", + TargetBranch: "master", + HeadSHA: "abcd", }, }, nil, @@ -90,12 +97,14 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "number": "1", - "branch": "a-very-short-sha", - "branch_slug": "a-very-short-sha", - "head_sha": "abcd", - "head_short_sha": "abcd", - "head_short_sha_7": "abcd", + "number": "1", + "branch": "a-very-short-sha", + "branch_slug": "a-very-short-sha", + "target_branch": "master", + "target_branch_slug": "master", + "head_sha": "abcd", + "head_short_sha": "abcd", + "head_short_sha_7": "abcd", }, }, expectedErr: nil, @@ -117,10 +126,11 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { ctx, []*pullrequest.PullRequest{ &pullrequest.PullRequest{ - Number: 1, - Branch: "branch1", - HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", - Labels: []string{"preview"}, + Number: 1, + Branch: "branch1", + TargetBranch: "master", + HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", + Labels: []string{"preview"}, }, }, nil, @@ -128,13 +138,15 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "number": "1", - "branch": "branch1", - "branch_slug": "branch1", - "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", - "head_short_sha": "089d92cb", - "head_short_sha_7": "089d92c", - "labels": []string{"preview"}, + "number": "1", + "branch": "branch1", + "branch_slug": "branch1", + "target_branch": "master", + "target_branch_slug": "master", + "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", + "head_short_sha": "089d92cb", + "head_short_sha_7": "089d92c", + "labels": []string{"preview"}, }, }, expectedErr: nil, @@ -151,10 +163,11 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { ctx, []*pullrequest.PullRequest{ &pullrequest.PullRequest{ - Number: 1, - Branch: "branch1", - HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", - Labels: []string{"preview"}, + Number: 1, + Branch: "branch1", + TargetBranch: "master", + HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", + Labels: []string{"preview"}, }, }, nil, @@ -162,12 +175,14 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "number": "1", - "branch": "branch1", - "branch_slug": "branch1", - "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", - "head_short_sha": "089d92cb", - "head_short_sha_7": "089d92c", + "number": "1", + "branch": "branch1", + "branch_slug": "branch1", + "target_branch": "master", + "target_branch_slug": "master", + "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", + "head_short_sha": "089d92cb", + "head_short_sha_7": "089d92c", }, }, expectedErr: nil, diff --git a/applicationset/services/pull_request/bitbucket_server.go b/applicationset/services/pull_request/bitbucket_server.go index 72cd6dd7e1900..99665d163e1bc 100644 --- a/applicationset/services/pull_request/bitbucket_server.go +++ b/applicationset/services/pull_request/bitbucket_server.go @@ -66,10 +66,11 @@ func (b *BitbucketService) List(_ context.Context) ([]*PullRequest, error) { for _, pull := range pulls { pullRequests = append(pullRequests, &PullRequest{ - Number: pull.ID, - Branch: pull.FromRef.DisplayID, // ID: refs/heads/main DisplayID: main - HeadSHA: pull.FromRef.LatestCommit, // This is not defined in the official docs, but works in practice - Labels: []string{}, // Not supported by library + Number: pull.ID, + Branch: pull.FromRef.DisplayID, // ID: refs/heads/main DisplayID: main + TargetBranch: pull.ToRef.DisplayID, + HeadSHA: pull.FromRef.LatestCommit, // This is not defined in the official docs, but works in practice + Labels: []string{}, // Not supported by library }) } diff --git a/applicationset/services/pull_request/bitbucket_server_test.go b/applicationset/services/pull_request/bitbucket_server_test.go index 28f123fa9f43e..911e3e7e0ccd0 100644 --- a/applicationset/services/pull_request/bitbucket_server_test.go +++ b/applicationset/services/pull_request/bitbucket_server_test.go @@ -24,6 +24,11 @@ func defaultHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { "values": [ { "id": 101, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "master", + "id": "refs/heads/master" + }, "fromRef": { "id": "refs/heads/feature-ABC-123", "displayId": "feature-ABC-123", @@ -55,6 +60,7 @@ func TestListPullRequestNoAuth(t *testing.T) { assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, 101, pullRequests[0].Number) assert.Equal(t, "feature-ABC-123", pullRequests[0].Branch) + assert.Equal(t, "master", pullRequests[0].TargetBranch) assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA) } @@ -71,6 +77,11 @@ func TestListPullRequestPagination(t *testing.T) { "values": [ { "id": 101, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "master", + "id": "refs/heads/master" + }, "fromRef": { "id": "refs/heads/feature-101", "displayId": "feature-101", @@ -79,6 +90,11 @@ func TestListPullRequestPagination(t *testing.T) { }, { "id": 102, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "branch", + "id": "refs/heads/branch" + }, "fromRef": { "id": "refs/heads/feature-102", "displayId": "feature-102", @@ -96,6 +112,11 @@ func TestListPullRequestPagination(t *testing.T) { "values": [ { "id": 200, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "master", + "id": "refs/heads/master" + }, "fromRef": { "id": "refs/heads/feature-200", "displayId": "feature-200", @@ -119,22 +140,25 @@ func TestListPullRequestPagination(t *testing.T) { assert.NoError(t, err) assert.Equal(t, 3, len(pullRequests)) assert.Equal(t, PullRequest{ - Number: 101, - Branch: "feature-101", - HeadSHA: "ab3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 101, + Branch: "feature-101", + TargetBranch: "master", + HeadSHA: "ab3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[0]) assert.Equal(t, PullRequest{ - Number: 102, - Branch: "feature-102", - HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 102, + Branch: "feature-102", + TargetBranch: "branch", + HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[1]) assert.Equal(t, PullRequest{ - Number: 200, - Branch: "feature-200", - HeadSHA: "cb3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 200, + Branch: "feature-200", + TargetBranch: "master", + HeadSHA: "cb3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[2]) } @@ -231,6 +255,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { "values": [ { "id": 101, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "master", + "id": "refs/heads/master" + }, "fromRef": { "id": "refs/heads/feature-101", "displayId": "feature-101", @@ -239,6 +268,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { }, { "id": 102, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "branch", + "id": "refs/heads/branch" + }, "fromRef": { "id": "refs/heads/feature-102", "displayId": "feature-102", @@ -256,6 +290,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { "values": [ { "id": 200, + "toRef": { + "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", + "displayId": "master", + "id": "refs/heads/master" + }, "fromRef": { "id": "refs/heads/feature-200", "displayId": "feature-200", @@ -284,16 +323,18 @@ func TestListPullRequestBranchMatch(t *testing.T) { assert.NoError(t, err) assert.Equal(t, 2, len(pullRequests)) assert.Equal(t, PullRequest{ - Number: 101, - Branch: "feature-101", - HeadSHA: "ab3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 101, + Branch: "feature-101", + TargetBranch: "master", + HeadSHA: "ab3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[0]) assert.Equal(t, PullRequest{ - Number: 102, - Branch: "feature-102", - HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 102, + Branch: "feature-102", + TargetBranch: "branch", + HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[1]) regexp = `.*2$` @@ -307,10 +348,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { assert.NoError(t, err) assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, PullRequest{ - Number: 102, - Branch: "feature-102", - HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", - Labels: []string{}, + Number: 102, + Branch: "feature-102", + TargetBranch: "branch", + HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", + Labels: []string{}, }, *pullRequests[0]) regexp = `[\d{2}` diff --git a/applicationset/services/pull_request/gitea.go b/applicationset/services/pull_request/gitea.go index f913fb35580f5..435a0b57117e6 100644 --- a/applicationset/services/pull_request/gitea.go +++ b/applicationset/services/pull_request/gitea.go @@ -54,10 +54,11 @@ func (g *GiteaService) List(ctx context.Context) ([]*PullRequest, error) { list := []*PullRequest{} for _, pr := range prs { list = append(list, &PullRequest{ - Number: int(pr.Index), - Branch: pr.Head.Ref, - HeadSHA: pr.Head.Sha, - Labels: getGiteaPRLabelNames(pr.Labels), + Number: int(pr.Index), + Branch: pr.Head.Ref, + TargetBranch: pr.Base.Ref, + HeadSHA: pr.Head.Sha, + Labels: getGiteaPRLabelNames(pr.Labels), }) } return list, nil diff --git a/applicationset/services/pull_request/gitea_test.go b/applicationset/services/pull_request/gitea_test.go index 9d5ff25748234..c450a40a268b6 100644 --- a/applicationset/services/pull_request/gitea_test.go +++ b/applicationset/services/pull_request/gitea_test.go @@ -256,6 +256,7 @@ func TestGiteaList(t *testing.T) { assert.Equal(t, len(prs), 1) assert.Equal(t, prs[0].Number, 1) assert.Equal(t, prs[0].Branch, "test") + assert.Equal(t, prs[0].TargetBranch, "main") assert.Equal(t, prs[0].HeadSHA, "7bbaf62d92ddfafd9cc8b340c619abaec32bc09f") } diff --git a/applicationset/services/pull_request/github.go b/applicationset/services/pull_request/github.go index a40588ec3d367..7c801e7370f53 100644 --- a/applicationset/services/pull_request/github.go +++ b/applicationset/services/pull_request/github.go @@ -65,10 +65,11 @@ func (g *GithubService) List(ctx context.Context) ([]*PullRequest, error) { continue } pullRequests = append(pullRequests, &PullRequest{ - Number: *pull.Number, - Branch: *pull.Head.Ref, - HeadSHA: *pull.Head.SHA, - Labels: getGithubPRLabelNames(pull.Labels), + Number: *pull.Number, + Branch: *pull.Head.Ref, + TargetBranch: *pull.Base.Ref, + HeadSHA: *pull.Head.SHA, + Labels: getGithubPRLabelNames(pull.Labels), }) } if resp.NextPage == 0 { diff --git a/applicationset/services/pull_request/gitlab.go b/applicationset/services/pull_request/gitlab.go index 39f6250aae0e8..33bbdcd954fb0 100644 --- a/applicationset/services/pull_request/gitlab.go +++ b/applicationset/services/pull_request/gitlab.go @@ -69,10 +69,11 @@ func (g *GitLabService) List(ctx context.Context) ([]*PullRequest, error) { } for _, mr := range mrs { pullRequests = append(pullRequests, &PullRequest{ - Number: mr.IID, - Branch: mr.SourceBranch, - HeadSHA: mr.SHA, - Labels: mr.Labels, + Number: mr.IID, + Branch: mr.SourceBranch, + TargetBranch: mr.TargetBranch, + HeadSHA: mr.SHA, + Labels: mr.Labels, }) } if resp.NextPage == 0 { diff --git a/applicationset/services/pull_request/gitlab_test.go b/applicationset/services/pull_request/gitlab_test.go index 7c42e6f9f9269..3aba534aec42a 100644 --- a/applicationset/services/pull_request/gitlab_test.go +++ b/applicationset/services/pull_request/gitlab_test.go @@ -80,6 +80,7 @@ func TestList(t *testing.T) { assert.Len(t, prs, 1) assert.Equal(t, prs[0].Number, 15442) assert.Equal(t, prs[0].Branch, "use-structured-logging-for-db-load-balancer") + assert.Equal(t, prs[0].TargetBranch, "master") assert.Equal(t, prs[0].HeadSHA, "2fc4e8b972ff3208ec63b6143e34ad67ff343ad7") } diff --git a/applicationset/services/pull_request/interface.go b/applicationset/services/pull_request/interface.go index f81dc35e41435..0015cfe5eafa6 100644 --- a/applicationset/services/pull_request/interface.go +++ b/applicationset/services/pull_request/interface.go @@ -10,6 +10,8 @@ type PullRequest struct { Number int // Branch is the name of the branch from which the pull request originated. Branch string + // TargetBranch is the name of the target branch of the pull request. + TargetBranch string // HeadSHA is the SHA of the HEAD from which the pull request originated. HeadSHA string // Labels of the pull request. @@ -22,5 +24,6 @@ type PullRequestService interface { } type Filter struct { - BranchMatch *regexp.Regexp + BranchMatch *regexp.Regexp + TargetBranchMatch *regexp.Regexp } diff --git a/applicationset/services/pull_request/utils.go b/applicationset/services/pull_request/utils.go index c7970170a7d64..50d4e5a3c0098 100644 --- a/applicationset/services/pull_request/utils.go +++ b/applicationset/services/pull_request/utils.go @@ -19,6 +19,12 @@ func compileFilters(filters []argoprojiov1alpha1.PullRequestGeneratorFilter) ([] return nil, fmt.Errorf("error compiling BranchMatch regexp %q: %v", *filter.BranchMatch, err) } } + if filter.TargetBranchMatch != nil { + outFilter.TargetBranchMatch, err = regexp.Compile(*filter.TargetBranchMatch) + if err != nil { + return nil, fmt.Errorf("error compiling TargetBranchMatch regexp %q: %v", *filter.TargetBranchMatch, err) + } + } outFilters = append(outFilters, outFilter) } return outFilters, nil @@ -28,6 +34,9 @@ func matchFilter(pullRequest *PullRequest, filter *Filter) bool { if filter.BranchMatch != nil && !filter.BranchMatch.MatchString(pullRequest.Branch) { return false } + if filter.TargetBranchMatch != nil && !filter.TargetBranchMatch.MatchString(pullRequest.TargetBranch) { + return false + } return true } diff --git a/applicationset/services/pull_request/utils_test.go b/applicationset/services/pull_request/utils_test.go index eb92e5fad866f..3f813127edab7 100644 --- a/applicationset/services/pull_request/utils_test.go +++ b/applicationset/services/pull_request/utils_test.go @@ -16,9 +16,10 @@ func TestFilterBranchMatchBadRegexp(t *testing.T) { context.Background(), []*PullRequest{ { - Number: 1, - Branch: "branch1", - HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 1, + Branch: "branch1", + TargetBranch: "master", + HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", }, }, nil, @@ -37,24 +38,28 @@ func TestFilterBranchMatch(t *testing.T) { context.Background(), []*PullRequest{ { - Number: 1, - Branch: "one", - HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 1, + Branch: "one", + TargetBranch: "master", + HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 2, - Branch: "two", - HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 2, + Branch: "two", + TargetBranch: "master", + HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 3, - Branch: "three", - HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 3, + Branch: "three", + TargetBranch: "master", + HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 4, - Branch: "four", - HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 4, + Branch: "four", + TargetBranch: "master", + HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", }, }, nil, @@ -70,29 +75,75 @@ func TestFilterBranchMatch(t *testing.T) { assert.Equal(t, "two", pullRequests[0].Branch) } +func TestFilterTargetBranchMatch(t *testing.T) { + provider, _ := NewFakeService( + context.Background(), + []*PullRequest{ + { + Number: 1, + Branch: "one", + TargetBranch: "master", + HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 2, + Branch: "two", + TargetBranch: "branch1", + HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 3, + Branch: "three", + TargetBranch: "branch2", + HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 4, + Branch: "four", + TargetBranch: "branch3", + HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + }, + }, + nil, + ) + filters := []argoprojiov1alpha1.PullRequestGeneratorFilter{ + { + TargetBranchMatch: strp("1"), + }, + } + pullRequests, err := ListPullRequests(context.Background(), provider, filters) + assert.NoError(t, err) + assert.Len(t, pullRequests, 1) + assert.Equal(t, "two", pullRequests[0].Branch) +} + func TestMultiFilterOr(t *testing.T) { provider, _ := NewFakeService( context.Background(), []*PullRequest{ { - Number: 1, - Branch: "one", - HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 1, + Branch: "one", + TargetBranch: "master", + HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 2, - Branch: "two", - HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 2, + Branch: "two", + TargetBranch: "master", + HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 3, - Branch: "three", - HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 3, + Branch: "three", + TargetBranch: "master", + HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 4, - Branch: "four", - HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 4, + Branch: "four", + TargetBranch: "master", + HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", }, }, nil, @@ -113,19 +164,69 @@ func TestMultiFilterOr(t *testing.T) { assert.Equal(t, "four", pullRequests[2].Branch) } +func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) { + provider, _ := NewFakeService( + context.Background(), + []*PullRequest{ + { + Number: 1, + Branch: "one", + TargetBranch: "master", + HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 2, + Branch: "two", + TargetBranch: "branch1", + HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 3, + Branch: "three", + TargetBranch: "branch2", + HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + }, + { + Number: 4, + Branch: "four", + TargetBranch: "branch3", + HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + }, + }, + nil, + ) + filters := []argoprojiov1alpha1.PullRequestGeneratorFilter{ + { + BranchMatch: strp("w"), + TargetBranchMatch: strp("1"), + }, + { + BranchMatch: strp("r"), + TargetBranchMatch: strp("3"), + }, + } + pullRequests, err := ListPullRequests(context.Background(), provider, filters) + assert.NoError(t, err) + assert.Len(t, pullRequests, 2) + assert.Equal(t, "two", pullRequests[0].Branch) + assert.Equal(t, "four", pullRequests[1].Branch) +} + func TestNoFilters(t *testing.T) { provider, _ := NewFakeService( context.Background(), []*PullRequest{ { - Number: 1, - Branch: "one", - HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 1, + Branch: "one", + TargetBranch: "master", + HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", }, { - Number: 2, - Branch: "two", - HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Number: 2, + Branch: "two", + TargetBranch: "master", + HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", }, }, nil, diff --git a/assets/swagger.json b/assets/swagger.json index 09ebe4d2dd0c4..ea503998bc1b6 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -7395,6 +7395,9 @@ "properties": { "branchMatch": { "type": "string" + }, + "targetBranchMatch": { + "type": "string" } } }, diff --git a/docs/operator-manual/applicationset/Generators-Pull-Request.md b/docs/operator-manual/applicationset/Generators-Pull-Request.md index f84a58731ce30..27dfef3a30715 100644 --- a/docs/operator-manual/applicationset/Generators-Pull-Request.md +++ b/docs/operator-manual/applicationset/Generators-Pull-Request.md @@ -202,6 +202,7 @@ spec: ``` * `branchMatch`: A regexp matched against source branch names. +* `targetBranchMatch`: A regexp matched against target branch names. [GitHub](#github) and [GitLab](#gitlab) also support a `labels` filter. @@ -272,6 +273,8 @@ spec: * `number`: The ID number of the pull request. * `branch`: The name of the branch of the pull request head. * `branch_slug`: The branch name will be cleaned to be conform to the DNS label standard as defined in [RFC 1123](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names), and truncated to 50 characters to give room to append/suffix-ing it with 13 more characters. +* `target_branch`: The name of the target branch of the pull request. +* `target_branch_slug`: The target branch name will be cleaned to be conform to the DNS label standard as defined in [RFC 1123](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names), and truncated to 50 characters to give room to append/suffix-ing it with 13 more characters. * `head_sha`: This is the SHA of the head of the pull request. * `head_short_sha`: This is the short SHA of the head of the pull request (8 characters long or the length of the head SHA if it's shorter). * `head_short_sha_7`: This is the short SHA of the head of the pull request (7 characters long or the length of the head SHA if it's shorter). diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 5c57cdedc68f8..2af87d20a808c 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -8521,6 +8521,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -12337,6 +12339,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -14110,6 +14114,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index dc3ce3a0602be..3b4efe274847f 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -4157,6 +4157,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -7973,6 +7975,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -9746,6 +9750,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 3cf32a4f77be0..8bfd905118811 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -8521,6 +8521,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -12337,6 +12339,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -14110,6 +14114,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: diff --git a/manifests/install.yaml b/manifests/install.yaml index c9b1641bc2c46..dc96b15b7ae70 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -8521,6 +8521,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -12337,6 +12339,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -14110,6 +14114,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index ea4e99f2af27a..babb76eae4ca9 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -528,7 +528,8 @@ type BasicAuthBitbucketServer struct { // If multiple filter types are set on a single struct, they will be AND'd together. All filters must // pass for a pull request to be included. type PullRequestGeneratorFilter struct { - BranchMatch *string `json:"branchMatch,omitempty" protobuf:"bytes,1,opt,name=branchMatch"` + BranchMatch *string `json:"branchMatch,omitempty" protobuf:"bytes,1,opt,name=branchMatch"` + TargetBranchMatch *string `json:"targetBranchMatch,omitempty" protobuf:"bytes,2,opt,name=targetBranchMatch"` } // ApplicationSetStatus defines the observed state of ApplicationSet diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 33a401fc7e5b1..e217a27cf0e70 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -4063,629 +4063,630 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 9939 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0xc7, - 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0xdc, 0xa1, 0xef, 0x8e, 0x04, 0x8f, 0xe4, 0xe1, - 0x32, 0x2c, 0x53, 0x54, 0x44, 0x02, 0xe6, 0x89, 0x52, 0x2e, 0xa6, 0x4d, 0x19, 0x0b, 0xdc, 0xe1, - 0x70, 0x07, 0x1c, 0xc0, 0x06, 0xee, 0x4e, 0x22, 0x4d, 0x51, 0x83, 0xd9, 0xde, 0xc5, 0x1c, 0x66, - 0x67, 0xf6, 0x66, 0x66, 0x71, 0x00, 0x2d, 0xcb, 0x92, 0x2d, 0xc5, 0x4a, 0xf4, 0x41, 0x85, 0xfa, - 0x61, 0x39, 0x1f, 0x8e, 0x62, 0xbb, 0x5c, 0x71, 0x25, 0xac, 0x38, 0x95, 0x1f, 0x71, 0xbe, 0x7e, - 0xd8, 0xce, 0x0f, 0xa6, 0x94, 0x54, 0x54, 0x15, 0x97, 0xe5, 0xc4, 0x0e, 0x4c, 0x21, 0x95, 0x4a, - 0x2a, 0x55, 0x71, 0x55, 0x3e, 0xfe, 0xe4, 0xca, 0x55, 0x49, 0xf5, 0x77, 0xcf, 0xec, 0xee, 0x61, - 0x01, 0x0c, 0xee, 0x4e, 0x2a, 0xfe, 0xdb, 0xed, 0xf7, 0xe6, 0xbd, 0x9e, 0x9e, 0xee, 0xd7, 0xef, - 0xbd, 0x7e, 0xef, 0x35, 0x2c, 0x36, 0xbc, 0x64, 0xa3, 0xbd, 0x3e, 0xe5, 0x86, 0xcd, 0x69, 0x27, - 0x6a, 0x84, 0xad, 0x28, 0xbc, 0xcd, 0x7e, 0xbc, 0xe0, 0xd6, 0xa6, 0xb7, 0x2e, 0x4c, 0xb7, 0x36, - 0x1b, 0xd3, 0x4e, 0xcb, 0x8b, 0xa7, 0x9d, 0x56, 0xcb, 0xf7, 0x5c, 0x27, 0xf1, 0xc2, 0x60, 0x7a, - 0xeb, 0x45, 0xc7, 0x6f, 0x6d, 0x38, 0x2f, 0x4e, 0x37, 0x48, 0x40, 0x22, 0x27, 0x21, 0xb5, 0xa9, - 0x56, 0x14, 0x26, 0x21, 0xfa, 0x49, 0x4d, 0x6d, 0x4a, 0x52, 0x63, 0x3f, 0xde, 0x74, 0x6b, 0x53, - 0x5b, 0x17, 0xa6, 0x5a, 0x9b, 0x8d, 0x29, 0x4a, 0x6d, 0xca, 0xa0, 0x36, 0x25, 0xa9, 0x9d, 0x7d, - 0xc1, 0xe8, 0x4b, 0x23, 0x6c, 0x84, 0xd3, 0x8c, 0xe8, 0x7a, 0xbb, 0xce, 0xfe, 0xb1, 0x3f, 0xec, - 0x17, 0x67, 0x76, 0xd6, 0xde, 0xbc, 0x18, 0x4f, 0x79, 0x21, 0xed, 0xde, 0xb4, 0x1b, 0x46, 0x64, - 0x7a, 0xab, 0xa3, 0x43, 0x67, 0xaf, 0x68, 0x1c, 0xb2, 0x9d, 0x90, 0x20, 0xf6, 0xc2, 0x20, 0x7e, - 0x81, 0x76, 0x81, 0x44, 0x5b, 0x24, 0x32, 0x5f, 0xcf, 0x40, 0xe8, 0x46, 0xe9, 0x25, 0x4d, 0xa9, - 0xe9, 0xb8, 0x1b, 0x5e, 0x40, 0xa2, 0x1d, 0xfd, 0x78, 0x93, 0x24, 0x4e, 0xb7, 0xa7, 0xa6, 0x7b, - 0x3d, 0x15, 0xb5, 0x83, 0xc4, 0x6b, 0x92, 0x8e, 0x07, 0x3e, 0xb1, 0xdf, 0x03, 0xb1, 0xbb, 0x41, - 0x9a, 0x4e, 0xc7, 0x73, 0x1f, 0xeb, 0xf5, 0x5c, 0x3b, 0xf1, 0xfc, 0x69, 0x2f, 0x48, 0xe2, 0x24, - 0xca, 0x3e, 0x64, 0xdf, 0x81, 0xd1, 0x99, 0x5b, 0xab, 0x33, 0xed, 0x64, 0x63, 0x36, 0x0c, 0xea, - 0x5e, 0x03, 0x7d, 0x1c, 0x86, 0x5d, 0xbf, 0x1d, 0x27, 0x24, 0xba, 0xee, 0x34, 0xc9, 0x84, 0x75, - 0xde, 0x7a, 0xae, 0x52, 0x3d, 0xf5, 0xde, 0xee, 0xe4, 0x87, 0xf6, 0x76, 0x27, 0x87, 0x67, 0x35, - 0x08, 0x9b, 0x78, 0xe8, 0x23, 0x30, 0x14, 0x85, 0x3e, 0x99, 0xc1, 0xd7, 0x27, 0x0a, 0xec, 0x91, - 0x13, 0xe2, 0x91, 0x21, 0xcc, 0x9b, 0xb1, 0x84, 0xdb, 0x7f, 0x58, 0x00, 0x98, 0x69, 0xb5, 0x56, - 0xa2, 0xf0, 0x36, 0x71, 0x13, 0xf4, 0x59, 0x28, 0xd3, 0xa1, 0xab, 0x39, 0x89, 0xc3, 0xb8, 0x0d, - 0x5f, 0xf8, 0xf1, 0x29, 0xfe, 0x26, 0x53, 0xe6, 0x9b, 0xe8, 0x89, 0x43, 0xb1, 0xa7, 0xb6, 0x5e, - 0x9c, 0x5a, 0x5e, 0xa7, 0xcf, 0x2f, 0x91, 0xc4, 0xa9, 0x22, 0xc1, 0x0c, 0x74, 0x1b, 0x56, 0x54, - 0x51, 0x00, 0x03, 0x71, 0x8b, 0xb8, 0xac, 0x63, 0xc3, 0x17, 0x16, 0xa7, 0x8e, 0x32, 0x43, 0xa7, - 0x74, 0xcf, 0x57, 0x5b, 0xc4, 0xad, 0x8e, 0x08, 0xce, 0x03, 0xf4, 0x1f, 0x66, 0x7c, 0xd0, 0x16, - 0x0c, 0xc6, 0x89, 0x93, 0xb4, 0xe3, 0x89, 0x22, 0xe3, 0x78, 0x3d, 0x37, 0x8e, 0x8c, 0x6a, 0x75, - 0x4c, 0xf0, 0x1c, 0xe4, 0xff, 0xb1, 0xe0, 0x66, 0xff, 0x27, 0x0b, 0xc6, 0x34, 0xf2, 0xa2, 0x17, - 0x27, 0xe8, 0x67, 0x3a, 0x06, 0x77, 0xaa, 0xbf, 0xc1, 0xa5, 0x4f, 0xb3, 0xa1, 0x3d, 0x29, 0x98, - 0x95, 0x65, 0x8b, 0x31, 0xb0, 0x4d, 0x28, 0x79, 0x09, 0x69, 0xc6, 0x13, 0x85, 0xf3, 0xc5, 0xe7, - 0x86, 0x2f, 0x5c, 0xc9, 0xeb, 0x3d, 0xab, 0xa3, 0x82, 0x69, 0x69, 0x81, 0x92, 0xc7, 0x9c, 0x8b, - 0xfd, 0x5b, 0x23, 0xe6, 0xfb, 0xd1, 0x01, 0x47, 0x2f, 0xc2, 0x70, 0x1c, 0xb6, 0x23, 0x97, 0x60, - 0xd2, 0x0a, 0xe3, 0x09, 0xeb, 0x7c, 0x91, 0x4e, 0x3d, 0x3a, 0x53, 0x57, 0x75, 0x33, 0x36, 0x71, - 0xd0, 0x37, 0x2c, 0x18, 0xa9, 0x91, 0x38, 0xf1, 0x02, 0xc6, 0x5f, 0x76, 0x7e, 0xed, 0xc8, 0x9d, - 0x97, 0x8d, 0x73, 0x9a, 0x78, 0xf5, 0xb4, 0x78, 0x91, 0x11, 0xa3, 0x31, 0xc6, 0x29, 0xfe, 0x74, - 0xc5, 0xd5, 0x48, 0xec, 0x46, 0x5e, 0x8b, 0xfe, 0x67, 0x73, 0xc6, 0x58, 0x71, 0x73, 0x1a, 0x84, - 0x4d, 0x3c, 0x14, 0x40, 0x89, 0xae, 0xa8, 0x78, 0x62, 0x80, 0xf5, 0x7f, 0xe1, 0x68, 0xfd, 0x17, - 0x83, 0x4a, 0x17, 0xab, 0x1e, 0x7d, 0xfa, 0x2f, 0xc6, 0x9c, 0x0d, 0xfa, 0xba, 0x05, 0x13, 0x62, - 0xc5, 0x63, 0xc2, 0x07, 0xf4, 0xd6, 0x86, 0x97, 0x10, 0xdf, 0x8b, 0x93, 0x89, 0x12, 0xeb, 0xc3, - 0x74, 0x7f, 0x73, 0x6b, 0x3e, 0x0a, 0xdb, 0xad, 0x6b, 0x5e, 0x50, 0xab, 0x9e, 0x17, 0x9c, 0x26, - 0x66, 0x7b, 0x10, 0xc6, 0x3d, 0x59, 0xa2, 0x6f, 0x59, 0x70, 0x36, 0x70, 0x9a, 0x24, 0x6e, 0x39, - 0xf4, 0xd3, 0x72, 0x70, 0xd5, 0x77, 0xdc, 0x4d, 0xd6, 0xa3, 0xc1, 0xc3, 0xf5, 0xc8, 0x16, 0x3d, - 0x3a, 0x7b, 0xbd, 0x27, 0x69, 0x7c, 0x1f, 0xb6, 0xe8, 0xd7, 0x2d, 0x18, 0x0f, 0xa3, 0xd6, 0x86, - 0x13, 0x90, 0x9a, 0x84, 0xc6, 0x13, 0x43, 0x6c, 0xe9, 0x7d, 0xe6, 0x68, 0x9f, 0x68, 0x39, 0x4b, - 0x76, 0x29, 0x0c, 0xbc, 0x24, 0x8c, 0x56, 0x49, 0x92, 0x78, 0x41, 0x23, 0xae, 0x9e, 0xd9, 0xdb, - 0x9d, 0x1c, 0xef, 0xc0, 0xc2, 0x9d, 0xfd, 0x41, 0x3f, 0x0b, 0xc3, 0xf1, 0x4e, 0xe0, 0xde, 0xf2, - 0x82, 0x5a, 0x78, 0x37, 0x9e, 0x28, 0xe7, 0xb1, 0x7c, 0x57, 0x15, 0x41, 0xb1, 0x00, 0x35, 0x03, - 0x6c, 0x72, 0xeb, 0xfe, 0xe1, 0xf4, 0x54, 0xaa, 0xe4, 0xfd, 0xe1, 0xf4, 0x64, 0xba, 0x0f, 0x5b, - 0xf4, 0x4b, 0x16, 0x8c, 0xc6, 0x5e, 0x23, 0x70, 0x92, 0x76, 0x44, 0xae, 0x91, 0x9d, 0x78, 0x02, - 0x58, 0x47, 0xae, 0x1e, 0x71, 0x54, 0x0c, 0x92, 0xd5, 0x33, 0xa2, 0x8f, 0xa3, 0x66, 0x6b, 0x8c, - 0xd3, 0x7c, 0xbb, 0x2d, 0x34, 0x3d, 0xad, 0x87, 0xf3, 0x5d, 0x68, 0x7a, 0x52, 0xf7, 0x64, 0x89, - 0x7e, 0x1a, 0x4e, 0xf2, 0x26, 0x35, 0xb2, 0xf1, 0xc4, 0x08, 0x13, 0xb4, 0xa7, 0xf7, 0x76, 0x27, - 0x4f, 0xae, 0x66, 0x60, 0xb8, 0x03, 0x1b, 0xdd, 0x81, 0xc9, 0x16, 0x89, 0x9a, 0x5e, 0xb2, 0x1c, - 0xf8, 0x3b, 0x52, 0x7c, 0xbb, 0x61, 0x8b, 0xd4, 0x44, 0x77, 0xe2, 0x89, 0xd1, 0xf3, 0xd6, 0x73, - 0xe5, 0xea, 0x87, 0x45, 0x37, 0x27, 0x57, 0xee, 0x8f, 0x8e, 0xf7, 0xa3, 0x67, 0xff, 0xeb, 0x02, - 0x9c, 0xcc, 0x6e, 0x9c, 0xe8, 0x37, 0x2d, 0x38, 0x71, 0xfb, 0x6e, 0xb2, 0x16, 0x6e, 0x92, 0x20, - 0xae, 0xee, 0x50, 0xf1, 0xc6, 0xb6, 0x8c, 0xe1, 0x0b, 0x6e, 0xbe, 0x5b, 0xf4, 0xd4, 0xd5, 0x34, - 0x97, 0x4b, 0x41, 0x12, 0xed, 0x54, 0x1f, 0x17, 0x6f, 0x77, 0xe2, 0xea, 0xad, 0x35, 0x13, 0x8a, - 0xb3, 0x9d, 0x3a, 0xfb, 0x55, 0x0b, 0x4e, 0x77, 0x23, 0x81, 0x4e, 0x42, 0x71, 0x93, 0xec, 0x70, - 0xad, 0x0c, 0xd3, 0x9f, 0xe8, 0x0d, 0x28, 0x6d, 0x39, 0x7e, 0x9b, 0x08, 0xed, 0x66, 0xfe, 0x68, - 0x2f, 0xa2, 0x7a, 0x86, 0x39, 0xd5, 0x9f, 0x28, 0x5c, 0xb4, 0xec, 0x7f, 0x57, 0x84, 0x61, 0x63, - 0x7f, 0x7b, 0x00, 0x1a, 0x5b, 0x98, 0xd2, 0xd8, 0x96, 0x72, 0xdb, 0x9a, 0x7b, 0xaa, 0x6c, 0x77, - 0x33, 0x2a, 0xdb, 0x72, 0x7e, 0x2c, 0xef, 0xab, 0xb3, 0xa1, 0x04, 0x2a, 0x61, 0x8b, 0x6a, 0xe4, - 0x74, 0xeb, 0x1f, 0xc8, 0xe3, 0x13, 0x2e, 0x4b, 0x72, 0xd5, 0xd1, 0xbd, 0xdd, 0xc9, 0x8a, 0xfa, - 0x8b, 0x35, 0x23, 0xfb, 0xfb, 0x16, 0x9c, 0x36, 0xfa, 0x38, 0x1b, 0x06, 0x35, 0x8f, 0x7d, 0xda, - 0xf3, 0x30, 0x90, 0xec, 0xb4, 0xa4, 0xda, 0xaf, 0x46, 0x6a, 0x6d, 0xa7, 0x45, 0x30, 0x83, 0x50, - 0x45, 0xbf, 0x49, 0xe2, 0xd8, 0x69, 0x90, 0xac, 0xa2, 0xbf, 0xc4, 0x9b, 0xb1, 0x84, 0xa3, 0x08, - 0x90, 0xef, 0xc4, 0xc9, 0x5a, 0xe4, 0x04, 0x31, 0x23, 0xbf, 0xe6, 0x35, 0x89, 0x18, 0xe0, 0xbf, - 0xd8, 0xdf, 0x8c, 0xa1, 0x4f, 0x54, 0x1f, 0xdb, 0xdb, 0x9d, 0x44, 0x8b, 0x1d, 0x94, 0x70, 0x17, - 0xea, 0xf6, 0xb7, 0x2c, 0x78, 0xac, 0xbb, 0x2e, 0x86, 0x9e, 0x85, 0x41, 0x6e, 0xf2, 0x89, 0xb7, - 0xd3, 0x9f, 0x84, 0xb5, 0x62, 0x01, 0x45, 0xd3, 0x50, 0x51, 0xfb, 0x84, 0x78, 0xc7, 0x71, 0x81, - 0x5a, 0xd1, 0x9b, 0x8b, 0xc6, 0xa1, 0x83, 0x46, 0xff, 0x08, 0xcd, 0x4d, 0x0d, 0x1a, 0x33, 0x92, - 0x18, 0xc4, 0xfe, 0x53, 0x0b, 0x4e, 0x18, 0xbd, 0x7a, 0x00, 0xaa, 0x79, 0x90, 0x56, 0xcd, 0x17, - 0x72, 0x9b, 0xcf, 0x3d, 0x74, 0xf3, 0xaf, 0x5b, 0x70, 0xd6, 0xc0, 0x5a, 0x72, 0x12, 0x77, 0xe3, - 0xd2, 0x76, 0x2b, 0x22, 0x31, 0x35, 0xa7, 0xd1, 0xd3, 0x86, 0xdc, 0xaa, 0x0e, 0x0b, 0x0a, 0xc5, - 0x6b, 0x64, 0x87, 0x0b, 0xb1, 0xe7, 0xa1, 0xcc, 0x27, 0x67, 0x18, 0x89, 0x11, 0x57, 0xef, 0xb6, - 0x2c, 0xda, 0xb1, 0xc2, 0x40, 0x36, 0x0c, 0x32, 0xe1, 0x44, 0x17, 0x2b, 0xdd, 0x86, 0x80, 0x7e, - 0xc4, 0x9b, 0xac, 0x05, 0x0b, 0x88, 0xbd, 0x9c, 0xea, 0xce, 0x4a, 0x44, 0xd8, 0xc7, 0xad, 0x5d, - 0xf6, 0x88, 0x5f, 0x8b, 0xa9, 0xd9, 0xe0, 0x04, 0x41, 0x98, 0x08, 0x0b, 0xc0, 0x30, 0x1b, 0x66, - 0x74, 0x33, 0x36, 0x71, 0xec, 0xbd, 0x02, 0x33, 0x3e, 0xd4, 0xb2, 0x26, 0x0f, 0xc2, 0x72, 0x8d, - 0x52, 0x72, 0x70, 0x25, 0x3f, 0xa1, 0x44, 0x7a, 0x5b, 0xaf, 0x6f, 0x65, 0x44, 0x21, 0xce, 0x95, - 0xeb, 0xfd, 0x2d, 0xd8, 0xdf, 0x2d, 0xc0, 0x64, 0xfa, 0x81, 0x0e, 0x49, 0x4a, 0xcd, 0x25, 0x83, - 0x51, 0xd6, 0x41, 0x61, 0xe0, 0x63, 0x13, 0xaf, 0x87, 0x30, 0x2a, 0x1c, 0xa7, 0x30, 0x32, 0x65, - 0x65, 0x71, 0x1f, 0x59, 0xf9, 0xac, 0x1a, 0xf5, 0x81, 0x8c, 0x70, 0x4a, 0xef, 0x17, 0xe7, 0x61, - 0x20, 0x4e, 0x48, 0x6b, 0xa2, 0x94, 0x96, 0x35, 0xab, 0x09, 0x69, 0x61, 0x06, 0xb1, 0xff, 0x7b, - 0x01, 0x1e, 0x4f, 0x8f, 0xa1, 0x16, 0xef, 0x9f, 0x4c, 0x89, 0xf7, 0x8f, 0x9a, 0xe2, 0xfd, 0xde, - 0xee, 0xe4, 0x93, 0x3d, 0x1e, 0xfb, 0xa1, 0x91, 0xfe, 0x68, 0x3e, 0x33, 0x8a, 0xd3, 0xe9, 0x51, - 0xbc, 0xb7, 0x3b, 0xf9, 0x74, 0x8f, 0x77, 0xcc, 0x0c, 0xf3, 0xb3, 0x30, 0x18, 0x11, 0x27, 0x0e, - 0x03, 0x31, 0xd0, 0xea, 0x73, 0x60, 0xd6, 0x8a, 0x05, 0xd4, 0xfe, 0xd3, 0x72, 0x76, 0xb0, 0xe7, - 0xb9, 0x83, 0x2d, 0x8c, 0x90, 0x07, 0x03, 0x4c, 0x65, 0xe7, 0xa2, 0xe1, 0xda, 0xd1, 0x96, 0x11, - 0x15, 0xf1, 0x8a, 0x74, 0xb5, 0x4c, 0xbf, 0x1a, 0x6d, 0xc2, 0x8c, 0x05, 0xda, 0x86, 0xb2, 0x2b, - 0x35, 0xe9, 0x42, 0x1e, 0x3e, 0x27, 0xa1, 0x47, 0x6b, 0x8e, 0x23, 0x54, 0x16, 0x2b, 0xf5, 0x5b, - 0x71, 0x43, 0x04, 0x8a, 0x0d, 0x2f, 0x11, 0x9f, 0xf5, 0x88, 0xb6, 0xd2, 0xbc, 0x67, 0xbc, 0xe2, - 0x10, 0xdd, 0x20, 0xe6, 0xbd, 0x04, 0x53, 0xfa, 0xe8, 0xcb, 0x16, 0x0c, 0xc7, 0x6e, 0x73, 0x25, - 0x0a, 0xb7, 0xbc, 0x1a, 0x89, 0x84, 0xa6, 0x74, 0x44, 0xd1, 0xb4, 0x3a, 0xbb, 0x24, 0x09, 0x6a, - 0xbe, 0xdc, 0x76, 0xd5, 0x10, 0x6c, 0xf2, 0xa5, 0x16, 0xc4, 0xe3, 0xe2, 0xdd, 0xe7, 0x88, 0xeb, - 0xd1, 0xbd, 0x4d, 0x1a, 0x4c, 0x6c, 0xa6, 0x1c, 0x59, 0x73, 0x9c, 0x6b, 0xbb, 0x9b, 0x74, 0xbd, - 0xe9, 0x0e, 0x3d, 0xb9, 0xb7, 0x3b, 0xf9, 0xf8, 0x6c, 0x77, 0x9e, 0xb8, 0x57, 0x67, 0xd8, 0x80, - 0xb5, 0xda, 0xbe, 0x8f, 0xc9, 0x9d, 0x36, 0x61, 0xee, 0x90, 0x1c, 0x06, 0x6c, 0x45, 0x13, 0xcc, - 0x0c, 0x98, 0x01, 0xc1, 0x26, 0x5f, 0x74, 0x07, 0x06, 0x9b, 0x4e, 0x12, 0x79, 0xdb, 0xc2, 0x07, - 0x72, 0x44, 0x5d, 0x7e, 0x89, 0xd1, 0xd2, 0xcc, 0xd9, 0xd6, 0xcf, 0x1b, 0xb1, 0x60, 0x84, 0x9a, - 0x50, 0x6a, 0x92, 0xa8, 0x41, 0x26, 0xca, 0x79, 0xf8, 0x7b, 0x97, 0x28, 0x29, 0xcd, 0xb0, 0x42, - 0x35, 0x1f, 0xd6, 0x86, 0x39, 0x17, 0xf4, 0x06, 0x94, 0x63, 0xe2, 0x13, 0x97, 0xea, 0x2e, 0x15, - 0xc6, 0xf1, 0x63, 0x7d, 0xea, 0x71, 0xce, 0x3a, 0xf1, 0x57, 0xc5, 0xa3, 0x7c, 0x81, 0xc9, 0x7f, - 0x58, 0x91, 0xb4, 0xff, 0x8b, 0x05, 0x28, 0x2d, 0x61, 0x1e, 0x80, 0xf6, 0x78, 0x27, 0xad, 0x3d, - 0x2e, 0xe6, 0xa9, 0x02, 0xf4, 0x50, 0x20, 0xdf, 0x2b, 0x43, 0x46, 0x36, 0x5f, 0x27, 0x71, 0x42, - 0x6a, 0x1f, 0xc8, 0xd3, 0x0f, 0xe4, 0xe9, 0x07, 0xf2, 0x54, 0xc9, 0xd3, 0xf5, 0x8c, 0x3c, 0x7d, - 0xc5, 0x58, 0xf5, 0xfa, 0xf4, 0xf2, 0x4d, 0x75, 0xbc, 0x69, 0xf6, 0xc0, 0x40, 0xa0, 0x92, 0xe0, - 0xea, 0xea, 0xf2, 0xf5, 0xae, 0x02, 0xf4, 0xcd, 0xb4, 0x00, 0x3d, 0x2a, 0x8b, 0x07, 0x2e, 0x32, - 0xff, 0x66, 0x01, 0x9e, 0x48, 0x8b, 0x12, 0x1c, 0xfa, 0x7e, 0xd8, 0x4e, 0xa8, 0x96, 0x8c, 0x7e, - 0xd5, 0x82, 0x93, 0xcd, 0xb4, 0x79, 0x1a, 0x0b, 0x2f, 0xe0, 0xa7, 0x72, 0x93, 0x73, 0x19, 0xfb, - 0xb7, 0x3a, 0x21, 0x64, 0xde, 0xc9, 0x0c, 0x20, 0xc6, 0x1d, 0x7d, 0x41, 0x6f, 0x40, 0xa5, 0xe9, - 0x6c, 0xdf, 0x68, 0xd5, 0x9c, 0x44, 0x1a, 0x28, 0xbd, 0xed, 0xca, 0x76, 0xe2, 0xf9, 0x53, 0xfc, - 0x6c, 0x77, 0x6a, 0x21, 0x48, 0x96, 0xa3, 0xd5, 0x24, 0xf2, 0x82, 0x06, 0xf7, 0xfd, 0x2c, 0x49, - 0x32, 0x58, 0x53, 0xb4, 0xff, 0xb6, 0x95, 0x15, 0xb4, 0x6a, 0x74, 0x22, 0x27, 0x21, 0x8d, 0x1d, - 0xf4, 0x39, 0x28, 0x51, 0x4b, 0x42, 0x8e, 0xca, 0xad, 0x3c, 0xa5, 0xbf, 0xf1, 0x25, 0xf4, 0x46, - 0x40, 0xff, 0xc5, 0x98, 0x33, 0xb5, 0xff, 0xbc, 0x94, 0xdd, 0xf0, 0xd8, 0x49, 0xdf, 0x05, 0x80, - 0x46, 0xb8, 0x46, 0x9a, 0x2d, 0x9f, 0x0e, 0x8b, 0xc5, 0xdc, 0xc5, 0xca, 0x78, 0x9e, 0x57, 0x10, - 0x6c, 0x60, 0xa1, 0xbf, 0x6a, 0x01, 0x34, 0xe4, 0xc2, 0x92, 0x9b, 0xd9, 0x8d, 0x3c, 0x5f, 0x47, - 0x2f, 0x5b, 0xdd, 0x17, 0xc5, 0x10, 0x1b, 0xcc, 0xd1, 0x2f, 0x58, 0x50, 0x4e, 0x64, 0xf7, 0xb9, - 0x78, 0x5f, 0xcb, 0xb3, 0x27, 0xf2, 0xa5, 0xf5, 0xbe, 0xae, 0x86, 0x44, 0xf1, 0x45, 0x7f, 0xc5, - 0x02, 0x88, 0x77, 0x02, 0x77, 0x25, 0xf4, 0x3d, 0x77, 0x47, 0x48, 0xfd, 0x9b, 0xb9, 0x1a, 0xf8, - 0x8a, 0x7a, 0x75, 0x8c, 0x8e, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0xf3, 0x50, 0x8e, 0xc5, 0x74, - 0x13, 0x72, 0x7e, 0x2d, 0x5f, 0x37, 0x03, 0xa7, 0x2d, 0x44, 0x84, 0xf8, 0x87, 0x15, 0x4f, 0xf4, - 0xcb, 0x16, 0x9c, 0x68, 0xa5, 0x9d, 0x42, 0x42, 0xa4, 0xe7, 0x27, 0x03, 0x32, 0x4e, 0xa7, 0xea, - 0xa9, 0xbd, 0xdd, 0xc9, 0x13, 0x99, 0x46, 0x9c, 0xed, 0x85, 0xfd, 0xdd, 0x42, 0xca, 0x35, 0xab, - 0x7c, 0x26, 0x6c, 0x32, 0xbb, 0xd2, 0x5c, 0x95, 0x6b, 0x33, 0xd7, 0xc9, 0xac, 0x8c, 0x61, 0x3d, - 0x99, 0x55, 0x53, 0x8c, 0x0d, 0xe6, 0x74, 0xdb, 0x1e, 0x77, 0xb2, 0x9e, 0x19, 0xb1, 0xbe, 0xde, - 0xc8, 0xb3, 0x4b, 0x9d, 0x8e, 0xf4, 0x27, 0x44, 0xd7, 0xc6, 0x3b, 0x40, 0xb8, 0xb3, 0x4b, 0xf6, - 0x77, 0xd3, 0xee, 0x60, 0x63, 0x6a, 0xf4, 0xe1, 0xea, 0xfe, 0x86, 0x05, 0xc3, 0x51, 0xe8, 0xfb, - 0x5e, 0xd0, 0xa0, 0xd3, 0x58, 0xc8, 0xe2, 0xd7, 0x8f, 0x45, 0x1c, 0x8a, 0xf9, 0xca, 0x36, 0x7f, - 0xac, 0x79, 0x62, 0xb3, 0x03, 0xf6, 0x17, 0x2d, 0x98, 0xe8, 0xb5, 0xdc, 0x10, 0x81, 0x27, 0xe5, - 0x5c, 0x52, 0x07, 0xbd, 0xcb, 0xc1, 0x1c, 0xf1, 0x89, 0xf2, 0x93, 0x95, 0xab, 0xcf, 0x88, 0xd7, - 0x7c, 0x72, 0xa5, 0x37, 0x2a, 0xbe, 0x1f, 0x1d, 0xfb, 0x37, 0x0a, 0xd9, 0x11, 0x55, 0xe2, 0xf6, - 0xdb, 0x56, 0x87, 0x51, 0xf2, 0xa9, 0xe3, 0x10, 0x71, 0xcc, 0x7c, 0x51, 0xe7, 0xbd, 0xbd, 0x71, - 0x1e, 0xe2, 0x81, 0x92, 0xfd, 0x6f, 0x06, 0xe0, 0x3e, 0x3d, 0x53, 0x47, 0x06, 0x56, 0xaf, 0x23, - 0x83, 0x83, 0x9f, 0x42, 0x7c, 0xcd, 0x82, 0x41, 0x9f, 0xea, 0x47, 0xdc, 0x2d, 0x3e, 0x7c, 0xa1, - 0x76, 0x5c, 0x63, 0xcf, 0xd5, 0xb0, 0x98, 0x1f, 0x6a, 0x2a, 0xcf, 0x18, 0x6f, 0xc4, 0xa2, 0x0f, - 0xe8, 0x3b, 0x56, 0xda, 0xc7, 0xce, 0xa3, 0x54, 0xbc, 0x63, 0xeb, 0x93, 0xe1, 0xb8, 0xe7, 0x1d, - 0xd3, 0x2e, 0xe1, 0x1e, 0x2e, 0x7d, 0x34, 0x05, 0x50, 0xf7, 0x02, 0xc7, 0xf7, 0xde, 0xa2, 0x76, - 0x5e, 0x89, 0x1d, 0x02, 0xb0, 0x4d, 0xeb, 0xb2, 0x6a, 0xc5, 0x06, 0xc6, 0xd9, 0xbf, 0x0c, 0xc3, - 0xc6, 0x9b, 0x77, 0x39, 0x8b, 0x3d, 0x6d, 0x9e, 0xc5, 0x56, 0x8c, 0x23, 0xd4, 0xb3, 0xaf, 0xc0, - 0xc9, 0x6c, 0x07, 0x0f, 0xf2, 0xbc, 0xfd, 0x9b, 0x83, 0x59, 0xc7, 0xf8, 0x1a, 0x89, 0x9a, 0xb4, - 0x6b, 0x1f, 0xd8, 0xc7, 0x1f, 0xd8, 0xc7, 0x1f, 0xd8, 0xc7, 0xf2, 0x8f, 0xbd, 0x57, 0x82, 0x94, - 0x66, 0xc0, 0x7b, 0xf7, 0x11, 0x18, 0x8a, 0x48, 0x2b, 0xbc, 0x81, 0x17, 0x85, 0xc4, 0xd5, 0xd1, - 0xa9, 0xbc, 0x19, 0x4b, 0x38, 0x95, 0xcc, 0x2d, 0x27, 0xd9, 0x10, 0x22, 0x57, 0x49, 0xe6, 0x15, - 0x27, 0xd9, 0xc0, 0x0c, 0x82, 0x5e, 0x81, 0xb1, 0xc4, 0x89, 0x1a, 0x24, 0xc1, 0x64, 0x8b, 0x0d, - 0x82, 0x38, 0x6c, 0x78, 0x4c, 0xe0, 0x8e, 0xad, 0xa5, 0xa0, 0x38, 0x83, 0x8d, 0xee, 0xc0, 0xc0, - 0x06, 0xf1, 0x9b, 0xc2, 0x80, 0x5f, 0xcd, 0x4f, 0x22, 0xb2, 0x77, 0xbd, 0x42, 0xfc, 0x26, 0x5f, - 0xaf, 0xf4, 0x17, 0x66, 0xac, 0xe8, 0xd7, 0xa9, 0x6c, 0xb6, 0xe3, 0x24, 0x6c, 0x7a, 0x6f, 0x49, - 0xb3, 0xfe, 0x53, 0x39, 0x33, 0xbe, 0x26, 0xe9, 0x73, 0xdb, 0x53, 0xfd, 0xc5, 0x9a, 0x33, 0xeb, - 0x47, 0xcd, 0x8b, 0x98, 0x99, 0xbe, 0x33, 0x01, 0xc7, 0xd2, 0x8f, 0x39, 0x49, 0x9f, 0xf7, 0x43, - 0xfd, 0xc5, 0x9a, 0x33, 0xda, 0x81, 0xc1, 0x96, 0xdf, 0x6e, 0x78, 0xc1, 0xc4, 0x30, 0xeb, 0xc3, - 0x8d, 0x9c, 0xfb, 0xb0, 0xc2, 0x88, 0x73, 0xe7, 0x0a, 0xff, 0x8d, 0x05, 0x43, 0xf4, 0x0c, 0x94, - 0xdc, 0x0d, 0x27, 0x4a, 0x26, 0x46, 0xd8, 0xa4, 0x51, 0x36, 0xf0, 0x2c, 0x6d, 0xc4, 0x1c, 0x86, - 0x9e, 0x86, 0x62, 0x44, 0xea, 0x2c, 0x28, 0xca, 0x38, 0x2e, 0xc7, 0xa4, 0x8e, 0x69, 0xbb, 0xfd, - 0x77, 0x0b, 0x69, 0xe5, 0x22, 0xfd, 0xde, 0x7c, 0xb6, 0xbb, 0xed, 0x28, 0x96, 0x76, 0xb2, 0x31, - 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x45, 0x0b, 0x86, 0x6e, 0xc7, 0x61, 0x10, 0x90, 0x44, 0x08, - 0xf2, 0x9b, 0x39, 0x0f, 0xc5, 0x55, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, 0x97, 0x76, 0x97, - 0x6c, 0xbb, 0x7e, 0xbb, 0xd6, 0x71, 0x4a, 0x7a, 0x89, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0x5e, 0xc0, - 0x51, 0x07, 0xd2, 0xa8, 0x0b, 0x81, 0x40, 0x15, 0x70, 0xfb, 0xb7, 0x4b, 0x70, 0xa6, 0xeb, 0xe2, - 0xa0, 0xdb, 0x3e, 0xdb, 0x58, 0x2f, 0x7b, 0x3e, 0x91, 0x67, 0xff, 0x6c, 0xdb, 0xbf, 0xa9, 0x5a, - 0xb1, 0x81, 0x81, 0x7e, 0x1e, 0xa0, 0xe5, 0x44, 0x4e, 0x93, 0x88, 0xed, 0xae, 0x78, 0xf4, 0xdd, - 0x95, 0xf6, 0x63, 0x45, 0xd2, 0xd4, 0xd6, 0x96, 0x6a, 0x8a, 0xb1, 0xc1, 0x12, 0x7d, 0x1c, 0x86, - 0x23, 0xe2, 0x13, 0x27, 0x66, 0x31, 0x75, 0xd9, 0x00, 0x61, 0xac, 0x41, 0xd8, 0xc4, 0x43, 0xcf, - 0xaa, 0x30, 0x89, 0xcc, 0x91, 0x72, 0x3a, 0x54, 0x02, 0xbd, 0x6d, 0xc1, 0x58, 0xdd, 0xf3, 0x89, - 0xe6, 0x2e, 0xc2, 0x79, 0x97, 0x8f, 0xfe, 0x92, 0x97, 0x4d, 0xba, 0x5a, 0x42, 0xa6, 0x9a, 0x63, - 0x9c, 0x61, 0x4f, 0x3f, 0xf3, 0x16, 0x89, 0x98, 0x68, 0x1d, 0x4c, 0x7f, 0xe6, 0x9b, 0xbc, 0x19, - 0x4b, 0x38, 0x9a, 0x81, 0x13, 0x2d, 0x27, 0x8e, 0x67, 0x23, 0x52, 0x23, 0x41, 0xe2, 0x39, 0x3e, - 0x0f, 0xb6, 0x2d, 0xeb, 0x60, 0xbb, 0x95, 0x34, 0x18, 0x67, 0xf1, 0xd1, 0xa7, 0xe1, 0x71, 0xaf, - 0x11, 0x84, 0x11, 0x59, 0xf2, 0xe2, 0xd8, 0x0b, 0x1a, 0x7a, 0x1a, 0x30, 0x49, 0x59, 0xae, 0x4e, - 0x0a, 0x52, 0x8f, 0x2f, 0x74, 0x47, 0xc3, 0xbd, 0x9e, 0x47, 0xcf, 0x43, 0x39, 0xde, 0xf4, 0x5a, - 0xb3, 0x51, 0x2d, 0x66, 0x8e, 0xce, 0xb2, 0xf6, 0xce, 0xac, 0x8a, 0x76, 0xac, 0x30, 0xec, 0x5f, - 0x29, 0xa4, 0xcd, 0x3b, 0x73, 0xfd, 0xa0, 0x98, 0xae, 0x92, 0xe4, 0xa6, 0x13, 0x49, 0xd3, 0xff, - 0x88, 0xe1, 0xba, 0x82, 0xee, 0x4d, 0x27, 0x32, 0xd7, 0x1b, 0x63, 0x80, 0x25, 0x27, 0x74, 0x1b, - 0x06, 0x12, 0xdf, 0xc9, 0x29, 0xbe, 0xdf, 0xe0, 0xa8, 0xad, 0xed, 0xc5, 0x99, 0x18, 0x33, 0x1e, - 0xe8, 0x29, 0xaa, 0xbe, 0xae, 0xcb, 0x98, 0x1e, 0xa1, 0x71, 0xae, 0xc7, 0x98, 0xb5, 0xda, 0xff, - 0xaf, 0xdc, 0x45, 0xe4, 0xa9, 0x3d, 0x06, 0x5d, 0x00, 0xa0, 0x96, 0xd0, 0x4a, 0x44, 0xea, 0xde, - 0xb6, 0xd8, 0xe3, 0xd5, 0xb2, 0xba, 0xae, 0x20, 0xd8, 0xc0, 0x92, 0xcf, 0xac, 0xb6, 0xeb, 0xf4, + // 9961 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x7d, 0x70, 0x24, 0xc7, + 0x75, 0x18, 0xae, 0xd9, 0xc5, 0x02, 0xbb, 0x0f, 0x1f, 0x77, 0xe8, 0xbb, 0x23, 0xc1, 0x23, 0x79, + 0xb8, 0xdf, 0xb0, 0x4c, 0x51, 0x3f, 0x91, 0x80, 0x79, 0xa2, 0x94, 0x8b, 0x69, 0x53, 0xc6, 0x02, + 0x77, 0x38, 0xdc, 0x01, 0x07, 0xb0, 0x81, 0xbb, 0x93, 0x48, 0x53, 0xd4, 0x60, 0xb6, 0x77, 0x31, + 0x87, 0xd9, 0x99, 0xbd, 0x99, 0x59, 0x1c, 0x40, 0xcb, 0xb2, 0x64, 0x4b, 0xb1, 0x12, 0x7d, 0x50, + 0xa1, 0x52, 0x65, 0x39, 0x1f, 0x8e, 0x62, 0xbb, 0x5c, 0x71, 0x25, 0xac, 0x38, 0x95, 0x3f, 0xe2, + 0x7c, 0xfd, 0x61, 0x3b, 0x7f, 0x30, 0xa5, 0xa4, 0xa2, 0xaa, 0xb8, 0x2c, 0x27, 0x76, 0x60, 0x0a, + 0xa9, 0x54, 0x52, 0xa9, 0x8a, 0xab, 0xf2, 0xf1, 0x4f, 0xae, 0x5c, 0x95, 0x54, 0x7f, 0xf7, 0xcc, + 0xee, 0x1e, 0x16, 0xc0, 0xe0, 0xee, 0xa4, 0xe2, 0x7f, 0xbb, 0xfd, 0xde, 0xbc, 0xf7, 0xa6, 0xa7, + 0xfb, 0xf5, 0x7b, 0xdd, 0xef, 0xbd, 0x86, 0xc5, 0x86, 0x97, 0x6c, 0xb4, 0xd7, 0xa7, 0xdc, 0xb0, + 0x39, 0xed, 0x44, 0x8d, 0xb0, 0x15, 0x85, 0xb7, 0xd9, 0x8f, 0x17, 0xdc, 0xda, 0xf4, 0xd6, 0x85, + 0xe9, 0xd6, 0x66, 0x63, 0xda, 0x69, 0x79, 0xf1, 0xb4, 0xd3, 0x6a, 0xf9, 0x9e, 0xeb, 0x24, 0x5e, + 0x18, 0x4c, 0x6f, 0xbd, 0xe8, 0xf8, 0xad, 0x0d, 0xe7, 0xc5, 0xe9, 0x06, 0x09, 0x48, 0xe4, 0x24, + 0xa4, 0x36, 0xd5, 0x8a, 0xc2, 0x24, 0x44, 0x3f, 0xa9, 0xa9, 0x4d, 0x49, 0x6a, 0xec, 0xc7, 0x9b, + 0x6e, 0x6d, 0x6a, 0xeb, 0xc2, 0x54, 0x6b, 0xb3, 0x31, 0x45, 0xa9, 0x4d, 0x19, 0xd4, 0xa6, 0x24, + 0xb5, 0xb3, 0x2f, 0x18, 0xb2, 0x34, 0xc2, 0x46, 0x38, 0xcd, 0x88, 0xae, 0xb7, 0xeb, 0xec, 0x1f, + 0xfb, 0xc3, 0x7e, 0x71, 0x66, 0x67, 0xed, 0xcd, 0x8b, 0xf1, 0x94, 0x17, 0x52, 0xf1, 0xa6, 0xdd, + 0x30, 0x22, 0xd3, 0x5b, 0x1d, 0x02, 0x9d, 0xbd, 0xa2, 0x71, 0xc8, 0x76, 0x42, 0x82, 0xd8, 0x0b, + 0x83, 0xf8, 0x05, 0x2a, 0x02, 0x89, 0xb6, 0x48, 0x64, 0xbe, 0x9e, 0x81, 0xd0, 0x8d, 0xd2, 0x4b, + 0x9a, 0x52, 0xd3, 0x71, 0x37, 0xbc, 0x80, 0x44, 0x3b, 0xfa, 0xf1, 0x26, 0x49, 0x9c, 0x6e, 0x4f, + 0x4d, 0xf7, 0x7a, 0x2a, 0x6a, 0x07, 0x89, 0xd7, 0x24, 0x1d, 0x0f, 0x7c, 0x62, 0xbf, 0x07, 0x62, + 0x77, 0x83, 0x34, 0x9d, 0x8e, 0xe7, 0x3e, 0xd6, 0xeb, 0xb9, 0x76, 0xe2, 0xf9, 0xd3, 0x5e, 0x90, + 0xc4, 0x49, 0x94, 0x7d, 0xc8, 0xbe, 0x03, 0xa3, 0x33, 0xb7, 0x56, 0x67, 0xda, 0xc9, 0xc6, 0x6c, + 0x18, 0xd4, 0xbd, 0x06, 0xfa, 0x38, 0x0c, 0xbb, 0x7e, 0x3b, 0x4e, 0x48, 0x74, 0xdd, 0x69, 0x92, + 0x09, 0xeb, 0xbc, 0xf5, 0x5c, 0xa5, 0x7a, 0xea, 0xbd, 0xdd, 0xc9, 0x0f, 0xed, 0xed, 0x4e, 0x0e, + 0xcf, 0x6a, 0x10, 0x36, 0xf1, 0xd0, 0x47, 0x60, 0x28, 0x0a, 0x7d, 0x32, 0x83, 0xaf, 0x4f, 0x14, + 0xd8, 0x23, 0x27, 0xc4, 0x23, 0x43, 0x98, 0x37, 0x63, 0x09, 0xb7, 0xff, 0xb0, 0x00, 0x30, 0xd3, + 0x6a, 0xad, 0x44, 0xe1, 0x6d, 0xe2, 0x26, 0xe8, 0xb3, 0x50, 0xa6, 0x5d, 0x57, 0x73, 0x12, 0x87, + 0x71, 0x1b, 0xbe, 0xf0, 0xe3, 0x53, 0xfc, 0x4d, 0xa6, 0xcc, 0x37, 0xd1, 0x03, 0x87, 0x62, 0x4f, + 0x6d, 0xbd, 0x38, 0xb5, 0xbc, 0x4e, 0x9f, 0x5f, 0x22, 0x89, 0x53, 0x45, 0x82, 0x19, 0xe8, 0x36, + 0xac, 0xa8, 0xa2, 0x00, 0x06, 0xe2, 0x16, 0x71, 0x99, 0x60, 0xc3, 0x17, 0x16, 0xa7, 0x8e, 0x32, + 0x42, 0xa7, 0xb4, 0xe4, 0xab, 0x2d, 0xe2, 0x56, 0x47, 0x04, 0xe7, 0x01, 0xfa, 0x0f, 0x33, 0x3e, + 0x68, 0x0b, 0x06, 0xe3, 0xc4, 0x49, 0xda, 0xf1, 0x44, 0x91, 0x71, 0xbc, 0x9e, 0x1b, 0x47, 0x46, + 0xb5, 0x3a, 0x26, 0x78, 0x0e, 0xf2, 0xff, 0x58, 0x70, 0xb3, 0xff, 0xa3, 0x05, 0x63, 0x1a, 0x79, + 0xd1, 0x8b, 0x13, 0xf4, 0x33, 0x1d, 0x9d, 0x3b, 0xd5, 0x5f, 0xe7, 0xd2, 0xa7, 0x59, 0xd7, 0x9e, + 0x14, 0xcc, 0xca, 0xb2, 0xc5, 0xe8, 0xd8, 0x26, 0x94, 0xbc, 0x84, 0x34, 0xe3, 0x89, 0xc2, 0xf9, + 0xe2, 0x73, 0xc3, 0x17, 0xae, 0xe4, 0xf5, 0x9e, 0xd5, 0x51, 0xc1, 0xb4, 0xb4, 0x40, 0xc9, 0x63, + 0xce, 0xc5, 0xfe, 0xad, 0x11, 0xf3, 0xfd, 0x68, 0x87, 0xa3, 0x17, 0x61, 0x38, 0x0e, 0xdb, 0x91, + 0x4b, 0x30, 0x69, 0x85, 0xf1, 0x84, 0x75, 0xbe, 0x48, 0x87, 0x1e, 0x1d, 0xa9, 0xab, 0xba, 0x19, + 0x9b, 0x38, 0xe8, 0x1b, 0x16, 0x8c, 0xd4, 0x48, 0x9c, 0x78, 0x01, 0xe3, 0x2f, 0x85, 0x5f, 0x3b, + 0xb2, 0xf0, 0xb2, 0x71, 0x4e, 0x13, 0xaf, 0x9e, 0x16, 0x2f, 0x32, 0x62, 0x34, 0xc6, 0x38, 0xc5, + 0x9f, 0xce, 0xb8, 0x1a, 0x89, 0xdd, 0xc8, 0x6b, 0xd1, 0xff, 0x6c, 0xcc, 0x18, 0x33, 0x6e, 0x4e, + 0x83, 0xb0, 0x89, 0x87, 0x02, 0x28, 0xd1, 0x19, 0x15, 0x4f, 0x0c, 0x30, 0xf9, 0x17, 0x8e, 0x26, + 0xbf, 0xe8, 0x54, 0x3a, 0x59, 0x75, 0xef, 0xd3, 0x7f, 0x31, 0xe6, 0x6c, 0xd0, 0xd7, 0x2d, 0x98, + 0x10, 0x33, 0x1e, 0x13, 0xde, 0xa1, 0xb7, 0x36, 0xbc, 0x84, 0xf8, 0x5e, 0x9c, 0x4c, 0x94, 0x98, + 0x0c, 0xd3, 0xfd, 0x8d, 0xad, 0xf9, 0x28, 0x6c, 0xb7, 0xae, 0x79, 0x41, 0xad, 0x7a, 0x5e, 0x70, + 0x9a, 0x98, 0xed, 0x41, 0x18, 0xf7, 0x64, 0x89, 0xbe, 0x65, 0xc1, 0xd9, 0xc0, 0x69, 0x92, 0xb8, + 0xe5, 0xd0, 0x4f, 0xcb, 0xc1, 0x55, 0xdf, 0x71, 0x37, 0x99, 0x44, 0x83, 0x87, 0x93, 0xc8, 0x16, + 0x12, 0x9d, 0xbd, 0xde, 0x93, 0x34, 0xbe, 0x0f, 0x5b, 0xf4, 0xeb, 0x16, 0x8c, 0x87, 0x51, 0x6b, + 0xc3, 0x09, 0x48, 0x4d, 0x42, 0xe3, 0x89, 0x21, 0x36, 0xf5, 0x3e, 0x73, 0xb4, 0x4f, 0xb4, 0x9c, + 0x25, 0xbb, 0x14, 0x06, 0x5e, 0x12, 0x46, 0xab, 0x24, 0x49, 0xbc, 0xa0, 0x11, 0x57, 0xcf, 0xec, + 0xed, 0x4e, 0x8e, 0x77, 0x60, 0xe1, 0x4e, 0x79, 0xd0, 0xcf, 0xc2, 0x70, 0xbc, 0x13, 0xb8, 0xb7, + 0xbc, 0xa0, 0x16, 0xde, 0x8d, 0x27, 0xca, 0x79, 0x4c, 0xdf, 0x55, 0x45, 0x50, 0x4c, 0x40, 0xcd, + 0x00, 0x9b, 0xdc, 0xba, 0x7f, 0x38, 0x3d, 0x94, 0x2a, 0x79, 0x7f, 0x38, 0x3d, 0x98, 0xee, 0xc3, + 0x16, 0xfd, 0x92, 0x05, 0xa3, 0xb1, 0xd7, 0x08, 0x9c, 0xa4, 0x1d, 0x91, 0x6b, 0x64, 0x27, 0x9e, + 0x00, 0x26, 0xc8, 0xd5, 0x23, 0xf6, 0x8a, 0x41, 0xb2, 0x7a, 0x46, 0xc8, 0x38, 0x6a, 0xb6, 0xc6, + 0x38, 0xcd, 0xb7, 0xdb, 0x44, 0xd3, 0xc3, 0x7a, 0x38, 0xdf, 0x89, 0xa6, 0x07, 0x75, 0x4f, 0x96, + 0xe8, 0xa7, 0xe1, 0x24, 0x6f, 0x52, 0x3d, 0x1b, 0x4f, 0x8c, 0x30, 0x45, 0x7b, 0x7a, 0x6f, 0x77, + 0xf2, 0xe4, 0x6a, 0x06, 0x86, 0x3b, 0xb0, 0xd1, 0x1d, 0x98, 0x6c, 0x91, 0xa8, 0xe9, 0x25, 0xcb, + 0x81, 0xbf, 0x23, 0xd5, 0xb7, 0x1b, 0xb6, 0x48, 0x4d, 0x88, 0x13, 0x4f, 0x8c, 0x9e, 0xb7, 0x9e, + 0x2b, 0x57, 0x3f, 0x2c, 0xc4, 0x9c, 0x5c, 0xb9, 0x3f, 0x3a, 0xde, 0x8f, 0x9e, 0xfd, 0xaf, 0x0a, + 0x70, 0x32, 0xbb, 0x70, 0xa2, 0xdf, 0xb4, 0xe0, 0xc4, 0xed, 0xbb, 0xc9, 0x5a, 0xb8, 0x49, 0x82, + 0xb8, 0xba, 0x43, 0xd5, 0x1b, 0x5b, 0x32, 0x86, 0x2f, 0xb8, 0xf9, 0x2e, 0xd1, 0x53, 0x57, 0xd3, + 0x5c, 0x2e, 0x05, 0x49, 0xb4, 0x53, 0x7d, 0x5c, 0xbc, 0xdd, 0x89, 0xab, 0xb7, 0xd6, 0x4c, 0x28, + 0xce, 0x0a, 0x75, 0xf6, 0xab, 0x16, 0x9c, 0xee, 0x46, 0x02, 0x9d, 0x84, 0xe2, 0x26, 0xd9, 0xe1, + 0x56, 0x19, 0xa6, 0x3f, 0xd1, 0x1b, 0x50, 0xda, 0x72, 0xfc, 0x36, 0x11, 0xd6, 0xcd, 0xfc, 0xd1, + 0x5e, 0x44, 0x49, 0x86, 0x39, 0xd5, 0x9f, 0x28, 0x5c, 0xb4, 0xec, 0x7f, 0x5b, 0x84, 0x61, 0x63, + 0x7d, 0x7b, 0x00, 0x16, 0x5b, 0x98, 0xb2, 0xd8, 0x96, 0x72, 0x5b, 0x9a, 0x7b, 0x9a, 0x6c, 0x77, + 0x33, 0x26, 0xdb, 0x72, 0x7e, 0x2c, 0xef, 0x6b, 0xb3, 0xa1, 0x04, 0x2a, 0x61, 0x8b, 0x5a, 0xe4, + 0x74, 0xe9, 0x1f, 0xc8, 0xe3, 0x13, 0x2e, 0x4b, 0x72, 0xd5, 0xd1, 0xbd, 0xdd, 0xc9, 0x8a, 0xfa, + 0x8b, 0x35, 0x23, 0xfb, 0xfb, 0x16, 0x9c, 0x36, 0x64, 0x9c, 0x0d, 0x83, 0x9a, 0xc7, 0x3e, 0xed, + 0x79, 0x18, 0x48, 0x76, 0x5a, 0xd2, 0xec, 0x57, 0x3d, 0xb5, 0xb6, 0xd3, 0x22, 0x98, 0x41, 0xa8, + 0xa1, 0xdf, 0x24, 0x71, 0xec, 0x34, 0x48, 0xd6, 0xd0, 0x5f, 0xe2, 0xcd, 0x58, 0xc2, 0x51, 0x04, + 0xc8, 0x77, 0xe2, 0x64, 0x2d, 0x72, 0x82, 0x98, 0x91, 0x5f, 0xf3, 0x9a, 0x44, 0x74, 0xf0, 0xff, + 0xdf, 0xdf, 0x88, 0xa1, 0x4f, 0x54, 0x1f, 0xdb, 0xdb, 0x9d, 0x44, 0x8b, 0x1d, 0x94, 0x70, 0x17, + 0xea, 0xf6, 0xb7, 0x2c, 0x78, 0xac, 0xbb, 0x2d, 0x86, 0x9e, 0x85, 0x41, 0xee, 0xf2, 0x89, 0xb7, + 0xd3, 0x9f, 0x84, 0xb5, 0x62, 0x01, 0x45, 0xd3, 0x50, 0x51, 0xeb, 0x84, 0x78, 0xc7, 0x71, 0x81, + 0x5a, 0xd1, 0x8b, 0x8b, 0xc6, 0xa1, 0x9d, 0x46, 0xff, 0x08, 0xcb, 0x4d, 0x75, 0x1a, 0x73, 0x92, + 0x18, 0xc4, 0xfe, 0x53, 0x0b, 0x4e, 0x18, 0x52, 0x3d, 0x00, 0xd3, 0x3c, 0x48, 0x9b, 0xe6, 0x0b, + 0xb9, 0x8d, 0xe7, 0x1e, 0xb6, 0xf9, 0xd7, 0x2d, 0x38, 0x6b, 0x60, 0x2d, 0x39, 0x89, 0xbb, 0x71, + 0x69, 0xbb, 0x15, 0x91, 0x98, 0xba, 0xd3, 0xe8, 0x69, 0x43, 0x6f, 0x55, 0x87, 0x05, 0x85, 0xe2, + 0x35, 0xb2, 0xc3, 0x95, 0xd8, 0xf3, 0x50, 0xe6, 0x83, 0x33, 0x8c, 0x44, 0x8f, 0xab, 0x77, 0x5b, + 0x16, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0x72, 0xa2, 0x93, 0x95, 0x2e, 0x43, 0x40, 0x3f, + 0xe2, 0x4d, 0xd6, 0x82, 0x05, 0xc4, 0x5e, 0x4e, 0x89, 0xb3, 0x12, 0x11, 0xf6, 0x71, 0x6b, 0x97, + 0x3d, 0xe2, 0xd7, 0x62, 0xea, 0x36, 0x38, 0x41, 0x10, 0x26, 0xc2, 0x03, 0x30, 0xdc, 0x86, 0x19, + 0xdd, 0x8c, 0x4d, 0x1c, 0x7b, 0xaf, 0xc0, 0x9c, 0x0f, 0x35, 0xad, 0xc9, 0x83, 0xf0, 0x5c, 0xa3, + 0x94, 0x1e, 0x5c, 0xc9, 0x4f, 0x29, 0x91, 0xde, 0xde, 0xeb, 0x5b, 0x19, 0x55, 0x88, 0x73, 0xe5, + 0x7a, 0x7f, 0x0f, 0xf6, 0x77, 0x0b, 0x30, 0x99, 0x7e, 0xa0, 0x43, 0x93, 0x52, 0x77, 0xc9, 0x60, + 0x94, 0xdd, 0xa0, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x19, 0x15, 0x8e, 0x53, 0x19, 0x99, 0xba, + 0xb2, 0xb8, 0x8f, 0xae, 0x7c, 0x56, 0xf5, 0xfa, 0x40, 0x46, 0x39, 0xa5, 0xd7, 0x8b, 0xf3, 0x30, + 0x10, 0x27, 0xa4, 0x35, 0x51, 0x4a, 0xeb, 0x9a, 0xd5, 0x84, 0xb4, 0x30, 0x83, 0xd8, 0xff, 0xad, + 0x00, 0x8f, 0xa7, 0xfb, 0x50, 0xab, 0xf7, 0x4f, 0xa6, 0xd4, 0xfb, 0x47, 0x4d, 0xf5, 0x7e, 0x6f, + 0x77, 0xf2, 0xc9, 0x1e, 0x8f, 0xfd, 0xd0, 0x68, 0x7f, 0x34, 0x9f, 0xe9, 0xc5, 0xe9, 0x74, 0x2f, + 0xde, 0xdb, 0x9d, 0x7c, 0xba, 0xc7, 0x3b, 0x66, 0xba, 0xf9, 0x59, 0x18, 0x8c, 0x88, 0x13, 0x87, + 0x81, 0xe8, 0x68, 0xf5, 0x39, 0x30, 0x6b, 0xc5, 0x02, 0x6a, 0xff, 0x69, 0x39, 0xdb, 0xd9, 0xf3, + 0x7c, 0x83, 0x2d, 0x8c, 0x90, 0x07, 0x03, 0xcc, 0x64, 0xe7, 0xaa, 0xe1, 0xda, 0xd1, 0xa6, 0x11, + 0x55, 0xf1, 0x8a, 0x74, 0xb5, 0x4c, 0xbf, 0x1a, 0x6d, 0xc2, 0x8c, 0x05, 0xda, 0x86, 0xb2, 0x2b, + 0x2d, 0xe9, 0x42, 0x1e, 0x7b, 0x4e, 0xc2, 0x8e, 0xd6, 0x1c, 0x47, 0xa8, 0x2e, 0x56, 0xe6, 0xb7, + 0xe2, 0x86, 0x08, 0x14, 0x1b, 0x5e, 0x22, 0x3e, 0xeb, 0x11, 0x7d, 0xa5, 0x79, 0xcf, 0x78, 0xc5, + 0x21, 0xba, 0x40, 0xcc, 0x7b, 0x09, 0xa6, 0xf4, 0xd1, 0x97, 0x2d, 0x18, 0x8e, 0xdd, 0xe6, 0x4a, + 0x14, 0x6e, 0x79, 0x35, 0x12, 0x09, 0x4b, 0xe9, 0x88, 0xaa, 0x69, 0x75, 0x76, 0x49, 0x12, 0xd4, + 0x7c, 0xb9, 0xef, 0xaa, 0x21, 0xd8, 0xe4, 0x4b, 0x3d, 0x88, 0xc7, 0xc5, 0xbb, 0xcf, 0x11, 0xd7, + 0xa3, 0x6b, 0x9b, 0x74, 0x98, 0xd8, 0x48, 0x39, 0xb2, 0xe5, 0x38, 0xd7, 0x76, 0x37, 0xe9, 0x7c, + 0xd3, 0x02, 0x3d, 0xb9, 0xb7, 0x3b, 0xf9, 0xf8, 0x6c, 0x77, 0x9e, 0xb8, 0x97, 0x30, 0xac, 0xc3, + 0x5a, 0x6d, 0xdf, 0xc7, 0xe4, 0x4e, 0x9b, 0xb0, 0xed, 0x90, 0x1c, 0x3a, 0x6c, 0x45, 0x13, 0xcc, + 0x74, 0x98, 0x01, 0xc1, 0x26, 0x5f, 0x74, 0x07, 0x06, 0x9b, 0x4e, 0x12, 0x79, 0xdb, 0x62, 0x0f, + 0xe4, 0x88, 0xb6, 0xfc, 0x12, 0xa3, 0xa5, 0x99, 0xb3, 0xa5, 0x9f, 0x37, 0x62, 0xc1, 0x08, 0x35, + 0xa1, 0xd4, 0x24, 0x51, 0x83, 0x4c, 0x94, 0xf3, 0xd8, 0xef, 0x5d, 0xa2, 0xa4, 0x34, 0xc3, 0x0a, + 0xb5, 0x7c, 0x58, 0x1b, 0xe6, 0x5c, 0xd0, 0x1b, 0x50, 0x8e, 0x89, 0x4f, 0x5c, 0x6a, 0xbb, 0x54, + 0x18, 0xc7, 0x8f, 0xf5, 0x69, 0xc7, 0x39, 0xeb, 0xc4, 0x5f, 0x15, 0x8f, 0xf2, 0x09, 0x26, 0xff, + 0x61, 0x45, 0xd2, 0xfe, 0xcf, 0x16, 0xa0, 0xb4, 0x86, 0x79, 0x00, 0xd6, 0xe3, 0x9d, 0xb4, 0xf5, + 0xb8, 0x98, 0xa7, 0x09, 0xd0, 0xc3, 0x80, 0x7c, 0xaf, 0x0c, 0x19, 0xdd, 0x7c, 0x9d, 0xc4, 0x09, + 0xa9, 0x7d, 0xa0, 0x4f, 0x3f, 0xd0, 0xa7, 0x1f, 0xe8, 0x53, 0xa5, 0x4f, 0xd7, 0x33, 0xfa, 0xf4, + 0x15, 0x63, 0xd6, 0xeb, 0xd3, 0xcb, 0x37, 0xd5, 0xf1, 0xa6, 0x29, 0x81, 0x81, 0x40, 0x35, 0xc1, + 0xd5, 0xd5, 0xe5, 0xeb, 0x5d, 0x15, 0xe8, 0x9b, 0x69, 0x05, 0x7a, 0x54, 0x16, 0x0f, 0x5c, 0x65, + 0xfe, 0x8d, 0x02, 0x3c, 0x91, 0x56, 0x25, 0x38, 0xf4, 0xfd, 0xb0, 0x9d, 0x50, 0x2b, 0x19, 0xfd, + 0xaa, 0x05, 0x27, 0x9b, 0x69, 0xf7, 0x34, 0x16, 0xbb, 0x80, 0x9f, 0xca, 0x4d, 0xcf, 0x65, 0xfc, + 0xdf, 0xea, 0x84, 0xd0, 0x79, 0x27, 0x33, 0x80, 0x18, 0x77, 0xc8, 0x82, 0xde, 0x80, 0x4a, 0xd3, + 0xd9, 0xbe, 0xd1, 0xaa, 0x39, 0x89, 0x74, 0x50, 0x7a, 0xfb, 0x95, 0xed, 0xc4, 0xf3, 0xa7, 0xf8, + 0xd9, 0xee, 0xd4, 0x42, 0x90, 0x2c, 0x47, 0xab, 0x49, 0xe4, 0x05, 0x0d, 0xbe, 0xf7, 0xb3, 0x24, + 0xc9, 0x60, 0x4d, 0xd1, 0xfe, 0x5b, 0x56, 0x56, 0xd1, 0xaa, 0xde, 0x89, 0x9c, 0x84, 0x34, 0x76, + 0xd0, 0xe7, 0xa0, 0x44, 0x3d, 0x09, 0xd9, 0x2b, 0xb7, 0xf2, 0xd4, 0xfe, 0xc6, 0x97, 0xd0, 0x0b, + 0x01, 0xfd, 0x17, 0x63, 0xce, 0xd4, 0xfe, 0xf3, 0x52, 0x76, 0xc1, 0x63, 0x27, 0x7d, 0x17, 0x00, + 0x1a, 0xe1, 0x1a, 0x69, 0xb6, 0x7c, 0xda, 0x2d, 0x16, 0xdb, 0x2e, 0x56, 0xce, 0xf3, 0xbc, 0x82, + 0x60, 0x03, 0x0b, 0xfd, 0x65, 0x0b, 0xa0, 0x21, 0x27, 0x96, 0x5c, 0xcc, 0x6e, 0xe4, 0xf9, 0x3a, + 0x7a, 0xda, 0x6a, 0x59, 0x14, 0x43, 0x6c, 0x30, 0x47, 0xbf, 0x60, 0x41, 0x39, 0x91, 0xe2, 0x73, + 0xf5, 0xbe, 0x96, 0xa7, 0x24, 0xf2, 0xa5, 0xf5, 0xba, 0xae, 0xba, 0x44, 0xf1, 0x45, 0x7f, 0xc9, + 0x02, 0x88, 0x77, 0x02, 0x77, 0x25, 0xf4, 0x3d, 0x77, 0x47, 0x68, 0xfd, 0x9b, 0xb9, 0x3a, 0xf8, + 0x8a, 0x7a, 0x75, 0x8c, 0xf6, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0xf3, 0x50, 0x8e, 0xc5, 0x70, + 0x13, 0x7a, 0x7e, 0x2d, 0xdf, 0x6d, 0x06, 0x4e, 0x5b, 0xa8, 0x08, 0xf1, 0x0f, 0x2b, 0x9e, 0xe8, + 0x97, 0x2d, 0x38, 0xd1, 0x4a, 0x6f, 0x0a, 0x09, 0x95, 0x9e, 0x9f, 0x0e, 0xc8, 0x6c, 0x3a, 0x55, + 0x4f, 0xed, 0xed, 0x4e, 0x9e, 0xc8, 0x34, 0xe2, 0xac, 0x14, 0xf6, 0x77, 0x0b, 0xa9, 0xad, 0x59, + 0xb5, 0x67, 0xc2, 0x06, 0xb3, 0x2b, 0xdd, 0x55, 0x39, 0x37, 0x73, 0x1d, 0xcc, 0xca, 0x19, 0xd6, + 0x83, 0x59, 0x35, 0xc5, 0xd8, 0x60, 0x4e, 0x97, 0xed, 0x71, 0x27, 0xbb, 0x33, 0x23, 0xe6, 0xd7, + 0x1b, 0x79, 0x8a, 0xd4, 0xb9, 0x91, 0xfe, 0x84, 0x10, 0x6d, 0xbc, 0x03, 0x84, 0x3b, 0x45, 0xb2, + 0xbf, 0x9b, 0xde, 0x0e, 0x36, 0x86, 0x46, 0x1f, 0x5b, 0xdd, 0xdf, 0xb0, 0x60, 0x38, 0x0a, 0x7d, + 0xdf, 0x0b, 0x1a, 0x74, 0x18, 0x0b, 0x5d, 0xfc, 0xfa, 0xb1, 0xa8, 0x43, 0x31, 0x5e, 0xd9, 0xe2, + 0x8f, 0x35, 0x4f, 0x6c, 0x0a, 0x60, 0x7f, 0xd1, 0x82, 0x89, 0x5e, 0xd3, 0x0d, 0x11, 0x78, 0x52, + 0x8e, 0x25, 0x75, 0xd0, 0xbb, 0x1c, 0xcc, 0x11, 0x9f, 0xa8, 0x7d, 0xb2, 0x72, 0xf5, 0x19, 0xf1, + 0x9a, 0x4f, 0xae, 0xf4, 0x46, 0xc5, 0xf7, 0xa3, 0x63, 0xff, 0x46, 0x21, 0xdb, 0xa3, 0x4a, 0xdd, + 0x7e, 0xdb, 0xea, 0x70, 0x4a, 0x3e, 0x75, 0x1c, 0x2a, 0x8e, 0xb9, 0x2f, 0xea, 0xbc, 0xb7, 0x37, + 0xce, 0x43, 0x3c, 0x50, 0xb2, 0xff, 0xf5, 0x00, 0xdc, 0x47, 0x32, 0x75, 0x64, 0x60, 0xf5, 0x3a, + 0x32, 0x38, 0xf8, 0x29, 0xc4, 0xd7, 0x2c, 0x18, 0xf4, 0xa9, 0x7d, 0xc4, 0xb7, 0xc5, 0x87, 0x2f, + 0xd4, 0x8e, 0xab, 0xef, 0xb9, 0x19, 0x16, 0xf3, 0x43, 0x4d, 0xb5, 0x33, 0xc6, 0x1b, 0xb1, 0x90, + 0x01, 0x7d, 0xc7, 0x4a, 0xef, 0xb1, 0xf3, 0x28, 0x15, 0xef, 0xd8, 0x64, 0x32, 0x36, 0xee, 0xb9, + 0x60, 0x7a, 0x4b, 0xb8, 0xc7, 0x96, 0x3e, 0x9a, 0x02, 0xa8, 0x7b, 0x81, 0xe3, 0x7b, 0x6f, 0x51, + 0x3f, 0xaf, 0xc4, 0x0e, 0x01, 0xd8, 0xa2, 0x75, 0x59, 0xb5, 0x62, 0x03, 0xe3, 0xec, 0x5f, 0x84, + 0x61, 0xe3, 0xcd, 0xbb, 0x9c, 0xc5, 0x9e, 0x36, 0xcf, 0x62, 0x2b, 0xc6, 0x11, 0xea, 0xd9, 0x57, + 0xe0, 0x64, 0x56, 0xc0, 0x83, 0x3c, 0x6f, 0xff, 0xe6, 0x60, 0x76, 0x63, 0x7c, 0x8d, 0x44, 0x4d, + 0x2a, 0xda, 0x07, 0xfe, 0xf1, 0x07, 0xfe, 0xf1, 0x07, 0xfe, 0xb1, 0xfc, 0x63, 0xef, 0x95, 0x20, + 0x65, 0x19, 0x70, 0xe9, 0x3e, 0x02, 0x43, 0x11, 0x69, 0x85, 0x37, 0xf0, 0xa2, 0xd0, 0xb8, 0x3a, + 0x3a, 0x95, 0x37, 0x63, 0x09, 0xa7, 0x9a, 0xb9, 0xe5, 0x24, 0x1b, 0x42, 0xe5, 0x2a, 0xcd, 0xbc, + 0xe2, 0x24, 0x1b, 0x98, 0x41, 0xd0, 0x2b, 0x30, 0x96, 0x38, 0x51, 0x83, 0x24, 0x98, 0x6c, 0xb1, + 0x4e, 0x10, 0x87, 0x0d, 0x8f, 0x09, 0xdc, 0xb1, 0xb5, 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x1d, 0x18, + 0xd8, 0x20, 0x7e, 0x53, 0x38, 0xf0, 0xab, 0xf9, 0x69, 0x44, 0xf6, 0xae, 0x57, 0x88, 0xdf, 0xe4, + 0xf3, 0x95, 0xfe, 0xc2, 0x8c, 0x15, 0xfd, 0x3a, 0x95, 0xcd, 0x76, 0x9c, 0x84, 0x4d, 0xef, 0x2d, + 0xe9, 0xd6, 0x7f, 0x2a, 0x67, 0xc6, 0xd7, 0x24, 0x7d, 0xee, 0x7b, 0xaa, 0xbf, 0x58, 0x73, 0x66, + 0x72, 0xd4, 0xbc, 0x88, 0xb9, 0xe9, 0x3b, 0x13, 0x70, 0x2c, 0x72, 0xcc, 0x49, 0xfa, 0x5c, 0x0e, + 0xf5, 0x17, 0x6b, 0xce, 0x68, 0x07, 0x06, 0x5b, 0x7e, 0xbb, 0xe1, 0x05, 0x13, 0xc3, 0x4c, 0x86, + 0x1b, 0x39, 0xcb, 0xb0, 0xc2, 0x88, 0xf3, 0xcd, 0x15, 0xfe, 0x1b, 0x0b, 0x86, 0xe8, 0x19, 0x28, + 0xb9, 0x1b, 0x4e, 0x94, 0x4c, 0x8c, 0xb0, 0x41, 0xa3, 0x7c, 0xe0, 0x59, 0xda, 0x88, 0x39, 0x0c, + 0x3d, 0x0d, 0xc5, 0x88, 0xd4, 0x59, 0x50, 0x94, 0x71, 0x5c, 0x8e, 0x49, 0x1d, 0xd3, 0x76, 0xfb, + 0xef, 0x14, 0xd2, 0xc6, 0x45, 0xfa, 0xbd, 0xf9, 0x68, 0x77, 0xdb, 0x51, 0x2c, 0xfd, 0x64, 0x63, + 0xb4, 0xb3, 0x66, 0x2c, 0xe1, 0xe8, 0x8b, 0x16, 0x0c, 0xdd, 0x8e, 0xc3, 0x20, 0x20, 0x89, 0x50, + 0xe4, 0x37, 0x73, 0xee, 0x8a, 0xab, 0x9c, 0xba, 0x96, 0x41, 0x34, 0x60, 0xc9, 0x97, 0x8a, 0x4b, + 0xb6, 0x5d, 0xbf, 0x5d, 0xeb, 0x38, 0x25, 0xbd, 0xc4, 0x9b, 0xb1, 0x84, 0x53, 0x54, 0x2f, 0xe0, + 0xa8, 0x03, 0x69, 0xd4, 0x85, 0x40, 0xa0, 0x0a, 0xb8, 0xfd, 0xdb, 0x25, 0x38, 0xd3, 0x75, 0x72, + 0xd0, 0x65, 0x9f, 0x2d, 0xac, 0x97, 0x3d, 0x9f, 0xc8, 0xb3, 0x7f, 0xb6, 0xec, 0xdf, 0x54, 0xad, + 0xd8, 0xc0, 0x40, 0x3f, 0x0f, 0xd0, 0x72, 0x22, 0xa7, 0x49, 0xc4, 0x72, 0x57, 0x3c, 0xfa, 0xea, + 0x4a, 0xe5, 0x58, 0x91, 0x34, 0xb5, 0xb7, 0xa5, 0x9a, 0x62, 0x6c, 0xb0, 0x44, 0x1f, 0x87, 0xe1, + 0x88, 0xf8, 0xc4, 0x89, 0x59, 0x4c, 0x5d, 0x36, 0x40, 0x18, 0x6b, 0x10, 0x36, 0xf1, 0xd0, 0xb3, + 0x2a, 0x4c, 0x22, 0x73, 0xa4, 0x9c, 0x0e, 0x95, 0x40, 0x6f, 0x5b, 0x30, 0x56, 0xf7, 0x7c, 0xa2, + 0xb9, 0x8b, 0x70, 0xde, 0xe5, 0xa3, 0xbf, 0xe4, 0x65, 0x93, 0xae, 0xd6, 0x90, 0xa9, 0xe6, 0x18, + 0x67, 0xd8, 0xd3, 0xcf, 0xbc, 0x45, 0x22, 0xa6, 0x5a, 0x07, 0xd3, 0x9f, 0xf9, 0x26, 0x6f, 0xc6, + 0x12, 0x8e, 0x66, 0xe0, 0x44, 0xcb, 0x89, 0xe3, 0xd9, 0x88, 0xd4, 0x48, 0x90, 0x78, 0x8e, 0xcf, + 0x83, 0x6d, 0xcb, 0x3a, 0xd8, 0x6e, 0x25, 0x0d, 0xc6, 0x59, 0x7c, 0xf4, 0x69, 0x78, 0xdc, 0x6b, + 0x04, 0x61, 0x44, 0x96, 0xbc, 0x38, 0xf6, 0x82, 0x86, 0x1e, 0x06, 0x4c, 0x53, 0x96, 0xab, 0x93, + 0x82, 0xd4, 0xe3, 0x0b, 0xdd, 0xd1, 0x70, 0xaf, 0xe7, 0xd1, 0xf3, 0x50, 0x8e, 0x37, 0xbd, 0xd6, + 0x6c, 0x54, 0x8b, 0xd9, 0x46, 0x67, 0x59, 0xef, 0xce, 0xac, 0x8a, 0x76, 0xac, 0x30, 0xec, 0x5f, + 0x29, 0xa4, 0xdd, 0x3b, 0x73, 0xfe, 0xa0, 0x98, 0xce, 0x92, 0xe4, 0xa6, 0x13, 0x49, 0xd7, 0xff, + 0x88, 0xe1, 0xba, 0x82, 0xee, 0x4d, 0x27, 0x32, 0xe7, 0x1b, 0x63, 0x80, 0x25, 0x27, 0x74, 0x1b, + 0x06, 0x12, 0xdf, 0xc9, 0x29, 0xbe, 0xdf, 0xe0, 0xa8, 0xbd, 0xed, 0xc5, 0x99, 0x18, 0x33, 0x1e, + 0xe8, 0x29, 0x6a, 0xbe, 0xae, 0xcb, 0x98, 0x1e, 0x61, 0x71, 0xae, 0xc7, 0x98, 0xb5, 0xda, 0xff, + 0xb7, 0xdc, 0x45, 0xe5, 0xa9, 0x35, 0x06, 0x5d, 0x00, 0xa0, 0x9e, 0xd0, 0x4a, 0x44, 0xea, 0xde, + 0xb6, 0x58, 0xe3, 0xd5, 0xb4, 0xba, 0xae, 0x20, 0xd8, 0xc0, 0x92, 0xcf, 0xac, 0xb6, 0xeb, 0xf4, 0x99, 0x42, 0xe7, 0x33, 0x1c, 0x82, 0x0d, 0x2c, 0xf4, 0x12, 0x0c, 0x7a, 0x4d, 0xa7, 0xa1, 0x42, - 0x8f, 0x9e, 0xa2, 0xeb, 0x69, 0x81, 0xb5, 0xdc, 0xdb, 0x9d, 0x1c, 0x53, 0x1d, 0x62, 0x4d, 0x58, - 0xe0, 0xa2, 0xdf, 0xb0, 0x60, 0xc4, 0x0d, 0x9b, 0xcd, 0x30, 0xe0, 0xf6, 0x83, 0x30, 0x86, 0x6e, - 0x1f, 0xd7, 0x0e, 0x3c, 0x35, 0x6b, 0x30, 0xe3, 0xd6, 0x90, 0x4a, 0x44, 0x30, 0x41, 0x38, 0xd5, - 0x2b, 0x73, 0xd9, 0x95, 0xf6, 0x59, 0x76, 0xbf, 0x63, 0xc1, 0x38, 0x7f, 0xd6, 0x30, 0x6b, 0x44, - 0xcc, 0x7d, 0x78, 0xcc, 0xaf, 0xd5, 0x61, 0xe9, 0x29, 0x97, 0x50, 0x07, 0x1c, 0x77, 0x76, 0x12, - 0xcd, 0xc3, 0x78, 0x3d, 0x8c, 0x5c, 0x62, 0x0e, 0x84, 0x90, 0x19, 0x8a, 0xd0, 0xe5, 0x2c, 0x02, - 0xee, 0x7c, 0x06, 0xdd, 0x84, 0xc7, 0x8c, 0x46, 0x73, 0x1c, 0xb8, 0xd8, 0x38, 0x27, 0xa8, 0x3d, - 0x76, 0xb9, 0x2b, 0x16, 0xee, 0xf1, 0x74, 0xda, 0xf2, 0xaf, 0xf4, 0x61, 0xf9, 0xbf, 0x09, 0x4f, - 0xb8, 0x9d, 0x23, 0xb3, 0x15, 0xb7, 0xd7, 0xe3, 0x84, 0x29, 0x59, 0xe5, 0xea, 0x5f, 0x10, 0x04, - 0x9e, 0x98, 0xed, 0x85, 0x88, 0x7b, 0xd3, 0x40, 0x9f, 0x83, 0x72, 0x44, 0xd8, 0x57, 0x89, 0x45, - 0x00, 0xfa, 0x11, 0xcd, 0x3d, 0xad, 0x1c, 0x72, 0xb2, 0x5a, 0x2c, 0x8a, 0x86, 0x18, 0x2b, 0x8e, - 0x67, 0x3f, 0x09, 0xe3, 0x1d, 0xf3, 0xf9, 0x40, 0xc6, 0xf7, 0x1c, 0x3c, 0xd6, 0x7d, 0xe6, 0x1c, - 0xc8, 0x04, 0xff, 0xc7, 0x99, 0xb8, 0x2a, 0x43, 0xd1, 0xeb, 0xc3, 0x9d, 0xe3, 0x40, 0x91, 0x04, - 0x5b, 0x42, 0x90, 0x5e, 0x3e, 0xda, 0xe8, 0x5d, 0x0a, 0xb6, 0xf8, 0xc4, 0x67, 0x36, 0xeb, 0xa5, - 0x60, 0x0b, 0x53, 0xda, 0xe8, 0x1d, 0x2b, 0xa5, 0xa8, 0x70, 0x27, 0xd0, 0x67, 0x8e, 0x45, 0xb3, - 0xed, 0x5b, 0x77, 0xb1, 0xff, 0x6d, 0x01, 0xce, 0xef, 0x47, 0xa4, 0x8f, 0xe1, 0x7b, 0x06, 0x06, - 0x63, 0x76, 0xb0, 0x25, 0x24, 0xd3, 0x30, 0x95, 0x4a, 0xfc, 0xa8, 0xeb, 0x4d, 0x2c, 0x40, 0xc8, - 0x87, 0x62, 0xd3, 0x69, 0x09, 0xdf, 0xc0, 0xc2, 0x51, 0xa3, 0xa8, 0xe9, 0x7f, 0xc7, 0x5f, 0x72, - 0x5a, 0xdc, 0xe2, 0x34, 0x1a, 0x30, 0x65, 0x83, 0x12, 0x28, 0x39, 0x51, 0xe4, 0xc8, 0x53, 0x94, - 0x6b, 0xf9, 0xf0, 0x9b, 0xa1, 0x24, 0xab, 0xe3, 0x7b, 0xbb, 0x93, 0xa3, 0xa9, 0x26, 0xcc, 0x99, - 0xd9, 0x5f, 0x1b, 0x4a, 0x45, 0x12, 0xb3, 0xa3, 0xb1, 0x18, 0x06, 0x85, 0x4b, 0xc0, 0xca, 0x3b, - 0x78, 0x9d, 0xa7, 0x82, 0x30, 0x3b, 0x46, 0x24, 0xd4, 0x09, 0x56, 0xe8, 0xab, 0x16, 0x4b, 0x5b, - 0x93, 0xd1, 0xd5, 0xc2, 0x7a, 0x38, 0x9e, 0x2c, 0x3a, 0x33, 0x19, 0x4e, 0x36, 0x62, 0x93, 0x3b, - 0xdd, 0xba, 0x5a, 0x3c, 0x01, 0x23, 0x6b, 0x43, 0xc8, 0xc4, 0x36, 0x09, 0x47, 0xdb, 0x5d, 0x8e, - 0xc0, 0x72, 0x48, 0x7d, 0xea, 0xe3, 0xd0, 0xeb, 0x3b, 0x16, 0x8c, 0x73, 0x4d, 0x71, 0xce, 0xab, - 0xd7, 0x49, 0x44, 0x02, 0x97, 0x48, 0x5d, 0xfb, 0x88, 0x87, 0xac, 0xd2, 0x0f, 0xb3, 0x90, 0x25, - 0xaf, 0xf7, 0xb4, 0x0e, 0x10, 0xee, 0xec, 0x0c, 0xaa, 0xc1, 0x80, 0x17, 0xd4, 0x43, 0xb1, 0x93, - 0x57, 0x8f, 0xd6, 0xa9, 0x85, 0xa0, 0x1e, 0xea, 0xd5, 0x4c, 0xff, 0x61, 0x46, 0x1d, 0x2d, 0xc2, - 0xe9, 0x48, 0x78, 0x43, 0xae, 0x78, 0x31, 0xb5, 0x59, 0x17, 0xbd, 0xa6, 0x97, 0xb0, 0x5d, 0xb8, - 0x58, 0x9d, 0xd8, 0xdb, 0x9d, 0x3c, 0x8d, 0xbb, 0xc0, 0x71, 0xd7, 0xa7, 0xd0, 0x5b, 0x30, 0x24, - 0xf3, 0xec, 0xca, 0x79, 0xd8, 0x2d, 0x9d, 0xf3, 0x5f, 0x4d, 0xa6, 0x55, 0x91, 0x52, 0x27, 0x19, - 0xda, 0x6f, 0x0f, 0x43, 0xe7, 0x41, 0x14, 0xfa, 0x39, 0xa8, 0x44, 0x2a, 0xf7, 0xcf, 0xca, 0x23, - 0x84, 0x4a, 0x7e, 0x5f, 0x71, 0x08, 0xa6, 0xf4, 0x01, 0x9d, 0xe5, 0xa7, 0x39, 0x52, 0xad, 0x3d, - 0xd6, 0xe7, 0x55, 0x39, 0xcc, 0x6d, 0xc1, 0x55, 0x9f, 0x73, 0xec, 0x04, 0x2e, 0x66, 0x3c, 0x50, - 0x04, 0x83, 0x1b, 0xc4, 0xf1, 0x93, 0x8d, 0x7c, 0x5c, 0xb2, 0x57, 0x18, 0xad, 0x6c, 0x94, 0x38, - 0x6f, 0xc5, 0x82, 0x13, 0xda, 0x86, 0xa1, 0x0d, 0x3e, 0x01, 0x84, 0x22, 0xbd, 0x74, 0xd4, 0xc1, - 0x4d, 0xcd, 0x2a, 0xfd, 0xb9, 0x45, 0x03, 0x96, 0xec, 0xd8, 0xf9, 0xb9, 0x71, 0x06, 0xcb, 0x97, - 0x6e, 0x7e, 0x01, 0xf2, 0xfd, 0x1f, 0xc0, 0x7e, 0x16, 0x46, 0x22, 0xe2, 0x86, 0x81, 0xeb, 0xf9, - 0xa4, 0x36, 0x23, 0xdd, 0xad, 0x07, 0x09, 0xab, 0x3e, 0x49, 0x8d, 0x01, 0x6c, 0xd0, 0xc0, 0x29, - 0x8a, 0xe8, 0x2b, 0x16, 0x8c, 0xa9, 0x84, 0x21, 0xfa, 0x41, 0x88, 0x70, 0x58, 0x2e, 0xe6, 0x94, - 0x9e, 0xc4, 0x68, 0x56, 0xd1, 0xde, 0xee, 0xe4, 0x58, 0xba, 0x0d, 0x67, 0xf8, 0xa2, 0xd7, 0x00, - 0xc2, 0x75, 0x7e, 0x48, 0x3e, 0x93, 0x08, 0xef, 0xe5, 0x41, 0x5e, 0x75, 0x8c, 0xe7, 0x57, 0x48, - 0x0a, 0xd8, 0xa0, 0x86, 0xae, 0x01, 0xf0, 0x65, 0xb3, 0xb6, 0xd3, 0x92, 0xda, 0xb6, 0x8c, 0x8b, - 0x87, 0x55, 0x05, 0xb9, 0xb7, 0x3b, 0xd9, 0xe9, 0x4d, 0x62, 0x47, 0xc5, 0xc6, 0xe3, 0xe8, 0x67, - 0x61, 0x28, 0x6e, 0x37, 0x9b, 0x8e, 0xf2, 0x6d, 0xe6, 0x98, 0xb1, 0xc1, 0xe9, 0x1a, 0xa2, 0x88, - 0x37, 0x60, 0xc9, 0x11, 0xdd, 0xa6, 0x42, 0x35, 0x16, 0x6e, 0x2e, 0xb6, 0x8a, 0xb8, 0x4e, 0x30, - 0xcc, 0xde, 0xe9, 0x13, 0xe2, 0xb9, 0xd3, 0xb8, 0x0b, 0xce, 0xbd, 0xdd, 0xc9, 0xc7, 0xd2, 0xed, - 0x8b, 0xa1, 0xc8, 0xa1, 0xe8, 0x4a, 0x13, 0x5d, 0x95, 0x69, 0xf7, 0xf4, 0xb5, 0x65, 0x36, 0xe8, - 0x73, 0x3a, 0xed, 0x9e, 0x35, 0xf7, 0x1e, 0x33, 0xf3, 0x61, 0xb4, 0x04, 0xa7, 0xdc, 0x30, 0x48, - 0xa2, 0xd0, 0xf7, 0x79, 0x2d, 0x09, 0x6e, 0xf8, 0x70, 0xdf, 0xe7, 0x93, 0xa2, 0xdb, 0xa7, 0x66, - 0x3b, 0x51, 0x70, 0xb7, 0xe7, 0xec, 0x20, 0x1d, 0x3d, 0x24, 0x06, 0xe7, 0x25, 0x18, 0x21, 0xdb, - 0x09, 0x89, 0x02, 0xc7, 0xbf, 0x81, 0x17, 0xa5, 0xd7, 0x8f, 0xad, 0x81, 0x4b, 0x46, 0x3b, 0x4e, - 0x61, 0x21, 0x5b, 0x59, 0xfb, 0x05, 0x9d, 0x68, 0xc4, 0xad, 0x7d, 0x69, 0xdb, 0xdb, 0xff, 0xb7, - 0x90, 0x52, 0xc8, 0xd6, 0x22, 0x42, 0x50, 0x08, 0xa5, 0x20, 0xac, 0x29, 0xd9, 0x7f, 0x35, 0x1f, - 0xd9, 0x7f, 0x3d, 0xac, 0x19, 0xb9, 0xf9, 0xf4, 0x5f, 0x8c, 0x39, 0x1f, 0x96, 0xbc, 0x2c, 0xb3, - 0xbc, 0x19, 0x40, 0x18, 0x1a, 0x79, 0x72, 0x56, 0xc9, 0xcb, 0xcb, 0x26, 0x23, 0x9c, 0xe6, 0x8b, - 0x36, 0xa1, 0xb4, 0x11, 0xc6, 0x89, 0x34, 0x3f, 0x8e, 0x68, 0xe9, 0x5c, 0x09, 0xe3, 0x84, 0x69, - 0x11, 0xea, 0xb5, 0x69, 0x4b, 0x8c, 0x39, 0x0f, 0xfb, 0xbf, 0x5a, 0x29, 0x1f, 0xef, 0x2d, 0x16, - 0x49, 0xb7, 0x45, 0x02, 0xba, 0xac, 0xcd, 0xe0, 0x8e, 0xbf, 0x94, 0x49, 0x74, 0xf9, 0x70, 0xaf, - 0x4a, 0x29, 0x77, 0x29, 0x85, 0x29, 0x46, 0xc2, 0x88, 0x03, 0xf9, 0x82, 0x95, 0x4e, 0x39, 0x2a, - 0xe4, 0x61, 0x60, 0x98, 0x29, 0x75, 0xfb, 0x66, 0x2f, 0xd9, 0xef, 0x58, 0x30, 0x54, 0x75, 0xdc, - 0xcd, 0xb0, 0x5e, 0x47, 0xcf, 0x43, 0xb9, 0xd6, 0x8e, 0xcc, 0xec, 0x27, 0x65, 0x3d, 0xcf, 0x89, - 0x76, 0xac, 0x30, 0xe8, 0x1c, 0xae, 0x3b, 0xae, 0x4c, 0xac, 0x2b, 0xf2, 0x39, 0x7c, 0x99, 0xb5, - 0x60, 0x01, 0x41, 0x1f, 0x87, 0xe1, 0xa6, 0xb3, 0x2d, 0x1f, 0xce, 0x3a, 0x98, 0x97, 0x34, 0x08, - 0x9b, 0x78, 0xf6, 0xbf, 0xb2, 0x60, 0xa2, 0xea, 0xc4, 0x9e, 0x3b, 0xd3, 0x4e, 0x36, 0xaa, 0x5e, - 0xb2, 0xde, 0x76, 0x37, 0x49, 0xc2, 0xb3, 0x29, 0x69, 0x2f, 0xdb, 0x31, 0x5d, 0x4a, 0xca, 0xae, - 0x53, 0xbd, 0xbc, 0x21, 0xda, 0xb1, 0xc2, 0x40, 0x6f, 0xc1, 0x70, 0xcb, 0x89, 0xe3, 0xbb, 0x61, - 0x54, 0xc3, 0xa4, 0x9e, 0x4f, 0x2e, 0xf3, 0x2a, 0x71, 0x23, 0x92, 0x60, 0x52, 0x17, 0x47, 0x86, - 0x9a, 0x3e, 0x36, 0x99, 0xd9, 0x7f, 0xc3, 0x82, 0x11, 0x76, 0xfa, 0x32, 0x47, 0x12, 0xc7, 0xf3, - 0x3b, 0x0a, 0x72, 0x58, 0x7d, 0x16, 0xe4, 0x38, 0x0f, 0x03, 0x1b, 0x61, 0x93, 0x64, 0x4f, 0x0e, - 0xaf, 0x84, 0xd4, 0x8a, 0xa5, 0x10, 0xf4, 0x22, 0x1d, 0x67, 0x2f, 0x48, 0x1c, 0x3a, 0xe3, 0xa4, - 0x0b, 0xf1, 0x04, 0x1f, 0x63, 0xd5, 0x8c, 0x4d, 0x1c, 0xfb, 0x77, 0x2b, 0x30, 0x24, 0x0e, 0x63, - 0xfb, 0x4e, 0x60, 0x95, 0xe6, 0x74, 0xa1, 0xa7, 0x39, 0x1d, 0xc3, 0xa0, 0xcb, 0xca, 0xfd, 0x08, - 0xad, 0xed, 0x5a, 0x2e, 0xa7, 0xf7, 0xbc, 0x82, 0x90, 0xee, 0x16, 0xff, 0x8f, 0x05, 0x2b, 0xf4, - 0x4d, 0x0b, 0x4e, 0xb8, 0x61, 0x10, 0x10, 0x57, 0xab, 0x14, 0x03, 0x79, 0xc4, 0xe3, 0xcc, 0xa6, - 0x89, 0x6a, 0xd7, 0x7f, 0x06, 0x80, 0xb3, 0xec, 0xd1, 0xcb, 0x30, 0xca, 0xc7, 0xec, 0x66, 0xca, - 0xef, 0xa9, 0xeb, 0x34, 0x98, 0x40, 0x9c, 0xc6, 0x45, 0x53, 0xdc, 0x7f, 0x2c, 0x2a, 0x22, 0x0c, - 0xea, 0x73, 0x24, 0xa3, 0x16, 0x82, 0x81, 0x81, 0x22, 0x40, 0x11, 0xa9, 0x47, 0x24, 0xde, 0x10, - 0x87, 0xd5, 0x4c, 0x9d, 0x19, 0x3a, 0x5c, 0x42, 0x1c, 0xee, 0xa0, 0x84, 0xbb, 0x50, 0x47, 0x9b, - 0xc2, 0x9e, 0x2b, 0xe7, 0x21, 0xb2, 0xc4, 0x67, 0xee, 0x69, 0xd6, 0x4d, 0x42, 0x29, 0xde, 0x70, - 0xa2, 0x1a, 0x53, 0xa3, 0x8a, 0x3c, 0xee, 0x7b, 0x95, 0x36, 0x60, 0xde, 0x8e, 0xe6, 0xe0, 0x64, - 0xa6, 0xca, 0x44, 0x2c, 0xfc, 0x93, 0x2a, 0x3e, 0x3a, 0x53, 0x9f, 0x22, 0xc6, 0x1d, 0x4f, 0x98, - 0xb6, 0xfe, 0xf0, 0x3e, 0xb6, 0xfe, 0x8e, 0x0a, 0x89, 0x1a, 0x61, 0xdb, 0xd1, 0xab, 0xb9, 0x0c, - 0x40, 0x5f, 0xf1, 0x4f, 0x5f, 0xcf, 0xc4, 0x3f, 0x8d, 0xb2, 0x0e, 0xdc, 0xcc, 0xa7, 0x03, 0x07, - 0x0f, 0x76, 0x7a, 0x98, 0xc1, 0x4b, 0xff, 0xc7, 0x02, 0xf9, 0x5d, 0x67, 0x1d, 0x77, 0x83, 0xd0, - 0x29, 0x83, 0x5e, 0x81, 0x31, 0x65, 0xb1, 0xce, 0x86, 0xed, 0x80, 0xc7, 0x2d, 0x15, 0xf5, 0x19, - 0x21, 0x4e, 0x41, 0x71, 0x06, 0x1b, 0x4d, 0x43, 0x85, 0x8e, 0x13, 0x7f, 0x94, 0x6f, 0x6d, 0xca, - 0x2a, 0x9e, 0x59, 0x59, 0x10, 0x4f, 0x69, 0x1c, 0x14, 0xc2, 0xb8, 0xef, 0xc4, 0x09, 0xeb, 0x01, - 0x35, 0x60, 0x0f, 0x99, 0x8e, 0xca, 0x8a, 0xec, 0x2c, 0x66, 0x09, 0xe1, 0x4e, 0xda, 0xf6, 0xf7, - 0x07, 0x60, 0x34, 0x25, 0x19, 0x0f, 0xb8, 0x27, 0x3e, 0x0f, 0x65, 0xb9, 0x4d, 0x65, 0x93, 0xe2, - 0xd5, 0x5e, 0xa6, 0x30, 0xe8, 0xa6, 0xb5, 0x4e, 0x9c, 0x88, 0x44, 0xac, 0x7e, 0x47, 0x76, 0x0f, - 0xaf, 0x6a, 0x10, 0x36, 0xf1, 0x98, 0x50, 0x4e, 0xfc, 0x78, 0xd6, 0xf7, 0x48, 0x90, 0xf0, 0x6e, - 0xe6, 0x23, 0x94, 0xd7, 0x16, 0x57, 0x4d, 0xa2, 0x5a, 0x28, 0x67, 0x00, 0x38, 0xcb, 0x1e, 0x7d, - 0xc9, 0x82, 0x51, 0xe7, 0x6e, 0xac, 0x6b, 0xd2, 0x89, 0x48, 0xa7, 0x23, 0x6e, 0x52, 0xa9, 0x32, - 0x77, 0xdc, 0xc3, 0x9a, 0x6a, 0xc2, 0x69, 0xa6, 0xe8, 0xdb, 0x16, 0x20, 0xb2, 0x4d, 0x5c, 0x19, - 0x8b, 0x25, 0xfa, 0x32, 0x98, 0x87, 0x61, 0x77, 0xa9, 0x83, 0x2e, 0x97, 0xea, 0x9d, 0xed, 0xb8, - 0x4b, 0x1f, 0xec, 0x7f, 0x56, 0x54, 0x0b, 0x4a, 0x87, 0xff, 0x39, 0x46, 0x52, 0x8d, 0x75, 0xf8, - 0xa4, 0x1a, 0x7d, 0x40, 0xdd, 0x91, 0x58, 0x93, 0xce, 0x61, 0x28, 0x3c, 0xa4, 0x1c, 0x86, 0x5f, - 0xb0, 0x52, 0xe5, 0x1f, 0x86, 0x2f, 0xbc, 0x96, 0x6f, 0xe8, 0xe1, 0x14, 0x0f, 0x8f, 0xc8, 0x48, - 0xf7, 0x74, 0xcc, 0x04, 0x95, 0xa6, 0x06, 0xda, 0x81, 0xa4, 0xe1, 0x7f, 0x2c, 0xc2, 0xb0, 0xb1, - 0x93, 0x76, 0x55, 0x8b, 0xac, 0x47, 0x4c, 0x2d, 0x2a, 0x1c, 0x40, 0x2d, 0xfa, 0x79, 0xa8, 0xb8, - 0x52, 0xca, 0xe7, 0x53, 0x00, 0x31, 0xbb, 0x77, 0x68, 0x41, 0xaf, 0x9a, 0xb0, 0xe6, 0x89, 0xe6, - 0x53, 0xb9, 0x09, 0x62, 0x87, 0x18, 0x60, 0x3b, 0x44, 0xb7, 0xe4, 0x01, 0xb1, 0x53, 0x74, 0x3e, - 0xc3, 0xaa, 0x84, 0xb4, 0x3c, 0xf1, 0x5e, 0x32, 0x40, 0x98, 0x57, 0x09, 0x59, 0x59, 0x90, 0xcd, - 0xd8, 0xc4, 0xb1, 0xbf, 0x6f, 0xa9, 0x8f, 0xfb, 0x00, 0xd2, 0x74, 0x6f, 0xa7, 0xd3, 0x74, 0x2f, - 0xe5, 0x32, 0xcc, 0x3d, 0xf2, 0x73, 0xaf, 0xc3, 0xd0, 0x6c, 0xd8, 0x6c, 0x3a, 0x41, 0x0d, 0xfd, - 0x18, 0x0c, 0xb9, 0xfc, 0xa7, 0xf0, 0xa3, 0xb0, 0xd3, 0x38, 0x01, 0xc5, 0x12, 0x86, 0x9e, 0x82, - 0x01, 0x27, 0x6a, 0x48, 0xdf, 0x09, 0x0b, 0xe8, 0x98, 0x89, 0x1a, 0x31, 0x66, 0xad, 0xf6, 0xdb, - 0x45, 0x80, 0xd9, 0xb0, 0xd9, 0x72, 0x22, 0x52, 0x5b, 0x0b, 0x59, 0x01, 0xa6, 0x63, 0x3d, 0xc3, - 0xd2, 0xc6, 0xd2, 0xa3, 0x7c, 0x8e, 0x65, 0x9c, 0x65, 0x14, 0x1f, 0xf4, 0x59, 0xc6, 0xd7, 0x2c, - 0x40, 0xf4, 0x8b, 0x84, 0x01, 0x09, 0x12, 0x7d, 0x38, 0x3b, 0x0d, 0x15, 0x57, 0xb6, 0x0a, 0xad, - 0x45, 0xaf, 0x3f, 0x09, 0xc0, 0x1a, 0xa7, 0x0f, 0xf3, 0xf3, 0x19, 0x29, 0x1c, 0x8b, 0xe9, 0x18, - 0x48, 0x26, 0x52, 0x85, 0xac, 0xb4, 0x7f, 0xaf, 0x00, 0x8f, 0xf1, 0xfd, 0x6e, 0xc9, 0x09, 0x9c, - 0x06, 0x69, 0xd2, 0x5e, 0xf5, 0x7b, 0xdc, 0xee, 0x52, 0xbb, 0xc7, 0x93, 0x31, 0x8d, 0x47, 0x5d, - 0x18, 0x7c, 0x42, 0xf3, 0x29, 0xbc, 0x10, 0x78, 0x09, 0x66, 0xc4, 0x51, 0x0c, 0x65, 0x59, 0x4e, - 0x57, 0x08, 0xba, 0x9c, 0x18, 0xa9, 0x35, 0x2f, 0x36, 0x25, 0x82, 0x15, 0x23, 0xaa, 0x15, 0xfa, - 0xa1, 0xbb, 0x89, 0x49, 0x2b, 0x64, 0x42, 0xcd, 0x08, 0x29, 0x5b, 0x14, 0xed, 0x58, 0x61, 0xd8, - 0xbf, 0x67, 0x41, 0x56, 0xdc, 0x1b, 0xa5, 0x66, 0xac, 0xfb, 0x96, 0x9a, 0x39, 0x40, 0xad, 0x97, - 0x9f, 0x81, 0x61, 0x27, 0xa1, 0x3b, 0x34, 0xb7, 0x69, 0x8b, 0x87, 0x73, 0xd1, 0x2f, 0x85, 0x35, - 0xaf, 0xee, 0x31, 0x5b, 0xd6, 0x24, 0x67, 0xff, 0xaf, 0x01, 0x18, 0xef, 0x88, 0x53, 0x47, 0x17, - 0x61, 0xc4, 0x15, 0xd3, 0xa3, 0x85, 0x49, 0x5d, 0xbc, 0x8c, 0x11, 0xe7, 0xa4, 0x61, 0x38, 0x85, - 0xd9, 0xc7, 0x04, 0x5d, 0x80, 0x53, 0x11, 0xb5, 0xa2, 0xdb, 0x64, 0xa6, 0x9e, 0x90, 0x68, 0x95, - 0xb8, 0x61, 0x50, 0xe3, 0x05, 0x91, 0x8a, 0xd5, 0xc7, 0xf7, 0x76, 0x27, 0x4f, 0xe1, 0x4e, 0x30, - 0xee, 0xf6, 0x0c, 0x6a, 0xc1, 0xa8, 0x6f, 0x2a, 0x58, 0x42, 0xbb, 0x3e, 0x94, 0x6e, 0xa6, 0x36, - 0xe0, 0x54, 0x33, 0x4e, 0x33, 0x48, 0x6b, 0x69, 0xa5, 0x87, 0xa4, 0xa5, 0xfd, 0xa2, 0xd6, 0xd2, - 0xf8, 0x59, 0xf2, 0xeb, 0x39, 0xe7, 0x29, 0x1c, 0xb7, 0x9a, 0xf6, 0x2a, 0x94, 0x65, 0x9c, 0x4d, - 0x5f, 0xf1, 0x29, 0x26, 0x9d, 0x1e, 0x12, 0xed, 0x5e, 0x01, 0xba, 0x68, 0xf8, 0x74, 0x9d, 0xe9, - 0xed, 0x34, 0xb5, 0xce, 0x0e, 0xb6, 0xa5, 0xa2, 0x6d, 0x1e, 0x63, 0xc4, 0x37, 0x8e, 0x4f, 0xe7, - 0x6d, 0xa1, 0xe8, 0xb0, 0x23, 0x15, 0x90, 0xae, 0x42, 0x8f, 0x2e, 0x00, 0x68, 0x2d, 0x48, 0x84, - 0x1b, 0xab, 0x23, 0x4c, 0xad, 0x2c, 0x61, 0x03, 0x8b, 0x1a, 0xac, 0x5e, 0x10, 0x27, 0x8e, 0xef, - 0x5f, 0xf1, 0x82, 0x44, 0x78, 0xde, 0xd4, 0x0e, 0xb9, 0xa0, 0x41, 0xd8, 0xc4, 0x3b, 0xfb, 0x09, - 0xe3, 0xbb, 0x1c, 0xe4, 0x7b, 0x6e, 0xc0, 0x13, 0xf3, 0x5e, 0xa2, 0x82, 0xe4, 0xd5, 0x3c, 0xa2, - 0x4a, 0x8e, 0x4a, 0xfa, 0xb0, 0x7a, 0x26, 0x7d, 0x18, 0x41, 0xea, 0x85, 0x74, 0x4c, 0x7d, 0x36, - 0x48, 0xdd, 0xbe, 0x08, 0xa7, 0xe7, 0xbd, 0xe4, 0xb2, 0xe7, 0x93, 0x03, 0x32, 0xb1, 0xbf, 0x54, - 0x82, 0x11, 0x33, 0x29, 0xe9, 0x20, 0x79, 0x2b, 0xdf, 0xa0, 0x7a, 0x8c, 0x78, 0x3b, 0x4f, 0x1d, - 0x00, 0xdd, 0x3a, 0x72, 0x86, 0x54, 0xf7, 0x11, 0x33, 0x54, 0x19, 0xcd, 0x13, 0x9b, 0x1d, 0x40, - 0x77, 0xa1, 0x54, 0x67, 0x41, 0xd4, 0xc5, 0x3c, 0x4e, 0xc9, 0xbb, 0x8d, 0xa8, 0x5e, 0x66, 0x3c, - 0x0c, 0x9b, 0xf3, 0xa3, 0x3b, 0x64, 0x94, 0xce, 0xcc, 0x31, 0xa2, 0x0b, 0x45, 0x4e, 0x8e, 0xc2, - 0xe8, 0x25, 0xea, 0x4b, 0x87, 0x10, 0xf5, 0x29, 0xc1, 0x3b, 0xf8, 0x90, 0x04, 0x2f, 0x0b, 0x88, - 0x4f, 0x36, 0x98, 0xfe, 0x26, 0xc2, 0xa1, 0x87, 0xd8, 0x20, 0x18, 0x01, 0xf1, 0x29, 0x30, 0xce, - 0xe2, 0xdb, 0x5f, 0x2b, 0xc0, 0xd8, 0x7c, 0xd0, 0x5e, 0x99, 0x5f, 0x69, 0xaf, 0xfb, 0x9e, 0x7b, - 0x8d, 0xec, 0x50, 0xf9, 0xb6, 0x49, 0x76, 0x16, 0xe6, 0xc4, 0x34, 0x54, 0x03, 0x7f, 0x8d, 0x36, - 0x62, 0x0e, 0xa3, 0x2b, 0xba, 0xee, 0x05, 0x0d, 0x12, 0xb5, 0x22, 0x4f, 0x38, 0xe5, 0x8c, 0x15, - 0x7d, 0x59, 0x83, 0xb0, 0x89, 0x47, 0x69, 0x87, 0x77, 0x03, 0x12, 0x65, 0xb5, 0xc1, 0x65, 0xda, - 0x88, 0x39, 0x8c, 0x22, 0x25, 0x51, 0x3b, 0x4e, 0xc4, 0x17, 0x55, 0x48, 0x6b, 0xb4, 0x11, 0x73, - 0x18, 0x5d, 0x2e, 0x71, 0x7b, 0x9d, 0x9d, 0xe4, 0x67, 0x02, 0x98, 0x57, 0x79, 0x33, 0x96, 0x70, - 0x8a, 0xba, 0x49, 0x76, 0xe6, 0xa8, 0x5d, 0x96, 0x49, 0x31, 0xb8, 0xc6, 0x9b, 0xb1, 0x84, 0xb3, - 0x0a, 0x4c, 0xe9, 0xe1, 0xf8, 0xa1, 0xab, 0xc0, 0x94, 0xee, 0x7e, 0x0f, 0x0b, 0xef, 0xd7, 0x2c, - 0x18, 0x31, 0xe3, 0x6f, 0x50, 0x23, 0xa3, 0x28, 0x2e, 0x77, 0x54, 0xd3, 0xfb, 0xa9, 0x6e, 0x57, - 0x87, 0x34, 0xbc, 0x24, 0x6c, 0xc5, 0x2f, 0x90, 0xa0, 0xe1, 0x05, 0x84, 0x1d, 0xab, 0xf2, 0xb8, - 0x9d, 0x54, 0x70, 0xcf, 0x6c, 0x58, 0x23, 0x87, 0xd0, 0x34, 0xed, 0x5b, 0x30, 0xde, 0x91, 0x57, - 0xd2, 0xc7, 0xfe, 0xbc, 0x6f, 0x56, 0x9f, 0x8d, 0x61, 0x98, 0x12, 0xe6, 0x41, 0x97, 0x31, 0x9a, - 0x85, 0x71, 0xae, 0x43, 0x50, 0x4e, 0xab, 0xee, 0x06, 0x69, 0xaa, 0x5c, 0x21, 0xe6, 0x01, 0xbe, - 0x99, 0x05, 0xe2, 0x4e, 0x7c, 0xfb, 0xeb, 0x16, 0x8c, 0xa6, 0x52, 0x7d, 0x72, 0xd2, 0x24, 0xd8, - 0x4a, 0x0b, 0x59, 0x38, 0x18, 0x8b, 0x89, 0x2d, 0xb2, 0x1d, 0x49, 0xaf, 0x34, 0x0d, 0xc2, 0x26, - 0x9e, 0xfd, 0x4e, 0x01, 0xca, 0xf2, 0x48, 0xbd, 0x8f, 0xae, 0x7c, 0xd5, 0x82, 0x51, 0xe5, 0x75, - 0x67, 0xee, 0x9c, 0x42, 0x1e, 0xc1, 0xdf, 0xb4, 0x07, 0x2a, 0x5e, 0x31, 0xa8, 0x87, 0x5a, 0xad, - 0xc5, 0x26, 0x33, 0x9c, 0xe6, 0x8d, 0x6e, 0x02, 0xc4, 0x3b, 0x71, 0x42, 0x9a, 0x86, 0x63, 0xc9, - 0x36, 0x56, 0xdc, 0x94, 0x1b, 0x46, 0x84, 0xae, 0xaf, 0xeb, 0x61, 0x8d, 0xac, 0x2a, 0x4c, 0xad, - 0x87, 0xe8, 0x36, 0x6c, 0x50, 0xb2, 0xff, 0x61, 0x01, 0x4e, 0x66, 0xbb, 0x84, 0x5e, 0x87, 0x11, - 0xc9, 0xdd, 0xb8, 0x06, 0x45, 0xc6, 0x11, 0x8c, 0x60, 0x03, 0x76, 0x6f, 0x77, 0x72, 0xb2, 0xf3, - 0x1a, 0x9a, 0x29, 0x13, 0x05, 0xa7, 0x88, 0xf1, 0xa3, 0x0f, 0x71, 0x46, 0x57, 0xdd, 0x99, 0x69, - 0xb5, 0xc4, 0xf9, 0x85, 0x71, 0xf4, 0x61, 0x42, 0x71, 0x06, 0x1b, 0xad, 0xc0, 0x69, 0xa3, 0xe5, - 0x3a, 0xf1, 0x1a, 0x1b, 0xeb, 0x61, 0x24, 0xcd, 0x93, 0xa7, 0x74, 0xa4, 0x4f, 0x27, 0x0e, 0xee, - 0xfa, 0x24, 0xdd, 0x32, 0x5d, 0xa7, 0xe5, 0xb8, 0x5e, 0xb2, 0x23, 0x3c, 0x65, 0x4a, 0x36, 0xcd, - 0x8a, 0x76, 0xac, 0x30, 0xec, 0x25, 0x18, 0xe8, 0x73, 0x06, 0xf5, 0xa5, 0x16, 0xbf, 0x0a, 0x65, - 0x4a, 0x4e, 0xea, 0x48, 0x79, 0x90, 0x0c, 0xa1, 0x2c, 0x2b, 0x99, 0x23, 0x1b, 0x8a, 0x9e, 0x23, - 0x4f, 0x97, 0xd4, 0x6b, 0x2d, 0xc4, 0x71, 0x9b, 0x59, 0x9a, 0x14, 0x88, 0x9e, 0x81, 0x22, 0xd9, - 0x6e, 0x65, 0x8f, 0x91, 0x2e, 0x6d, 0xb7, 0xbc, 0x88, 0xc4, 0x14, 0x89, 0x6c, 0xb7, 0xd0, 0x59, - 0x28, 0x78, 0x35, 0xb1, 0x49, 0x81, 0xc0, 0x29, 0x2c, 0xcc, 0xe1, 0x82, 0x57, 0xb3, 0xb7, 0xa1, - 0xa2, 0x4a, 0xa7, 0xa3, 0x4d, 0x29, 0xbb, 0xad, 0x3c, 0x62, 0x60, 0x24, 0xdd, 0x1e, 0x52, 0xbb, - 0x0d, 0xa0, 0x13, 0xab, 0xf2, 0x92, 0x2f, 0xe7, 0x61, 0xc0, 0x0d, 0x45, 0x3e, 0x66, 0x59, 0x93, - 0x61, 0x42, 0x9b, 0x41, 0xec, 0x5b, 0x30, 0x76, 0x2d, 0x08, 0xef, 0xb2, 0xda, 0xb0, 0xac, 0x72, - 0x0d, 0x25, 0x5c, 0xa7, 0x3f, 0xb2, 0x2a, 0x02, 0x83, 0x62, 0x0e, 0x53, 0x45, 0x57, 0x0a, 0xbd, - 0x8a, 0xae, 0xd8, 0x5f, 0xb0, 0xe0, 0xa4, 0x4a, 0x0f, 0x91, 0xd2, 0xf8, 0x22, 0x8c, 0xac, 0xb7, - 0x3d, 0xbf, 0x26, 0xfe, 0x67, 0x6d, 0xfd, 0xaa, 0x01, 0xc3, 0x29, 0x4c, 0x6a, 0x99, 0xac, 0x7b, - 0x81, 0x13, 0xed, 0xac, 0x68, 0xf1, 0xaf, 0x24, 0x42, 0x55, 0x41, 0xb0, 0x81, 0x65, 0x7f, 0xd5, - 0xec, 0x82, 0x48, 0x48, 0xe9, 0x63, 0x64, 0x6f, 0x40, 0xc9, 0x55, 0xa7, 0x91, 0x87, 0xaa, 0xd9, - 0xa5, 0x72, 0x81, 0x99, 0x47, 0x9a, 0x53, 0xb3, 0xff, 0x45, 0x01, 0x46, 0x53, 0xd5, 0x18, 0x90, - 0x0f, 0x65, 0xe2, 0x33, 0x7f, 0x98, 0x9c, 0x62, 0x47, 0x2d, 0xd1, 0xa6, 0x96, 0xc5, 0x25, 0x41, - 0x17, 0x2b, 0x0e, 0x8f, 0xc6, 0xa1, 0xcf, 0x45, 0x18, 0x91, 0x1d, 0xfa, 0xb4, 0xd3, 0xf4, 0xc5, - 0x2a, 0x54, 0x13, 0xe0, 0x92, 0x01, 0xc3, 0x29, 0x4c, 0xfb, 0xf7, 0x8b, 0x30, 0xc1, 0x1d, 0x88, - 0x35, 0x15, 0x97, 0xb1, 0x24, 0xb5, 0xac, 0xbf, 0xa6, 0x6b, 0xa6, 0xf0, 0x81, 0x5c, 0x3f, 0x6a, - 0x79, 0xd2, 0xee, 0x8c, 0xfa, 0x8a, 0x18, 0xf8, 0xd5, 0x4c, 0xc4, 0x00, 0xdf, 0x6c, 0x1b, 0xc7, - 0xd4, 0xa3, 0x1f, 0xae, 0x10, 0x82, 0xbf, 0x57, 0x80, 0x13, 0x99, 0xda, 0xaf, 0xe8, 0xed, 0x74, - 0x75, 0x37, 0x2b, 0x0f, 0x37, 0xd3, 0x7d, 0x2b, 0x90, 0x1e, 0xac, 0xc6, 0xdb, 0x43, 0x5a, 0x2a, - 0xf6, 0x1f, 0x14, 0x60, 0x2c, 0x5d, 0xb4, 0xf6, 0x11, 0x1c, 0xa9, 0x8f, 0x42, 0x85, 0x95, 0x82, - 0x64, 0x17, 0xed, 0x70, 0x6f, 0x16, 0xaf, 0x58, 0x28, 0x1b, 0xb1, 0x86, 0x3f, 0x12, 0xa5, 0xf3, - 0xec, 0xbf, 0x6f, 0xc1, 0x19, 0xfe, 0x96, 0xd9, 0x79, 0xf8, 0xd7, 0xbb, 0x8d, 0xee, 0x1b, 0xf9, - 0x76, 0x30, 0x53, 0xeb, 0x67, 0xbf, 0xf1, 0x65, 0x17, 0x7c, 0x88, 0xde, 0xa6, 0xa7, 0xc2, 0x23, - 0xd8, 0xd9, 0x03, 0x4d, 0x06, 0xfb, 0x0f, 0x8a, 0xa0, 0xef, 0x34, 0x41, 0x9e, 0x48, 0x75, 0xc9, - 0xa5, 0xe6, 0xd1, 0xea, 0x4e, 0xe0, 0xea, 0xdb, 0x53, 0xca, 0x99, 0x4c, 0x97, 0x5f, 0xb2, 0x60, - 0xd8, 0x0b, 0xbc, 0xc4, 0x73, 0x98, 0xf2, 0x9c, 0xcf, 0x9d, 0x0c, 0x8a, 0xdd, 0x02, 0xa7, 0x1c, - 0x46, 0xa6, 0x0b, 0x54, 0x31, 0xc3, 0x26, 0x67, 0xf4, 0x59, 0x11, 0xd4, 0x57, 0xcc, 0x2d, 0x49, - 0xab, 0x9c, 0x89, 0xe4, 0x6b, 0x41, 0x29, 0x22, 0x49, 0x94, 0x53, 0x6e, 0x23, 0xa6, 0xa4, 0x54, - 0x89, 0x3b, 0x7d, 0xbb, 0x1c, 0x6d, 0xc6, 0x9c, 0x91, 0x1d, 0x03, 0xea, 0x1c, 0x8b, 0x03, 0x06, - 0x4c, 0x4d, 0x43, 0xc5, 0x69, 0x27, 0x61, 0x93, 0x0e, 0x93, 0xf0, 0xd2, 0xea, 0x90, 0x30, 0x09, - 0xc0, 0x1a, 0xc7, 0x7e, 0xbb, 0x04, 0x99, 0xdc, 0x13, 0xb4, 0x6d, 0xde, 0xc7, 0x63, 0xe5, 0x7b, - 0x1f, 0x8f, 0xea, 0x4c, 0xb7, 0x3b, 0x79, 0x50, 0x03, 0x4a, 0xad, 0x0d, 0x27, 0x96, 0xba, 0xf1, - 0xab, 0x72, 0x98, 0x56, 0x68, 0xe3, 0xbd, 0xdd, 0xc9, 0x9f, 0xee, 0xcf, 0xd7, 0x42, 0xe7, 0xea, - 0x34, 0x4f, 0xe5, 0xd6, 0xac, 0x19, 0x0d, 0xcc, 0xe9, 0x1f, 0xe4, 0x56, 0x8a, 0x2f, 0x8a, 0x7a, - 0xa1, 0x98, 0xc4, 0x6d, 0x3f, 0x11, 0xb3, 0xe1, 0xd5, 0x1c, 0x57, 0x19, 0x27, 0xac, 0xb3, 0x26, - 0xf9, 0x7f, 0x6c, 0x30, 0x45, 0xaf, 0x43, 0x25, 0x4e, 0x9c, 0x28, 0x39, 0x64, 0x9e, 0x93, 0x1a, - 0xf4, 0x55, 0x49, 0x04, 0x6b, 0x7a, 0xe8, 0x35, 0x56, 0x02, 0xce, 0x8b, 0x37, 0x0e, 0x19, 0x8b, - 0x2b, 0xcb, 0xc5, 0x09, 0x0a, 0xd8, 0xa0, 0x46, 0x4d, 0x0f, 0x36, 0xb7, 0x79, 0x00, 0x4a, 0x99, - 0xd9, 0x96, 0x4a, 0x14, 0x62, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0xe3, 0x90, 0x4e, 0xfb, 0x45, 0x93, - 0x32, 0xcb, 0x98, 0xfb, 0x9e, 0x58, 0x4c, 0x6d, 0x2a, 0x21, 0xf8, 0x77, 0x2c, 0x30, 0x73, 0x93, - 0xd1, 0x1d, 0x9e, 0x04, 0x6d, 0xe5, 0xe1, 0x74, 0x37, 0xe8, 0x4e, 0x2d, 0x39, 0xad, 0xcc, 0xe9, - 0x8f, 0xcc, 0x84, 0x3e, 0xfb, 0x09, 0x28, 0x4b, 0xe8, 0x81, 0x94, 0xba, 0xcf, 0xc3, 0xa9, 0xec, - 0x6d, 0x85, 0xc2, 0xd7, 0xdc, 0x88, 0xc2, 0x76, 0x2b, 0x6b, 0x48, 0xb2, 0xdb, 0xec, 0x30, 0x87, - 0x51, 0x73, 0x6c, 0xd3, 0x0b, 0x6a, 0x59, 0x43, 0xf2, 0x9a, 0x17, 0xd4, 0x30, 0x83, 0xf4, 0x71, - 0x2b, 0xd3, 0x3f, 0xb7, 0xe0, 0xfc, 0x7e, 0x97, 0x2a, 0xa2, 0xa7, 0x60, 0xe0, 0xae, 0x13, 0xc9, - 0xfa, 0x99, 0x4c, 0x50, 0xde, 0x72, 0xa2, 0x00, 0xb3, 0x56, 0xb4, 0x03, 0x83, 0x3c, 0x89, 0x56, - 0x68, 0xeb, 0xaf, 0xe6, 0x7b, 0xc5, 0xe3, 0x35, 0x62, 0x98, 0x0b, 0x3c, 0x81, 0x17, 0x0b, 0x86, - 0xf6, 0xfb, 0x16, 0xa0, 0xe5, 0x2d, 0x12, 0x45, 0x5e, 0xcd, 0x48, 0xfb, 0x45, 0x2f, 0xc1, 0xc8, - 0xed, 0xd5, 0xe5, 0xeb, 0x2b, 0xa1, 0x17, 0xb0, 0x32, 0x00, 0x46, 0xa6, 0xd3, 0x55, 0xa3, 0x1d, - 0xa7, 0xb0, 0xd0, 0x2c, 0x8c, 0xdf, 0xbe, 0x43, 0x8d, 0x5f, 0xb3, 0x28, 0x76, 0x41, 0xbb, 0x3b, - 0xaf, 0xbe, 0x9a, 0x01, 0xe2, 0x4e, 0x7c, 0xb4, 0x0c, 0x67, 0x9a, 0xdc, 0xdc, 0xe0, 0xb5, 0x6c, - 0xb9, 0xed, 0xa1, 0x12, 0x1d, 0x9e, 0xd8, 0xdb, 0x9d, 0x3c, 0xb3, 0xd4, 0x0d, 0x01, 0x77, 0x7f, - 0xce, 0x7e, 0xb7, 0x00, 0xc3, 0xc6, 0xc5, 0xa4, 0x7d, 0xd8, 0xe0, 0x99, 0xd4, 0x8d, 0x42, 0x9f, - 0xa9, 0x1b, 0xcf, 0x41, 0xb9, 0x15, 0xfa, 0x9e, 0xeb, 0xa9, 0xc2, 0x2e, 0xac, 0xfe, 0xe0, 0x8a, - 0x68, 0xc3, 0x0a, 0x8a, 0xee, 0x42, 0x45, 0x5d, 0xd6, 0x27, 0xb2, 0x4f, 0xf3, 0xf2, 0xef, 0x28, - 0x49, 0xa5, 0x2f, 0xe1, 0xd3, 0xbc, 0x90, 0x0d, 0x83, 0x6c, 0xe6, 0xcb, 0x38, 0x34, 0x96, 0xc7, - 0xc3, 0x96, 0x44, 0x8c, 0x05, 0xc4, 0xfe, 0xf2, 0x10, 0x9c, 0xee, 0x56, 0x33, 0x0f, 0x7d, 0x0e, - 0x06, 0x79, 0x1f, 0xf3, 0x29, 0xcb, 0xda, 0x8d, 0xc7, 0x3c, 0x23, 0x28, 0xba, 0xc5, 0x7e, 0x63, - 0xc1, 0x53, 0x70, 0xf7, 0x9d, 0x75, 0xa1, 0x33, 0x1d, 0x0f, 0xf7, 0x45, 0x47, 0x73, 0x5f, 0x74, - 0x38, 0x77, 0xdf, 0x59, 0x47, 0xdb, 0x50, 0x6a, 0x78, 0x09, 0x71, 0x84, 0xe5, 0x70, 0xeb, 0x58, - 0x98, 0x13, 0x87, 0x8b, 0x66, 0xf6, 0x13, 0x73, 0x86, 0xe8, 0x3b, 0x16, 0x9c, 0x58, 0x4f, 0xa7, - 0x45, 0x89, 0x2d, 0xd4, 0x39, 0x86, 0xba, 0x88, 0x69, 0x46, 0xbc, 0xda, 0x74, 0xa6, 0x11, 0x67, - 0xbb, 0x83, 0x7e, 0xd1, 0x82, 0xa1, 0xba, 0xe7, 0x1b, 0x45, 0xbf, 0x8e, 0xe1, 0xe3, 0x5c, 0x66, - 0x0c, 0xb4, 0x9a, 0xc1, 0xff, 0xc7, 0x58, 0x72, 0xee, 0x75, 0x06, 0x3b, 0x78, 0xd4, 0x33, 0xd8, - 0xa1, 0x87, 0x64, 0x2b, 0xfe, 0x72, 0x01, 0x9e, 0xe9, 0xe3, 0x1b, 0x99, 0x99, 0x2c, 0xd6, 0x3e, - 0x99, 0x2c, 0xe7, 0x61, 0x20, 0x22, 0xad, 0x30, 0xbb, 0xdf, 0xb1, 0x70, 0x2f, 0x06, 0x41, 0x4f, - 0x43, 0xd1, 0x69, 0x79, 0x62, 0xbb, 0x53, 0x9b, 0xf4, 0xcc, 0xca, 0x02, 0xa6, 0xed, 0xf4, 0x4b, - 0x57, 0xd6, 0x65, 0xb2, 0x5e, 0x3e, 0x95, 0xdf, 0x7b, 0xe5, 0xfe, 0x71, 0xeb, 0x4d, 0x41, 0xb1, - 0xe6, 0x6b, 0x2f, 0xc3, 0xd9, 0xde, 0x33, 0x04, 0xbd, 0x08, 0xc3, 0xeb, 0x91, 0x13, 0xb8, 0x1b, - 0xec, 0x96, 0x04, 0x39, 0x26, 0x2c, 0x7f, 0x41, 0x37, 0x63, 0x13, 0xc7, 0xfe, 0xfd, 0x42, 0x77, - 0x8a, 0x5c, 0x08, 0x1c, 0x64, 0x84, 0xc5, 0xf8, 0x15, 0x7a, 0x8c, 0xdf, 0x1d, 0x28, 0x27, 0x2c, - 0x7d, 0x82, 0xd4, 0x85, 0x24, 0xc9, 0x2d, 0x3d, 0x91, 0xed, 0x35, 0x6b, 0x82, 0x38, 0x56, 0x6c, - 0xa8, 0xc8, 0xf7, 0x75, 0xbd, 0x30, 0x21, 0xf2, 0x33, 0x4e, 0xc3, 0x39, 0x38, 0x69, 0x94, 0x3f, - 0xe5, 0xd1, 0xe3, 0xfc, 0xec, 0x5b, 0xa5, 0x54, 0xad, 0x64, 0xe0, 0xb8, 0xe3, 0x09, 0xfb, 0xd7, - 0x0a, 0xf0, 0x44, 0x4f, 0xc9, 0xa6, 0x0f, 0xe8, 0xad, 0xfb, 0x1c, 0xd0, 0x1f, 0x79, 0x82, 0x9a, - 0x03, 0x3c, 0xf0, 0x60, 0x06, 0xf8, 0x79, 0x28, 0x7b, 0x41, 0x4c, 0xdc, 0x76, 0xc4, 0x07, 0xcd, - 0x88, 0xa5, 0x5c, 0x10, 0xed, 0x58, 0x61, 0xd8, 0x7f, 0xd8, 0x7b, 0xaa, 0xd1, 0x5d, 0xee, 0x47, - 0x76, 0x94, 0x5e, 0x86, 0x51, 0xa7, 0xd5, 0xe2, 0x78, 0xec, 0x30, 0x34, 0x93, 0x24, 0x39, 0x63, - 0x02, 0x71, 0x1a, 0xd7, 0x98, 0xc3, 0x83, 0xbd, 0xe6, 0xb0, 0xfd, 0x27, 0x16, 0x54, 0x30, 0xa9, - 0xf3, 0xb2, 0xb9, 0xe8, 0xb6, 0x18, 0x22, 0x2b, 0x8f, 0xea, 0x25, 0xec, 0xca, 0x7f, 0x8f, 0x55, - 0xf5, 0xe8, 0x36, 0xd8, 0x9d, 0xa5, 0x7c, 0x0b, 0x07, 0x2a, 0xe5, 0xab, 0x8a, 0xb9, 0x16, 0x7b, - 0x17, 0x73, 0xb5, 0xdf, 0x1d, 0xa2, 0xaf, 0xd7, 0x0a, 0x67, 0x23, 0x52, 0x8b, 0xe9, 0xf7, 0x6d, - 0x47, 0x7e, 0xf6, 0x26, 0xd4, 0x1b, 0x78, 0x11, 0xd3, 0xf6, 0x94, 0xc7, 0xa3, 0x70, 0xa0, 0x14, - 0xb1, 0xe2, 0xbe, 0x29, 0x62, 0x2f, 0xc3, 0x68, 0x1c, 0x6f, 0xac, 0x44, 0xde, 0x96, 0x93, 0x50, - 0xd3, 0x42, 0xc4, 0xd2, 0xe8, 0xb4, 0x8e, 0xd5, 0x2b, 0x1a, 0x88, 0xd3, 0xb8, 0x68, 0x1e, 0xc6, - 0x75, 0xa2, 0x16, 0x89, 0x12, 0x16, 0x3a, 0xc3, 0x67, 0x82, 0xca, 0xaa, 0xd0, 0xa9, 0x5d, 0x02, - 0x01, 0x77, 0x3e, 0x43, 0x25, 0x56, 0xaa, 0x91, 0x76, 0x64, 0x30, 0x2d, 0xb1, 0x52, 0x74, 0x68, - 0x5f, 0x3a, 0x9e, 0x40, 0x4b, 0x70, 0x8a, 0x4f, 0x0c, 0x76, 0xf5, 0xb6, 0x7a, 0xa3, 0xa1, 0x74, - 0xd5, 0x88, 0xf9, 0x4e, 0x14, 0xdc, 0xed, 0x39, 0x6a, 0x37, 0xa8, 0xe6, 0x85, 0x39, 0x61, 0xac, - 0x2b, 0xbb, 0x41, 0x91, 0x59, 0xa8, 0x61, 0x13, 0x0f, 0x7d, 0x1a, 0x1e, 0xd7, 0x7f, 0x79, 0x90, - 0x22, 0xf7, 0x60, 0xcd, 0x89, 0x1c, 0x58, 0x55, 0x3a, 0x74, 0xbe, 0x2b, 0x5a, 0x0d, 0xf7, 0x7a, - 0x1e, 0xad, 0xc3, 0x59, 0x05, 0xba, 0x44, 0x8d, 0xb4, 0x56, 0xe4, 0xc5, 0xa4, 0xea, 0xc4, 0xe4, - 0x46, 0xe4, 0xb3, 0xac, 0xd9, 0x8a, 0xbe, 0x03, 0x61, 0xde, 0x4b, 0xae, 0x74, 0xc3, 0xc4, 0x8b, - 0xf8, 0x3e, 0x54, 0xd0, 0x34, 0x54, 0x48, 0xe0, 0xac, 0xfb, 0x64, 0x79, 0x76, 0x81, 0xe5, 0xd2, - 0x1a, 0x0e, 0xb3, 0x4b, 0x12, 0x80, 0x35, 0x8e, 0x3a, 0xbe, 0x1d, 0xe9, 0x79, 0x67, 0xc6, 0x0a, - 0x9c, 0x6e, 0xb8, 0x2d, 0xaa, 0x07, 0x78, 0x2e, 0x99, 0x71, 0xd9, 0x11, 0x26, 0xfd, 0x30, 0xbc, - 0x9c, 0x87, 0x8a, 0x4d, 0x98, 0x9f, 0x5d, 0xe9, 0xc0, 0xc1, 0x5d, 0x9f, 0xa4, 0x6b, 0xac, 0x15, - 0x85, 0xdb, 0x3b, 0x13, 0xa7, 0xd2, 0x6b, 0x6c, 0x85, 0x36, 0x62, 0x0e, 0x43, 0x57, 0x01, 0xb1, - 0x40, 0x97, 0x2b, 0x49, 0xd2, 0x52, 0x8a, 0xc7, 0xc4, 0x69, 0xf6, 0x4a, 0x67, 0xc5, 0x13, 0xe8, - 0x72, 0x07, 0x06, 0xee, 0xf2, 0x94, 0xfd, 0xc7, 0x16, 0x8c, 0xaa, 0xf5, 0xfa, 0x00, 0x42, 0xbd, - 0xfc, 0x74, 0xa8, 0xd7, 0xfc, 0xd1, 0x25, 0x1e, 0xeb, 0x79, 0x8f, 0x78, 0x81, 0x2f, 0x0f, 0x03, - 0x68, 0xa9, 0xa8, 0x36, 0x24, 0xab, 0xe7, 0x86, 0xf4, 0xc8, 0x4a, 0xa4, 0x6e, 0x89, 0x73, 0xa5, - 0x87, 0x9b, 0x38, 0xb7, 0x0a, 0x67, 0xa4, 0xba, 0xc0, 0x5d, 0x32, 0x57, 0xc2, 0x58, 0x09, 0xb8, - 0x72, 0xf5, 0x69, 0x41, 0xe8, 0xcc, 0x42, 0x37, 0x24, 0xdc, 0xfd, 0xd9, 0x94, 0x96, 0x32, 0xb4, - 0x9f, 0x96, 0xa2, 0xd7, 0xf4, 0x62, 0x5d, 0x16, 0x22, 0xcd, 0xac, 0xe9, 0xc5, 0xcb, 0xab, 0x58, - 0xe3, 0x74, 0x17, 0xec, 0x95, 0x9c, 0x04, 0x3b, 0x1c, 0x58, 0xb0, 0x4b, 0x11, 0x33, 0xdc, 0x53, - 0xc4, 0x48, 0x2f, 0xd0, 0x48, 0x4f, 0x2f, 0xd0, 0x2b, 0x30, 0xe6, 0x05, 0x1b, 0x24, 0xf2, 0x12, - 0x52, 0x63, 0x6b, 0x81, 0x89, 0x9f, 0xb2, 0xde, 0xd6, 0x17, 0x52, 0x50, 0x9c, 0xc1, 0x4e, 0xcb, - 0xc5, 0xb1, 0x3e, 0xe4, 0x62, 0x8f, 0xdd, 0xe8, 0x44, 0x3e, 0xbb, 0xd1, 0xc9, 0xa3, 0xef, 0x46, - 0xe3, 0xc7, 0xba, 0x1b, 0xa1, 0x5c, 0x76, 0xa3, 0xbe, 0x04, 0xbd, 0x61, 0xd0, 0x9d, 0xde, 0xc7, - 0xa0, 0xeb, 0xb5, 0x15, 0x9d, 0x39, 0xf4, 0x56, 0xd4, 0x7d, 0x97, 0x79, 0xec, 0x50, 0xbb, 0xcc, - 0x57, 0x0a, 0x70, 0x46, 0xcb, 0x61, 0x3a, 0xfb, 0xbd, 0x3a, 0x95, 0x44, 0xac, 0x96, 0x35, 0x8f, - 0xda, 0x31, 0x22, 0x0f, 0x75, 0x10, 0xa3, 0x82, 0x60, 0x03, 0x8b, 0x05, 0xf0, 0x91, 0x88, 0x15, - 0x2d, 0xca, 0x0a, 0xe9, 0x59, 0xd1, 0x8e, 0x15, 0x06, 0x9d, 0x5f, 0xf4, 0xb7, 0x08, 0x8a, 0xce, - 0xd6, 0x0a, 0x98, 0xd5, 0x20, 0x6c, 0xe2, 0xa1, 0xe7, 0x38, 0x13, 0x26, 0x20, 0xa8, 0xa0, 0x1e, - 0x11, 0xb7, 0xb4, 0x48, 0x99, 0xa0, 0xa0, 0xb2, 0x3b, 0x2c, 0x52, 0xb3, 0xd4, 0xd9, 0x1d, 0x76, - 0xd2, 0xa8, 0x30, 0xec, 0xff, 0x6d, 0xc1, 0x13, 0x5d, 0x87, 0xe2, 0x01, 0x6c, 0xbe, 0xdb, 0xe9, - 0xcd, 0x77, 0x35, 0x2f, 0x73, 0xc3, 0x78, 0x8b, 0x1e, 0x1b, 0xf1, 0x7f, 0xb0, 0x60, 0x4c, 0xe3, - 0x3f, 0x80, 0x57, 0xf5, 0xd2, 0xaf, 0x9a, 0x9f, 0x65, 0x55, 0xe9, 0x78, 0xb7, 0x3f, 0x66, 0xef, - 0xc6, 0xcf, 0x30, 0x66, 0x5c, 0x59, 0x1d, 0x69, 0x1f, 0xdf, 0xfd, 0x0e, 0x0c, 0xb2, 0xc2, 0xc1, - 0x71, 0x3e, 0x67, 0x29, 0x69, 0xfe, 0x2c, 0x04, 0x5b, 0x9f, 0xa5, 0xb0, 0xbf, 0x31, 0x16, 0x0c, - 0x59, 0x49, 0x2d, 0x2f, 0xa6, 0xd2, 0xbc, 0x26, 0x62, 0x1e, 0x75, 0x49, 0x2d, 0xd1, 0x8e, 0x15, - 0x86, 0xdd, 0x84, 0x89, 0x34, 0xf1, 0x39, 0x52, 0x67, 0xe7, 0xf3, 0x7d, 0xbd, 0xe6, 0x34, 0x54, - 0x1c, 0xf6, 0xd4, 0x62, 0xdb, 0xc9, 0x5e, 0xec, 0x35, 0x23, 0x01, 0x58, 0xe3, 0xd8, 0xbf, 0x65, - 0xc1, 0xa9, 0x2e, 0x2f, 0x93, 0x63, 0xac, 0x67, 0xa2, 0xa5, 0x40, 0xb7, 0x0d, 0xf7, 0x23, 0x30, - 0x54, 0x23, 0x75, 0x47, 0x9e, 0x00, 0x1b, 0x32, 0x77, 0x8e, 0x37, 0x63, 0x09, 0xb7, 0xff, 0x87, - 0x05, 0x27, 0xd2, 0x7d, 0x8d, 0xa9, 0xd4, 0xe4, 0x2f, 0x33, 0xe7, 0xc5, 0x6e, 0xb8, 0x45, 0xa2, - 0x1d, 0xfa, 0xe6, 0xbc, 0xd7, 0x4a, 0x6a, 0xce, 0x74, 0x60, 0xe0, 0x2e, 0x4f, 0xb1, 0xaa, 0x3a, - 0x35, 0x35, 0xda, 0x72, 0xa6, 0xdc, 0xcc, 0x73, 0xa6, 0xe8, 0x8f, 0x69, 0x1e, 0x1c, 0x29, 0x96, - 0xd8, 0xe4, 0x6f, 0xbf, 0x3f, 0x00, 0x2a, 0x18, 0x9c, 0x1d, 0xbf, 0xe5, 0x74, 0x78, 0x99, 0xaa, - 0x01, 0x5f, 0xec, 0xa3, 0x06, 0xbc, 0x9c, 0x0c, 0x03, 0xf7, 0x3b, 0x1a, 0xe3, 0xde, 0x0b, 0xd3, - 0x49, 0xa8, 0xde, 0x70, 0x4d, 0x83, 0xb0, 0x89, 0x47, 0x7b, 0xe2, 0x7b, 0x5b, 0x84, 0x3f, 0x34, - 0x98, 0xee, 0xc9, 0xa2, 0x04, 0x60, 0x8d, 0x43, 0x7b, 0x52, 0xf3, 0xea, 0x75, 0x61, 0x8a, 0xab, - 0x9e, 0xd0, 0xd1, 0xc1, 0x0c, 0xc2, 0x0b, 0xa5, 0x85, 0x9b, 0x42, 0x3b, 0x35, 0x0a, 0xa5, 0x85, - 0x9b, 0x98, 0x41, 0xa8, 0x3e, 0x15, 0x84, 0x51, 0x93, 0x5d, 0xbc, 0x56, 0x53, 0x5c, 0x84, 0x56, - 0xaa, 0xf4, 0xa9, 0xeb, 0x9d, 0x28, 0xb8, 0xdb, 0x73, 0x74, 0x06, 0xb6, 0x22, 0x52, 0xf3, 0xdc, - 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xd2, 0x81, 0x81, 0xbb, 0x3c, 0x85, 0x66, 0xe0, 0x84, 0x0c, - 0xe6, 0x97, 0xf9, 0x8e, 0xc3, 0xe9, 0xfc, 0x2a, 0x9c, 0x06, 0xe3, 0x2c, 0x3e, 0x95, 0x36, 0x4d, - 0x91, 0xea, 0xcc, 0x94, 0x58, 0x43, 0xda, 0xc8, 0x14, 0x68, 0xac, 0x30, 0xec, 0x2f, 0x16, 0xe9, - 0xee, 0xd8, 0xa3, 0xbc, 0xf3, 0x03, 0x3b, 0x2c, 0x4f, 0xcf, 0xc8, 0x81, 0x3e, 0x66, 0xe4, 0x4b, - 0x30, 0x72, 0x3b, 0x0e, 0x03, 0x75, 0x10, 0x5d, 0xea, 0x79, 0x10, 0x6d, 0x60, 0x75, 0x3f, 0x88, - 0x1e, 0xcc, 0xeb, 0x20, 0x7a, 0xe8, 0x90, 0x07, 0xd1, 0xdf, 0x2d, 0x81, 0x2a, 0x90, 0x7a, 0x9d, - 0x24, 0x77, 0xc3, 0x68, 0xd3, 0x0b, 0x1a, 0x2c, 0x09, 0xe2, 0x3b, 0x16, 0x8c, 0xf0, 0xf5, 0xb2, - 0x68, 0x06, 0x12, 0xd7, 0x73, 0xaa, 0xbc, 0x99, 0x62, 0x36, 0xb5, 0x66, 0x30, 0xca, 0xdc, 0xeb, - 0x61, 0x82, 0x70, 0xaa, 0x47, 0xe8, 0xe7, 0x00, 0xa4, 0xdf, 0xb2, 0x2e, 0x45, 0xe6, 0x42, 0x3e, - 0xfd, 0xc3, 0xa4, 0xae, 0x75, 0xd3, 0x35, 0xc5, 0x04, 0x1b, 0x0c, 0xd1, 0x57, 0xb2, 0x17, 0x53, - 0x7e, 0xf6, 0x58, 0xc6, 0xa6, 0x9f, 0x10, 0x6b, 0x0c, 0x43, 0x5e, 0xd0, 0xa0, 0xf3, 0x44, 0x9c, - 0xdd, 0x7f, 0xb8, 0x5b, 0x02, 0xd1, 0x62, 0xe8, 0xd4, 0xaa, 0x8e, 0xef, 0x04, 0x2e, 0x89, 0x16, - 0x38, 0xba, 0x79, 0xd1, 0x14, 0x6b, 0xc0, 0x92, 0x50, 0x47, 0x69, 0xd9, 0x52, 0x3f, 0xa5, 0x65, - 0xcf, 0x7e, 0x12, 0xc6, 0x3b, 0x3e, 0xe6, 0x81, 0x22, 0xaa, 0x0f, 0x1f, 0x8c, 0x6d, 0xff, 0xcb, - 0x41, 0xbd, 0x69, 0x5d, 0x0f, 0x6b, 0xbc, 0xc0, 0x69, 0xa4, 0xbf, 0xa8, 0xd0, 0x3d, 0x73, 0x9c, - 0x22, 0xc6, 0x65, 0x55, 0xaa, 0x11, 0x9b, 0x2c, 0xe9, 0x1c, 0x6d, 0x39, 0x11, 0x09, 0x8e, 0x7b, - 0x8e, 0xae, 0x28, 0x26, 0xd8, 0x60, 0x88, 0x36, 0x52, 0x21, 0x95, 0x97, 0x8f, 0x1e, 0x52, 0xc9, - 0xf2, 0x93, 0xbb, 0x15, 0x49, 0xfc, 0xa6, 0x05, 0x63, 0x41, 0x6a, 0xe6, 0x8a, 0x73, 0x9c, 0xb5, - 0xe3, 0x58, 0x15, 0xbc, 0xbe, 0x76, 0xba, 0x0d, 0x67, 0xf8, 0x77, 0xdb, 0xd2, 0x4a, 0x07, 0xdc, - 0xd2, 0x74, 0xa5, 0xe4, 0xc1, 0x5e, 0x95, 0x92, 0x51, 0xa0, 0x4a, 0xc5, 0x0f, 0xe5, 0x5e, 0x2a, - 0x1e, 0xba, 0x94, 0x89, 0xbf, 0x05, 0x15, 0x37, 0x22, 0x4e, 0x72, 0xc8, 0xaa, 0xe1, 0xec, 0x10, - 0x7b, 0x56, 0x12, 0xc0, 0x9a, 0x96, 0xfd, 0xef, 0x8b, 0x70, 0x52, 0x8e, 0x88, 0x8c, 0xc0, 0xa2, - 0xfb, 0x23, 0xe7, 0xab, 0x95, 0x5b, 0xb5, 0x3f, 0x5e, 0x91, 0x00, 0xac, 0x71, 0xa8, 0x3e, 0xd6, - 0x8e, 0xc9, 0x72, 0x8b, 0x04, 0x8b, 0xde, 0x7a, 0x2c, 0xce, 0x1f, 0xd5, 0x42, 0xb9, 0xa1, 0x41, - 0xd8, 0xc4, 0xa3, 0xca, 0x38, 0xd7, 0x8b, 0xe3, 0x6c, 0xf4, 0xa6, 0xd0, 0xb7, 0xb1, 0x84, 0xa3, - 0x5f, 0xe9, 0x7a, 0xdf, 0x44, 0x3e, 0x71, 0xcb, 0x1d, 0x81, 0x67, 0x07, 0xbc, 0x68, 0xe2, 0x6d, - 0x0b, 0x4e, 0x6c, 0xa6, 0x12, 0xc8, 0xa4, 0x48, 0x3e, 0x62, 0xaa, 0x73, 0x3a, 0x2b, 0x4d, 0x4f, - 0xe1, 0x74, 0x7b, 0x8c, 0xb3, 0xdc, 0xed, 0xff, 0x69, 0x81, 0x29, 0x9e, 0xfa, 0xd3, 0xac, 0x8c, - 0x2b, 0xb3, 0x0a, 0xfb, 0x5c, 0x99, 0x25, 0x95, 0xb0, 0x62, 0x7f, 0x4a, 0xff, 0xc0, 0x01, 0x94, - 0xfe, 0x52, 0x4f, 0xad, 0xed, 0x69, 0x28, 0xb6, 0xbd, 0x9a, 0xd0, 0xdb, 0xf5, 0x69, 0xe3, 0xc2, - 0x1c, 0xa6, 0xed, 0xf6, 0x3f, 0x2d, 0x69, 0x3b, 0x5d, 0x84, 0xdb, 0xfe, 0x48, 0xbc, 0x76, 0x5d, - 0x65, 0xae, 0xf3, 0x37, 0xbf, 0xde, 0x91, 0xb9, 0xfe, 0x93, 0x07, 0x8f, 0xa6, 0xe6, 0x03, 0xd4, - 0x2b, 0x71, 0x7d, 0x68, 0x9f, 0x50, 0xea, 0xdb, 0x50, 0xa6, 0xa6, 0x0d, 0x73, 0xb8, 0x95, 0x53, - 0x9d, 0x2a, 0x5f, 0x11, 0xed, 0xf7, 0x76, 0x27, 0x7f, 0xe2, 0xe0, 0xdd, 0x92, 0x4f, 0x63, 0x45, - 0x1f, 0xc5, 0x50, 0xa1, 0xbf, 0x59, 0xd4, 0xb7, 0x30, 0x9a, 0x6e, 0x28, 0x59, 0x24, 0x01, 0xb9, - 0x84, 0x94, 0x6b, 0x3e, 0x28, 0x80, 0x0a, 0xbb, 0xeb, 0x86, 0x31, 0xe5, 0xb6, 0xd5, 0x8a, 0x8a, - 0xbd, 0x96, 0x80, 0x7b, 0xbb, 0x93, 0x2f, 0x1f, 0x9c, 0xa9, 0x7a, 0x1c, 0x6b, 0x16, 0xf6, 0x3b, - 0x03, 0x7a, 0xee, 0x8a, 0x82, 0x05, 0x3f, 0x12, 0x73, 0xf7, 0x62, 0x66, 0xee, 0x9e, 0xef, 0x98, - 0xbb, 0x63, 0xfa, 0x4e, 0x96, 0xd4, 0x6c, 0x7c, 0xd0, 0x1b, 0xec, 0xfe, 0x76, 0x3c, 0xd3, 0x2c, - 0xee, 0xb4, 0xbd, 0x88, 0xc4, 0x2b, 0x51, 0x3b, 0xf0, 0x82, 0x86, 0xb8, 0x06, 0xd3, 0xd0, 0x2c, - 0x52, 0x60, 0x9c, 0xc5, 0x67, 0x57, 0x68, 0xee, 0x04, 0xee, 0x2d, 0x67, 0x8b, 0xcf, 0x2a, 0x23, - 0x87, 0x7b, 0x55, 0xb4, 0x63, 0x85, 0x61, 0xbf, 0xcb, 0xce, 0x6e, 0x8d, 0x74, 0x13, 0x3a, 0x27, - 0x7c, 0x76, 0xb9, 0x10, 0x4f, 0x00, 0x57, 0x73, 0x82, 0xdf, 0x28, 0xc4, 0x61, 0xe8, 0x2e, 0x0c, - 0xad, 0xf3, 0xea, 0xfa, 0xf9, 0x54, 0x8c, 0x13, 0xa5, 0xfa, 0x59, 0x51, 0x57, 0x59, 0xb7, 0xff, - 0x9e, 0xfe, 0x89, 0x25, 0x37, 0xfb, 0xbd, 0x01, 0x38, 0x91, 0xb9, 0x7e, 0x26, 0x55, 0xbf, 0xa6, - 0xb0, 0x6f, 0xfd, 0x9a, 0xcf, 0x00, 0xd4, 0x48, 0xcb, 0x0f, 0x77, 0x98, 0x9a, 0x33, 0x70, 0x60, - 0x35, 0x47, 0x69, 0xc6, 0x73, 0x8a, 0x0a, 0x36, 0x28, 0x8a, 0xac, 0x77, 0x5e, 0x0e, 0x27, 0x93, - 0xf5, 0x6e, 0x14, 0x6d, 0x1c, 0x7c, 0xb0, 0x45, 0x1b, 0x3d, 0x38, 0xc1, 0xbb, 0xa8, 0x92, 0x3a, - 0x0e, 0x91, 0xbb, 0xc1, 0x22, 0x64, 0xe7, 0xd2, 0x64, 0x70, 0x96, 0xee, 0xc3, 0xbc, 0x5d, 0x0a, - 0x7d, 0x14, 0x2a, 0xf2, 0x3b, 0xc7, 0x13, 0x15, 0x9d, 0x18, 0x27, 0xa7, 0x01, 0xbb, 0xf5, 0x49, - 0xfc, 0xb4, 0xbf, 0x51, 0xa0, 0x5a, 0x29, 0xff, 0xa7, 0x12, 0x9c, 0x9f, 0x85, 0x41, 0xa7, 0x9d, - 0x6c, 0x84, 0x1d, 0x57, 0x06, 0xcc, 0xb0, 0x56, 0x2c, 0xa0, 0x68, 0x11, 0x06, 0x6a, 0x3a, 0x69, - 0xf5, 0x20, 0xa3, 0xa8, 0x1d, 0x7c, 0x4e, 0x42, 0x30, 0xa3, 0x82, 0x9e, 0x82, 0x81, 0xc4, 0x69, - 0xa4, 0xae, 0x72, 0x5d, 0x73, 0x1a, 0x31, 0x66, 0xad, 0xe6, 0xa6, 0x39, 0xb0, 0xcf, 0xa6, 0xf9, - 0x32, 0x8c, 0xc6, 0x5e, 0x23, 0x70, 0x92, 0x76, 0x44, 0x8c, 0xc3, 0x24, 0x1d, 0x1f, 0x60, 0x02, - 0x71, 0x1a, 0xd7, 0x7e, 0xbf, 0x02, 0xa7, 0xbb, 0x5d, 0xb9, 0x9f, 0x77, 0x34, 0x7c, 0x37, 0x1e, - 0x0f, 0x2e, 0x1a, 0xbe, 0x07, 0x77, 0xdf, 0x88, 0x86, 0xf7, 0x8d, 0x68, 0xf8, 0xaf, 0x58, 0x50, - 0x51, 0x41, 0xe0, 0x22, 0x90, 0xf5, 0xf5, 0xfc, 0x7b, 0xa0, 0x22, 0x82, 0x45, 0x2c, 0xb0, 0xfc, - 0x8b, 0x35, 0xf3, 0xe3, 0x0b, 0x8f, 0xbf, 0x6f, 0x87, 0x0e, 0x14, 0x1e, 0xaf, 0x72, 0x07, 0x4a, - 0x79, 0xe4, 0x0e, 0xf4, 0xf8, 0x54, 0x5d, 0x73, 0x07, 0xbe, 0x69, 0xc1, 0xb0, 0xf3, 0x56, 0x3b, - 0x22, 0x73, 0x64, 0x6b, 0xb9, 0x15, 0x0b, 0x01, 0xfb, 0x46, 0xfe, 0x1d, 0x98, 0xd1, 0x4c, 0x44, - 0x6d, 0x63, 0xdd, 0x80, 0xcd, 0x2e, 0xa4, 0x72, 0x05, 0x86, 0xf2, 0xc8, 0x15, 0xe8, 0xd6, 0x9d, - 0x7d, 0x73, 0x05, 0x5e, 0x86, 0x51, 0xd7, 0x0f, 0x03, 0xb2, 0x12, 0x85, 0x49, 0xe8, 0x86, 0xbe, - 0x50, 0xa6, 0x95, 0x48, 0x98, 0x35, 0x81, 0x38, 0x8d, 0xdb, 0x2b, 0xd1, 0xa0, 0x72, 0xd4, 0x44, - 0x03, 0x78, 0x48, 0x89, 0x06, 0x7f, 0x56, 0x80, 0xc9, 0x7d, 0x3e, 0x2a, 0xba, 0x08, 0x23, 0x61, - 0xd4, 0x70, 0x02, 0xef, 0x2d, 0x9e, 0xd4, 0x5a, 0x4a, 0x97, 0xce, 0x58, 0x36, 0x60, 0x38, 0x85, - 0x29, 0x43, 0x91, 0x07, 0x7b, 0x84, 0x22, 0x7f, 0x1c, 0x86, 0x13, 0xe2, 0x34, 0x45, 0xdc, 0x85, - 0x30, 0x80, 0xf4, 0x81, 0x92, 0x06, 0x61, 0x13, 0x8f, 0x4e, 0xa3, 0x31, 0xc7, 0x75, 0x49, 0x1c, - 0xcb, 0x58, 0x63, 0xe1, 0x9c, 0xc9, 0x2d, 0x90, 0x99, 0xf9, 0xbc, 0x66, 0x52, 0x2c, 0x70, 0x86, - 0x25, 0xed, 0xbc, 0xe3, 0xfb, 0x3c, 0xad, 0x80, 0xc8, 0xcb, 0xd9, 0x75, 0x09, 0x0c, 0x0d, 0xc2, - 0x26, 0x9e, 0xfd, 0xeb, 0x05, 0x78, 0xfa, 0xbe, 0xe2, 0xa5, 0xef, 0x30, 0xf0, 0x76, 0x4c, 0xa2, - 0xec, 0x81, 0xcc, 0x8d, 0x98, 0x44, 0x98, 0x41, 0xf8, 0x28, 0xb5, 0x5a, 0xc6, 0xa5, 0x45, 0x79, - 0x67, 0x1d, 0xf0, 0x51, 0x4a, 0xb1, 0xc0, 0x19, 0x96, 0xd9, 0x51, 0x1a, 0xe8, 0x73, 0x94, 0xfe, - 0x41, 0x01, 0x9e, 0xe9, 0x43, 0x08, 0xe7, 0x98, 0x9d, 0x91, 0xce, 0x6e, 0x29, 0x3e, 0x9c, 0xec, - 0x96, 0xc3, 0x0e, 0xd7, 0xbb, 0x05, 0x38, 0xdb, 0x5b, 0x16, 0xa2, 0x9f, 0xa2, 0x46, 0x94, 0x0c, - 0xb6, 0x30, 0x33, 0x63, 0x4e, 0x71, 0x03, 0x2a, 0x05, 0xc2, 0x59, 0x5c, 0x34, 0x05, 0xd0, 0x72, - 0x92, 0x8d, 0xf8, 0xd2, 0xb6, 0x17, 0x27, 0x22, 0xa7, 0x73, 0x8c, 0xbb, 0xc2, 0x65, 0x2b, 0x36, - 0x30, 0x28, 0x3b, 0xf6, 0x6f, 0x2e, 0xbc, 0x1e, 0x26, 0xfc, 0x21, 0xae, 0xc7, 0x9d, 0x92, 0xc5, - 0x23, 0x0d, 0x10, 0xce, 0xe2, 0x52, 0x76, 0xec, 0xb0, 0x85, 0x77, 0x94, 0x2b, 0x78, 0x8c, 0xdd, - 0xa2, 0x6a, 0xc5, 0x06, 0x46, 0x36, 0xe7, 0xa7, 0xd4, 0x47, 0xce, 0xcf, 0x3f, 0x29, 0xc0, 0x13, - 0x3d, 0xf7, 0xd2, 0xfe, 0x16, 0xe0, 0xa3, 0x97, 0xec, 0x73, 0xb8, 0xb9, 0x73, 0xc0, 0x14, 0x96, - 0x3f, 0xe9, 0x31, 0xd3, 0x44, 0x0a, 0x4b, 0x76, 0xab, 0xb0, 0x0e, 0xba, 0x55, 0x3c, 0x42, 0xe3, - 0xd9, 0x91, 0xb5, 0x32, 0x70, 0x80, 0xac, 0x95, 0xcc, 0xc7, 0x28, 0xf5, 0xb9, 0x90, 0xbf, 0xd7, - 0x7b, 0x78, 0xa9, 0xee, 0xdd, 0x97, 0x7b, 0x6a, 0x0e, 0x4e, 0x7a, 0x01, 0x2b, 0x24, 0xbc, 0xda, - 0x5e, 0x17, 0x19, 0xbf, 0x85, 0xf4, 0x1d, 0x59, 0x0b, 0x19, 0x38, 0xee, 0x78, 0xe2, 0x11, 0xcc, - 0x22, 0x3a, 0xe4, 0x90, 0x7e, 0x06, 0x2a, 0x8a, 0x36, 0x8f, 0x8c, 0x54, 0x1f, 0xb4, 0x23, 0x32, - 0x52, 0x7d, 0x4d, 0x03, 0x8b, 0x8e, 0xc4, 0x26, 0xd9, 0xc9, 0xce, 0xcc, 0x6b, 0x64, 0x87, 0x9d, - 0x92, 0xda, 0x1f, 0x83, 0x11, 0x65, 0x44, 0xf6, 0x5b, 0xe8, 0xd6, 0x7e, 0x67, 0x10, 0x46, 0x53, - 0x65, 0x2c, 0x52, 0x3e, 0x1b, 0x6b, 0x5f, 0x9f, 0x0d, 0x8b, 0x74, 0x6d, 0x07, 0xb2, 0x94, 0xb4, - 0x11, 0xe9, 0xda, 0x0e, 0x08, 0xe6, 0x30, 0x6a, 0xba, 0xd7, 0xa2, 0x1d, 0xdc, 0x0e, 0x44, 0x44, - 0x9a, 0x32, 0xdd, 0xe7, 0x58, 0x2b, 0x16, 0x50, 0xf4, 0x05, 0x0b, 0x46, 0x62, 0xe6, 0x10, 0xe4, - 0x1e, 0x2f, 0xf1, 0x41, 0xaf, 0xe6, 0x71, 0xed, 0xb3, 0x28, 0xd9, 0xc2, 0x0e, 0xb3, 0xcd, 0x16, - 0x9c, 0xe2, 0x88, 0xbe, 0x64, 0x99, 0x17, 0x5e, 0x0f, 0xe6, 0x11, 0x49, 0x99, 0xad, 0x12, 0xc2, - 0x5d, 0x25, 0xf7, 0xbf, 0xf7, 0x5a, 0xdf, 0x83, 0x3f, 0xf4, 0xe0, 0xee, 0xc1, 0xff, 0x28, 0x54, - 0x9a, 0x4e, 0xe0, 0xd5, 0x49, 0x9c, 0x70, 0x0f, 0x91, 0x2c, 0x5e, 0x24, 0x1b, 0xb1, 0x86, 0xd3, - 0xcd, 0x2e, 0x66, 0x2f, 0x96, 0x18, 0x2e, 0x1d, 0xb6, 0xd9, 0xad, 0xea, 0x66, 0x6c, 0xe2, 0x98, - 0xfe, 0x27, 0x78, 0xa8, 0xfe, 0xa7, 0xe1, 0x7d, 0xfc, 0x4f, 0xff, 0xc8, 0x82, 0x33, 0x5d, 0xbf, - 0xda, 0xa3, 0x1b, 0xa3, 0x64, 0x7f, 0xab, 0x04, 0xa7, 0xba, 0xd4, 0xa3, 0x41, 0x3b, 0xc7, 0x76, - 0x81, 0xbb, 0x28, 0x78, 0x33, 0xda, 0x73, 0x12, 0x1f, 0xcc, 0xfb, 0xab, 0x3d, 0xb0, 0xc5, 0x07, - 0xeb, 0x81, 0x35, 0xa6, 0xe5, 0xc0, 0x43, 0x9d, 0x96, 0xa5, 0xfb, 0x4f, 0x4b, 0xf4, 0xdb, 0x16, - 0x4c, 0x34, 0x7b, 0x14, 0x41, 0x14, 0x5e, 0x95, 0x9b, 0xc7, 0x53, 0x62, 0xb1, 0xfa, 0xd4, 0xde, - 0xee, 0x64, 0xcf, 0xda, 0x93, 0xb8, 0x67, 0xaf, 0xec, 0xf7, 0x8b, 0xc0, 0x8a, 0x21, 0xb1, 0xf2, - 0x23, 0x3b, 0xe8, 0xf3, 0x66, 0x59, 0x2b, 0x2b, 0xaf, 0x12, 0x4c, 0x9c, 0xb8, 0x2a, 0x8b, 0xc5, - 0x47, 0xb0, 0x5b, 0x95, 0xac, 0xac, 0xd0, 0x2a, 0xf4, 0x21, 0xb4, 0x7c, 0x59, 0x3f, 0xac, 0x98, - 0x7f, 0xfd, 0xb0, 0x4a, 0xb6, 0x76, 0xd8, 0xfd, 0x3f, 0xf1, 0xc0, 0x23, 0xf9, 0x89, 0xff, 0x96, - 0xc5, 0x05, 0x4f, 0xe6, 0x2b, 0x68, 0xcd, 0xc0, 0xba, 0x8f, 0x66, 0xf0, 0x3c, 0xbb, 0xe9, 0xaf, - 0x7e, 0x85, 0x38, 0xbe, 0xd0, 0x20, 0xcc, 0x4b, 0xfb, 0x58, 0x3b, 0x56, 0x18, 0xec, 0x6e, 0x0e, - 0xdf, 0x0f, 0xef, 0x5e, 0x6a, 0xb6, 0x92, 0x1d, 0xa1, 0x4b, 0xe8, 0xbb, 0x39, 0x14, 0x04, 0x1b, - 0x58, 0xf6, 0xdf, 0x29, 0xf0, 0x19, 0x28, 0xce, 0x55, 0x2f, 0x66, 0x0a, 0xc1, 0xf7, 0x7f, 0x24, - 0xf9, 0x39, 0x00, 0x57, 0x5d, 0xf2, 0x25, 0x1c, 0xde, 0x57, 0x8e, 0x7c, 0x49, 0x92, 0xa0, 0xa7, - 0x5f, 0x43, 0xb7, 0x61, 0x83, 0x5f, 0x4a, 0x96, 0x16, 0xf7, 0x95, 0xa5, 0x29, 0xb1, 0x32, 0xb0, - 0xcf, 0x6e, 0xf7, 0x67, 0x16, 0xa4, 0x34, 0x22, 0xd4, 0x82, 0x12, 0xed, 0xee, 0x4e, 0x3e, 0xf7, - 0x97, 0x99, 0xa4, 0xa9, 0x68, 0x14, 0xd3, 0x9e, 0xfd, 0xc4, 0x9c, 0x11, 0xf2, 0xc5, 0xf1, 0x6b, - 0x21, 0x8f, 0x3b, 0xf6, 0x4c, 0x86, 0x57, 0xc2, 0x70, 0x93, 0x9f, 0xda, 0xe8, 0xa3, 0x5c, 0xfb, - 0x22, 0x8c, 0x77, 0x74, 0x8a, 0xd5, 0x7c, 0x0e, 0xe5, 0xa5, 0x6d, 0xc6, 0x74, 0x65, 0x39, 0x50, - 0x98, 0xc3, 0xec, 0x77, 0x2d, 0x38, 0x99, 0x25, 0x8f, 0xbe, 0x6d, 0xc1, 0x78, 0x9c, 0xa5, 0x77, - 0x5c, 0x63, 0xa7, 0x42, 0x93, 0x3a, 0x40, 0xb8, 0xb3, 0x13, 0xf6, 0x9f, 0x8b, 0xc9, 0x7f, 0xcb, - 0x0b, 0x6a, 0xe1, 0x5d, 0xa5, 0x98, 0x58, 0x3d, 0x15, 0x13, 0xba, 0x1e, 0xdd, 0x0d, 0x52, 0x6b, - 0xfb, 0x1d, 0xc9, 0x57, 0xab, 0xa2, 0x1d, 0x2b, 0x8c, 0xd4, 0xf5, 0xed, 0xc5, 0x7d, 0xaf, 0x6f, - 0x7f, 0x09, 0x46, 0xcc, 0x8b, 0x09, 0xc5, 0xbc, 0x64, 0x0a, 0xb9, 0x79, 0x87, 0x21, 0x4e, 0x61, - 0x65, 0xae, 0xa6, 0x2e, 0xed, 0x7b, 0x35, 0xf5, 0x73, 0x50, 0x16, 0xd7, 0x2c, 0xcb, 0x00, 0x3e, - 0x9e, 0xd9, 0x25, 0xda, 0xb0, 0x82, 0x52, 0x69, 0xd2, 0x74, 0x82, 0xb6, 0xe3, 0xd3, 0x11, 0x12, - 0xe9, 0xa8, 0x6a, 0x19, 0x2e, 0x29, 0x08, 0x36, 0xb0, 0xe8, 0x1b, 0x27, 0x5e, 0x93, 0xbc, 0x16, - 0x06, 0x32, 0xf4, 0x45, 0xfb, 0xb4, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0x7f, 0xb3, 0x20, 0x7b, 0x47, - 0x6c, 0xca, 0xcb, 0x61, 0xed, 0x9b, 0x02, 0x9b, 0x4e, 0xa0, 0x2b, 0xf4, 0x95, 0x40, 0x67, 0xe6, - 0xb6, 0x15, 0xef, 0x9b, 0xdb, 0xf6, 0x63, 0xfa, 0xe6, 0x10, 0x9e, 0x04, 0x37, 0xdc, 0xed, 0xd6, - 0x10, 0x64, 0xc3, 0xa0, 0xeb, 0xa8, 0x22, 0x09, 0x23, 0xdc, 0x76, 0x98, 0x9d, 0x61, 0x48, 0x02, - 0x52, 0x5d, 0x7f, 0xef, 0x07, 0xe7, 0x3e, 0xf4, 0xbd, 0x1f, 0x9c, 0xfb, 0xd0, 0x1f, 0xfd, 0xe0, - 0xdc, 0x87, 0xbe, 0xb0, 0x77, 0xce, 0x7a, 0x6f, 0xef, 0x9c, 0xf5, 0xbd, 0xbd, 0x73, 0xd6, 0x1f, - 0xed, 0x9d, 0xb3, 0xde, 0xdf, 0x3b, 0x67, 0x7d, 0xf3, 0x3f, 0x9f, 0xfb, 0xd0, 0x6b, 0x5d, 0x43, - 0x95, 0xe8, 0x8f, 0x17, 0xdc, 0xda, 0xf4, 0xd6, 0x05, 0x16, 0x2d, 0x43, 0x57, 0xc3, 0xb4, 0x31, - 0x05, 0xa6, 0xe5, 0x6a, 0xf8, 0xff, 0x01, 0x00, 0x00, 0xff, 0xff, 0x0b, 0xac, 0xd6, 0xaa, 0xde, - 0xc7, 0x00, 0x00, + 0x8f, 0x9e, 0xa2, 0xf3, 0x69, 0x81, 0xb5, 0xdc, 0xdb, 0x9d, 0x1c, 0x53, 0x02, 0xb1, 0x26, 0x2c, + 0x70, 0xd1, 0x6f, 0x58, 0x30, 0xe2, 0x86, 0xcd, 0x66, 0x18, 0x70, 0xff, 0x41, 0x38, 0x43, 0xb7, + 0x8f, 0x6b, 0x05, 0x9e, 0x9a, 0x35, 0x98, 0x71, 0x6f, 0x48, 0x25, 0x22, 0x98, 0x20, 0x9c, 0x92, + 0xca, 0x9c, 0x76, 0xa5, 0x7d, 0xa6, 0xdd, 0xef, 0x58, 0x30, 0xce, 0x9f, 0x35, 0xdc, 0x1a, 0x11, + 0x73, 0x1f, 0x1e, 0xf3, 0x6b, 0x75, 0x78, 0x7a, 0x6a, 0x4b, 0xa8, 0x03, 0x8e, 0x3b, 0x85, 0x44, + 0xf3, 0x30, 0x5e, 0x0f, 0x23, 0x97, 0x98, 0x1d, 0x21, 0x74, 0x86, 0x22, 0x74, 0x39, 0x8b, 0x80, + 0x3b, 0x9f, 0x41, 0x37, 0xe1, 0x31, 0xa3, 0xd1, 0xec, 0x07, 0xae, 0x36, 0xce, 0x09, 0x6a, 0x8f, + 0x5d, 0xee, 0x8a, 0x85, 0x7b, 0x3c, 0x9d, 0xf6, 0xfc, 0x2b, 0x7d, 0x78, 0xfe, 0x6f, 0xc2, 0x13, + 0x6e, 0x67, 0xcf, 0x6c, 0xc5, 0xed, 0xf5, 0x38, 0x61, 0x46, 0x56, 0xb9, 0xfa, 0xff, 0x09, 0x02, + 0x4f, 0xcc, 0xf6, 0x42, 0xc4, 0xbd, 0x69, 0xa0, 0xcf, 0x41, 0x39, 0x22, 0xec, 0xab, 0xc4, 0x22, + 0x00, 0xfd, 0x88, 0xee, 0x9e, 0x36, 0x0e, 0x39, 0x59, 0xad, 0x16, 0x45, 0x43, 0x8c, 0x15, 0xc7, + 0xb3, 0x9f, 0x84, 0xf1, 0x8e, 0xf1, 0x7c, 0x20, 0xe7, 0x7b, 0x0e, 0x1e, 0xeb, 0x3e, 0x72, 0x0e, + 0xe4, 0x82, 0xff, 0xa3, 0x4c, 0x5c, 0x95, 0x61, 0xe8, 0xf5, 0xb1, 0x9d, 0xe3, 0x40, 0x91, 0x04, + 0x5b, 0x42, 0x91, 0x5e, 0x3e, 0x5a, 0xef, 0x5d, 0x0a, 0xb6, 0xf8, 0xc0, 0x67, 0x3e, 0xeb, 0xa5, + 0x60, 0x0b, 0x53, 0xda, 0xe8, 0x1d, 0x2b, 0x65, 0xa8, 0xf0, 0x4d, 0xa0, 0xcf, 0x1c, 0x8b, 0x65, + 0xdb, 0xb7, 0xed, 0x62, 0xff, 0x9b, 0x02, 0x9c, 0xdf, 0x8f, 0x48, 0x1f, 0xdd, 0xf7, 0x0c, 0x0c, + 0xc6, 0xec, 0x60, 0x4b, 0x68, 0xa6, 0x61, 0xaa, 0x95, 0xf8, 0x51, 0xd7, 0x9b, 0x58, 0x80, 0x90, + 0x0f, 0xc5, 0xa6, 0xd3, 0x12, 0x7b, 0x03, 0x0b, 0x47, 0x8d, 0xa2, 0xa6, 0xff, 0x1d, 0x7f, 0xc9, + 0x69, 0x71, 0x8f, 0xd3, 0x68, 0xc0, 0x94, 0x0d, 0x4a, 0xa0, 0xe4, 0x44, 0x91, 0x23, 0x4f, 0x51, + 0xae, 0xe5, 0xc3, 0x6f, 0x86, 0x92, 0xac, 0x8e, 0xef, 0xed, 0x4e, 0x8e, 0xa6, 0x9a, 0x30, 0x67, + 0x66, 0x7f, 0x6d, 0x28, 0x15, 0x49, 0xcc, 0x8e, 0xc6, 0x62, 0x18, 0x14, 0x5b, 0x02, 0x56, 0xde, + 0xc1, 0xeb, 0x3c, 0x15, 0x84, 0xf9, 0x31, 0x22, 0xa1, 0x4e, 0xb0, 0x42, 0x5f, 0xb5, 0x58, 0xda, + 0x9a, 0x8c, 0xae, 0x16, 0xde, 0xc3, 0xf1, 0x64, 0xd1, 0x99, 0xc9, 0x70, 0xb2, 0x11, 0x9b, 0xdc, + 0xe9, 0xd2, 0xd5, 0xe2, 0x09, 0x18, 0x59, 0x1f, 0x42, 0x26, 0xb6, 0x49, 0x38, 0xda, 0xee, 0x72, + 0x04, 0x96, 0x43, 0xea, 0x53, 0x1f, 0x87, 0x5e, 0xdf, 0xb1, 0x60, 0x9c, 0x5b, 0x8a, 0x73, 0x5e, + 0xbd, 0x4e, 0x22, 0x12, 0xb8, 0x44, 0xda, 0xda, 0x47, 0x3c, 0x64, 0x95, 0xfb, 0x30, 0x0b, 0x59, + 0xf2, 0x7a, 0x4d, 0xeb, 0x00, 0xe1, 0x4e, 0x61, 0x50, 0x0d, 0x06, 0xbc, 0xa0, 0x1e, 0x8a, 0x95, + 0xbc, 0x7a, 0x34, 0xa1, 0x16, 0x82, 0x7a, 0xa8, 0x67, 0x33, 0xfd, 0x87, 0x19, 0x75, 0xb4, 0x08, + 0xa7, 0x23, 0xb1, 0x1b, 0x72, 0xc5, 0x8b, 0xa9, 0xcf, 0xba, 0xe8, 0x35, 0xbd, 0x84, 0xad, 0xc2, + 0xc5, 0xea, 0xc4, 0xde, 0xee, 0xe4, 0x69, 0xdc, 0x05, 0x8e, 0xbb, 0x3e, 0x85, 0xde, 0x82, 0x21, + 0x99, 0x67, 0x57, 0xce, 0xc3, 0x6f, 0xe9, 0x1c, 0xff, 0x6a, 0x30, 0xad, 0x8a, 0x94, 0x3a, 0xc9, + 0xd0, 0x7e, 0x7b, 0x18, 0x3a, 0x0f, 0xa2, 0xd0, 0xcf, 0x41, 0x25, 0x52, 0xb9, 0x7f, 0x56, 0x1e, + 0x21, 0x54, 0xf2, 0xfb, 0x8a, 0x43, 0x30, 0x65, 0x0f, 0xe8, 0x2c, 0x3f, 0xcd, 0x91, 0x5a, 0xed, + 0xb1, 0x3e, 0xaf, 0xca, 0x61, 0x6c, 0x0b, 0xae, 0xfa, 0x9c, 0x63, 0x27, 0x70, 0x31, 0xe3, 0x81, + 0x22, 0x18, 0xdc, 0x20, 0x8e, 0x9f, 0x6c, 0xe4, 0xb3, 0x25, 0x7b, 0x85, 0xd1, 0xca, 0x46, 0x89, + 0xf3, 0x56, 0x2c, 0x38, 0xa1, 0x6d, 0x18, 0xda, 0xe0, 0x03, 0x40, 0x18, 0xd2, 0x4b, 0x47, 0xed, + 0xdc, 0xd4, 0xa8, 0xd2, 0x9f, 0x5b, 0x34, 0x60, 0xc9, 0x8e, 0x9d, 0x9f, 0x1b, 0x67, 0xb0, 0x7c, + 0xea, 0xe6, 0x17, 0x20, 0xdf, 0xff, 0x01, 0xec, 0x67, 0x61, 0x24, 0x22, 0x6e, 0x18, 0xb8, 0x9e, + 0x4f, 0x6a, 0x33, 0x72, 0xbb, 0xf5, 0x20, 0x61, 0xd5, 0x27, 0xa9, 0x33, 0x80, 0x0d, 0x1a, 0x38, + 0x45, 0x11, 0x7d, 0xc5, 0x82, 0x31, 0x95, 0x30, 0x44, 0x3f, 0x08, 0x11, 0x1b, 0x96, 0x8b, 0x39, + 0xa5, 0x27, 0x31, 0x9a, 0x55, 0xb4, 0xb7, 0x3b, 0x39, 0x96, 0x6e, 0xc3, 0x19, 0xbe, 0xe8, 0x35, + 0x80, 0x70, 0x9d, 0x1f, 0x92, 0xcf, 0x24, 0x62, 0xf7, 0xf2, 0x20, 0xaf, 0x3a, 0xc6, 0xf3, 0x2b, + 0x24, 0x05, 0x6c, 0x50, 0x43, 0xd7, 0x00, 0xf8, 0xb4, 0x59, 0xdb, 0x69, 0x49, 0x6b, 0x5b, 0xc6, + 0xc5, 0xc3, 0xaa, 0x82, 0xdc, 0xdb, 0x9d, 0xec, 0xdc, 0x4d, 0x62, 0x47, 0xc5, 0xc6, 0xe3, 0xe8, + 0x67, 0x61, 0x28, 0x6e, 0x37, 0x9b, 0x8e, 0xda, 0xdb, 0xcc, 0x31, 0x63, 0x83, 0xd3, 0x35, 0x54, + 0x11, 0x6f, 0xc0, 0x92, 0x23, 0xba, 0x4d, 0x95, 0x6a, 0x2c, 0xb6, 0xb9, 0xd8, 0x2c, 0xe2, 0x36, + 0xc1, 0x30, 0x7b, 0xa7, 0x4f, 0x88, 0xe7, 0x4e, 0xe3, 0x2e, 0x38, 0xf7, 0x76, 0x27, 0x1f, 0x4b, + 0xb7, 0x2f, 0x86, 0x22, 0x87, 0xa2, 0x2b, 0x4d, 0x74, 0x55, 0xa6, 0xdd, 0xd3, 0xd7, 0x96, 0xd9, + 0xa0, 0xcf, 0xe9, 0xb4, 0x7b, 0xd6, 0xdc, 0xbb, 0xcf, 0xcc, 0x87, 0xd1, 0x12, 0x9c, 0x72, 0xc3, + 0x20, 0x89, 0x42, 0xdf, 0xe7, 0xb5, 0x24, 0xb8, 0xe3, 0xc3, 0xf7, 0x3e, 0x9f, 0x14, 0x62, 0x9f, + 0x9a, 0xed, 0x44, 0xc1, 0xdd, 0x9e, 0xb3, 0x83, 0x74, 0xf4, 0x90, 0xe8, 0x9c, 0x97, 0x60, 0x84, + 0x6c, 0x27, 0x24, 0x0a, 0x1c, 0xff, 0x06, 0x5e, 0x94, 0xbb, 0x7e, 0x6c, 0x0e, 0x5c, 0x32, 0xda, + 0x71, 0x0a, 0x0b, 0xd9, 0xca, 0xdb, 0x2f, 0xe8, 0x44, 0x23, 0xee, 0xed, 0x4b, 0xdf, 0xde, 0xfe, + 0x3f, 0x85, 0x94, 0x41, 0xb6, 0x16, 0x11, 0x82, 0x42, 0x28, 0x05, 0x61, 0x4d, 0xe9, 0xfe, 0xab, + 0xf9, 0xe8, 0xfe, 0xeb, 0x61, 0xcd, 0xc8, 0xcd, 0xa7, 0xff, 0x62, 0xcc, 0xf9, 0xb0, 0xe4, 0x65, + 0x99, 0xe5, 0xcd, 0x00, 0xc2, 0xd1, 0xc8, 0x93, 0xb3, 0x4a, 0x5e, 0x5e, 0x36, 0x19, 0xe1, 0x34, + 0x5f, 0xb4, 0x09, 0xa5, 0x8d, 0x30, 0x4e, 0xa4, 0xfb, 0x71, 0x44, 0x4f, 0xe7, 0x4a, 0x18, 0x27, + 0xcc, 0x8a, 0x50, 0xaf, 0x4d, 0x5b, 0x62, 0xcc, 0x79, 0xd8, 0xff, 0xc5, 0x4a, 0xed, 0xf1, 0xde, + 0x62, 0x91, 0x74, 0x5b, 0x24, 0xa0, 0xd3, 0xda, 0x0c, 0xee, 0xf8, 0x0b, 0x99, 0x44, 0x97, 0x0f, + 0xf7, 0xaa, 0x94, 0x72, 0x97, 0x52, 0x98, 0x62, 0x24, 0x8c, 0x38, 0x90, 0x2f, 0x58, 0xe9, 0x94, + 0xa3, 0x42, 0x1e, 0x0e, 0x86, 0x99, 0x52, 0xb7, 0x6f, 0xf6, 0x92, 0xfd, 0x8e, 0x05, 0x43, 0x55, + 0xc7, 0xdd, 0x0c, 0xeb, 0x75, 0xf4, 0x3c, 0x94, 0x6b, 0xed, 0xc8, 0xcc, 0x7e, 0x52, 0xde, 0xf3, + 0x9c, 0x68, 0xc7, 0x0a, 0x83, 0x8e, 0xe1, 0xba, 0xe3, 0xca, 0xc4, 0xba, 0x22, 0x1f, 0xc3, 0x97, + 0x59, 0x0b, 0x16, 0x10, 0xf4, 0x71, 0x18, 0x6e, 0x3a, 0xdb, 0xf2, 0xe1, 0xec, 0x06, 0xf3, 0x92, + 0x06, 0x61, 0x13, 0xcf, 0xfe, 0x97, 0x16, 0x4c, 0x54, 0x9d, 0xd8, 0x73, 0x67, 0xda, 0xc9, 0x46, + 0xd5, 0x4b, 0xd6, 0xdb, 0xee, 0x26, 0x49, 0x78, 0x36, 0x25, 0x95, 0xb2, 0x1d, 0xd3, 0xa9, 0xa4, + 0xfc, 0x3a, 0x25, 0xe5, 0x0d, 0xd1, 0x8e, 0x15, 0x06, 0x7a, 0x0b, 0x86, 0x5b, 0x4e, 0x1c, 0xdf, + 0x0d, 0xa3, 0x1a, 0x26, 0xf5, 0x7c, 0x72, 0x99, 0x57, 0x89, 0x1b, 0x91, 0x04, 0x93, 0xba, 0x38, + 0x32, 0xd4, 0xf4, 0xb1, 0xc9, 0xcc, 0xfe, 0xeb, 0x16, 0x8c, 0xb0, 0xd3, 0x97, 0x39, 0x92, 0x38, + 0x9e, 0xdf, 0x51, 0x90, 0xc3, 0xea, 0xb3, 0x20, 0xc7, 0x79, 0x18, 0xd8, 0x08, 0x9b, 0x24, 0x7b, + 0x72, 0x78, 0x25, 0xa4, 0x5e, 0x2c, 0x85, 0xa0, 0x17, 0x69, 0x3f, 0x7b, 0x41, 0xe2, 0xd0, 0x11, + 0x27, 0xb7, 0x10, 0x4f, 0xf0, 0x3e, 0x56, 0xcd, 0xd8, 0xc4, 0xb1, 0x7f, 0xb7, 0x02, 0x43, 0xe2, + 0x30, 0xb6, 0xef, 0x04, 0x56, 0xe9, 0x4e, 0x17, 0x7a, 0xba, 0xd3, 0x31, 0x0c, 0xba, 0xac, 0xdc, + 0x8f, 0xb0, 0xda, 0xae, 0xe5, 0x72, 0x7a, 0xcf, 0x2b, 0x08, 0x69, 0xb1, 0xf8, 0x7f, 0x2c, 0x58, + 0xa1, 0x6f, 0x5a, 0x70, 0xc2, 0x0d, 0x83, 0x80, 0xb8, 0xda, 0xa4, 0x18, 0xc8, 0x23, 0x1e, 0x67, + 0x36, 0x4d, 0x54, 0x6f, 0xfd, 0x67, 0x00, 0x38, 0xcb, 0x1e, 0xbd, 0x0c, 0xa3, 0xbc, 0xcf, 0x6e, + 0xa6, 0xf6, 0x3d, 0x75, 0x9d, 0x06, 0x13, 0x88, 0xd3, 0xb8, 0x68, 0x8a, 0xef, 0x1f, 0x8b, 0x8a, + 0x08, 0x83, 0xfa, 0x1c, 0xc9, 0xa8, 0x85, 0x60, 0x60, 0xa0, 0x08, 0x50, 0x44, 0xea, 0x11, 0x89, + 0x37, 0xc4, 0x61, 0x35, 0x33, 0x67, 0x86, 0x0e, 0x97, 0x10, 0x87, 0x3b, 0x28, 0xe1, 0x2e, 0xd4, + 0xd1, 0xa6, 0xf0, 0xe7, 0xca, 0x79, 0xa8, 0x2c, 0xf1, 0x99, 0x7b, 0xba, 0x75, 0x93, 0x50, 0x8a, + 0x37, 0x9c, 0xa8, 0xc6, 0xcc, 0xa8, 0x22, 0x8f, 0xfb, 0x5e, 0xa5, 0x0d, 0x98, 0xb7, 0xa3, 0x39, + 0x38, 0x99, 0xa9, 0x32, 0x11, 0x8b, 0xfd, 0x49, 0x15, 0x1f, 0x9d, 0xa9, 0x4f, 0x11, 0xe3, 0x8e, + 0x27, 0x4c, 0x5f, 0x7f, 0x78, 0x1f, 0x5f, 0x7f, 0x47, 0x85, 0x44, 0x8d, 0xb0, 0xe5, 0xe8, 0xd5, + 0x5c, 0x3a, 0xa0, 0xaf, 0xf8, 0xa7, 0xaf, 0x67, 0xe2, 0x9f, 0x46, 0x99, 0x00, 0x37, 0xf3, 0x11, + 0xe0, 0xe0, 0xc1, 0x4e, 0x0f, 0x33, 0x78, 0xe9, 0x7f, 0x5b, 0x20, 0xbf, 0xeb, 0xac, 0xe3, 0x6e, + 0x10, 0x3a, 0x64, 0xd0, 0x2b, 0x30, 0xa6, 0x3c, 0xd6, 0xd9, 0xb0, 0x1d, 0xf0, 0xb8, 0xa5, 0xa2, + 0x3e, 0x23, 0xc4, 0x29, 0x28, 0xce, 0x60, 0xa3, 0x69, 0xa8, 0xd0, 0x7e, 0xe2, 0x8f, 0xf2, 0xa5, + 0x4d, 0x79, 0xc5, 0x33, 0x2b, 0x0b, 0xe2, 0x29, 0x8d, 0x83, 0x42, 0x18, 0xf7, 0x9d, 0x38, 0x61, + 0x12, 0x50, 0x07, 0xf6, 0x90, 0xe9, 0xa8, 0xac, 0xc8, 0xce, 0x62, 0x96, 0x10, 0xee, 0xa4, 0x6d, + 0x7f, 0x7f, 0x00, 0x46, 0x53, 0x9a, 0xf1, 0x80, 0x6b, 0xe2, 0xf3, 0x50, 0x96, 0xcb, 0x54, 0x36, + 0x29, 0x5e, 0xad, 0x65, 0x0a, 0x83, 0x2e, 0x5a, 0xeb, 0xc4, 0x89, 0x48, 0xc4, 0xea, 0x77, 0x64, + 0xd7, 0xf0, 0xaa, 0x06, 0x61, 0x13, 0x8f, 0x29, 0xe5, 0xc4, 0x8f, 0x67, 0x7d, 0x8f, 0x04, 0x09, + 0x17, 0x33, 0x1f, 0xa5, 0xbc, 0xb6, 0xb8, 0x6a, 0x12, 0xd5, 0x4a, 0x39, 0x03, 0xc0, 0x59, 0xf6, + 0xe8, 0x4b, 0x16, 0x8c, 0x3a, 0x77, 0x63, 0x5d, 0x93, 0x4e, 0x44, 0x3a, 0x1d, 0x71, 0x91, 0x4a, + 0x95, 0xb9, 0xe3, 0x3b, 0xac, 0xa9, 0x26, 0x9c, 0x66, 0x8a, 0xbe, 0x6d, 0x01, 0x22, 0xdb, 0xc4, + 0x95, 0xb1, 0x58, 0x42, 0x96, 0xc1, 0x3c, 0x1c, 0xbb, 0x4b, 0x1d, 0x74, 0xb9, 0x56, 0xef, 0x6c, + 0xc7, 0x5d, 0x64, 0xb0, 0xff, 0x69, 0x51, 0x4d, 0x28, 0x1d, 0xfe, 0xe7, 0x18, 0x49, 0x35, 0xd6, + 0xe1, 0x93, 0x6a, 0xf4, 0x01, 0x75, 0x47, 0x62, 0x4d, 0x3a, 0x87, 0xa1, 0xf0, 0x90, 0x72, 0x18, + 0x7e, 0xc1, 0x4a, 0x95, 0x7f, 0x18, 0xbe, 0xf0, 0x5a, 0xbe, 0xa1, 0x87, 0x53, 0x3c, 0x3c, 0x22, + 0xa3, 0xdd, 0xd3, 0x31, 0x13, 0x54, 0x9b, 0x1a, 0x68, 0x07, 0xd2, 0x86, 0xff, 0xa1, 0x08, 0xc3, + 0xc6, 0x4a, 0xda, 0xd5, 0x2c, 0xb2, 0x1e, 0x31, 0xb3, 0xa8, 0x70, 0x00, 0xb3, 0xe8, 0xe7, 0xa1, + 0xe2, 0x4a, 0x2d, 0x9f, 0x4f, 0x01, 0xc4, 0xec, 0xda, 0xa1, 0x15, 0xbd, 0x6a, 0xc2, 0x9a, 0x27, + 0x9a, 0x4f, 0xe5, 0x26, 0x88, 0x15, 0x62, 0x80, 0xad, 0x10, 0xdd, 0x92, 0x07, 0xc4, 0x4a, 0xd1, + 0xf9, 0x0c, 0xab, 0x12, 0xd2, 0xf2, 0xc4, 0x7b, 0xc9, 0x00, 0x61, 0x5e, 0x25, 0x64, 0x65, 0x41, + 0x36, 0x63, 0x13, 0xc7, 0xfe, 0xbe, 0xa5, 0x3e, 0xee, 0x03, 0x48, 0xd3, 0xbd, 0x9d, 0x4e, 0xd3, + 0xbd, 0x94, 0x4b, 0x37, 0xf7, 0xc8, 0xcf, 0xbd, 0x0e, 0x43, 0xb3, 0x61, 0xb3, 0xe9, 0x04, 0x35, + 0xf4, 0x63, 0x30, 0xe4, 0xf2, 0x9f, 0x62, 0x1f, 0x85, 0x9d, 0xc6, 0x09, 0x28, 0x96, 0x30, 0xf4, + 0x14, 0x0c, 0x38, 0x51, 0x43, 0xee, 0x9d, 0xb0, 0x80, 0x8e, 0x99, 0xa8, 0x11, 0x63, 0xd6, 0x6a, + 0xbf, 0x5d, 0x04, 0x98, 0x0d, 0x9b, 0x2d, 0x27, 0x22, 0xb5, 0xb5, 0x90, 0x15, 0x60, 0x3a, 0xd6, + 0x33, 0x2c, 0xed, 0x2c, 0x3d, 0xca, 0xe7, 0x58, 0xc6, 0x59, 0x46, 0xf1, 0x41, 0x9f, 0x65, 0x7c, + 0xcd, 0x02, 0x44, 0xbf, 0x48, 0x18, 0x90, 0x20, 0xd1, 0x87, 0xb3, 0xd3, 0x50, 0x71, 0x65, 0xab, + 0xb0, 0x5a, 0xf4, 0xfc, 0x93, 0x00, 0xac, 0x71, 0xfa, 0x70, 0x3f, 0x9f, 0x91, 0xca, 0xb1, 0x98, + 0x8e, 0x81, 0x64, 0x2a, 0x55, 0xe8, 0x4a, 0xfb, 0xf7, 0x0a, 0xf0, 0x18, 0x5f, 0xef, 0x96, 0x9c, + 0xc0, 0x69, 0x90, 0x26, 0x95, 0xaa, 0xdf, 0xe3, 0x76, 0x97, 0xfa, 0x3d, 0x9e, 0x8c, 0x69, 0x3c, + 0xea, 0xc4, 0xe0, 0x03, 0x9a, 0x0f, 0xe1, 0x85, 0xc0, 0x4b, 0x30, 0x23, 0x8e, 0x62, 0x28, 0xcb, + 0x72, 0xba, 0x42, 0xd1, 0xe5, 0xc4, 0x48, 0xcd, 0x79, 0xb1, 0x28, 0x11, 0xac, 0x18, 0x51, 0xab, + 0xd0, 0x0f, 0xdd, 0x4d, 0x4c, 0x5a, 0x21, 0x53, 0x6a, 0x46, 0x48, 0xd9, 0xa2, 0x68, 0xc7, 0x0a, + 0xc3, 0xfe, 0x3d, 0x0b, 0xb2, 0xea, 0xde, 0x28, 0x35, 0x63, 0xdd, 0xb7, 0xd4, 0xcc, 0x01, 0x6a, + 0xbd, 0xfc, 0x0c, 0x0c, 0x3b, 0x09, 0x5d, 0xa1, 0xb9, 0x4f, 0x5b, 0x3c, 0xdc, 0x16, 0xfd, 0x52, + 0x58, 0xf3, 0xea, 0x1e, 0xf3, 0x65, 0x4d, 0x72, 0xf6, 0xff, 0x1c, 0x80, 0xf1, 0x8e, 0x38, 0x75, + 0x74, 0x11, 0x46, 0x5c, 0x31, 0x3c, 0x5a, 0x98, 0xd4, 0xc5, 0xcb, 0x18, 0x71, 0x4e, 0x1a, 0x86, + 0x53, 0x98, 0x7d, 0x0c, 0xd0, 0x05, 0x38, 0x15, 0x51, 0x2f, 0xba, 0x4d, 0x66, 0xea, 0x09, 0x89, + 0x56, 0x89, 0x1b, 0x06, 0x35, 0x5e, 0x10, 0xa9, 0x58, 0x7d, 0x7c, 0x6f, 0x77, 0xf2, 0x14, 0xee, + 0x04, 0xe3, 0x6e, 0xcf, 0xa0, 0x16, 0x8c, 0xfa, 0xa6, 0x81, 0x25, 0xac, 0xeb, 0x43, 0xd9, 0x66, + 0x6a, 0x01, 0x4e, 0x35, 0xe3, 0x34, 0x83, 0xb4, 0x95, 0x56, 0x7a, 0x48, 0x56, 0xda, 0x2f, 0x6a, + 0x2b, 0x8d, 0x9f, 0x25, 0xbf, 0x9e, 0x73, 0x9e, 0xc2, 0x71, 0x9b, 0x69, 0xaf, 0x42, 0x59, 0xc6, + 0xd9, 0xf4, 0x15, 0x9f, 0x62, 0xd2, 0xe9, 0xa1, 0xd1, 0xee, 0x15, 0xa0, 0x8b, 0x85, 0x4f, 0xe7, + 0x99, 0x5e, 0x4e, 0x53, 0xf3, 0xec, 0x60, 0x4b, 0x2a, 0xda, 0xe6, 0x31, 0x46, 0x7c, 0xe1, 0xf8, + 0x74, 0xde, 0x1e, 0x8a, 0x0e, 0x3b, 0x52, 0x01, 0xe9, 0x2a, 0xf4, 0xe8, 0x02, 0x80, 0xb6, 0x82, + 0x44, 0xb8, 0xb1, 0x3a, 0xc2, 0xd4, 0xc6, 0x12, 0x36, 0xb0, 0xa8, 0xc3, 0xea, 0x05, 0x71, 0xe2, + 0xf8, 0xfe, 0x15, 0x2f, 0x48, 0xc4, 0xce, 0x9b, 0x5a, 0x21, 0x17, 0x34, 0x08, 0x9b, 0x78, 0x67, + 0x3f, 0x61, 0x7c, 0x97, 0x83, 0x7c, 0xcf, 0x0d, 0x78, 0x62, 0xde, 0x4b, 0x54, 0x90, 0xbc, 0x1a, + 0x47, 0xd4, 0xc8, 0x51, 0x49, 0x1f, 0x56, 0xcf, 0xa4, 0x0f, 0x23, 0x48, 0xbd, 0x90, 0x8e, 0xa9, + 0xcf, 0x06, 0xa9, 0xdb, 0x17, 0xe1, 0xf4, 0xbc, 0x97, 0x5c, 0xf6, 0x7c, 0x72, 0x40, 0x26, 0xf6, + 0x97, 0x4a, 0x30, 0x62, 0x26, 0x25, 0x1d, 0x24, 0x6f, 0xe5, 0x1b, 0xd4, 0x8e, 0x11, 0x6f, 0xe7, + 0xa9, 0x03, 0xa0, 0x5b, 0x47, 0xce, 0x90, 0xea, 0xde, 0x63, 0x86, 0x29, 0xa3, 0x79, 0x62, 0x53, + 0x00, 0x74, 0x17, 0x4a, 0x75, 0x16, 0x44, 0x5d, 0xcc, 0xe3, 0x94, 0xbc, 0x5b, 0x8f, 0xea, 0x69, + 0xc6, 0xc3, 0xb0, 0x39, 0x3f, 0xba, 0x42, 0x46, 0xe9, 0xcc, 0x1c, 0x23, 0xba, 0x50, 0xe4, 0xe4, + 0x28, 0x8c, 0x5e, 0xaa, 0xbe, 0x74, 0x08, 0x55, 0x9f, 0x52, 0xbc, 0x83, 0x0f, 0x49, 0xf1, 0xb2, + 0x80, 0xf8, 0x64, 0x83, 0xd9, 0x6f, 0x22, 0x1c, 0x7a, 0x88, 0x75, 0x82, 0x11, 0x10, 0x9f, 0x02, + 0xe3, 0x2c, 0xbe, 0xfd, 0xb5, 0x02, 0x8c, 0xcd, 0x07, 0xed, 0x95, 0xf9, 0x95, 0xf6, 0xba, 0xef, + 0xb9, 0xd7, 0xc8, 0x0e, 0xd5, 0x6f, 0x9b, 0x64, 0x67, 0x61, 0x4e, 0x0c, 0x43, 0xd5, 0xf1, 0xd7, + 0x68, 0x23, 0xe6, 0x30, 0x3a, 0xa3, 0xeb, 0x5e, 0xd0, 0x20, 0x51, 0x2b, 0xf2, 0xc4, 0xa6, 0x9c, + 0x31, 0xa3, 0x2f, 0x6b, 0x10, 0x36, 0xf1, 0x28, 0xed, 0xf0, 0x6e, 0x40, 0xa2, 0xac, 0x35, 0xb8, + 0x4c, 0x1b, 0x31, 0x87, 0x51, 0xa4, 0x24, 0x6a, 0xc7, 0x89, 0xf8, 0xa2, 0x0a, 0x69, 0x8d, 0x36, + 0x62, 0x0e, 0xa3, 0xd3, 0x25, 0x6e, 0xaf, 0xb3, 0x93, 0xfc, 0x4c, 0x00, 0xf3, 0x2a, 0x6f, 0xc6, + 0x12, 0x4e, 0x51, 0x37, 0xc9, 0xce, 0x1c, 0xf5, 0xcb, 0x32, 0x29, 0x06, 0xd7, 0x78, 0x33, 0x96, + 0x70, 0x56, 0x81, 0x29, 0xdd, 0x1d, 0x3f, 0x74, 0x15, 0x98, 0xd2, 0xe2, 0xf7, 0xf0, 0xf0, 0x7e, + 0xcd, 0x82, 0x11, 0x33, 0xfe, 0x06, 0x35, 0x32, 0x86, 0xe2, 0x72, 0x47, 0x35, 0xbd, 0x9f, 0xea, + 0x76, 0x75, 0x48, 0xc3, 0x4b, 0xc2, 0x56, 0xfc, 0x02, 0x09, 0x1a, 0x5e, 0x40, 0xd8, 0xb1, 0x2a, + 0x8f, 0xdb, 0x49, 0x05, 0xf7, 0xcc, 0x86, 0x35, 0x72, 0x08, 0x4b, 0xd3, 0xbe, 0x05, 0xe3, 0x1d, + 0x79, 0x25, 0x7d, 0xac, 0xcf, 0xfb, 0x66, 0xf5, 0xd9, 0x18, 0x86, 0x29, 0x61, 0x1e, 0x74, 0x19, + 0xa3, 0x59, 0x18, 0xe7, 0x36, 0x04, 0xe5, 0xb4, 0xea, 0x6e, 0x90, 0xa6, 0xca, 0x15, 0x62, 0x3b, + 0xc0, 0x37, 0xb3, 0x40, 0xdc, 0x89, 0x6f, 0x7f, 0xdd, 0x82, 0xd1, 0x54, 0xaa, 0x4f, 0x4e, 0x96, + 0x04, 0x9b, 0x69, 0x21, 0x0b, 0x07, 0x63, 0x31, 0xb1, 0x45, 0xb6, 0x22, 0xe9, 0x99, 0xa6, 0x41, + 0xd8, 0xc4, 0xb3, 0xdf, 0x29, 0x40, 0x59, 0x1e, 0xa9, 0xf7, 0x21, 0xca, 0x57, 0x2d, 0x18, 0x55, + 0xbb, 0xee, 0x6c, 0x3b, 0xa7, 0x90, 0x47, 0xf0, 0x37, 0x95, 0x40, 0xc5, 0x2b, 0x06, 0xf5, 0x50, + 0x9b, 0xb5, 0xd8, 0x64, 0x86, 0xd3, 0xbc, 0xd1, 0x4d, 0x80, 0x78, 0x27, 0x4e, 0x48, 0xd3, 0xd8, + 0x58, 0xb2, 0x8d, 0x19, 0x37, 0xe5, 0x86, 0x11, 0xa1, 0xf3, 0xeb, 0x7a, 0x58, 0x23, 0xab, 0x0a, + 0x53, 0xdb, 0x21, 0xba, 0x0d, 0x1b, 0x94, 0xec, 0x7f, 0x50, 0x80, 0x93, 0x59, 0x91, 0xd0, 0xeb, + 0x30, 0x22, 0xb9, 0x1b, 0xd7, 0xa0, 0xc8, 0x38, 0x82, 0x11, 0x6c, 0xc0, 0xee, 0xed, 0x4e, 0x4e, + 0x76, 0x5e, 0x43, 0x33, 0x65, 0xa2, 0xe0, 0x14, 0x31, 0x7e, 0xf4, 0x21, 0xce, 0xe8, 0xaa, 0x3b, + 0x33, 0xad, 0x96, 0x38, 0xbf, 0x30, 0x8e, 0x3e, 0x4c, 0x28, 0xce, 0x60, 0xa3, 0x15, 0x38, 0x6d, + 0xb4, 0x5c, 0x27, 0x5e, 0x63, 0x63, 0x3d, 0x8c, 0xa4, 0x7b, 0xf2, 0x94, 0x8e, 0xf4, 0xe9, 0xc4, + 0xc1, 0x5d, 0x9f, 0xa4, 0x4b, 0xa6, 0xeb, 0xb4, 0x1c, 0xd7, 0x4b, 0x76, 0xc4, 0x4e, 0x99, 0xd2, + 0x4d, 0xb3, 0xa2, 0x1d, 0x2b, 0x0c, 0x7b, 0x09, 0x06, 0xfa, 0x1c, 0x41, 0x7d, 0x99, 0xc5, 0xaf, + 0x42, 0x99, 0x92, 0x93, 0x36, 0x52, 0x1e, 0x24, 0x43, 0x28, 0xcb, 0x4a, 0xe6, 0xc8, 0x86, 0xa2, + 0xe7, 0xc8, 0xd3, 0x25, 0xf5, 0x5a, 0x0b, 0x71, 0xdc, 0x66, 0x9e, 0x26, 0x05, 0xa2, 0x67, 0xa0, + 0x48, 0xb6, 0x5b, 0xd9, 0x63, 0xa4, 0x4b, 0xdb, 0x2d, 0x2f, 0x22, 0x31, 0x45, 0x22, 0xdb, 0x2d, + 0x74, 0x16, 0x0a, 0x5e, 0x4d, 0x2c, 0x52, 0x20, 0x70, 0x0a, 0x0b, 0x73, 0xb8, 0xe0, 0xd5, 0xec, + 0x6d, 0xa8, 0xa8, 0xd2, 0xe9, 0x68, 0x53, 0xea, 0x6e, 0x2b, 0x8f, 0x18, 0x18, 0x49, 0xb7, 0x87, + 0xd6, 0x6e, 0x03, 0xe8, 0xc4, 0xaa, 0xbc, 0xf4, 0xcb, 0x79, 0x18, 0x70, 0x43, 0x91, 0x8f, 0x59, + 0xd6, 0x64, 0x98, 0xd2, 0x66, 0x10, 0xfb, 0x16, 0x8c, 0x5d, 0x0b, 0xc2, 0xbb, 0xac, 0x36, 0x2c, + 0xab, 0x5c, 0x43, 0x09, 0xd7, 0xe9, 0x8f, 0xac, 0x89, 0xc0, 0xa0, 0x98, 0xc3, 0x54, 0xd1, 0x95, + 0x42, 0xaf, 0xa2, 0x2b, 0xf6, 0x17, 0x2c, 0x38, 0xa9, 0xd2, 0x43, 0xa4, 0x36, 0xbe, 0x08, 0x23, + 0xeb, 0x6d, 0xcf, 0xaf, 0x89, 0xff, 0x59, 0x5f, 0xbf, 0x6a, 0xc0, 0x70, 0x0a, 0x93, 0x7a, 0x26, + 0xeb, 0x5e, 0xe0, 0x44, 0x3b, 0x2b, 0x5a, 0xfd, 0x2b, 0x8d, 0x50, 0x55, 0x10, 0x6c, 0x60, 0xd9, + 0x5f, 0x35, 0x45, 0x10, 0x09, 0x29, 0x7d, 0xf4, 0xec, 0x0d, 0x28, 0xb9, 0xea, 0x34, 0xf2, 0x50, + 0x35, 0xbb, 0x54, 0x2e, 0x30, 0xdb, 0x91, 0xe6, 0xd4, 0xec, 0x7f, 0x5e, 0x80, 0xd1, 0x54, 0x35, + 0x06, 0xe4, 0x43, 0x99, 0xf8, 0x6c, 0x3f, 0x4c, 0x0e, 0xb1, 0xa3, 0x96, 0x68, 0x53, 0xd3, 0xe2, + 0x92, 0xa0, 0x8b, 0x15, 0x87, 0x47, 0xe3, 0xd0, 0xe7, 0x22, 0x8c, 0x48, 0x81, 0x3e, 0xed, 0x34, + 0x7d, 0x31, 0x0b, 0xd5, 0x00, 0xb8, 0x64, 0xc0, 0x70, 0x0a, 0xd3, 0xfe, 0xfd, 0x22, 0x4c, 0xf0, + 0x0d, 0xc4, 0x9a, 0x8a, 0xcb, 0x58, 0x92, 0x56, 0xd6, 0x5f, 0xd1, 0x35, 0x53, 0x78, 0x47, 0xae, + 0x1f, 0xb5, 0x3c, 0x69, 0x77, 0x46, 0x7d, 0x45, 0x0c, 0xfc, 0x6a, 0x26, 0x62, 0x80, 0x2f, 0xb6, + 0x8d, 0x63, 0x92, 0xe8, 0x87, 0x2b, 0x84, 0xe0, 0xef, 0x16, 0xe0, 0x44, 0xa6, 0xf6, 0x2b, 0x7a, + 0x3b, 0x5d, 0xdd, 0xcd, 0xca, 0x63, 0x9b, 0xe9, 0xbe, 0x15, 0x48, 0x0f, 0x56, 0xe3, 0xed, 0x21, + 0x4d, 0x15, 0xfb, 0x0f, 0x0a, 0x30, 0x96, 0x2e, 0x5a, 0xfb, 0x08, 0xf6, 0xd4, 0x47, 0xa1, 0xc2, + 0x4a, 0x41, 0xb2, 0x8b, 0x76, 0xf8, 0x6e, 0x16, 0xaf, 0x58, 0x28, 0x1b, 0xb1, 0x86, 0x3f, 0x12, + 0xa5, 0xf3, 0xec, 0xbf, 0x67, 0xc1, 0x19, 0xfe, 0x96, 0xd9, 0x71, 0xf8, 0x57, 0xbb, 0xf5, 0xee, + 0x1b, 0xf9, 0x0a, 0x98, 0xa9, 0xf5, 0xb3, 0x5f, 0xff, 0xb2, 0x0b, 0x3e, 0x84, 0xb4, 0xe9, 0xa1, + 0xf0, 0x08, 0x0a, 0x7b, 0xa0, 0xc1, 0x60, 0xff, 0x41, 0x11, 0xf4, 0x9d, 0x26, 0xc8, 0x13, 0xa9, + 0x2e, 0xb9, 0xd4, 0x3c, 0x5a, 0xdd, 0x09, 0x5c, 0x7d, 0x7b, 0x4a, 0x39, 0x93, 0xe9, 0xf2, 0x4b, + 0x16, 0x0c, 0x7b, 0x81, 0x97, 0x78, 0x0e, 0x33, 0x9e, 0xf3, 0xb9, 0x93, 0x41, 0xb1, 0x5b, 0xe0, + 0x94, 0xc3, 0xc8, 0xdc, 0x02, 0x55, 0xcc, 0xb0, 0xc9, 0x19, 0x7d, 0x56, 0x04, 0xf5, 0x15, 0x73, + 0x4b, 0xd2, 0x2a, 0x67, 0x22, 0xf9, 0x5a, 0x50, 0x8a, 0x48, 0x12, 0xe5, 0x94, 0xdb, 0x88, 0x29, + 0x29, 0x55, 0xe2, 0x4e, 0xdf, 0x2e, 0x47, 0x9b, 0x31, 0x67, 0x64, 0xc7, 0x80, 0x3a, 0xfb, 0xe2, + 0x80, 0x01, 0x53, 0xd3, 0x50, 0x71, 0xda, 0x49, 0xd8, 0xa4, 0xdd, 0x24, 0x76, 0x69, 0x75, 0x48, + 0x98, 0x04, 0x60, 0x8d, 0x63, 0xbf, 0x5d, 0x82, 0x4c, 0xee, 0x09, 0xda, 0x36, 0xef, 0xe3, 0xb1, + 0xf2, 0xbd, 0x8f, 0x47, 0x09, 0xd3, 0xed, 0x4e, 0x1e, 0xd4, 0x80, 0x52, 0x6b, 0xc3, 0x89, 0xa5, + 0x6d, 0xfc, 0xaa, 0xec, 0xa6, 0x15, 0xda, 0x78, 0x6f, 0x77, 0xf2, 0xa7, 0xfb, 0xdb, 0x6b, 0xa1, + 0x63, 0x75, 0x9a, 0xa7, 0x72, 0x6b, 0xd6, 0x8c, 0x06, 0xe6, 0xf4, 0x0f, 0x72, 0x2b, 0xc5, 0x17, + 0x45, 0xbd, 0x50, 0x4c, 0xe2, 0xb6, 0x9f, 0x88, 0xd1, 0xf0, 0x6a, 0x8e, 0xb3, 0x8c, 0x13, 0xd6, + 0x59, 0x93, 0xfc, 0x3f, 0x36, 0x98, 0xa2, 0xd7, 0xa1, 0x12, 0x27, 0x4e, 0x94, 0x1c, 0x32, 0xcf, + 0x49, 0x75, 0xfa, 0xaa, 0x24, 0x82, 0x35, 0x3d, 0xf4, 0x1a, 0x2b, 0x01, 0xe7, 0xc5, 0x1b, 0x87, + 0x8c, 0xc5, 0x95, 0xe5, 0xe2, 0x04, 0x05, 0x6c, 0x50, 0xa3, 0xae, 0x07, 0x1b, 0xdb, 0x3c, 0x00, + 0xa5, 0xcc, 0x7c, 0x4b, 0xa5, 0x0a, 0xb1, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x71, 0x48, 0xa7, 0xfd, + 0xa2, 0x49, 0x99, 0x65, 0xcc, 0xf7, 0x9e, 0x58, 0x4c, 0x6d, 0x2a, 0x21, 0xf8, 0x77, 0x2c, 0x30, + 0x73, 0x93, 0xd1, 0x1d, 0x9e, 0x04, 0x6d, 0xe5, 0xb1, 0xe9, 0x6e, 0xd0, 0x9d, 0x5a, 0x72, 0x5a, + 0x99, 0xd3, 0x1f, 0x99, 0x09, 0x7d, 0xf6, 0x13, 0x50, 0x96, 0xd0, 0x03, 0x19, 0x75, 0x9f, 0x87, + 0x53, 0xd9, 0xdb, 0x0a, 0xc5, 0x5e, 0x73, 0x23, 0x0a, 0xdb, 0xad, 0xac, 0x23, 0xc9, 0x6e, 0xb3, + 0xc3, 0x1c, 0x46, 0xdd, 0xb1, 0x4d, 0x2f, 0xa8, 0x65, 0x1d, 0xc9, 0x6b, 0x5e, 0x50, 0xc3, 0x0c, + 0xd2, 0xc7, 0xad, 0x4c, 0xff, 0xcc, 0x82, 0xf3, 0xfb, 0x5d, 0xaa, 0x88, 0x9e, 0x82, 0x81, 0xbb, + 0x4e, 0x24, 0xeb, 0x67, 0x32, 0x45, 0x79, 0xcb, 0x89, 0x02, 0xcc, 0x5a, 0xd1, 0x0e, 0x0c, 0xf2, + 0x24, 0x5a, 0x61, 0xad, 0xbf, 0x9a, 0xef, 0x15, 0x8f, 0xd7, 0x88, 0xe1, 0x2e, 0xf0, 0x04, 0x5e, + 0x2c, 0x18, 0xda, 0xef, 0x5b, 0x80, 0x96, 0xb7, 0x48, 0x14, 0x79, 0x35, 0x23, 0xed, 0x17, 0xbd, + 0x04, 0x23, 0xb7, 0x57, 0x97, 0xaf, 0xaf, 0x84, 0x5e, 0xc0, 0xca, 0x00, 0x18, 0x99, 0x4e, 0x57, + 0x8d, 0x76, 0x9c, 0xc2, 0x42, 0xb3, 0x30, 0x7e, 0xfb, 0x0e, 0x75, 0x7e, 0xcd, 0xa2, 0xd8, 0x05, + 0xbd, 0xdd, 0x79, 0xf5, 0xd5, 0x0c, 0x10, 0x77, 0xe2, 0xa3, 0x65, 0x38, 0xd3, 0xe4, 0xee, 0x06, + 0xaf, 0x65, 0xcb, 0x7d, 0x0f, 0x95, 0xe8, 0xf0, 0xc4, 0xde, 0xee, 0xe4, 0x99, 0xa5, 0x6e, 0x08, + 0xb8, 0xfb, 0x73, 0xf6, 0xbb, 0x05, 0x18, 0x36, 0x2e, 0x26, 0xed, 0xc3, 0x07, 0xcf, 0xa4, 0x6e, + 0x14, 0xfa, 0x4c, 0xdd, 0x78, 0x0e, 0xca, 0xad, 0xd0, 0xf7, 0x5c, 0x4f, 0x15, 0x76, 0x61, 0xf5, + 0x07, 0x57, 0x44, 0x1b, 0x56, 0x50, 0x74, 0x17, 0x2a, 0xea, 0xb2, 0x3e, 0x91, 0x7d, 0x9a, 0xd7, + 0xfe, 0x8e, 0xd2, 0x54, 0xfa, 0x12, 0x3e, 0xcd, 0x0b, 0xd9, 0x30, 0xc8, 0x46, 0xbe, 0x8c, 0x43, + 0x63, 0x79, 0x3c, 0x6c, 0x4a, 0xc4, 0x58, 0x40, 0xec, 0x2f, 0x0f, 0xc1, 0xe9, 0x6e, 0x35, 0xf3, + 0xd0, 0xe7, 0x60, 0x90, 0xcb, 0x98, 0x4f, 0x59, 0xd6, 0x6e, 0x3c, 0xe6, 0x19, 0x41, 0x21, 0x16, + 0xfb, 0x8d, 0x05, 0x4f, 0xc1, 0xdd, 0x77, 0xd6, 0x85, 0xcd, 0x74, 0x3c, 0xdc, 0x17, 0x1d, 0xcd, + 0x7d, 0xd1, 0xe1, 0xdc, 0x7d, 0x67, 0x1d, 0x6d, 0x43, 0xa9, 0xe1, 0x25, 0xc4, 0x11, 0x9e, 0xc3, + 0xad, 0x63, 0x61, 0x4e, 0x1c, 0xae, 0x9a, 0xd9, 0x4f, 0xcc, 0x19, 0xa2, 0xef, 0x58, 0x70, 0x62, + 0x3d, 0x9d, 0x16, 0x25, 0x96, 0x50, 0xe7, 0x18, 0xea, 0x22, 0xa6, 0x19, 0xf1, 0x6a, 0xd3, 0x99, + 0x46, 0x9c, 0x15, 0x07, 0xfd, 0xa2, 0x05, 0x43, 0x75, 0xcf, 0x37, 0x8a, 0x7e, 0x1d, 0xc3, 0xc7, + 0xb9, 0xcc, 0x18, 0x68, 0x33, 0x83, 0xff, 0x8f, 0xb1, 0xe4, 0xdc, 0xeb, 0x0c, 0x76, 0xf0, 0xa8, + 0x67, 0xb0, 0x43, 0x0f, 0xc9, 0x57, 0xfc, 0xe5, 0x02, 0x3c, 0xd3, 0xc7, 0x37, 0x32, 0x33, 0x59, + 0xac, 0x7d, 0x32, 0x59, 0xce, 0xc3, 0x40, 0x44, 0x5a, 0x61, 0x76, 0xbd, 0x63, 0xe1, 0x5e, 0x0c, + 0x82, 0x9e, 0x86, 0xa2, 0xd3, 0xf2, 0xc4, 0x72, 0xa7, 0x16, 0xe9, 0x99, 0x95, 0x05, 0x4c, 0xdb, + 0xe9, 0x97, 0xae, 0xac, 0xcb, 0x64, 0xbd, 0x7c, 0x2a, 0xbf, 0xf7, 0xca, 0xfd, 0xe3, 0xde, 0x9b, + 0x82, 0x62, 0xcd, 0xd7, 0xfe, 0x6b, 0x16, 0x9c, 0xed, 0x3d, 0x44, 0xd0, 0x8b, 0x30, 0xbc, 0x1e, + 0x39, 0x81, 0xbb, 0xc1, 0xae, 0x49, 0x90, 0x9d, 0xc2, 0x12, 0x18, 0x74, 0x33, 0x36, 0x71, 0xe8, + 0xca, 0xc5, 0xeb, 0x6b, 0x1a, 0x18, 0x32, 0x5e, 0x99, 0xae, 0x5c, 0x6b, 0x59, 0x20, 0xee, 0xc4, + 0xb7, 0x7f, 0xbf, 0xd0, 0x5d, 0x2c, 0xae, 0x4a, 0x0e, 0xf2, 0x9d, 0xc4, 0x57, 0x28, 0xf4, 0xf8, + 0x0a, 0x77, 0xa0, 0x9c, 0xb0, 0x24, 0x0c, 0x52, 0x17, 0xfa, 0x28, 0xb7, 0x24, 0x47, 0xb6, 0x62, + 0xad, 0x09, 0xe2, 0x58, 0xb1, 0xa1, 0x0b, 0x87, 0xaf, 0xab, 0x8e, 0x89, 0x85, 0x23, 0xb3, 0xf5, + 0x38, 0x07, 0x27, 0x8d, 0x22, 0xaa, 0x3c, 0x06, 0x9d, 0x9f, 0xa0, 0xab, 0xc4, 0xac, 0x95, 0x0c, + 0x1c, 0x77, 0x3c, 0x61, 0xff, 0x5a, 0x01, 0x9e, 0xe8, 0xa9, 0x1f, 0xf5, 0x31, 0xbf, 0x75, 0x9f, + 0x63, 0xfe, 0x23, 0x0f, 0x73, 0xb3, 0x83, 0x07, 0x1e, 0x4c, 0x07, 0x3f, 0x0f, 0x65, 0x2f, 0x88, + 0x89, 0xdb, 0x8e, 0x78, 0xa7, 0x19, 0x11, 0x99, 0x0b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x0f, 0x7b, + 0x0f, 0x35, 0xba, 0x56, 0xfe, 0xc8, 0xf6, 0xd2, 0xcb, 0x30, 0xea, 0xb4, 0x5a, 0x1c, 0x8f, 0x1d, + 0xa9, 0x66, 0x52, 0x2d, 0x67, 0x4c, 0x20, 0x4e, 0xe3, 0x1a, 0x63, 0x78, 0xb0, 0xd7, 0x18, 0xb6, + 0xff, 0xc4, 0x82, 0x0a, 0x26, 0x75, 0x3e, 0xdf, 0xd1, 0x6d, 0xd1, 0x45, 0x56, 0x1e, 0x35, 0x50, + 0x68, 0xc7, 0xc6, 0x1e, 0xab, 0x0d, 0xd2, 0xad, 0xb3, 0x3b, 0x0b, 0x02, 0x17, 0x0e, 0x54, 0x10, + 0x58, 0x95, 0x84, 0x2d, 0xf6, 0x2e, 0x09, 0x6b, 0xbf, 0x3b, 0x44, 0x5f, 0xaf, 0x15, 0xce, 0x46, + 0xa4, 0x16, 0xd3, 0xef, 0xdb, 0x8e, 0xfc, 0xec, 0x7d, 0xaa, 0x37, 0xf0, 0x22, 0xa6, 0xed, 0xa9, + 0x7d, 0x93, 0xc2, 0x81, 0x12, 0xcd, 0x8a, 0xfb, 0x26, 0x9a, 0xbd, 0x0c, 0xa3, 0x71, 0xbc, 0xb1, + 0x12, 0x79, 0x5b, 0x4e, 0x42, 0x1d, 0x14, 0x11, 0x91, 0xa3, 0x93, 0x43, 0x56, 0xaf, 0x68, 0x20, + 0x4e, 0xe3, 0xa2, 0x79, 0x18, 0xd7, 0xe9, 0x5e, 0x24, 0x4a, 0x58, 0x00, 0x0e, 0x1f, 0x09, 0x2a, + 0x37, 0x43, 0x27, 0x88, 0x09, 0x04, 0xdc, 0xf9, 0x0c, 0xd5, 0x58, 0xa9, 0x46, 0x2a, 0xc8, 0x60, + 0x5a, 0x63, 0xa5, 0xe8, 0x50, 0x59, 0x3a, 0x9e, 0x40, 0x4b, 0x70, 0x8a, 0x0f, 0x0c, 0x76, 0x81, + 0xb7, 0x7a, 0xa3, 0xa1, 0x74, 0xed, 0x89, 0xf9, 0x4e, 0x14, 0xdc, 0xed, 0x39, 0xea, 0x7d, 0xa8, + 0xe6, 0x85, 0x39, 0xe1, 0xf2, 0x2b, 0xef, 0x43, 0x91, 0x59, 0xa8, 0x61, 0x13, 0x0f, 0x7d, 0x1a, + 0x1e, 0xd7, 0x7f, 0x79, 0xa8, 0x23, 0xdf, 0x07, 0x9b, 0x13, 0x99, 0xb4, 0xaa, 0x00, 0xe9, 0x7c, + 0x57, 0xb4, 0x1a, 0xee, 0xf5, 0x3c, 0x5a, 0x87, 0xb3, 0x0a, 0x74, 0x89, 0xba, 0x7a, 0xad, 0xc8, + 0x8b, 0x49, 0xd5, 0x89, 0xc9, 0x8d, 0xc8, 0x67, 0xb9, 0xb7, 0x15, 0x7d, 0x93, 0xc2, 0xbc, 0x97, + 0x5c, 0xe9, 0x86, 0x89, 0x17, 0xf1, 0x7d, 0xa8, 0xa0, 0x69, 0xa8, 0x90, 0xc0, 0x59, 0xf7, 0xc9, + 0xf2, 0xec, 0x02, 0xcb, 0xc8, 0x35, 0xb6, 0xdd, 0x2e, 0x49, 0x00, 0xd6, 0x38, 0xea, 0x10, 0x78, + 0xa4, 0xe7, 0xcd, 0x1b, 0x2b, 0x70, 0xba, 0xe1, 0xb6, 0xa8, 0x35, 0xe1, 0xb9, 0x64, 0xc6, 0x65, + 0x07, 0xa1, 0xf4, 0xc3, 0xf0, 0xa2, 0x20, 0x2a, 0xc2, 0x61, 0x7e, 0x76, 0xa5, 0x03, 0x07, 0x77, + 0x7d, 0x92, 0xce, 0xb1, 0x56, 0x14, 0x6e, 0xef, 0x4c, 0x9c, 0x4a, 0xcf, 0xb1, 0x15, 0xda, 0x88, + 0x39, 0x0c, 0x5d, 0x05, 0xc4, 0xc2, 0x65, 0xae, 0x24, 0x49, 0x4b, 0x99, 0x2f, 0x13, 0xa7, 0xd9, + 0x2b, 0x9d, 0x15, 0x4f, 0xa0, 0xcb, 0x1d, 0x18, 0xb8, 0xcb, 0x53, 0xf6, 0x1f, 0x5b, 0x30, 0xaa, + 0xe6, 0xeb, 0x03, 0x08, 0x18, 0xf3, 0xd3, 0x01, 0x63, 0xf3, 0x47, 0xd7, 0x78, 0x4c, 0xf2, 0x1e, + 0x51, 0x07, 0x5f, 0x1e, 0x06, 0xd0, 0x5a, 0x51, 0x2d, 0x48, 0x56, 0xcf, 0x05, 0xe9, 0x91, 0xd5, + 0x48, 0xdd, 0xd2, 0xef, 0x4a, 0x0f, 0x37, 0xfd, 0x6e, 0x15, 0xce, 0x48, 0x73, 0x81, 0x6f, 0xec, + 0x5c, 0x09, 0x63, 0xa5, 0xe0, 0xca, 0xd5, 0xa7, 0x05, 0xa1, 0x33, 0x0b, 0xdd, 0x90, 0x70, 0xf7, + 0x67, 0x53, 0x56, 0xca, 0xd0, 0x7e, 0x56, 0x8a, 0x9e, 0xd3, 0x8b, 0x75, 0x59, 0xce, 0x34, 0x33, + 0xa7, 0x17, 0x2f, 0xaf, 0x62, 0x8d, 0xd3, 0x5d, 0xb1, 0x57, 0x72, 0x52, 0xec, 0x70, 0x60, 0xc5, + 0x2e, 0x55, 0xcc, 0x70, 0x4f, 0x15, 0x23, 0xf7, 0x92, 0x46, 0x7a, 0xee, 0x25, 0xbd, 0x02, 0x63, + 0x5e, 0xb0, 0x41, 0x22, 0x2f, 0x21, 0x35, 0x36, 0x17, 0x98, 0xfa, 0x29, 0xeb, 0x65, 0x7d, 0x21, + 0x05, 0xc5, 0x19, 0xec, 0xb4, 0x5e, 0x1c, 0xeb, 0x43, 0x2f, 0xf6, 0x58, 0x8d, 0x4e, 0xe4, 0xb3, + 0x1a, 0x9d, 0x3c, 0xfa, 0x6a, 0x34, 0x7e, 0xac, 0xab, 0x11, 0xca, 0x65, 0x35, 0xea, 0x4b, 0xd1, + 0x1b, 0x0e, 0xdd, 0xe9, 0x7d, 0x1c, 0xba, 0x5e, 0x4b, 0xd1, 0x99, 0x43, 0x2f, 0x45, 0xdd, 0x57, + 0x99, 0xc7, 0x0e, 0xb5, 0xca, 0x7c, 0xa5, 0x00, 0x67, 0xb4, 0x1e, 0xa6, 0xa3, 0xdf, 0xab, 0x53, + 0x4d, 0xc4, 0x2a, 0x62, 0xf3, 0xd8, 0x1f, 0x23, 0x7e, 0x51, 0x87, 0x42, 0x2a, 0x08, 0x36, 0xb0, + 0x58, 0x18, 0x20, 0x89, 0x58, 0xe9, 0xa3, 0xac, 0x92, 0x9e, 0x15, 0xed, 0x58, 0x61, 0xd0, 0xf1, + 0x45, 0x7f, 0x8b, 0xd0, 0xea, 0x6c, 0xc5, 0x81, 0x59, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x8e, 0x33, + 0x61, 0x0a, 0x82, 0x2a, 0xea, 0x11, 0x71, 0xd7, 0x8b, 0xd4, 0x09, 0x0a, 0x2a, 0xc5, 0x61, 0xf1, + 0x9e, 0xa5, 0x4e, 0x71, 0xd8, 0x79, 0xa5, 0xc2, 0xb0, 0xff, 0x97, 0x05, 0x4f, 0x74, 0xed, 0x8a, + 0x07, 0xb0, 0xf8, 0x6e, 0xa7, 0x17, 0xdf, 0xd5, 0xbc, 0xdc, 0x0d, 0xe3, 0x2d, 0x7a, 0x2c, 0xc4, + 0xff, 0xde, 0x82, 0x31, 0x8d, 0xff, 0x00, 0x5e, 0xd5, 0x4b, 0xbf, 0x6a, 0x7e, 0x9e, 0x55, 0xa5, + 0xe3, 0xdd, 0xfe, 0x98, 0xbd, 0x1b, 0x3f, 0x09, 0x99, 0x71, 0x65, 0x8d, 0xa5, 0x7d, 0x4e, 0x00, + 0x76, 0x60, 0x90, 0x95, 0x1f, 0x8e, 0xf3, 0x39, 0x91, 0x49, 0xf3, 0x67, 0x81, 0xdc, 0xfa, 0x44, + 0x86, 0xfd, 0x8d, 0xb1, 0x60, 0xc8, 0x0a, 0x73, 0x79, 0x31, 0xd5, 0xe6, 0x35, 0x11, 0x39, 0xa9, + 0x0b, 0x73, 0x89, 0x76, 0xac, 0x30, 0xec, 0x26, 0x4c, 0xa4, 0x89, 0xcf, 0x91, 0x3a, 0x3b, 0xe5, + 0xef, 0xeb, 0x35, 0xa7, 0xa1, 0xe2, 0xb0, 0xa7, 0x16, 0xdb, 0x4e, 0xf6, 0x7a, 0xb0, 0x19, 0x09, + 0xc0, 0x1a, 0xc7, 0xfe, 0x2d, 0x0b, 0x4e, 0x75, 0x79, 0x99, 0x1c, 0x23, 0x46, 0x13, 0xad, 0x05, + 0xba, 0x2d, 0xb8, 0x1f, 0x81, 0xa1, 0x1a, 0xa9, 0x3b, 0xf2, 0x1c, 0xd9, 0xd0, 0xb9, 0x73, 0xbc, + 0x19, 0x4b, 0xb8, 0xfd, 0xdf, 0x2d, 0x38, 0x91, 0x96, 0x35, 0xa6, 0x5a, 0x93, 0xbf, 0xcc, 0x9c, + 0x17, 0xbb, 0xe1, 0x16, 0x89, 0x76, 0xe8, 0x9b, 0x73, 0xa9, 0x95, 0xd6, 0x9c, 0xe9, 0xc0, 0xc0, + 0x5d, 0x9e, 0x62, 0xb5, 0x79, 0x6a, 0xaa, 0xb7, 0xe5, 0x48, 0xb9, 0x99, 0xe7, 0x48, 0xd1, 0x1f, + 0xd3, 0x3c, 0x7e, 0x52, 0x2c, 0xb1, 0xc9, 0xdf, 0x7e, 0x7f, 0x00, 0x54, 0x48, 0x39, 0x3b, 0xc4, + 0xcb, 0xe9, 0x08, 0x34, 0x55, 0x49, 0xbe, 0xd8, 0x47, 0x25, 0x79, 0x39, 0x18, 0x06, 0xee, 0x77, + 0xc0, 0xc6, 0x77, 0x2f, 0xcc, 0x4d, 0x42, 0xf5, 0x86, 0x6b, 0x1a, 0x84, 0x4d, 0x3c, 0x2a, 0x89, + 0xef, 0x6d, 0x11, 0xfe, 0xd0, 0x60, 0x5a, 0x92, 0x45, 0x09, 0xc0, 0x1a, 0x87, 0x4a, 0x52, 0xf3, + 0xea, 0x75, 0xe1, 0x8a, 0x2b, 0x49, 0x68, 0xef, 0x60, 0x06, 0xe1, 0xe5, 0xd6, 0xc2, 0x4d, 0x61, + 0x9d, 0x1a, 0xe5, 0xd6, 0xc2, 0x4d, 0xcc, 0x20, 0xd4, 0x9e, 0x0a, 0xc2, 0xa8, 0xc9, 0xae, 0x6f, + 0xab, 0x29, 0x2e, 0xc2, 0x2a, 0x55, 0xf6, 0xd4, 0xf5, 0x4e, 0x14, 0xdc, 0xed, 0x39, 0x3a, 0x02, + 0x5b, 0x11, 0xa9, 0x79, 0x6e, 0x62, 0x52, 0x83, 0xf4, 0x08, 0x5c, 0xe9, 0xc0, 0xc0, 0x5d, 0x9e, + 0x42, 0x33, 0x70, 0x42, 0xa6, 0x04, 0xc8, 0xac, 0xc9, 0xe1, 0x74, 0x96, 0x16, 0x4e, 0x83, 0x71, + 0x16, 0x9f, 0x6a, 0x9b, 0xa6, 0x48, 0x98, 0x66, 0x46, 0xac, 0xa1, 0x6d, 0x64, 0x22, 0x35, 0x56, + 0x18, 0xf6, 0x17, 0x8b, 0x74, 0x75, 0xec, 0x51, 0x24, 0xfa, 0x81, 0x1d, 0xb9, 0xa7, 0x47, 0xe4, + 0x40, 0x1f, 0x23, 0xf2, 0x25, 0x18, 0xb9, 0x1d, 0x87, 0x81, 0x3a, 0xce, 0x2e, 0xf5, 0x3c, 0xce, + 0x36, 0xb0, 0xba, 0x1f, 0x67, 0x0f, 0xe6, 0x75, 0x9c, 0x3d, 0x74, 0xc8, 0xe3, 0xec, 0xef, 0x96, + 0x40, 0x95, 0x59, 0xbd, 0x4e, 0x92, 0xbb, 0x61, 0xb4, 0xe9, 0x05, 0x0d, 0x96, 0x4a, 0xf1, 0x1d, + 0x0b, 0x46, 0xf8, 0x7c, 0x59, 0x34, 0xc3, 0x91, 0xeb, 0x39, 0xd5, 0xef, 0x4c, 0x31, 0x9b, 0x5a, + 0x33, 0x18, 0x65, 0x6e, 0x07, 0x31, 0x41, 0x38, 0x25, 0x11, 0xfa, 0x39, 0x00, 0xb9, 0x6f, 0x59, + 0x97, 0x2a, 0x73, 0x21, 0x1f, 0xf9, 0x30, 0xa9, 0x6b, 0xdb, 0x74, 0x4d, 0x31, 0xc1, 0x06, 0x43, + 0xf4, 0x95, 0xec, 0xf5, 0x96, 0x9f, 0x3d, 0x96, 0xbe, 0xe9, 0x27, 0x50, 0x1b, 0xc3, 0x90, 0x17, + 0x34, 0xe8, 0x38, 0x11, 0x11, 0x00, 0x1f, 0xee, 0x96, 0x86, 0xb4, 0x18, 0x3a, 0xb5, 0xaa, 0xe3, + 0x3b, 0x81, 0x4b, 0xa2, 0x05, 0x8e, 0x6e, 0x5e, 0x57, 0xc5, 0x1a, 0xb0, 0x24, 0xd4, 0x51, 0xa0, + 0xb6, 0xd4, 0x4f, 0x81, 0xda, 0xb3, 0x9f, 0x84, 0xf1, 0x8e, 0x8f, 0x79, 0xa0, 0xb8, 0xec, 0xc3, + 0x87, 0x74, 0xdb, 0xff, 0x62, 0x50, 0x2f, 0x5a, 0xd7, 0xc3, 0x1a, 0x2f, 0x93, 0x1a, 0xe9, 0x2f, + 0x2a, 0x6c, 0xcf, 0x1c, 0x87, 0x88, 0x71, 0xe5, 0x95, 0x6a, 0xc4, 0x26, 0x4b, 0x3a, 0x46, 0x5b, + 0x4e, 0x44, 0x82, 0xe3, 0x1e, 0xa3, 0x2b, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0x8d, 0x54, 0x60, 0xe6, + 0xe5, 0xa3, 0x07, 0x66, 0xb2, 0x2c, 0xe7, 0x6e, 0xa5, 0x16, 0xbf, 0x69, 0xc1, 0x58, 0x90, 0x1a, + 0xb9, 0xe2, 0x1c, 0x67, 0xed, 0x38, 0x66, 0x05, 0xaf, 0xd2, 0x9d, 0x6e, 0xc3, 0x19, 0xfe, 0xdd, + 0x96, 0xb4, 0xd2, 0x01, 0x97, 0x34, 0x5d, 0x6f, 0x79, 0xb0, 0x57, 0xbd, 0x65, 0x14, 0xa8, 0x82, + 0xf3, 0x43, 0xb9, 0x17, 0x9c, 0x87, 0x2e, 0xc5, 0xe6, 0x6f, 0x41, 0xc5, 0x8d, 0x88, 0x93, 0x1c, + 0xb2, 0xf6, 0x38, 0x3b, 0x0a, 0x9f, 0x95, 0x04, 0xb0, 0xa6, 0x65, 0xff, 0xbb, 0x22, 0x9c, 0x94, + 0x3d, 0x22, 0xe3, 0xb8, 0xe8, 0xfa, 0xc8, 0xf9, 0x6a, 0xe3, 0x56, 0xad, 0x8f, 0x57, 0x24, 0x00, + 0x6b, 0x1c, 0x6a, 0x8f, 0xb5, 0x63, 0xb2, 0xdc, 0x22, 0xc1, 0xa2, 0xb7, 0x1e, 0x8b, 0xf3, 0x47, + 0x35, 0x51, 0x6e, 0x68, 0x10, 0x36, 0xf1, 0xa8, 0x31, 0xce, 0xed, 0xe2, 0x38, 0x1b, 0x03, 0x2a, + 0xec, 0x6d, 0x2c, 0xe1, 0xe8, 0x57, 0xba, 0xde, 0x5a, 0x91, 0x4f, 0xf4, 0x73, 0x47, 0xf8, 0xda, + 0x01, 0xaf, 0xab, 0x78, 0xdb, 0x82, 0x13, 0x9b, 0xa9, 0x34, 0x34, 0xa9, 0x92, 0x8f, 0x98, 0x30, + 0x9d, 0xce, 0x6d, 0xd3, 0x43, 0x38, 0xdd, 0x1e, 0xe3, 0x2c, 0x77, 0xfb, 0x7f, 0x58, 0x60, 0xaa, + 0xa7, 0xfe, 0x2c, 0x2b, 0xe3, 0xe2, 0xad, 0xc2, 0x3e, 0x17, 0x6f, 0x49, 0x23, 0xac, 0xd8, 0x9f, + 0xd1, 0x3f, 0x70, 0x00, 0xa3, 0xbf, 0xd4, 0xd3, 0x6a, 0x7b, 0x1a, 0x8a, 0x6d, 0xaf, 0x26, 0xec, + 0x76, 0x7d, 0xda, 0xb8, 0x30, 0x87, 0x69, 0xbb, 0xfd, 0x4f, 0x4a, 0xda, 0x4f, 0x17, 0x41, 0xbb, + 0x3f, 0x12, 0xaf, 0x5d, 0x57, 0xf9, 0xef, 0xfc, 0xcd, 0xaf, 0x77, 0xe4, 0xbf, 0xff, 0xe4, 0xc1, + 0x63, 0xb2, 0x79, 0x07, 0xf5, 0x4a, 0x7f, 0x1f, 0xda, 0x27, 0x20, 0xfb, 0x36, 0x94, 0xa9, 0x6b, + 0xc3, 0x36, 0xdc, 0xca, 0x29, 0xa1, 0xca, 0x57, 0x44, 0xfb, 0xbd, 0xdd, 0xc9, 0x9f, 0x38, 0xb8, + 0x58, 0xf2, 0x69, 0xac, 0xe8, 0xa3, 0x18, 0x2a, 0xf4, 0x37, 0x8b, 0x1d, 0x17, 0x4e, 0xd3, 0x0d, + 0xa5, 0x8b, 0x24, 0x20, 0x97, 0xc0, 0x74, 0xcd, 0x07, 0x05, 0x50, 0x61, 0x37, 0xe6, 0x30, 0xa6, + 0xdc, 0xb7, 0x5a, 0x51, 0x11, 0xdc, 0x12, 0x70, 0x6f, 0x77, 0xf2, 0xe5, 0x83, 0x33, 0x55, 0x8f, + 0x63, 0xcd, 0xc2, 0x7e, 0x67, 0x40, 0x8f, 0x5d, 0x51, 0xf6, 0xe0, 0x47, 0x62, 0xec, 0x5e, 0xcc, + 0x8c, 0xdd, 0xf3, 0x1d, 0x63, 0x77, 0x4c, 0xdf, 0xec, 0x92, 0x1a, 0x8d, 0x0f, 0x7a, 0x81, 0xdd, + 0xdf, 0x8f, 0x67, 0x96, 0xc5, 0x9d, 0xb6, 0x17, 0x91, 0x78, 0x25, 0x6a, 0x07, 0x5e, 0xd0, 0x10, + 0x97, 0x69, 0x1a, 0x96, 0x45, 0x0a, 0x8c, 0xb3, 0xf8, 0xec, 0x22, 0xce, 0x9d, 0xc0, 0xbd, 0xe5, + 0x6c, 0xf1, 0x51, 0x65, 0x64, 0x82, 0xaf, 0x8a, 0x76, 0xac, 0x30, 0xec, 0x77, 0xd9, 0xd9, 0xad, + 0x91, 0xb4, 0x42, 0xc7, 0x84, 0xcf, 0xae, 0x28, 0xe2, 0x69, 0xe4, 0x6a, 0x4c, 0xf0, 0x7b, 0x89, + 0x38, 0x0c, 0xdd, 0x85, 0xa1, 0x75, 0x5e, 0xa3, 0x3f, 0x9f, 0xba, 0x73, 0xa2, 0xe0, 0x3f, 0x2b, + 0x0d, 0x2b, 0xab, 0xff, 0xdf, 0xd3, 0x3f, 0xb1, 0xe4, 0x66, 0xbf, 0x37, 0x00, 0x27, 0x32, 0x97, + 0xd8, 0xa4, 0xaa, 0xe0, 0x14, 0xf6, 0xad, 0x82, 0xf3, 0x19, 0x80, 0x1a, 0x69, 0xf9, 0xe1, 0x0e, + 0x33, 0x73, 0x06, 0x0e, 0x6c, 0xe6, 0x28, 0xcb, 0x78, 0x4e, 0x51, 0xc1, 0x06, 0x45, 0x91, 0x3b, + 0xcf, 0x8b, 0xea, 0x64, 0x72, 0xe7, 0x8d, 0xd2, 0x8f, 0x83, 0x0f, 0xb6, 0xf4, 0xa3, 0x07, 0x27, + 0xb8, 0x88, 0x2a, 0x35, 0xe4, 0x10, 0x19, 0x20, 0x2c, 0xce, 0x76, 0x2e, 0x4d, 0x06, 0x67, 0xe9, + 0x3e, 0xcc, 0x3b, 0xaa, 0xd0, 0x47, 0xa1, 0x22, 0xbf, 0x73, 0x3c, 0x51, 0xd1, 0xe9, 0x75, 0x72, + 0x18, 0xb0, 0xbb, 0xa3, 0xc4, 0x4f, 0xfb, 0x1b, 0x05, 0x6a, 0x95, 0xf2, 0x7f, 0x2a, 0x4d, 0xfa, + 0x59, 0x18, 0x74, 0xda, 0xc9, 0x46, 0xd8, 0x71, 0xf1, 0xc0, 0x0c, 0x6b, 0xc5, 0x02, 0x8a, 0x16, + 0x61, 0xa0, 0xa6, 0x53, 0x5f, 0x0f, 0xd2, 0x8b, 0x7a, 0x83, 0xcf, 0x49, 0x08, 0x66, 0x54, 0xd0, + 0x53, 0x30, 0x90, 0x38, 0x8d, 0xd4, 0x85, 0xb0, 0x6b, 0x4e, 0x23, 0xc6, 0xac, 0xd5, 0x5c, 0x34, + 0x07, 0xf6, 0x59, 0x34, 0x5f, 0x86, 0xd1, 0xd8, 0x6b, 0x04, 0x4e, 0xd2, 0x8e, 0x88, 0x71, 0x98, + 0xa4, 0xe3, 0x03, 0x4c, 0x20, 0x4e, 0xe3, 0xda, 0xef, 0x57, 0xe0, 0x74, 0xb7, 0x8b, 0xfb, 0xf3, + 0x8e, 0xa9, 0xef, 0xc6, 0xe3, 0xc1, 0xc5, 0xd4, 0xf7, 0xe0, 0xee, 0x1b, 0x31, 0xf5, 0xbe, 0x11, + 0x53, 0xff, 0x15, 0x0b, 0x2a, 0x2a, 0x94, 0x5c, 0x04, 0xb2, 0xbe, 0x9e, 0xbf, 0x04, 0x2a, 0xae, + 0x58, 0x44, 0x14, 0xcb, 0xbf, 0x58, 0x33, 0x3f, 0xbe, 0x20, 0xfb, 0xfb, 0x0a, 0x74, 0xa0, 0x20, + 0x7b, 0x95, 0x81, 0x50, 0xca, 0x23, 0x03, 0xa1, 0xc7, 0xa7, 0xea, 0x9a, 0x81, 0xf0, 0x4d, 0x0b, + 0x86, 0x9d, 0xb7, 0xda, 0x11, 0x99, 0x23, 0x5b, 0xcb, 0xad, 0x58, 0x28, 0xd8, 0x37, 0xf2, 0x17, + 0x60, 0x46, 0x33, 0x11, 0x15, 0x92, 0x75, 0x03, 0x36, 0x45, 0x48, 0x65, 0x1c, 0x0c, 0xe5, 0x91, + 0x71, 0xd0, 0x4d, 0x9c, 0x7d, 0x33, 0x0e, 0x5e, 0x86, 0x51, 0xd7, 0x0f, 0x03, 0xb2, 0x12, 0x85, + 0x49, 0xe8, 0x86, 0xbe, 0x30, 0xa6, 0x95, 0x4a, 0x98, 0x35, 0x81, 0x38, 0x8d, 0xdb, 0x2b, 0x5d, + 0xa1, 0x72, 0xd4, 0x74, 0x05, 0x78, 0x48, 0xe9, 0x0a, 0x7f, 0x56, 0x80, 0xc9, 0x7d, 0x3e, 0x2a, + 0xba, 0x08, 0x23, 0x61, 0xd4, 0x70, 0x02, 0xef, 0x2d, 0x9e, 0x1a, 0x5b, 0x4a, 0x17, 0xe0, 0x58, + 0x36, 0x60, 0x38, 0x85, 0x29, 0x43, 0x91, 0x07, 0x7b, 0x84, 0x22, 0x7f, 0x1c, 0x86, 0x13, 0xe2, + 0x34, 0x45, 0xdc, 0x85, 0x70, 0x80, 0xf4, 0x81, 0x92, 0x06, 0x61, 0x13, 0x8f, 0x0e, 0xa3, 0x31, + 0xc7, 0x75, 0x49, 0x1c, 0xcb, 0x58, 0x63, 0xb1, 0x39, 0x93, 0x5b, 0x20, 0x33, 0xdb, 0xf3, 0x9a, + 0x49, 0xb1, 0xc0, 0x19, 0x96, 0x54, 0x78, 0xc7, 0xf7, 0x79, 0x26, 0x01, 0x91, 0x57, 0xbc, 0xeb, + 0x42, 0x1a, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xd7, 0x0b, 0xf0, 0xf4, 0x7d, 0xd5, 0x4b, 0xdf, 0x61, + 0xe0, 0xed, 0x98, 0x44, 0xd9, 0x03, 0x99, 0x1b, 0x31, 0x89, 0x30, 0x83, 0xf0, 0x5e, 0x6a, 0xb5, + 0x8c, 0xab, 0x8f, 0xf2, 0xce, 0x3a, 0xe0, 0xbd, 0x94, 0x62, 0x81, 0x33, 0x2c, 0xb3, 0xbd, 0x34, + 0xd0, 0x67, 0x2f, 0xfd, 0xfd, 0x02, 0x3c, 0xd3, 0x87, 0x12, 0xce, 0x31, 0x3b, 0x23, 0x9d, 0x23, + 0x53, 0x7c, 0x38, 0x39, 0x32, 0x87, 0xed, 0xae, 0x77, 0x0b, 0x70, 0xb6, 0xb7, 0x2e, 0x44, 0x3f, + 0x45, 0x9d, 0x28, 0x19, 0x6c, 0x61, 0xa6, 0xd7, 0x9c, 0xe2, 0x0e, 0x54, 0x0a, 0x84, 0xb3, 0xb8, + 0x68, 0x0a, 0xa0, 0xe5, 0x24, 0x1b, 0xf1, 0xa5, 0x6d, 0x2f, 0x4e, 0x44, 0x66, 0xe8, 0x18, 0xdf, + 0x0a, 0x97, 0xad, 0xd8, 0xc0, 0xa0, 0xec, 0xd8, 0xbf, 0xb9, 0xf0, 0x7a, 0x98, 0xf0, 0x87, 0xb8, + 0x1d, 0x77, 0x4a, 0x96, 0xa0, 0x34, 0x40, 0x38, 0x8b, 0x4b, 0xd9, 0xb1, 0xc3, 0x16, 0x2e, 0x28, + 0x37, 0xf0, 0x18, 0xbb, 0x45, 0xd5, 0x8a, 0x0d, 0x8c, 0x6c, 0xe2, 0x50, 0x69, 0xff, 0xc4, 0x21, + 0xfb, 0x1f, 0x17, 0xe0, 0x89, 0x9e, 0x6b, 0x69, 0x7f, 0x13, 0xf0, 0xd1, 0x4b, 0xf6, 0x39, 0xdc, + 0xd8, 0x39, 0x60, 0x0a, 0xcb, 0x9f, 0xf4, 0x18, 0x69, 0x22, 0x85, 0x25, 0xbb, 0x54, 0x58, 0x07, + 0x5d, 0x2a, 0x1e, 0xa1, 0xfe, 0xec, 0xc8, 0x5a, 0x19, 0x38, 0x40, 0xd6, 0x4a, 0xe6, 0x63, 0x94, + 0xfa, 0x9c, 0xc8, 0xdf, 0xeb, 0xdd, 0xbd, 0xd4, 0xf6, 0xee, 0x6b, 0x7b, 0x6a, 0x0e, 0x4e, 0x7a, + 0x01, 0x2b, 0x47, 0xbc, 0xda, 0x5e, 0x17, 0x79, 0xc3, 0x85, 0xf4, 0x4d, 0x5b, 0x0b, 0x19, 0x38, + 0xee, 0x78, 0xe2, 0x11, 0xcc, 0x22, 0x3a, 0x64, 0x97, 0x7e, 0x06, 0x2a, 0x8a, 0x36, 0x8f, 0x8c, + 0x54, 0x1f, 0xb4, 0x23, 0x32, 0x52, 0x7d, 0x4d, 0x03, 0x8b, 0xf6, 0xc4, 0x26, 0xd9, 0xc9, 0x8e, + 0xcc, 0x6b, 0x64, 0x87, 0x9d, 0x92, 0xda, 0x1f, 0x83, 0x11, 0xe5, 0x44, 0xf6, 0x5b, 0x2e, 0xd7, + 0x7e, 0x67, 0x10, 0x46, 0x53, 0xc5, 0x30, 0x52, 0x7b, 0x36, 0xd6, 0xbe, 0x7b, 0x36, 0x2c, 0xd2, + 0xb5, 0x1d, 0xc8, 0x82, 0xd4, 0x46, 0xa4, 0x6b, 0x3b, 0x20, 0x98, 0xc3, 0xa8, 0xeb, 0x5e, 0x8b, + 0x76, 0x70, 0x3b, 0x10, 0x11, 0x69, 0xca, 0x75, 0x9f, 0x63, 0xad, 0x58, 0x40, 0xd1, 0x17, 0x2c, + 0x18, 0x89, 0xd9, 0x86, 0x20, 0xdf, 0xf1, 0x12, 0x1f, 0xf4, 0x6a, 0x1e, 0x97, 0x47, 0x8b, 0xc2, + 0x2f, 0xec, 0x30, 0xdb, 0x6c, 0xc1, 0x29, 0x8e, 0xe8, 0x4b, 0x96, 0x79, 0x6d, 0xf6, 0x60, 0x1e, + 0x91, 0x94, 0xd9, 0x5a, 0x23, 0x7c, 0xab, 0xe4, 0xfe, 0xb7, 0x67, 0xeb, 0xdb, 0xf4, 0x87, 0x1e, + 0xdc, 0x6d, 0xfa, 0x1f, 0x85, 0x4a, 0xd3, 0x09, 0xbc, 0x3a, 0x89, 0x13, 0xbe, 0x43, 0x24, 0x4b, + 0x20, 0xc9, 0x46, 0xac, 0xe1, 0x74, 0xb1, 0x8b, 0xd9, 0x8b, 0x25, 0xc6, 0x96, 0x0e, 0x5b, 0xec, + 0x56, 0x75, 0x33, 0x36, 0x71, 0xcc, 0xfd, 0x27, 0x78, 0xa8, 0xfb, 0x4f, 0xc3, 0xfb, 0xec, 0x3f, + 0xfd, 0x43, 0x0b, 0xce, 0x74, 0xfd, 0x6a, 0x8f, 0x6e, 0x8c, 0x92, 0xfd, 0xad, 0x12, 0x9c, 0xea, + 0x52, 0xd5, 0x06, 0xed, 0x1c, 0xdb, 0x35, 0xf0, 0xa2, 0x6c, 0xce, 0x68, 0xcf, 0x41, 0x7c, 0xb0, + 0xdd, 0x5f, 0xbd, 0x03, 0x5b, 0x7c, 0xb0, 0x3b, 0xb0, 0xc6, 0xb0, 0x1c, 0x78, 0xa8, 0xc3, 0xb2, + 0x74, 0xff, 0x61, 0x89, 0x7e, 0xdb, 0x82, 0x89, 0x66, 0x8f, 0x52, 0x8a, 0x62, 0x57, 0xe5, 0xe6, + 0xf1, 0x14, 0x6a, 0xac, 0x3e, 0xb5, 0xb7, 0x3b, 0xd9, 0xb3, 0x82, 0x25, 0xee, 0x29, 0x95, 0xfd, + 0x7e, 0x11, 0x58, 0x49, 0x25, 0x56, 0xc4, 0x64, 0x07, 0x7d, 0xde, 0x2c, 0x8e, 0x65, 0xe5, 0x55, + 0xc8, 0x89, 0x13, 0x57, 0xc5, 0xb5, 0x78, 0x0f, 0x76, 0xab, 0xb5, 0x95, 0x55, 0x5a, 0x85, 0x3e, + 0x94, 0x96, 0x2f, 0xab, 0x90, 0x15, 0xf3, 0xaf, 0x42, 0x56, 0xc9, 0x56, 0x20, 0xbb, 0xff, 0x27, + 0x1e, 0x78, 0x24, 0x3f, 0xf1, 0xdf, 0xb4, 0xb8, 0xe2, 0xc9, 0x7c, 0x05, 0x6d, 0x19, 0x58, 0xf7, + 0xb1, 0x0c, 0x9e, 0x67, 0xf7, 0x05, 0xd6, 0xaf, 0x10, 0xc7, 0x17, 0x16, 0x84, 0x79, 0xf5, 0x1f, + 0x6b, 0xc7, 0x0a, 0x83, 0xdd, 0xf0, 0xe1, 0xfb, 0xe1, 0xdd, 0x4b, 0xcd, 0x56, 0xb2, 0x23, 0x6c, + 0x09, 0x7d, 0xc3, 0x87, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0xdb, 0x05, 0x3e, 0x02, 0xc5, 0xb9, 0xea, + 0xc5, 0x4c, 0x39, 0xf9, 0xfe, 0x8f, 0x24, 0x3f, 0x07, 0xe0, 0xaa, 0xab, 0xc2, 0xc4, 0x86, 0xf7, + 0x95, 0x23, 0x5f, 0xb5, 0x24, 0xe8, 0xe9, 0xd7, 0xd0, 0x6d, 0xd8, 0xe0, 0x97, 0xd2, 0xa5, 0xc5, + 0x7d, 0x75, 0x69, 0x4a, 0xad, 0x0c, 0xec, 0xb3, 0xda, 0xfd, 0x99, 0x05, 0x29, 0x8b, 0x08, 0xb5, + 0xa0, 0x44, 0xc5, 0xdd, 0xc9, 0xe7, 0x16, 0x34, 0x93, 0x34, 0x55, 0x8d, 0x62, 0xd8, 0xb3, 0x9f, + 0x98, 0x33, 0x42, 0xbe, 0x38, 0x7e, 0x2d, 0xe4, 0x71, 0x53, 0x9f, 0xc9, 0xf0, 0x4a, 0x18, 0x6e, + 0xf2, 0x53, 0x1b, 0x7d, 0x94, 0x6b, 0x5f, 0x84, 0xf1, 0x0e, 0xa1, 0x58, 0xe5, 0xe8, 0x50, 0x5e, + 0xfd, 0x66, 0x0c, 0x57, 0x96, 0x03, 0x85, 0x39, 0xcc, 0x7e, 0xd7, 0x82, 0x93, 0x59, 0xf2, 0xe8, + 0xdb, 0x16, 0x8c, 0xc7, 0x59, 0x7a, 0xc7, 0xd5, 0x77, 0x2a, 0x34, 0xa9, 0x03, 0x84, 0x3b, 0x85, + 0xb0, 0xff, 0x5c, 0x0c, 0xfe, 0x5b, 0x5e, 0x50, 0x0b, 0xef, 0x2a, 0xc3, 0xc4, 0xea, 0x69, 0x98, + 0xd0, 0xf9, 0xe8, 0x6e, 0x90, 0x5a, 0xdb, 0xef, 0x48, 0xbe, 0x5a, 0x15, 0xed, 0x58, 0x61, 0xa4, + 0x2e, 0x81, 0x2f, 0xee, 0x7b, 0x09, 0xfc, 0x4b, 0x30, 0x62, 0x5e, 0x6f, 0x28, 0xc6, 0x25, 0x33, + 0xc8, 0xcd, 0x9b, 0x10, 0x71, 0x0a, 0x2b, 0x73, 0xc1, 0x75, 0x69, 0xdf, 0x0b, 0xae, 0x9f, 0x83, + 0xb2, 0xb8, 0xac, 0x59, 0x06, 0xf0, 0xf1, 0xcc, 0x2e, 0xd1, 0x86, 0x15, 0x94, 0x6a, 0x93, 0xa6, + 0x13, 0xb4, 0x1d, 0x9f, 0xf6, 0x90, 0x48, 0x47, 0x55, 0xd3, 0x70, 0x49, 0x41, 0xb0, 0x81, 0x45, + 0xdf, 0x38, 0xf1, 0x9a, 0xe4, 0xb5, 0x30, 0x90, 0xa1, 0x2f, 0x7a, 0x4f, 0x5b, 0xb4, 0x63, 0x85, + 0x61, 0xff, 0x57, 0x0b, 0xb2, 0x37, 0xcd, 0xa6, 0x76, 0x39, 0xac, 0x7d, 0x53, 0x60, 0xd3, 0x09, + 0x74, 0x85, 0xbe, 0x12, 0xe8, 0xcc, 0xdc, 0xb6, 0xe2, 0x7d, 0x73, 0xdb, 0x7e, 0x4c, 0xdf, 0x3f, + 0xc2, 0x93, 0xe0, 0x86, 0xbb, 0xdd, 0x3d, 0x82, 0x6c, 0x18, 0x74, 0x1d, 0x55, 0x24, 0x61, 0x84, + 0xfb, 0x0e, 0xb3, 0x33, 0x0c, 0x49, 0x40, 0xaa, 0xeb, 0xef, 0xfd, 0xe0, 0xdc, 0x87, 0xbe, 0xf7, + 0x83, 0x73, 0x1f, 0xfa, 0xa3, 0x1f, 0x9c, 0xfb, 0xd0, 0x17, 0xf6, 0xce, 0x59, 0xef, 0xed, 0x9d, + 0xb3, 0xbe, 0xb7, 0x77, 0xce, 0xfa, 0xa3, 0xbd, 0x73, 0xd6, 0xfb, 0x7b, 0xe7, 0xac, 0x6f, 0xfe, + 0xa7, 0x73, 0x1f, 0x7a, 0xad, 0x6b, 0xa8, 0x12, 0xfd, 0xf1, 0x82, 0x5b, 0x9b, 0xde, 0xba, 0xc0, + 0xa2, 0x65, 0xe8, 0x6c, 0x98, 0x36, 0x86, 0xc0, 0xb4, 0x9c, 0x0d, 0xff, 0x2f, 0x00, 0x00, 0xff, + 0xff, 0x30, 0x64, 0xb5, 0x42, 0x24, 0xc8, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -9971,6 +9972,13 @@ func (m *PullRequestGeneratorFilter) MarshalToSizedBuffer(dAtA []byte) (int, err _ = i var l int _ = l + if m.TargetBranchMatch != nil { + i -= len(*m.TargetBranchMatch) + copy(dAtA[i:], *m.TargetBranchMatch) + i = encodeVarintGenerated(dAtA, i, uint64(len(*m.TargetBranchMatch))) + i-- + dAtA[i] = 0x12 + } if m.BranchMatch != nil { i -= len(*m.BranchMatch) copy(dAtA[i:], *m.BranchMatch) @@ -14925,6 +14933,10 @@ func (m *PullRequestGeneratorFilter) Size() (n int) { l = len(*m.BranchMatch) n += 1 + l + sovGenerated(uint64(l)) } + if m.TargetBranchMatch != nil { + l = len(*m.TargetBranchMatch) + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -17570,6 +17582,7 @@ func (this *PullRequestGeneratorFilter) String() string { } s := strings.Join([]string{`&PullRequestGeneratorFilter{`, `BranchMatch:` + valueToStringGenerated(this.BranchMatch) + `,`, + `TargetBranchMatch:` + valueToStringGenerated(this.TargetBranchMatch) + `,`, `}`, }, "") return s @@ -35002,6 +35015,39 @@ func (m *PullRequestGeneratorFilter) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.BranchMatch = &s iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TargetBranchMatch", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.TargetBranchMatch = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 7cad9d73d7cc2..f54ead48d3bfd 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -1249,6 +1249,8 @@ message PullRequestGeneratorBitbucketServer { // pass for a pull request to be included. message PullRequestGeneratorFilter { optional string branchMatch = 1; + + optional string targetBranchMatch = 2; } // PullRequestGeneratorGitLab defines connection info specific to GitLab. diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index 6e5a6815f59ed..580ef6bbef993 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -4444,6 +4444,12 @@ func schema_pkg_apis_application_v1alpha1_PullRequestGeneratorFilter(ref common. Format: "", }, }, + "targetBranchMatch": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index ecd2f20cc5235..082edeca24366 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -2594,6 +2594,11 @@ func (in *PullRequestGeneratorFilter) DeepCopyInto(out *PullRequestGeneratorFilt *out = new(string) **out = **in } + if in.TargetBranchMatch != nil { + in, out := &in.TargetBranchMatch, &out.TargetBranchMatch + *out = new(string) + **out = **in + } return } diff --git a/test/e2e/applicationset_test.go b/test/e2e/applicationset_test.go index c0413c8084c7b..04a3df65bade5 100644 --- a/test/e2e/applicationset_test.go +++ b/test/e2e/applicationset_test.go @@ -1271,6 +1271,10 @@ func githubPullMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request "name": "preview" } ], + "base": { + "ref": "master", + "sha": "7a4a5c987fdfb2b0629e9dbf5f31636c69ba4775" + }, "head": { "ref": "pull-request", "sha": "824a5c987fdfb2b0629e9dbf5f31636c69ba4772" From 0f5131a4978c3fe20f9466657286d12c6f3eb6b2 Mon Sep 17 00:00:00 2001 From: Blake Pettersson Date: Sun, 28 May 2023 06:21:49 +0200 Subject: [PATCH 041/252] chore: set explicit package.json deps (#13483) * chore: set explicit package.json deps Related to #11006, all dependencies that are used within the app needs to be expressed in package.json, in case we ever want to use yarn berry or pnpm. Signed-off-by: Blake Pettersson * fix: downgrade history dependency Signed-off-by: Blake Pettersson --------- Signed-off-by: Blake Pettersson Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- ui/package.json | 3 +++ ui/yarn.lock | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/ui/package.json b/ui/package.json index b36d7664cf562..19c31bdccf7bf 100644 --- a/ui/package.json +++ b/ui/package.json @@ -11,6 +11,7 @@ "test": "jest" }, "dependencies": { + "@fortawesome/fontawesome-free": "^6.4.0", "@types/react-virtualized": "^9.21.21", "@types/superagent": "^4.1.15", "ansi-to-react": "^6.1.6", @@ -19,9 +20,11 @@ "classnames": "^2.2.5", "color": "^3.2.1", "dagre": "^0.8.5", + "date-fns": "^2.30.0", "deepmerge": "^3.2.0", "foundation-sites": "^6.7.4", "git-url-parse": "^13.1.0", + "history": "^4.7.2", "js-yaml": "^3.14.1", "json-merge-patch": "^0.2.3", "lodash-es": "^4.17.21", diff --git a/ui/yarn.lock b/ui/yarn.lock index 37d3a0ccb9320..94ebeb0d7f237 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -1010,6 +1010,13 @@ dependencies: regenerator-runtime "^0.13.4" +"@babel/runtime@^7.21.0": + version "7.21.5" + resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.21.5.tgz#8492dddda9644ae3bda3b45eabe87382caee7200" + integrity sha512-8jI69toZqqcsnqGGqwGS4Qb1VwLOEp4hz+CXPywcvjs60u3B4Pom/U/7rm4W8tMOYEB+E9wgD0mW1l3r8qlI9Q== + dependencies: + regenerator-runtime "^0.13.11" + "@babel/runtime@^7.7.2", "@babel/runtime@^7.8.7": version "7.20.13" resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.20.13.tgz#7055ab8a7cff2b8f6058bf6ae45ff84ad2aded4b" @@ -1160,6 +1167,11 @@ resolved "https://registry.yarnpkg.com/@fortawesome/fontawesome-free/-/fontawesome-free-6.2.0.tgz#ba3510825b332816fe7190f28827f8cb33a298b5" integrity sha512-CNR7qRIfCwWHNN7FnKUniva94edPdyQzil/zCwk3v6k4R6rR2Fr8i4s3PM7n/lyfPA6Zfko9z5WDzFxG9SW1uQ== +"@fortawesome/fontawesome-free@^6.4.0": + version "6.4.0" + resolved "https://registry.yarnpkg.com/@fortawesome/fontawesome-free/-/fontawesome-free-6.4.0.tgz#1ee0c174e472c84b23cb46c995154dc383e3b4fe" + integrity sha512-0NyytTlPJwB/BF5LtRV8rrABDbe3TdTXqNB3PdZ+UUUZAEIrdOJdmABqKjt4AXwIoJNaRVVZEXxpNrqvE1GAYQ== + "@istanbuljs/load-nyc-config@^1.0.0": version "1.1.0" resolved "https://registry.yarnpkg.com/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz#fd3db1d59ecf7cf121e80650bb86712f9b55eced" @@ -3470,6 +3482,13 @@ date-fns@2.x: resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.28.0.tgz#9570d656f5fc13143e50c975a3b6bbeb46cd08b2" integrity sha512-8d35hViGYx/QH0icHYCeLmsLmMUheMmTyV9Fcm6gvNwdw31yXXH+O85sOBJ+OLnLQMKZowvpKb6FgMIQjcpvQw== +date-fns@^2.30.0: + version "2.30.0" + resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.30.0.tgz#f367e644839ff57894ec6ac480de40cae4b0f4d0" + integrity sha512-fnULvOpxnC5/Vg3NCiWelDsLiUc9bRwAPs/+LfTLNvetFCtCTN+yQz15C/fs4AwX1R9K5GLtLfn8QW+dWisaAw== + dependencies: + "@babel/runtime" "^7.21.0" + dayjs@1.x: version "1.10.7" resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.10.7.tgz#2cf5f91add28116748440866a0a1d26f3a6ce468" From 4def3b859c142ba4a3237a3656165704a56acbe5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 28 May 2023 08:24:04 -0400 Subject: [PATCH 042/252] [Bot] docs: Update Snyk reports (#13776) Signed-off-by: CI Co-authored-by: CI --- docs/snyk/index.md | 77 +- docs/snyk/master/argocd-iac-install.html | 102 +- .../master/argocd-iac-namespace-install.html | 90 +- docs/snyk/master/argocd-test.html | 100 +- .../master/ghcr.io_dexidp_dex_v2.36.0.html | 155 +- .../haproxy_2.6.12-alpine.html} | 368 +- .../quay.io_argoproj_argocd_latest.html | 1471 ++--- .../redis_7.0.11-alpine.html} | 10 +- docs/snyk/v2.4.28/argocd-iac-install.html | 2735 ---------- .../v2.4.28/argocd-iac-namespace-install.html | 2735 ---------- docs/snyk/v2.4.28/argocd-test.html | 4822 ----------------- .../v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html | 1698 ------ .../quay.io_argoproj_argocd_v2.4.28.html | 3995 -------------- docs/snyk/v2.4.28/redis_7.0.8-alpine.html | 983 ---- .../v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html | 1698 ------ docs/snyk/v2.5.16/redis_7.0.8-alpine.html | 983 ---- .../argocd-iac-install.html | 20 +- .../argocd-iac-namespace-install.html | 20 +- .../{v2.5.16 => v2.5.17}/argocd-test.html | 803 ++- .../ghcr.io_dexidp_dex_v2.36.0.html} | 286 +- docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html | 662 +++ .../quay.io_argoproj_argocd_v2.5.17.html} | 1668 +++--- docs/snyk/v2.5.17/redis_7.0.11-alpine.html | 492 ++ .../v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html | 1698 ------ docs/snyk/v2.6.7/haproxy_2.6.9-alpine.html | 983 ---- docs/snyk/v2.6.7/redis_7.0.8-alpine.html | 983 ---- .../argocd-iac-install.html | 20 +- .../argocd-iac-namespace-install.html | 20 +- docs/snyk/{v2.6.7 => v2.6.8}/argocd-test.html | 4 +- .../ghcr.io_dexidp_dex_v2.36.0.html} | 286 +- docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html | 662 +++ .../quay.io_argoproj_argocd_v2.6.8.html} | 1660 +++--- docs/snyk/v2.6.8/redis_7.0.11-alpine.html | 492 ++ .../snyk/v2.7.0-rc2/haproxy_2.6.9-alpine.html | 983 ---- docs/snyk/v2.7.0-rc2/redis_7.0.9-alpine.html | 983 ---- .../argocd-iac-install.html | 52 +- .../argocd-iac-namespace-install.html | 52 +- .../{v2.7.0-rc2 => v2.7.3}/argocd-test.html | 2 +- .../ghcr.io_dexidp_dex_v2.36.0.html} | 286 +- docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html | 662 +++ .../quay.io_argoproj_argocd_v2.7.3.html} | 1646 +++--- docs/snyk/v2.7.3/redis_7.0.11-alpine.html | 492 ++ 42 files changed, 7224 insertions(+), 30715 deletions(-) rename docs/snyk/{v2.7.0-rc2/ghcr.io_dexidp_dex_v2.36.0.html => master/haproxy_2.6.12-alpine.html} (51%) rename docs/snyk/{v2.4.28/haproxy_2.0.31-alpine.html => master/redis_7.0.11-alpine.html} (97%) delete mode 100644 docs/snyk/v2.4.28/argocd-iac-install.html delete mode 100644 docs/snyk/v2.4.28/argocd-iac-namespace-install.html delete mode 100644 docs/snyk/v2.4.28/argocd-test.html delete mode 100644 docs/snyk/v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html delete mode 100644 docs/snyk/v2.4.28/quay.io_argoproj_argocd_v2.4.28.html delete mode 100644 docs/snyk/v2.4.28/redis_7.0.8-alpine.html delete mode 100644 docs/snyk/v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html delete mode 100644 docs/snyk/v2.5.16/redis_7.0.8-alpine.html rename docs/snyk/{v2.5.16 => v2.5.17}/argocd-iac-install.html (98%) rename docs/snyk/{v2.5.16 => v2.5.17}/argocd-iac-namespace-install.html (98%) rename docs/snyk/{v2.5.16 => v2.5.17}/argocd-test.html (98%) rename docs/snyk/{master/haproxy_2.6.9-alpine.html => v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html} (83%) create mode 100644 docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html rename docs/snyk/{v2.5.16/quay.io_argoproj_argocd_v2.5.16.html => v2.5.17/quay.io_argoproj_argocd_v2.5.17.html} (78%) create mode 100644 docs/snyk/v2.5.17/redis_7.0.11-alpine.html delete mode 100644 docs/snyk/v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html delete mode 100644 docs/snyk/v2.6.7/haproxy_2.6.9-alpine.html delete mode 100644 docs/snyk/v2.6.7/redis_7.0.8-alpine.html rename docs/snyk/{v2.6.7 => v2.6.8}/argocd-iac-install.html (98%) rename docs/snyk/{v2.6.7 => v2.6.8}/argocd-iac-namespace-install.html (98%) rename docs/snyk/{v2.6.7 => v2.6.8}/argocd-test.html (98%) rename docs/snyk/{master/redis_7.0.9-alpine.html => v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html} (83%) create mode 100644 docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html rename docs/snyk/{v2.6.7/quay.io_argoproj_argocd_v2.6.7.html => v2.6.8/quay.io_argoproj_argocd_v2.6.8.html} (77%) create mode 100644 docs/snyk/v2.6.8/redis_7.0.11-alpine.html delete mode 100644 docs/snyk/v2.7.0-rc2/haproxy_2.6.9-alpine.html delete mode 100644 docs/snyk/v2.7.0-rc2/redis_7.0.9-alpine.html rename docs/snyk/{v2.7.0-rc2 => v2.7.3}/argocd-iac-install.html (97%) rename docs/snyk/{v2.7.0-rc2 => v2.7.3}/argocd-iac-namespace-install.html (97%) rename docs/snyk/{v2.7.0-rc2 => v2.7.3}/argocd-test.html (99%) rename docs/snyk/{v2.5.16/haproxy_2.6.9-alpine.html => v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html} (83%) create mode 100644 docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html rename docs/snyk/{v2.7.0-rc2/quay.io_argoproj_argocd_v2.7.0-rc2.html => v2.7.3/quay.io_argoproj_argocd_v2.7.3.html} (75%) create mode 100644 docs/snyk/v2.7.3/redis_7.0.11-alpine.html diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 11338843e2eef..123b3959ee654 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -14,62 +14,49 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| | [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 2 | 0 | -| [haproxy:2.6.9-alpine](master/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 0 | 19 | -| [redis:7.0.9-alpine](master/redis_7.0.9-alpine.html) | 0 | 1 | 2 | 0 | +| [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 0 | 0 | +| [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 0 | +| [haproxy:2.6.12-alpine](master/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 0 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 18 | +| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.7.0-rc2 +### v2.7.3 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.7.0-rc2/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.7.0-rc2/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.36.0](v2.7.0-rc2/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 2 | 0 | -| [haproxy:2.6.9-alpine](v2.7.0-rc2/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 | -| [argocd:v2.7.0-rc2](v2.7.0-rc2/quay.io_argoproj_argocd_v2.7.0-rc2.html) | 0 | 0 | 0 | 19 | -| [redis:7.0.9-alpine](v2.7.0-rc2/redis_7.0.9-alpine.html) | 0 | 1 | 2 | 0 | -| [install.yaml](v2.7.0-rc2/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.7.0-rc2/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.7.3/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.7.3/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.36.0](v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 0 | +| [haproxy:2.6.12-alpine](v2.7.3/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 0 | +| [argocd:v2.7.3](v2.7.3/quay.io_argoproj_argocd_v2.7.3.html) | 0 | 0 | 1 | 18 | +| [redis:7.0.11-alpine](v2.7.3/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.7.3/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.7.3/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.6.7 +### v2.6.8 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.6.7/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.6.7/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.35.3](v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 4 | 2 | 0 | -| [haproxy:2.6.9-alpine](v2.6.7/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 | -| [argocd:v2.6.7](v2.6.7/quay.io_argoproj_argocd_v2.6.7.html) | 0 | 0 | 0 | 19 | -| [redis:7.0.8-alpine](v2.6.7/redis_7.0.8-alpine.html) | 0 | 1 | 2 | 0 | -| [install.yaml](v2.6.7/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.6.7/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.6.8/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.6.8/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.36.0](v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 0 | +| [haproxy:2.6.12-alpine](v2.6.8/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 0 | +| [argocd:v2.6.8](v2.6.8/quay.io_argoproj_argocd_v2.6.8.html) | 0 | 0 | 1 | 18 | +| [redis:7.0.11-alpine](v2.6.8/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.6.8/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.6.8/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.5.16 +### v2.5.17 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.5.16/argocd-test.html) | 0 | 0 | 2 | 0 | -| [ui/yarn.lock](v2.5.16/argocd-test.html) | 0 | 0 | 4 | 0 | -| [dex:v2.35.3](v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 4 | 2 | 0 | -| [haproxy:2.6.9-alpine](v2.5.16/haproxy_2.6.9-alpine.html) | 0 | 1 | 2 | 0 | -| [argocd:v2.5.16](v2.5.16/quay.io_argoproj_argocd_v2.5.16.html) | 0 | 0 | 0 | 19 | -| [redis:7.0.8-alpine](v2.5.16/redis_7.0.8-alpine.html) | 0 | 1 | 2 | 0 | -| [install.yaml](v2.5.16/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.5.16/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.4.28 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.4.28/argocd-test.html) | 0 | 0 | 2 | 0 | -| [ui/yarn.lock](v2.4.28/argocd-test.html) | 0 | 0 | 4 | 0 | -| [dex:v2.35.3](v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 4 | 2 | 0 | -| [haproxy:2.0.31-alpine](v2.4.28/haproxy_2.0.31-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.4.28](v2.4.28/quay.io_argoproj_argocd_v2.4.28.html) | 0 | 0 | 0 | 19 | -| [redis:7.0.8-alpine](v2.4.28/redis_7.0.8-alpine.html) | 0 | 1 | 2 | 0 | -| [install.yaml](v2.4.28/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.4.28/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.5.17/argocd-test.html) | 0 | 0 | 2 | 0 | +| [ui/yarn.lock](v2.5.17/argocd-test.html) | 0 | 0 | 4 | 0 | +| [dex:v2.36.0](v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 0 | +| [haproxy:2.6.12-alpine](v2.5.17/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 0 | +| [argocd:v2.5.17](v2.5.17/quay.io_argoproj_argocd_v2.5.17.html) | 0 | 0 | 1 | 18 | +| [redis:7.0.11-alpine](v2.5.17/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.5.17/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.5.17/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 299c7884ae778..430a882914020 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

April 16th 2023, 12:17:00 am

+

May 27th 2023, 11:25:14 pm (UTC+00:00)

Scanned the following path: @@ -507,7 +507,7 @@

Role with dangerous permissions

  • - Line number: 16324 + Line number: 16341
    • @@ -553,7 +553,7 @@

    Role with dangerous permissions

  • - Line number: 16401 + Line number: 16418
    • @@ -599,7 +599,7 @@

    Role with dangerous permissions

  • - Line number: 16429 + Line number: 16446
    • @@ -645,7 +645,7 @@

    Role with dangerous permissions

  • - Line number: 16477 + Line number: 16494
    • @@ -691,7 +691,7 @@

    Role with dangerous permissions

  • - Line number: 16459 + Line number: 16476
    • @@ -737,7 +737,7 @@

    Role with dangerous permissions

  • - Line number: 16493 + Line number: 16510
    • @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 17517 + Line number: 17585
    • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 16974 + Line number: 16997
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 17146 + Line number: 17206
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 17112 + Line number: 17172
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 17206 + Line number: 17266
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 17280 + Line number: 17353
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 17517 + Line number: 17585
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 17339 + Line number: 17409
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 17602 + Line number: 17670
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 17906 + Line number: 17974
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 17126 + Line number: 17186
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 17293 + Line number: 17363
    • @@ -1471,7 +1471,7 @@

    Container is running without liveness probe

  • - Line number: 16974 + Line number: 16997
    • @@ -1523,7 +1523,7 @@

    Container is running without liveness probe

  • - Line number: 17112 + Line number: 17172
    • @@ -1575,7 +1575,7 @@

    Container is running without liveness probe

  • - Line number: 17146 + Line number: 17206
    • @@ -1627,7 +1627,7 @@

    Container is running without liveness probe

  • - Line number: 17280 + Line number: 17353
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 17517 + Line number: 17585
    • @@ -1737,7 +1737,7 @@

    Container is running without memory limit

  • - Line number: 16974 + Line number: 16997
    • @@ -1795,7 +1795,7 @@

    Container is running without memory limit

  • - Line number: 17112 + Line number: 17172
    • @@ -1853,7 +1853,7 @@

    Container is running without memory limit

  • - Line number: 17146 + Line number: 17206
    • @@ -1911,7 +1911,7 @@

    Container is running without memory limit

  • - Line number: 17206 + Line number: 17266
    • @@ -1969,7 +1969,7 @@

    Container is running without memory limit

  • - Line number: 17280 + Line number: 17353
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 17517 + Line number: 17585
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 17339 + Line number: 17409
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 17602 + Line number: 17670
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 17906 + Line number: 17974
    • @@ -2257,7 +2257,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17049 + Line number: 17096
    • @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2313,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17154 + Line number: 17214
    • @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2369,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17129 + Line number: 17189
    • @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2425,7 +2425,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17214 + Line number: 17287
    • @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2481,7 +2481,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17293 + Line number: 17363
    • @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17524 + Line number: 17592
    • @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17490 + Line number: 17558
    • @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2649,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17816 + Line number: 17884
    • @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2705,7 +2705,7 @@

    Container's UID could clash with host's UID
  • - Line number: 18048 + Line number: 18116
    • @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index f8957a067ba8d..d51d9ed8037e7 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:17:12 am

    +

    May 27th 2023, 11:25:29 pm (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1177 + Line number: 1228
    • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 634 + Line number: 640
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 806 + Line number: 849
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 772 + Line number: 815
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 866 + Line number: 909
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 940 + Line number: 996
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1177 + Line number: 1228
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 999 + Line number: 1052
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1262 + Line number: 1313
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1566 + Line number: 1617
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 786 + Line number: 829
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 953 + Line number: 1006
    • @@ -1471,7 +1471,7 @@

    Container is running without liveness probe

  • - Line number: 634 + Line number: 640
    • @@ -1523,7 +1523,7 @@

    Container is running without liveness probe

  • - Line number: 772 + Line number: 815
    • @@ -1575,7 +1575,7 @@

    Container is running without liveness probe

  • - Line number: 806 + Line number: 849
    • @@ -1627,7 +1627,7 @@

    Container is running without liveness probe

  • - Line number: 940 + Line number: 996
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 1177 + Line number: 1228
    • @@ -1737,7 +1737,7 @@

    Container is running without memory limit

  • - Line number: 634 + Line number: 640
    • @@ -1795,7 +1795,7 @@

    Container is running without memory limit

  • - Line number: 772 + Line number: 815
    • @@ -1853,7 +1853,7 @@

    Container is running without memory limit

  • - Line number: 806 + Line number: 849
    • @@ -1911,7 +1911,7 @@

    Container is running without memory limit

  • - Line number: 866 + Line number: 909
    • @@ -1969,7 +1969,7 @@

    Container is running without memory limit

  • - Line number: 940 + Line number: 996
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 1177 + Line number: 1228
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 999 + Line number: 1052
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 1262 + Line number: 1313
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 1566 + Line number: 1617
    • @@ -2257,7 +2257,7 @@

    Container's UID could clash with host's UID
  • - Line number: 709 + Line number: 739
    • @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2313,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 814 + Line number: 857
    • @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2369,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 789 + Line number: 832
    • @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2425,7 +2425,7 @@

    Container's UID could clash with host's UID
  • - Line number: 874 + Line number: 930
    • @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2481,7 +2481,7 @@

    Container's UID could clash with host's UID
  • - Line number: 953 + Line number: 1006
    • @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1184 + Line number: 1235
    • @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1150 + Line number: 1201
    • @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2649,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1476 + Line number: 1527
    • @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2705,7 +2705,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1708 + Line number: 1759
    • @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 157240634b201..7dc86d4a27b3b 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:14:42 am

    +

    May 27th 2023, 11:21:58 pm (UTC+00:00)

    Scanned the following paths: @@ -466,16 +466,104 @@

    Snyk test report

    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    -
    1748 dependencies
    +
    1 known vulnerabilities
    +
    2 vulnerable dependency paths
    +
    1812 dependencies
    - No known vulnerabilities detected. +
    +
    +

    Uncaught Exception

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + yaml +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, monaco-kubernetes@0.2.2 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + monaco-kubernetes@0.2.2 + + @monokle/validation@0.15.1 + + yaml@2.1.1 + + + +
      • +
    • + Introduced through: + argo-cd-ui@1.0.0 + + monaco-kubernetes@0.2.2 + + yaml@2.2.1 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Uncaught Exception due to improper validation of the input passed to the functions parseDocument and parseAllDocuments. + Exploiting this vulnerability is possible when these functions are fed an invalid input with more than 80 carriage return characters (\r).

    +

    PoC

    + 
    const yaml = require("yaml");
+        const string = "[" + "\r".repeat(80);
+        yaml.parseDocument(string);
+
    +

    Remediation

    +

    Upgrade yaml to version 2.2.2, 2.3.0-5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html index 2f13ac0d8ff3a..0ea1e90741c8e 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:14:59 am

    +

    May 27th 2023, 11:22:13 pm (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    3 known vulnerabilities
    -
    21 vulnerable dependency paths
    +
    4 known vulnerabilities
    +
    28 vulnerable dependency paths
    760 dependencies
    @@ -900,6 +900,153 @@

    References

    +
    +

    Out-of-bounds Read

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.7.0-rc2/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/master/haproxy_2.6.12-alpine.html similarity index 51% rename from docs/snyk/v2.7.0-rc2/ghcr.io_dexidp_dex_v2.36.0.html rename to docs/snyk/master/haproxy_2.6.12-alpine.html index 44f133fb0e30b..81d1a635ee0df 100644 --- a/docs/snyk/v2.7.0-rc2/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/master/haproxy_2.6.12-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,162 +456,37 @@

    Snyk test report

    -

    April 16th 2023, 12:17:40 am

    +

    May 27th 2023, 11:22:23 pm (UTC+00:00)

    - Scanned the following paths: + Scanned the following path:
      -
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
      • +
    • haproxy:2.6.12-alpine (apk)
    -
    3 known vulnerabilities
    -
    21 vulnerable dependency paths
    -
    760 dependencies
    +
    1 known vulnerabilities
    +
    9 vulnerable dependency paths
    +
    18 dependencies
    - +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.12-alpine
    Package Manager apk
    +
    -
    -

    Improper Certificate Validation

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -

    Improper Certificate Validation

    +

    Out-of-bounds Read

    @@ -632,7 +507,7 @@

    Improper Certificate Validation

  • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + docker-image|haproxy@2.6.12-alpine and openssl/libcrypto3@3.0.8-r3
    • @@ -645,215 +520,95 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 + docker-image|haproxy@2.6.12-alpine - openssl/libcrypto3@3.0.8-r0 + openssl/libcrypto3@3.0.8-r3
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 + docker-image|haproxy@2.6.12-alpine - openssl/libssl3@3.0.8-r0 + openssl/libssl3@3.0.8-r3 - openssl/libcrypto3@3.0.8-r0 + openssl/libcrypto3@3.0.8-r3
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 + docker-image|haproxy@2.6.12-alpine - apk-tools/apk-tools@2.12.10-r1 + .haproxy-rundeps@20230329.185657 - openssl/libcrypto3@3.0.8-r0 + openssl/libcrypto3@3.0.8-r3
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 + docker-image|haproxy@2.6.12-alpine apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.0.8-r0 + openssl/libcrypto3@3.0.8-r3
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 + docker-image|haproxy@2.6.12-alpine busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - openssl/libcrypto3@3.0.8-r0 + openssl/libcrypto3@3.0.8-r3
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 + docker-image|haproxy@2.6.12-alpine - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 + openssl/libssl3@3.0.8-r3
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - apk-tools/apk-tools@2.12.10-r1 + docker-image|haproxy@2.6.12-alpine - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 + .haproxy-rundeps@20230329.185657 - openssl/libssl3@3.0.8-r0 + openssl/libssl3@3.0.8-r3
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 + docker-image|haproxy@2.6.12-alpine apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.0.8-r0 + openssl/libssl3@3.0.8-r3
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.36.0 + docker-image|haproxy@2.6.12-alpine busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.0.8-r0 + openssl/libssl3@3.0.8-r3 @@ -867,36 +622,35 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

      -

      As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

      -

      Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

      -

      Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

      +

      Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

      +

      Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

      +

      The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

      +

      If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

      +

      Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index ed282d60e11a9..42fcdcc7eabf9 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:15:31 am

    +

    May 27th 2023, 11:22:57 pm (UTC+00:00)

    Scanned the following paths: @@ -466,9 +466,9 @@

    Snyk test report

    -
    21 known vulnerabilities
    -
    112 vulnerable dependency paths
    -
    2065 dependencies
    +
    19 known vulnerabilities
    +
    76 vulnerable dependency paths
    +
    2100 dependencies
    @@ -476,30 +476,30 @@

    Snyk test report

    -
    -

    Denial of Service (DoS)

    +
    +

    Improper Certificate Validation

    -
    - high severity +
    + medium severity
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - golang.org/x/net/http2/hpack + perl/perl-modules-5.34
    • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0 + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others
    @@ -511,9 +511,63 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/perl-modules-5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/libperl5.34@5.34.0-3ubuntu1.1 + + perl/perl-modules-5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/libperl5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + meta-common-packages@meta - golang.org/x/net/http2/hpack@v0.5.0 + perl/perl-base@5.34.0-3ubuntu1.1 @@ -524,61 +578,56 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

      Remediation

      -

      Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

      +

      There is no fixed version for Ubuntu:22.04 perl.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Denial of Service (DoS)

    +
    +

    CVE-2022-46908

    -
    - high severity +
    + low severity
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - golang.org/x/net/http2 + sqlite3/libsqlite3-0
    • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 + docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    @@ -590,9 +639,11 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/gpg@2.2.27-3ubuntu2.1 - golang.org/x/net/http2@v0.5.0 + sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 @@ -603,40 +654,30 @@

      Detailed paths

      -

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

      +

      There is no fixed version for Ubuntu:22.04 sqlite3.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2022-46908

    +

    Arbitrary Code Injection

    @@ -652,13 +693,13 @@

    CVE-2022-46908

  • Vulnerable module: - sqlite3/libsqlite3-0 + shadow/passwd
  • Introduced through: + docker-image|quay.io/argoproj/argocd@latest and shadow/passwd@1:4.8.1-2ubuntu2.1 - docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -672,9 +713,38 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg@2.2.27-3ubuntu2.1 + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + shadow/login@1:4.8.1-2ubuntu2.1 @@ -686,24 +756,24 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. +

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

    +

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 sqlite3.

    +

    There is no fixed version for Ubuntu:22.04 shadow.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • @@ -931,7 +1001,7 @@

    References

    -

    Improper Locking

    +

    Out-of-bounds Read

    @@ -952,7 +1022,7 @@

    Improper Locking

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.9
    • @@ -967,7 +1037,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9 @@ -978,7 +1048,7 @@

    Detailed paths

    cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9 @@ -989,7 +1059,7 @@

    Detailed paths

    libfido2/libfido2-1@1.10.0-1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9 @@ -1000,7 +1070,7 @@

    Detailed paths

    openssh/openssh-client@1:8.9p1-3ubuntu0.1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9 @@ -1009,11 +1079,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ca-certificates@20211016ubuntu0.22.04.1 + ca-certificates@20230311ubuntu0.22.04.1 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9 @@ -1022,13 +1092,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2build1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9 @@ -1047,11 +1117,11 @@

    Detailed paths

    libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9 @@ -1060,7 +1130,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9 @@ -1069,9 +1139,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ca-certificates@20211016ubuntu0.22.04.1 + ca-certificates@20230311ubuntu0.22.04.1 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9 @@ -1085,25 +1155,41 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    Remediation

    There is no fixed version for Ubuntu:22.04 openssl.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Improper Certificate Validation

    +

    Improper Privilege Management

    @@ -1119,12 +1205,12 @@

    Improper Certificate Validation

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1135,115 +1221,11 @@

    Improper Certificate Validation

    Detailed paths

      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
    • Introduced through: docker-image|quay.io/argoproj/argocd@latest openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 @@ -1255,30 +1237,37 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      +

      sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssl.

      +

      There is no fixed version for Ubuntu:22.04 openssh.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Improper Certificate Validation

    +

    Information Exposure

    @@ -1294,12 +1283,12 @@

    Improper Certificate Validation

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1307,797 +1296,88 @@

    Improper Certificate Validation

    -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Privilege Management

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-28531

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and ncurses/libtinfo6@6.3-2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - bash@5.1-6ubuntu1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libncursesw6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - less@590-1ubuntu0.22.04.1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libncurses6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/ncurses-bin@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps@2:3.3.17-6ubuntu2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux@2.37.2-4ubuntu3 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2 - - +

      Detailed paths

      -
      • +
      • Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/libncursesw6@6.3-2 + openssh/openssh-client@1:8.9p1-3ubuntu0.1
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - +
      - -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libncurses6@6.3-2 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncurses6@6.3-2 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/ncurses-base@6.3-2 - - +
    +

    More about this vulnerability

    +
    -
    • +
    +
    +

    CVE-2023-28531

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssh/openssh-client +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/ncurses-bin@6.3-2 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2109,25 +1389,22 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

      +

      ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      There is no fixed version for Ubuntu:22.04 openssh.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -2222,7 +1499,7 @@

    Integer Overflow or Wraparound

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • @@ -2237,7 +1514,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2256,9 +1533,9 @@

    Detailed paths

    libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2277,11 +1554,11 @@

    Detailed paths

    libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2290,7 +1567,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2309,9 +1586,9 @@

    Detailed paths

    libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2320,7 +1597,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2331,7 +1608,7 @@

    Detailed paths

    openssh/openssh-client@1:8.9p1-3ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2340,11 +1617,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2353,13 +1630,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2build1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2378,7 +1655,7 @@

    Detailed paths

    libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2389,7 +1666,7 @@

    Detailed paths

    meta-common-packages@meta - krb5/libkrb5support0@1.19.2-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.2 @@ -2468,7 +1745,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.8 + apt@2.4.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2901,7 +2178,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others
    • @@ -2915,9 +2192,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 - git/git-man@1:2.34.1-1ubuntu1.8 + git/git-man@1:2.34.1-1ubuntu1.9 @@ -2926,7 +2203,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 @@ -2935,9 +2212,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git-lfs@3.0.2-1ubuntu0.1 + git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 @@ -2967,6 +2244,144 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2023-28322

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-28321

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    diff --git a/docs/snyk/v2.4.28/haproxy_2.0.31-alpine.html b/docs/snyk/master/redis_7.0.11-alpine.html similarity index 97% rename from docs/snyk/v2.4.28/haproxy_2.0.31-alpine.html rename to docs/snyk/master/redis_7.0.11-alpine.html index 2b4200b9048f6..9118cfc1f5789 100644 --- a/docs/snyk/v2.4.28/haproxy_2.0.31-alpine.html +++ b/docs/snyk/master/redis_7.0.11-alpine.html @@ -456,19 +456,19 @@

    Snyk test report

    -

    April 16th 2023, 12:24:53 am

    +

    May 27th 2023, 11:23:06 pm (UTC+00:00)

    Scanned the following path:
      -
    • haproxy:2.0.31-alpine (apk)
      • +
    • redis:7.0.11-alpine (apk)
    0 known vulnerabilities
    0 vulnerable dependency paths
    -
    17 dependencies
    +
    18 dependencies
    @@ -476,8 +476,8 @@

    Snyk test report

    - - + + diff --git a/docs/snyk/v2.4.28/argocd-iac-install.html b/docs/snyk/v2.4.28/argocd-iac-install.html deleted file mode 100644 index 5909758108231..0000000000000 --- a/docs/snyk/v2.4.28/argocd-iac-install.html +++ /dev/null @@ -1,2735 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:26:06 am

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • -
    -
    - -
    -
    41 total issues
    -
    -
    -
    -
    - -
    -
    Project docker-image|haproxy
    Path haproxy:2.0.31-alpine
    Project docker-image|redis
    Path redis:7.0.11-alpine
    Package Manager apk
    - - - - - -
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[0] - - resources - -
      • - -
    • - Line number: 9063 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[4] - - resources - -
      • - -
    • - Line number: 9140 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 9168 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[3] - - resources - -
      • - -
    • - Line number: 9212 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[1] - - resources - -
      • - -
    • - Line number: 9194 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 14] - - rules[0] - - resources - -
      • - -
    • - Line number: 9228 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 10100 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9686 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9786 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9763 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9829 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9901 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 10100 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 9955 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 10183 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 10443 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 43] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 9770 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 9911 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 42] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 9686 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 43] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 9763 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 43] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 9786 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 45] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 9901 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 10100 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9686 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9763 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9786 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9829 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9901 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 10100 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 9955 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 10183 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 10443 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 9702 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 9794 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 9773 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 9837 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 9911 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 10107 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 10075 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 10366 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 10567 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - - - - - diff --git a/docs/snyk/v2.4.28/argocd-iac-namespace-install.html b/docs/snyk/v2.4.28/argocd-iac-namespace-install.html deleted file mode 100644 index 511e34d07ce76..0000000000000 --- a/docs/snyk/v2.4.28/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2735 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:26:16 am

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
      • -
    -
    - -
    -
    41 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/namespace-install.yaml
    Path /argo-cd/manifests/namespace-install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 7] - - rules[0] - - resources - -
      • - -
    • - Line number: 73 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 8] - - rules[4] - - resources - -
      • - -
    • - Line number: 150 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 9] - - rules[0] - - resources - -
      • - -
    • - Line number: 178 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[3] - - resources - -
      • - -
    • - Line number: 222 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[1] - - resources - -
      • - -
    • - Line number: 204 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[0] - - resources - -
      • - -
    • - Line number: 238 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions

    - -

    Remediation

    -

    Consider removing this permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 39] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 1025 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 611 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 711 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 688 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 754 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 826 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1025 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 880 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1108 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 41] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1368 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 36] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 695 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 836 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 611 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 36] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 688 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 36] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 711 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 38] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 826 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 39] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
      • - -
    • - Line number: 1025 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 611 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 688 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 711 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 754 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 826 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1025 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 880 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1108 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 41] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1368 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 627 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 719 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 698 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 762 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 836 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1032 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1000 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1291 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 41] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1492 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.4.28/argocd-test.html b/docs/snyk/v2.4.28/argocd-test.html deleted file mode 100644 index bb73085e2e934..0000000000000 --- a/docs/snyk/v2.4.28/argocd-test.html +++ /dev/null @@ -1,4822 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:24:39 am

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2 (gomodules)
    • /argo-cd (yarn)
      • -
    -
    - -
    -
    6 known vulnerabilities
    -
    197 vulnerable dependency paths
    -
    1655 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Server-side Request Forgery (SSRF)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too. - Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    -

    PoC:

    - 
    import parseUrl from "parse-url";
-        import fetch from 'node-fetch';
-        var parsed=parseUrl("http://nnnn@localhost:808:/?id=xss")
-        if(parsed.resource=="localhost"){
-        console.log("internal network access is blocked")
-        }
-        else{
-           const response = await fetch('http://'+parsed.resource+parsed.pathname);
-                console.log(response)
-         }
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - parse-url -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, git-url-parse@11.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - git-url-parse@11.6.0 - - git-up@4.0.5 - - parse-url@6.0.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too. - Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.

    - 
    
-        const parseUrl = require("parse-url");
-        const Url = require("url");
-        
-        const express = require('express');
-        const app = express();
-        
-        var url = "https://www.google.com:x@fakesite.com:x";
-        parsed = parseUrl(url);
-        console.log("[*]`parse-url` output: ")
-        console.log(parsed);
-        
-        parsed2 = Url.parse(url);
-        console.log("[*]`url` output: ")
-        console.log(parsed2)
-        
-        app.get('/', (req, res) => {
-            if (parsed.host == "www.google.com") {
-                res.send("<a href=\'" + parsed2.href + "\'>CLICK ME!</a>")
-            }
-        })
-        
-        app.listen(8888,"0.0.0.0");
-
    -

    Remediation

    -

    Upgrade parse-url to version 8.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - minimatch -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - @redocly/openapi-core@1.0.0-beta.82 - - minimatch@3.0.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    minimatch is a minimal matching utility. - Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade minimatch to version 3.0.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and gopkg.in/yaml.v2@2.2.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/spf13/cobra/doc@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/yaml@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/google/go-jsonnet@0.18.0 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/structured-merge-diff/v4/fieldpath@4.2.0 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/util/misc@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@0.7.3 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.23.1 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - k8s.io/apimachinery/pkg/util/managedfields@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kube-openapi/pkg/common@#e816edb12b65 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-openapi/runtime/middleware@0.19.4 - - github.com/go-openapi/validate@0.19.5 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#567361917320 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#567361917320 - - github.com/ghodss/yaml@1.0.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.23.1 - - k8s.io/api/core/v1@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/resource@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@0.7.3 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.23.1 - - k8s.io/api/core/v1@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.23.1 - - k8s.io/client-go/pkg/apis/clientauthentication@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.23.1 - - k8s.io/apimachinery/pkg/api/errors@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.23.1 - - k8s.io/client-go/tools/reference@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@0.7.3 - - k8s.io/client-go/kubernetes/scheme@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 - - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#567361917320 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#567361917320 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/tools/pager@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1/fake@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - k8s.io/kubectl/pkg/util/podutils@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.23.1 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@0.7.3 - - k8s.io/client-go/kubernetes/scheme@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/v1@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.23.1 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.23.1 - - k8s.io/apimachinery/pkg/watch@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#567361917320 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.23.1 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#567361917320 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.23.1 - - k8s.io/client-go/testing@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.23.1 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.23.1 - - k8s.io/client-go/tools/remotecommand@0.23.1 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#567361917320 - - k8s.io/client-go/tools/clientcmd@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/latest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api/v1@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.23.1 - - k8s.io/kube-openapi/pkg/util/proto@#e816edb12b65 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.23.1 - - k8s.io/client-go/tools/remotecommand@0.23.1 - - k8s.io/client-go/transport/spdy@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/leaderelection@0.11.0 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.23.1 - - k8s.io/client-go/kubernetes/typed/core/v1@0.23.1 - - k8s.io/client-go/applyconfigurations/core/v1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/util/openapi@0.23.1 - - k8s.io/kube-openapi/pkg/validation/spec@#e816edb12b65 - - github.com/go-openapi/swag@0.19.14 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/cli-runtime/pkg/resource@0.23.1 - - sigs.k8s.io/kustomize/api/krusty@0.10.1 - - sigs.k8s.io/kustomize/kyaml/openapi@0.13.0 - - sigs.k8s.io/kustomize/kyaml/yaml@0.13.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@0.7.3 - - github.com/argoproj/gitops-engine/pkg/sync/common@0.7.3 - - github.com/argoproj/gitops-engine/pkg/utils/kube@0.7.3 - - k8s.io/kubectl/pkg/cmd/util@0.23.1 - - k8s.io/client-go/kubernetes@0.23.1 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.23.1 - - k8s.io/client-go/applyconfigurations/meta/v1@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/typed@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/tools/clientcmd/api@0.23.1 - - k8s.io/apimachinery/pkg/runtime@0.23.1 - - sigs.k8s.io/structured-merge-diff/v4/value@4.2.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.23.1 - - k8s.io/client-go/discovery@0.23.1 - - k8s.io/client-go/rest@0.23.1 - - k8s.io/client-go/plugin/pkg/client/auth/exec@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer@0.23.1 - - k8s.io/apimachinery/pkg/runtime/serializer/json@0.23.1 - - sigs.k8s.io/yaml@1.3.0 - - gopkg.in/yaml.v2@2.2.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v2 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - go.mongodb.org/mongo-driver/bson/bsonrw -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/go-openapi/runtime/middleware@0.19.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-openapi/runtime/middleware@0.19.4 - - github.com/go-openapi/validate@0.19.5 - - github.com/go-openapi/strfmt@0.19.3 - - go.mongodb.org/mongo-driver/bson@1.1.2 - - go.mongodb.org/mongo-driver/bson/bsonrw@1.1.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-openapi/runtime/middleware@0.19.4 - - github.com/go-openapi/validate@0.19.5 - - github.com/go-openapi/strfmt@0.19.3 - - go.mongodb.org/mongo-driver/bson@1.1.2 - - go.mongodb.org/mongo-driver/bson/bsoncodec@1.1.2 - - go.mongodb.org/mongo-driver/bson/bsonrw@1.1.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go. - Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

    -

    Remediation

    -

    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - cookiejar -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, superagent@7.1.3 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - superagent@7.1.3 - - cookiejar@2.1.3 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.

    -

    PoC

    - 
    const { CookieJar } = require("cookiejar");
-        
-        const jar = new CookieJar();
-        
-        const start = performance.now();
-        const attack = "a" + "t".repeat(50_000);
-        jar.setCookie(attack);
-        console.log(`CookieJar.setCookie(): ${performance.now() - start}`);
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    Upgrade cookiejar to version 2.1.4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html deleted file mode 100644 index 8dfdad71664f1..0000000000000 --- a/docs/snyk/v2.4.28/ghcr.io_dexidp_dex_v2.35.3.html +++ /dev/null @@ -1,1698 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:24:47 am

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.35.3/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
      • -
    -
    - -
    -
    11 known vulnerabilities
    -
    51 vulnerable dependency paths
    -
    756 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Double Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Access of Resource Using Incompatible Type ('Type Confusion')

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2/hpack -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2/hpack@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-4304

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/text/language -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/text/language@v0.3.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/text/language@v0.3.7 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

    -

    Remediation

    -

    Upgrade golang.org/x/text/language to version 0.3.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Incorrect Privilege Assignment

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/sys/unix -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    -

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.4.28/quay.io_argoproj_argocd_v2.4.28.html b/docs/snyk/v2.4.28/quay.io_argoproj_argocd_v2.4.28.html deleted file mode 100644 index 6c64c34bdadb0..0000000000000 --- a/docs/snyk/v2.4.28/quay.io_argoproj_argocd_v2.4.28.html +++ /dev/null @@ -1,3995 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:25:13 am

    -
    -
    - Scanned the following paths: -
      -
    • quay.io/argoproj/argocd:v2.4.28/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.4.28/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.4.28/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.4.28/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.4.28/git-lfs/git-lfs (gomodules)
      • -
    -
    - -
    -
    32 known vulnerabilities
    -
    126 vulnerable dependency paths
    -
    1963 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v3 -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    -

    PoC

    - 
    package main
-        
-        import (
-            "gopkg.in/yaml.v3"
-        )
-        
-        func main() {
-            var t interface{}
-            yaml.Unmarshal([]byte("0: [:!00 \xef"), &t)
-        }
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v3 to version 3.0.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v3 -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.

    -

    PoC

    - 
    package main
-        
-        import (
-            "gopkg.in/yaml.v3"
-        )
-        
-        func main() {
-            var t interface{}
-            yaml.Unmarshal([]byte("#\n-\n-\n0"), &t)
-        }
-
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v3 to version 3.0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2/hpack -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http2/hpack@v0.0.0-20201110031124-69a78807bb2b - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - golang.org/x/net/http2/hpack@v0.0.0-20201110031124-69a78807bb2b - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2/hpack@v0.0.0-20220107192237-5cfca573fb4d - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/prometheus/client_golang/prometheus/promhttp -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and github.com/prometheus/client_golang/prometheus/promhttp@v1.11.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - github.com/prometheus/client_golang/prometheus/promhttp@v1.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when handling requests with non-standard HTTP methods.

    -

    Note: In order to be affected, an instrumented software must:

    -
      -

    1. use promhttp.InstrumentHandler* middleware except RequestsInFlight

      -
      2. -

    2. not filter any specific methods (e.g GET) before middleware

      -
      3. -

    3. pass metric with method label name to the middleware

      -
      4. -

    4. not have any firewall/LB/proxy that filters away requests with unknown method.

      -
      5. -
    -

    Workarounds:

    -
      -

    1. removing the method label name from counter/gauge used in the InstrumentHandler

      -
      2. -

    2. turning off affected promhttp handlers

      -
      3. -

    3. adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request

      -
      4. -

    4. using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

      -
      5. -
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/prometheus/client_golang/prometheus/promhttp to version 1.11.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Authorization Bypass

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/emicklei/go-restful -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/emicklei/go-restful@v2.9.5+incompatible - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/emicklei/go-restful@v2.9.5+incompatible - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Authorization Bypass when using CORS Filter with a configurable AllowedDomains parameter (which is an array of domains allowed in CORS policy), with the same value as exists in allowedOriginPatterns parameter (used for matching origin using regular expression), it causes for all domains in AllowedDomains to be also used as regular expression for matching origin validation. - This behavior means that if example.com exists in AllowedDomains, all domains starting with example.com would be acceptable, including example.com.hacker.domain.

    -

    Remediation

    -

    Upgrade github.com/emicklei/go-restful to version 2.16.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Command Injection

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/Masterminds/vcs -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and github.com/Masterminds/vcs@v1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - github.com/Masterminds/vcs@v1.13.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/Masterminds/vcs is a VCS Repo management through a common interface in Go. - Affected versions of this package are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.

    -

    PoC

    - 
    package main
-        
-        import (
-            "github.com/Masterminds/vcs"
-        )
-        
-        func main(){
-              local := "--config=alias.init=!touch ./HELLO"
-            repo, _ := vcs.NewHgRepo("remote", local)
-            repo.Init()
-        }
-
    -

    Remediation

    -

    Upgrade github.com/Masterminds/vcs to version 1.13.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/yaml.v2@v2.2.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v2 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Incorrect Privilege Assignment

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/sys/unix -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20211216021012-1d35b9e2eb4e - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/sys/unix@v0.0.0-20211216021012-1d35b9e2eb4e - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    -

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.0.0-20220107192237-5cfca573fb4d - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http/httpguts -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http/httpguts@v0.0.0-20201110031124-69a78807bb2b - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - golang.org/x/net/http/httpguts@v0.0.0-20201110031124-69a78807bb2b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http/httpguts is a package providing functions implementing various details of the HTTP specification - Affected versions of this package are vulnerable to Denial of Service (DoS) when processing a large header to ReadRequest or ReadResponse. Servers are only vulnerable if the default max header of 1MB is increased by setting Server.MaxHeaderBytes.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http/httpguts to version 0.0.0-20210428140749-89ef3d95e781 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - go.mongodb.org/mongo-driver/bson/bsonrw -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go. - Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

    -

    Remediation

    -

    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-46908

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - sqlite3/libsqlite3-0 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.28, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 sqlite3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre3/libpcre3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - grep@3.7-1build1 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Locking

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Privilege Management

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-28531

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and ncurses/libtinfo6@6.3-2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - bash@5.1-6ubuntu1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/libncursesw6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - less@590-1ubuntu0.22.04.1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/libncurses6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/ncurses-bin@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - util-linux@2.37.2-4ubuntu3 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/libncursesw6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/libncurses6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncurses6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/ncurses-base@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - ncurses/ncurses-bin@6.3-2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Resource Exhaustion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libzstd/libzstd1 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.28, meta-common-packages@meta and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - meta-common-packages@meta - - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libzstd.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Integer Overflow or Wraparound

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - krb5/libk5crypto3@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libk5crypto3@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - krb5/libk5crypto3@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - meta-common-packages@meta - - krb5/libkrb5support0@1.19.2-2ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnupg2/gpgv -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and gnupg2/gpgv@2.2.27-3ubuntu2.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - apt@2.4.8 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gnupg2.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - glibc/libc-bin -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and glibc/libc-bin@2.35-0ubuntu3.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - glibc/libc-bin@2.35-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - meta-common-packages@meta - - glibc/libc6@2.35-0ubuntu3.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.4.28, git@1:2.34.1-1ubuntu1.8 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - git/git-man@1:2.34.1-1ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git@1:2.34.1-1ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - git-lfs@3.0.2-1ubuntu0.1 - - git@1:2.34.1-1ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 git.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - coreutils -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and coreutils@8.32-4.1ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - coreutils@8.32-4.1ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 coreutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - bash -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.4.28 and bash@5.1-6ubuntu1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.4.28 - - bash@5.1-6ubuntu1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 bash.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.4.28/redis_7.0.8-alpine.html b/docs/snyk/v2.4.28/redis_7.0.8-alpine.html deleted file mode 100644 index 7b834f3067484..0000000000000 --- a/docs/snyk/v2.4.28/redis_7.0.8-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:25:18 am

    -
    -
    - Scanned the following path: -
      -
    • redis:7.0.8-alpine (apk)
      • -
    -
    - -
    -
    3 known vulnerabilities
    -
    27 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|redis
    Path redis:7.0.8-alpine
    Package Manager apk
    -
    -
    -
    -
    -

    Improper Certificate Validation

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html deleted file mode 100644 index a27157c285b02..0000000000000 --- a/docs/snyk/v2.5.16/ghcr.io_dexidp_dex_v2.35.3.html +++ /dev/null @@ -1,1698 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:22:49 am

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.35.3/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
      • -
    -
    - -
    -
    11 known vulnerabilities
    -
    51 vulnerable dependency paths
    -
    756 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Double Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Access of Resource Using Incompatible Type ('Type Confusion')

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2/hpack -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2/hpack@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2022-4304

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.16 -
      • -
    • - Vulnerable module: - - openssl/libcrypto1.1 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.16 openssl to version 1.1.1t-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/text/language -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/text/language@v0.3.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/text/language@v0.3.7 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

    -

    Remediation

    -

    Upgrade golang.org/x/text/language to version 0.3.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Incorrect Privilege Assignment

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/sys/unix -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    -

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.5.16/redis_7.0.8-alpine.html b/docs/snyk/v2.5.16/redis_7.0.8-alpine.html deleted file mode 100644 index cb63394816bb7..0000000000000 --- a/docs/snyk/v2.5.16/redis_7.0.8-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 16th 2023, 12:23:19 am

    -
    -
    - Scanned the following path: -
      -
    • redis:7.0.8-alpine (apk)
      • -
    -
    - -
    -
    3 known vulnerabilities
    -
    27 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|redis
    Path redis:7.0.8-alpine
    Package Manager apk
    -
    -
    -
    -
    -

    Improper Certificate Validation

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.17 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.5.16/argocd-iac-install.html b/docs/snyk/v2.5.17/argocd-iac-install.html similarity index 98% rename from docs/snyk/v2.5.16/argocd-iac-install.html rename to docs/snyk/v2.5.17/argocd-iac-install.html index ec390402fc3a4..a64aae98214ad 100644 --- a/docs/snyk/v2.5.16/argocd-iac-install.html +++ b/docs/snyk/v2.5.17/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:24:11 am

    +

    May 27th 2023, 11:35:25 pm (UTC+00:00)

    Scanned the following path: @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/v2.5.16/argocd-iac-namespace-install.html b/docs/snyk/v2.5.17/argocd-iac-namespace-install.html similarity index 98% rename from docs/snyk/v2.5.16/argocd-iac-namespace-install.html rename to docs/snyk/v2.5.17/argocd-iac-namespace-install.html index de358a79e26bd..ed5a25e5e084a 100644 --- a/docs/snyk/v2.5.16/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.17/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:24:21 am

    +

    May 27th 2023, 11:35:42 pm (UTC+00:00)

    Scanned the following path: @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/v2.5.16/argocd-test.html b/docs/snyk/v2.5.17/argocd-test.html similarity index 98% rename from docs/snyk/v2.5.16/argocd-test.html rename to docs/snyk/v2.5.17/argocd-test.html index 839e161ecc28b..3946919a00225 100644 --- a/docs/snyk/v2.5.16/argocd-test.html +++ b/docs/snyk/v2.5.17/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:22:40 am

    +

    May 27th 2023, 11:33:15 pm (UTC+00:00)

    Scanned the following paths: @@ -467,7 +467,7 @@

    Snyk test report

    6 known vulnerabilities
    -
    216 vulnerable dependency paths
    +
    215 vulnerable dependency paths
    1719 dependencies
    @@ -529,8 +529,8 @@

    Detailed paths

    Overview

    -

    parse-url is an An advanced url parser supporting git urls too. - Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    +

    parse-url is an An advanced url parser supporting git urls too.

    +

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper detection of protocol, resource, and pathname fields. Exploiting this vulnerability results in bypassing protocol verification.

    PoC:

    import parseUrl from "parse-url";
         import fetch from 'node-fetch';
@@ -611,8 +611,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    parse-url is an An advanced url parser supporting git urls too.
-        Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.
    
+        
    parse-url is an An advanced url parser supporting git urls too.
    
+        
    Affected versions of this package are vulnerable to Improper Input Validation due to incorrect parsing of URLs. This allows the attacker to craft a malformed URL which can lead to a phishing attack.
    
         
    
         const parseUrl = require("parse-url");
         const Url = require("url");
@@ -705,8 +705,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    minimatch is a minimal matching utility.
-        Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.
    
+        
    minimatch is a minimal matching utility.
    
+        
    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the braceExpand function in minimatch.js.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.
    
         
    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.
    
@@ -898,7 +898,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/apimachinery/pkg/util/managedfields@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
@@ -911,7 +911,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9
+                                        k8s.io/apimachinery/pkg/util/managedfields@0.24.2
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
@@ -924,7 +924,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
@@ -950,7 +950,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/structured-merge-diff/v4/fieldpath@4.2.1
+                                        sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
@@ -963,7 +963,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
+                                        sigs.k8s.io/structured-merge-diff/v4/fieldpath@4.2.1
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
@@ -1049,32 +1049,6 @@ 
    Detailed paths
    
                                         
                                     
         
-                            
-                                
  • 
-                                Introduced through:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                          
-                                        github.com/argoproj/notifications-engine/pkg/services@#4d8552b0775f
-                                          
-                                        github.com/ghodss/yaml@1.0.0
-                                          
-                                        gopkg.in/yaml.v2@2.2.4
-                                        
-                                
-        
-                            
    • 
-                                
  • 
-                                Introduced through:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                          
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#4d8552b0775f
-                                          
-                                        github.com/ghodss/yaml@1.0.0
-                                          
-                                        gopkg.in/yaml.v2@2.2.4
-                                        
-                                
-        
                             
    • 
                                 
  • 
                                 Introduced through:
@@ -1093,7 +1067,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#4d8552b0775f
                                           
                                         github.com/ghodss/yaml@1.0.0
                                           
@@ -1254,7 +1228,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/apimachinery/pkg/watch@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -1269,7 +1243,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -1284,7 +1258,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/api/core/v1@0.24.2
+                                        k8s.io/apimachinery/pkg/watch@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -1299,7 +1273,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/api/rbac/v1@0.24.2
+                                        k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -1314,7 +1288,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/api/rbac/v1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -1329,7 +1303,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2
+                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -1344,7 +1318,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/apimachinery/pkg/api/errors@0.24.2
+                                        k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -1359,9 +1333,9 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/apimachinery/pkg/util/managedfields@0.24.2
+                                        k8s.io/apimachinery/pkg/api/errors@0.24.2
                                           
-                                        sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
+                                        k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
@@ -1374,7 +1348,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9
+                                        k8s.io/apimachinery/pkg/util/managedfields@0.24.2
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
@@ -1389,7 +1363,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
@@ -1444,6 +1418,21 @@ 
    Detailed paths
    
                                         
                                     
         
+                            
    • 
+                                
  • 
+                                Introduced through:
+                                        github.com/argoproj/argo-cd/v2@0.0.0
+                                          
+                                        k8s.io/client-go/dynamic@0.24.2
+                                          
+                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
+                                          
+                                        sigs.k8s.io/yaml@1.3.0
+                                          
+                                        gopkg.in/yaml.v2@2.2.4
+                                        
+                                
+        
                             
    • 
                                 
  • 
                                 Introduced through:
@@ -1489,6 +1478,36 @@ 
    Detailed paths
    
                                         
                                     
         
+                            
    • 
+                                
  • 
+                                Introduced through:
+                                        github.com/argoproj/argo-cd/v2@0.0.0
+                                          
+                                        github.com/argoproj/notifications-engine/pkg/services@#4d8552b0775f
+                                          
+                                        github.com/argoproj/notifications-engine/pkg/util/misc@#4d8552b0775f
+                                          
+                                        github.com/ghodss/yaml@1.0.0
+                                          
+                                        gopkg.in/yaml.v2@2.2.4
+                                        
+                                
+        
+                            
    • 
+                                
  • 
+                                Introduced through:
+                                        github.com/argoproj/argo-cd/v2@0.0.0
+                                          
+                                        github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f
+                                          
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#4d8552b0775f
+                                          
+                                        github.com/ghodss/yaml@1.0.0
+                                          
+                                        gopkg.in/yaml.v2@2.2.4
+                                        
+                                
+        
                             
    • 
                                 
  • 
                                 Introduced through:
@@ -1645,7 +1664,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/tools/portforward@0.24.2
+                                        k8s.io/kubectl/pkg/util/resource@0.24.2
                                           
                                         k8s.io/api/core/v1@0.24.2
                                           
@@ -1713,24 +1732,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9
-                                          
-                                        k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2
-                                          
-                                        k8s.io/apimachinery/pkg/runtime@0.24.2
-                                          
-                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
-                                          
-                                        gopkg.in/yaml.v2@2.2.4
-                                        
-                                
-        
-                            
    • 
-                                
  • 
-                                Introduced through:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                          
-                                        github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9
+                                        k8s.io/client-go/dynamic@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2
                                           
@@ -1798,24 +1800,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/tools/cache@0.24.2
-                                          
-                                        k8s.io/client-go/tools/pager@0.24.2
-                                          
-                                        k8s.io/apimachinery/pkg/runtime@0.24.2
-                                          
-                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
-                                          
-                                        gopkg.in/yaml.v2@2.2.4
-                                        
-                                
-        
-                            
    • 
-                                
  • 
-                                Introduced through:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                          
-                                        k8s.io/kubectl/pkg/util/resource@0.24.2
+                                        k8s.io/client-go/tools/portforward@0.24.2
                                           
                                         k8s.io/api/core/v1@0.24.2
                                           
@@ -1832,26 +1817,9 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
-                                          
-                                        k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2
-                                          
-                                        k8s.io/apimachinery/pkg/runtime@0.24.2
-                                          
-                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
-                                          
-                                        gopkg.in/yaml.v2@2.2.4
-                                        
-                                
-        
-                            
    • 
-                                
  • 
-                                Introduced through:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                          
-                                        k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2
+                                        k8s.io/client-go/tools/cache@0.24.2
                                           
-                                        k8s.io/client-go/pkg/apis/clientauthentication@0.24.2
+                                        k8s.io/client-go/tools/pager@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -1900,11 +1868,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/tools/record@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9
                                           
-                                        k8s.io/client-go/tools/reference@0.24.2
+                                        sigs.k8s.io/structured-merge-diff/v4/merge@4.2.1
                                           
-                                        k8s.io/apimachinery/pkg/runtime@0.24.2
+                                        sigs.k8s.io/structured-merge-diff/v4/fieldpath@4.2.1
                                           
                                         sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
@@ -2050,25 +2018,6 @@ 
    Detailed paths
    
                                         
                                     
         
-                            
    • 
-                                
  • 
-                                Introduced through:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                          
-                                        sigs.k8s.io/controller-runtime/pkg/handler@0.11.0
-                                          
-                                        sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0
-                                          
-                                        sigs.k8s.io/controller-runtime/pkg/client@0.11.0
-                                          
-                                        k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2
-                                          
-                                        k8s.io/kube-openapi/pkg/util/proto@#011e075b9cb8
-                                          
-                                        gopkg.in/yaml.v2@2.2.4
-                                        
-                                
-        
                             
    • 
                                 
  • 
                                 Introduced through:
@@ -2093,11 +2042,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/discovery@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -2112,11 +2061,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/dynamic@0.24.2
+                                        k8s.io/client-go/tools/record@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/tools/reference@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -2131,11 +2080,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/transport/spdy@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/apimachinery/pkg/watch@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -2150,7 +2099,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0
+                                        k8s.io/client-go/transport/spdy@0.24.2
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -2169,7 +2118,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/testing@0.24.2
+                                        github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -2188,7 +2137,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/kubernetes@0.24.2
+                                        k8s.io/client-go/testing@0.24.2
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -2264,30 +2213,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/kubernetes/scheme@0.24.2
-                                          
-                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
-                                          
-                                        k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2
-                                          
-                                        k8s.io/apimachinery/pkg/runtime@0.24.2
-                                          
-                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
-                                          
-                                        gopkg.in/yaml.v2@2.2.4
-                                        
-                                
-        
-                            
    • 
-                                
  • 
-                                Introduced through:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                          
-                                        k8s.io/client-go/listers/core/v1@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9
                                           
-                                        k8s.io/client-go/tools/cache@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/sync/resource@#98ccd3d43fd9
                                           
-                                        k8s.io/client-go/tools/pager@0.24.2
+                                        k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -2302,11 +2232,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f
+                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
-                                        k8s.io/client-go/tools/cache@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2
                                           
-                                        k8s.io/client-go/tools/pager@0.24.2
+                                        k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -2321,7 +2251,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/informers/core/v1@0.24.2
+                                        k8s.io/client-go/listers/core/v1@0.24.2
                                           
                                         k8s.io/client-go/tools/cache@0.24.2
                                           
@@ -2511,9 +2441,9 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
@@ -2530,9 +2460,9 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9
+                                        k8s.io/client-go/rest@0.24.2
                                           
-                                        k8s.io/client-go/kubernetes/scheme@0.24.2
+                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
@@ -2549,9 +2479,28 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/notifications-engine/pkg/cmd@#4d8552b0775f
+                                        github.com/argoproj/gitops-engine/pkg/diff@#98ccd3d43fd9
                                           
-                                        k8s.io/client-go/tools/clientcmd@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
+                                          
+                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
+                                          
+                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
+                                          
+                                        sigs.k8s.io/yaml@1.3.0
+                                          
+                                        gopkg.in/yaml.v2@2.2.4
+                                        
+                                
+        
+                            
    • 
+                                
  • 
+                                Introduced through:
+                                        github.com/argoproj/argo-cd/v2@0.0.0
+                                          
+                                        github.com/argoproj/notifications-engine/pkg/cmd@#4d8552b0775f
+                                          
+                                        k8s.io/client-go/tools/clientcmd@0.24.2
                                           
                                         k8s.io/client-go/tools/clientcmd/api/latest@0.24.2
                                           
@@ -2568,11 +2517,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9
+                                        k8s.io/client-go/discovery@0.24.2
                                           
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
+                                        k8s.io/client-go/openapi@0.24.2
                                           
-                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
+                                        k8s.io/kube-openapi/pkg/handler3@#011e075b9cb8
                                           
                                         k8s.io/kube-openapi/pkg/validation/spec@#011e075b9cb8
                                           
@@ -2587,7 +2536,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9
+                                        github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9
                                           
                                         github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
                                           
@@ -2606,11 +2555,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/discovery@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9
                                           
-                                        k8s.io/client-go/openapi@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
                                           
-                                        k8s.io/kube-openapi/pkg/handler3@#011e075b9cb8
+                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
                                           
                                         k8s.io/kube-openapi/pkg/validation/spec@#011e075b9cb8
                                           
@@ -2744,6 +2693,27 @@ 
    Detailed paths
    
                                         
                                     
         
+                            
    • 
+                                
  • 
+                                Introduced through:
+                                        github.com/argoproj/argo-cd/v2@0.0.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/handler@0.11.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/cache@0.11.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/client@0.11.0
+                                          
+                                        k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2
+                                          
+                                        k8s.io/kube-openapi/pkg/util/proto@#011e075b9cb8
+                                          
+                                        gopkg.in/yaml.v2@2.2.4
+                                        
+                                
+        
                             
    • 
                                 
  • 
                                 Introduced through:
@@ -2833,13 +2803,13 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9
+                                        k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/kubectl/pkg/util/podutils@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/watch@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -2854,9 +2824,9 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
+                                        k8s.io/client-go/discovery/fake@0.24.2
                                           
-                                        k8s.io/client-go/discovery@0.24.2
+                                        k8s.io/client-go/testing@0.24.2
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -2875,7 +2845,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/discovery/fake@0.24.2
+                                        k8s.io/client-go/kubernetes/fake@0.24.2
                                           
                                         k8s.io/client-go/testing@0.24.2
                                           
@@ -2896,9 +2866,9 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/kubernetes/fake@0.24.2
+                                        k8s.io/client-go/tools/remotecommand@0.24.2
                                           
-                                        k8s.io/client-go/testing@0.24.2
+                                        k8s.io/client-go/transport/spdy@0.24.2
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -2917,13 +2887,13 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/tools/remotecommand@0.24.2
+                                        k8s.io/client-go/tools/clientcmd@0.24.2
                                           
-                                        k8s.io/client-go/transport/spdy@0.24.2
+                                        k8s.io/client-go/tools/clientcmd/api/latest@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -2938,13 +2908,13 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/tools/clientcmd@0.24.2
+                                        github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f
                                           
-                                        k8s.io/client-go/tools/clientcmd/api/latest@0.24.2
+                                        k8s.io/client-go/listers/core/v1@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api/v1@0.24.2
+                                        k8s.io/client-go/tools/cache@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/client-go/tools/pager@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -2959,9 +2929,30 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/apimachinery/pkg/api/validation@0.24.2
+                                        k8s.io/client-go/informers/core/v1@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2
+                                        k8s.io/client-go/listers/core/v1@0.24.2
+                                          
+                                        k8s.io/client-go/tools/cache@0.24.2
+                                          
+                                        k8s.io/client-go/tools/pager@0.24.2
+                                          
+                                        k8s.io/apimachinery/pkg/runtime@0.24.2
+                                          
+                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
+                                          
+                                        gopkg.in/yaml.v2@2.2.4
+                                        
+                                
+        
+                            
    • 
+                                
  • 
+                                Introduced through:
+                                        github.com/argoproj/argo-cd/v2@0.0.0
+                                          
+                                        k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2
+                                          
+                                        k8s.io/apimachinery/pkg/api/equality@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2
                                           
@@ -2980,17 +2971,17 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/sync/ignore@#98ccd3d43fd9
+                                        sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9
+                                        k8s.io/apimachinery/pkg/api/equality@0.24.2
                                           
-                                        github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#98ccd3d43fd9
+                                        k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2
                                           
-                                        github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9
+                                        k8s.io/apimachinery/pkg/watch@0.24.2
                                           
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
+                                        k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
-                                        sigs.k8s.io/yaml@1.3.0
+                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -3001,17 +2992,17 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#98ccd3d43fd9
+                                        k8s.io/apimachinery/pkg/api/validation@0.24.2
                                           
-                                        k8s.io/kubernetes/pkg/apis/storage/install@1.24.2
+                                        k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2
                                           
-                                        k8s.io/kubernetes/pkg/api/legacyscheme@1.24.2
+                                        k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
+                                        k8s.io/apimachinery/pkg/watch@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
-                                        sigs.k8s.io/yaml@1.3.0
+                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -3022,15 +3013,15 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/tools/cache@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/sync/ignore@#98ccd3d43fd9
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/sync/hook@#98ccd3d43fd9
                                           
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#98ccd3d43fd9
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
                                           
                                         sigs.k8s.io/yaml@1.3.0
                                           
@@ -3043,11 +3034,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/discovery@0.24.2
+                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
@@ -3064,11 +3055,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/dynamic@0.24.2
+                                        k8s.io/client-go/kubernetes@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
@@ -3085,7 +3076,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/transport/spdy@0.24.2
+                                        k8s.io/client-go/tools/cache@0.24.2
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -3106,7 +3097,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0
+                                        k8s.io/client-go/transport/spdy@0.24.2
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -3127,7 +3118,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/testing@0.24.2
+                                        github.com/argoproj/pkg/kubeclientmetrics@#36c59d8fafe0
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -3148,7 +3139,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/kubernetes@0.24.2
+                                        k8s.io/client-go/testing@0.24.2
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -3345,38 +3336,15 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9
-                                          
                                         k8s.io/kubectl/pkg/util/openapi@0.24.2
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
-                                          
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
-                                          
-                                        k8s.io/apimachinery/pkg/runtime@0.24.2
-                                          
-                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
-                                          
-                                        gopkg.in/yaml.v2@2.2.4
-                                        
-                                
-        
-                            
    • 
-                                
  • 
-                                Introduced through:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                          
-                                        github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9
-                                          
-                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/discovery@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
-                                          
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -3391,15 +3359,15 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
+                                        k8s.io/client-go/kubernetes@0.24.2
                                           
-                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
+                                        k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/client-go/discovery@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -3443,9 +3411,9 @@ 
    Detailed paths
    
                                           
                                         k8s.io/client-go/tools/clientcmd/api/latest@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api/v1@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -3506,36 +3474,13 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
+                                        github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9
+                                          
                                         k8s.io/kubectl/pkg/util/openapi@0.24.2
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
-                                          
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
-                                          
-                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
-                                          
-                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
-                                          
-                                        sigs.k8s.io/yaml@1.3.0
-                                          
-                                        gopkg.in/yaml.v2@2.2.4
-                                        
-                                
-        
-                            
    • 
-                                
  • 
-                                Introduced through:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                          
-                                        k8s.io/client-go/listers/core/v1@0.24.2
-                                          
-                                        k8s.io/client-go/tools/cache@0.24.2
-                                          
-                                        k8s.io/client-go/rest@0.24.2
-                                          
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
@@ -3552,13 +3497,13 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f
+                                        github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9
                                           
-                                        k8s.io/client-go/tools/cache@0.24.2
+                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
@@ -3575,7 +3520,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/informers/core/v1@0.24.2
+                                        k8s.io/client-go/listers/core/v1@0.24.2
                                           
                                         k8s.io/client-go/tools/cache@0.24.2
                                           
@@ -3805,21 +3750,21 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime@0.11.0
+                                        github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/manager@0.11.0
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0
+                                        k8s.io/kubectl/pkg/cmd/util@0.24.2
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0
+                                        k8s.io/client-go/kubernetes@0.24.2
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0
+                                        k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/client@0.11.0
+                                        k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2
+                                        k8s.io/client-go/applyconfigurations/meta/v1@0.24.2
                                           
-                                        k8s.io/kube-openapi/pkg/util/proto@#011e075b9cb8
+                                        sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -3830,17 +3775,17 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime@0.11.0
+                                        github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/manager@0.11.0
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/leaderelection@0.11.0
+                                        k8s.io/kubectl/pkg/cmd/util@0.24.2
                                           
-                                        k8s.io/client-go/tools/leaderelection/resourcelock@0.24.2
+                                        k8s.io/client-go/kubernetes@0.24.2
                                           
-                                        k8s.io/client-go/kubernetes/typed/core/v1@0.24.2
+                                        k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/client-go/applyconfigurations/core/v1@0.24.2
+                                        k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2
                                           
                                         k8s.io/client-go/applyconfigurations/meta/v1@0.24.2
                                           
@@ -3855,21 +3800,21 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/health@#98ccd3d43fd9
+                                        github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9
                                           
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
+                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
                                           
-                                        k8s.io/kubectl/pkg/cmd/util@0.24.2
+                                        k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/kubernetes@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
-                                        k8s.io/client-go/applyconfigurations/meta/v1@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
-                                        sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
+                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -3880,21 +3825,21 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/sync/common@#98ccd3d43fd9
+                                        github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9
                                           
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
+                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
                                           
-                                        k8s.io/kubectl/pkg/cmd/util@0.24.2
+                                        k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/kubernetes@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
-                                        k8s.io/client-go/applyconfigurations/meta/v1@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
-                                        sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
+                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -3905,17 +3850,17 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0
-                                          
-                                        sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#98ccd3d43fd9
                                           
-                                        k8s.io/client-go/restmapper@0.24.2
+                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
+                                          
+                                        k8s.io/api/core/v1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -3955,12 +3900,37 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/cache@#98ccd3d43fd9
+                                        sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0
                                           
-                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
+                                        sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0
+                                          
+                                        k8s.io/client-go/restmapper@0.24.2
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
+                                          
+                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
+                                          
+                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
+                                          
+                                        sigs.k8s.io/yaml@1.3.0
+                                          
+                                        gopkg.in/yaml.v2@2.2.4
+                                        
+                                
+        
+                            
    • 
+                                
  • 
+                                Introduced through:
+                                        github.com/argoproj/argo-cd/v2@0.0.0
+                                          
+                                        github.com/argoproj/notifications-engine/pkg/api@#4d8552b0775f
+                                          
+                                        k8s.io/client-go/listers/core/v1@0.24.2
+                                          
+                                        k8s.io/client-go/tools/cache@0.24.2
+                                          
                                         k8s.io/client-go/rest@0.24.2
                                           
                                         k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
@@ -3980,11 +3950,11 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        github.com/argoproj/gitops-engine/pkg/sync@#98ccd3d43fd9
+                                        k8s.io/client-go/informers/core/v1@0.24.2
                                           
-                                        k8s.io/kubectl/pkg/util/openapi@0.24.2
+                                        k8s.io/client-go/listers/core/v1@0.24.2
                                           
-                                        k8s.io/client-go/discovery@0.24.2
+                                        k8s.io/client-go/tools/cache@0.24.2
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -4180,23 +4150,50 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
+                                        sigs.k8s.io/controller-runtime@0.11.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/manager@0.11.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/cache@0.11.0
+                                          
                                         sigs.k8s.io/controller-runtime/pkg/client@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
+                                        k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0
+                                        k8s.io/kube-openapi/pkg/util/proto@#011e075b9cb8
                                           
-                                        k8s.io/client-go/restmapper@0.24.2
+                                        gopkg.in/yaml.v2@2.2.4
+                                        
+                                
+        
+                            
    • 
+                                
  • 
+                                Introduced through:
+                                        github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        k8s.io/client-go/discovery@0.24.2
+                                        sigs.k8s.io/controller-runtime@0.11.0
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        sigs.k8s.io/controller-runtime/pkg/manager@0.11.0
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        sigs.k8s.io/controller-runtime/pkg/leaderelection@0.11.0
                                           
-                                        k8s.io/apimachinery/pkg/runtime@0.24.2
+                                        k8s.io/client-go/tools/leaderelection/resourcelock@0.24.2
                                           
-                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
+                                        k8s.io/client-go/kubernetes@0.24.2
+                                          
+                                        k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2
+                                          
+                                        k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2
+                                          
+                                        k8s.io/client-go/applyconfigurations/meta/v1@0.24.2
+                                          
+                                        sigs.k8s.io/structured-merge-diff/v4/typed@4.2.1
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -4207,7 +4204,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/cache@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/client@0.11.0
                                           
                                         sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
                                           
@@ -4217,13 +4214,13 @@ 
    Detailed paths
    
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/runtime@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
                                           
-                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
+                                        sigs.k8s.io/yaml@1.3.0
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -4234,7 +4231,9 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/cache@0.11.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
                                           
                                         sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0
                                           
@@ -4242,9 +4241,7 @@ 
    Detailed paths
    
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
-                                          
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
@@ -4400,8 +4397,6 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/event@0.11.0
-                                          
                                         sigs.k8s.io/controller-runtime/pkg/client@0.11.0
                                           
                                         sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
@@ -4412,9 +4407,11 @@ 
    Detailed paths
    
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
+                                          
+                                        k8s.io/api/core/v1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -4429,7 +4426,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/client@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/cache@0.11.0
                                           
                                         sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
                                           
@@ -4439,15 +4436,15 @@ 
    Detailed paths
    
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
-                                        sigs.k8s.io/yaml@1.3.0
+                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -4458,7 +4455,9 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/cache@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/event@0.11.0
+                                          
+                                        sigs.k8s.io/controller-runtime/pkg/client@0.11.0
                                           
                                         sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
                                           
@@ -4468,9 +4467,7 @@ 
    Detailed paths
    
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
-                                          
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
@@ -4721,9 +4718,7 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/handler@0.11.0
-                                          
-                                        sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/event@0.11.0
                                           
                                         sigs.k8s.io/controller-runtime/pkg/client@0.11.0
                                           
@@ -4735,9 +4730,11 @@ 
    Detailed paths
    
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
+                                          
+                                        k8s.io/api/core/v1@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
@@ -4752,21 +4749,21 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/handler@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/manager@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/cache@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0
                                           
-                                        k8s.io/client-go/tools/cache@0.24.2
+                                        k8s.io/client-go/restmapper@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
                                         k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
@@ -4783,17 +4780,17 @@ 
    Detailed paths
    
                                 Introduced through:
                                         github.com/argoproj/argo-cd/v2@0.0.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/event@0.11.0
+                                        sigs.k8s.io/controller-runtime@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/client@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/manager@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0
                                           
-                                        k8s.io/client-go/restmapper@0.24.2
+                                        sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0
                                           
-                                        k8s.io/client-go/discovery@0.24.2
+                                        k8s.io/client-go/tools/cache@0.24.2
                                           
                                         k8s.io/client-go/rest@0.24.2
                                           
@@ -4849,7 +4846,7 @@ 
    Detailed paths
    
                                           
                                         sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/client@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/cache@0.11.0
                                           
                                         sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
                                           
@@ -4880,7 +4877,7 @@ 
    Detailed paths
    
                                           
                                         sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/client@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/cache@0.11.0
                                           
                                         sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
                                           
@@ -4890,15 +4887,15 @@ 
    Detailed paths
    
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
-                                        sigs.k8s.io/yaml@1.3.0
+                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -4927,13 +4924,13 @@ 
    Detailed paths
    
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/tools/clientcmd/api@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/runtime@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
                                           
-                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
+                                        sigs.k8s.io/yaml@1.3.0
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -4997,15 +4994,15 @@ 
    Detailed paths
    
                                           
                                         k8s.io/client-go/discovery@0.24.2
                                           
-                                        k8s.io/client-go/rest@0.24.2
+                                        k8s.io/client-go/kubernetes/scheme@0.24.2
                                           
-                                        k8s.io/client-go/plugin/pkg/client/auth/exec@0.24.2
+                                        k8s.io/api/storage/v1beta1@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer@0.24.2
+                                        k8s.io/api/core/v1@0.24.2
                                           
-                                        k8s.io/apimachinery/pkg/runtime/serializer/json@0.24.2
+                                        k8s.io/apimachinery/pkg/runtime@0.24.2
                                           
-                                        sigs.k8s.io/yaml@1.3.0
+                                        sigs.k8s.io/structured-merge-diff/v4/value@4.2.1
                                           
                                         gopkg.in/yaml.v2@2.2.4
                                         
@@ -5026,7 +5023,7 @@ 
    Detailed paths
    
                                           
                                         sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0
                                           
-                                        sigs.k8s.io/controller-runtime/pkg/client@0.11.0
+                                        sigs.k8s.io/controller-runtime/pkg/cache@0.11.0
                                           
                                         sigs.k8s.io/controller-runtime/pkg/internal/objectutil@0.11.0
                                           
@@ -5056,8 +5053,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    gopkg.in/yaml.v2 is a YAML support package for the Go language.
-        Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.
    
+        
    gopkg.in/yaml.v2 is a YAML support package for the Go language.
    
+        
    Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
    
         
    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
    
@@ -5162,8 +5159,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.
-        Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.
    
+        
    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.
    
+        
    Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.
    
         
    Remediation
    
         
    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.
    
         
    References
    
diff --git a/docs/snyk/master/haproxy_2.6.9-alpine.html b/docs/snyk/v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html
similarity index 83%
rename from docs/snyk/master/haproxy_2.6.9-alpine.html
rename to docs/snyk/v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html
index 5b61ebf333c80..5653b9fe1912b 100644
--- a/docs/snyk/master/haproxy_2.6.9-alpine.html
+++ b/docs/snyk/v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html
@@ -7,7 +7,7 @@
   
   
   Snyk test report
-  
+  
   
   
@@ -456,33 +456,24 @@
               
    
                   
    Snyk test report
    
     
-                
    April 16th 2023, 12:15:07 am
    
+                
    May 27th 2023, 11:33:24 pm (UTC+00:00)
    
               
    
               
    
-                Scanned the following path:
+                Scanned the following paths:
                 
      
-                  
    • haproxy:2.6.9-alpine (apk)
      • 
+                  
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
      • 
                 
    
               
    
     
               
    
-                
    3 known vulnerabilities
    
-                
    27 vulnerable dependency paths
    
-                
    18 dependencies
    
+                
    4 known vulnerabilities
    
+                
    28 vulnerable dependency paths
    
+                
    760 dependencies
    • -
    - - - - - - - -
    Project docker-image|haproxy
    Path haproxy:2.6.9-alpine
    Package Manager apk
    -
    +
    @@ -507,7 +498,7 @@

    Improper Certificate Validation

  • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    • @@ -520,7 +511,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -529,7 +520,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -540,18 +531,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -562,7 +542,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -573,18 +553,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -593,7 +562,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -604,7 +573,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -663,7 +632,7 @@

      Improper Certificate Validation

    • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -676,7 +645,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -685,7 +654,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -696,18 +665,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -718,7 +676,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -729,7 +687,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -738,18 +696,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -760,7 +707,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -827,7 +774,7 @@

      Improper Certificate Validation

    • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -840,7 +787,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -849,7 +796,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -860,18 +807,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -882,7 +818,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -893,18 +829,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -913,7 +838,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -924,7 +849,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -975,6 +900,153 @@

      References

    +
    +

    Out-of-bounds Read

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html b/docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html new file mode 100644 index 0000000000000..25f4a570269e7 --- /dev/null +++ b/docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html @@ -0,0 +1,662 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    May 27th 2023, 11:33:30 pm (UTC+00:00)

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.12-alpine (apk)
      • +
    +
    + +
    +
    1 known vulnerabilities
    +
    9 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.12-alpine
    Package Manager apk
    +
    +
    +
    +
    +

    Out-of-bounds Read

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.12-alpine and openssl/libcrypto3@3.0.8-r3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.5.16/quay.io_argoproj_argocd_v2.5.16.html b/docs/snyk/v2.5.17/quay.io_argoproj_argocd_v2.5.17.html similarity index 78% rename from docs/snyk/v2.5.16/quay.io_argoproj_argocd_v2.5.16.html rename to docs/snyk/v2.5.17/quay.io_argoproj_argocd_v2.5.17.html index f9a5cd5f57bf7..cf3422d386c59 100644 --- a/docs/snyk/v2.5.16/quay.io_argoproj_argocd_v2.5.16.html +++ b/docs/snyk/v2.5.17/quay.io_argoproj_argocd_v2.5.17.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    April 16th 2023, 12:23:14 am

    +

    May 27th 2023, 11:34:01 pm (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.5.16/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.5.16/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.5.16/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.5.16/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.5.16/git-lfs/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.5.17/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.5.17/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.5.17/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.5.17/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.5.17/git-lfs/git-lfs (gomodules)
    29 known vulnerabilities
    -
    122 vulnerable dependency paths
    +
    88 vulnerable dependency paths
    2047 dependencies
    @@ -525,8 +525,8 @@

    Detailed paths

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    +

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    PoC

    package main
         
@@ -615,8 +615,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    gopkg.in/yaml.v3 is a YAML support package for the Go language.
-        Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.
    
+        
    gopkg.in/yaml.v3 is a YAML support package for the Go language.
    
+        
    Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.
    
         
    PoC
    
         
    package main
         
@@ -781,8 +781,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
-        Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.
    
+        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
    
+        
    Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.
    
         
    Remediation
    
         
    Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.
    
         
    References
    
@@ -847,8 +847,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
-        Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.
    
+        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
    
+        
    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
    
         
    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
    
@@ -877,6 +877,134 @@ 
    References
    
                 
    More about this vulnerability
    +
    +
    +

    Improper Certificate Validation

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + perl/perl-modules-5.34 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.17, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/perl-modules-5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/libperl5.34@5.34.0-3ubuntu1.1 + + perl/perl-modules-5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/libperl5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + meta-common-packages@meta + + perl/perl-base@5.34.0-3ubuntu1.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 perl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Denial of Service (DoS)

    @@ -927,8 +1055,8 @@

    Detailed paths

    Overview

    -

    gopkg.in/yaml.v2 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

    +

    gopkg.in/yaml.v2 is a YAML support package for the Go language.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -1148,8 +1276,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -1228,8 +1356,8 @@

    Detailed paths

    Overview

    -

    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go. - Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

    +

    go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

    +

    Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

    Remediation

    Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

    References

    @@ -1269,7 +1397,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.5.17, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1281,7 +1409,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1317,6 +1445,107 @@

      References

      More about this vulnerability

    +
    +
    +

    Arbitrary Code Injection

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + shadow/passwd +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.5.17 and shadow/passwd@1:4.8.1-2ubuntu2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + shadow/login@1:4.8.1-2ubuntu2.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 shadow.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Uncontrolled Recursion

    @@ -1340,7 +1569,7 @@

    Uncontrolled Recursion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.5.17 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    • @@ -1353,7 +1582,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1362,7 +1591,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 grep@3.7-1build1 @@ -1424,7 +1653,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.17 and patch@2.7.6-7build2
    @@ -1437,7 +1666,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 patch@2.7.6-7build2 @@ -1491,7 +1720,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.17 and patch@2.7.6-7build2
    @@ -1504,7 +1733,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 patch@2.7.6-7build2 @@ -1542,7 +1771,7 @@

      References

    -

    Improper Locking

    +

    Out-of-bounds Read

    @@ -1563,7 +1792,7 @@

    Improper Locking

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.5.17 and openssl/libssl3@3.0.2-0ubuntu1.9
    • @@ -1576,77 +1805,77 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 libfido2/libfido2-1@1.10.0-1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 openssh/openssh-client@1:8.9p1-3ubuntu0.1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - ca-certificates@20211016ubuntu0.22.04.1 + ca-certificates@20230311ubuntu0.22.04.1 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2build1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 adduser@3.118ubuntu5 @@ -1658,31 +1887,31 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - ca-certificates@20211016ubuntu0.22.04.1 + ca-certificates@20230311ubuntu0.22.04.1 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9 @@ -1696,25 +1925,41 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

      +

      Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

      +

      Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

      +

      The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

      +

      If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

      Remediation

      There is no fixed version for Ubuntu:22.04 openssl.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Improper Certificate Validation

    +

    Improper Privilege Management

    @@ -1730,12 +1975,12 @@

    Improper Certificate Validation

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.5.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1748,590 +1993,43 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 + openssh/openssh-client@1:8.9p1-3ubuntu0.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl@3.0.2-0ubuntu1.8 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
    • - - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Privilege Management

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    +

    More about this vulnerability

    @@ -2360,149 +2058,7 @@

    Information Exposure

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
    • - - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-28531

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.16 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.5.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -2510,205 +2066,88 @@

    Out-of-bounds Read

    -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - bash@5.1-6ubuntu1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/libncursesw6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - less@590-1ubuntu0.22.04.1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/libncurses6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/ncurses-bin@6.3-2 - - ncurses/libtinfo6@6.3-2 - - +

      Detailed paths

      -
      • +
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - procps@2:3.3.17-6ubuntu2 + docker-image|quay.io/argoproj/argocd@v2.5.17 - ncurses/libtinfo6@6.3-2 + openssh/openssh-client@1:8.9p1-3ubuntu0.1
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - util-linux@2.37.2-4ubuntu3 - - ncurses/libtinfo6@6.3-2 - - +
      - -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/libncursesw6@6.3-2 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - +
    • +
    +

    CVE-2023-28531

    +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/libncurses6@6.3-2 - - +
    + low severity +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncurses6@6.3-2 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 - - ncurses/ncurses-base@6.3-2 - - +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: -
      • + openssh/openssh-client + + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.5.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - ncurses/ncurses-bin@6.3-2 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2720,25 +2159,22 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

      +

      ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      There is no fixed version for Ubuntu:22.04 openssh.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -2765,7 +2201,7 @@

    Resource Exhaustion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.5.17, meta-common-packages@meta and others
    • @@ -2777,7 +2213,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 meta-common-packages@meta @@ -2833,7 +2269,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2846,16 +2282,16 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 adduser@3.118ubuntu5 @@ -2867,16 +2303,16 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 adduser@3.118ubuntu5 @@ -2888,27 +2324,27 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 adduser@3.118ubuntu5 @@ -2920,64 +2356,64 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 openssh/openssh-client@1:8.9p1-3ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2build1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 adduser@3.118ubuntu5 @@ -2989,18 +2425,18 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 meta-common-packages@meta - krb5/libkrb5support0@1.19.2-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.2 @@ -3055,7 +2491,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.17 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -3068,7 +2504,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3077,9 +2513,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - apt@2.4.8 + apt@2.4.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3088,7 +2524,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3099,7 +2535,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3110,7 +2546,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3121,7 +2557,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3134,7 +2570,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3147,7 +2583,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3156,7 +2592,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3167,7 +2603,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3180,7 +2616,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3189,7 +2625,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3200,7 +2636,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -3209,7 +2645,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3220,7 +2656,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3229,7 +2665,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3240,7 +2676,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3253,7 +2689,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3266,7 +2702,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -3275,7 +2711,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3286,7 +2722,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3299,7 +2735,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3312,7 +2748,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -3321,7 +2757,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3332,7 +2768,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -3341,7 +2777,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3352,7 +2788,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3361,7 +2797,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3372,7 +2808,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3431,7 +2867,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.5.17 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -3444,7 +2880,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 glibc/libc-bin@2.35-0ubuntu3.1 @@ -3453,7 +2889,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 meta-common-packages@meta @@ -3512,7 +2948,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@v2.5.17, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3524,31 +2960,31 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 - git/git-man@1:2.34.1-1ubuntu1.8 + git/git-man@1:2.34.1-1ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 - git-lfs@3.0.2-1ubuntu0.1 + git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 @@ -3578,6 +3014,144 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-28322

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.17, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-28321

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.17, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    @@ -3601,7 +3175,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.17 and coreutils@8.32-4.1ubuntu1
    • @@ -3614,7 +3188,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 coreutils@8.32-4.1ubuntu1 @@ -3671,7 +3245,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.17 and bash@5.1-6ubuntu1
    @@ -3684,7 +3258,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.16 + docker-image|quay.io/argoproj/argocd@v2.5.17 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.5.17/redis_7.0.11-alpine.html b/docs/snyk/v2.5.17/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..8c21514ddc1e8 --- /dev/null +++ b/docs/snyk/v2.5.17/redis_7.0.11-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      May 27th 2023, 11:34:08 pm (UTC+00:00)

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.11-alpine (apk)
        • +
      +
      + +
      +
      0 known vulnerabilities
      +
      0 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      +
      +
      + No known vulnerabilities detected. +
      +
      + + + diff --git a/docs/snyk/v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html b/docs/snyk/v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html deleted file mode 100644 index a7b0d8740127e..0000000000000 --- a/docs/snyk/v2.6.7/ghcr.io_dexidp_dex_v2.35.3.html +++ /dev/null @@ -1,1698 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      April 16th 2023, 12:20:10 am

      -
      -
      - Scanned the following paths: -
        -
      • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)
      • ghcr.io/dexidp/dex:v2.35.3/hairyhenderson/gomplate/v3 (gomodules)
      • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
      • ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (gomodules)
        • -
      -
      - -
      -
      11 known vulnerabilities
      -
      51 vulnerable dependency paths
      -
      756 dependencies
      -
      -
      -
      -
      - -
      -
      -
      -

      Double Free

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Access of Resource Using Incompatible Type ('Type Confusion')

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Use After Free

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Certificate Validation

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r1 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Denial of Service (DoS)

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - golang.org/x/net/http2/hpack -
        • - -
      • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2/hpack@v0.0.0-20220909164309-bea034e7d591 - - - -
        • -
      • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2/hpack@v0.0.0-20220927171203-f486391704dc - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      -

      Remediation

      -

      Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Denial of Service (DoS)

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - golang.org/x/net/http2 -
        • - -
      • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
        • -
      • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      -

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2022-4304

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Certificate Validation

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.16 -
        • -
      • - Vulnerable module: - - openssl/libcrypto1.1 -
        • - -
      • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.35.3 and openssl/libcrypto1.1@1.1.1q-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libcrypto1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - apk-tools/apk-tools@2.12.9-r3 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.35.3 - - busybox/ssl_client@1.35.0-r17 - - openssl/libssl1.1@1.1.1q-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.16. - See How to fix? for Alpine:3.16 relevant fixed versions and status.

      -

      Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

      -

      Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

      -

      Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      -

      Remediation

      -

      Upgrade Alpine:3.16 openssl to version 1.1.1t-r2 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Input Validation

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - golang.org/x/text/language -
        • - -
      • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/text/language@v0.3.7 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/text/language@v0.3.7 - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

      -

      Remediation

      -

      Upgrade golang.org/x/text/language to version 0.3.8 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Incorrect Privilege Assignment

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - golang.org/x/sys/unix -
        • - -
      • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
        • -
      • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/sys/unix@v0.0.0-20220728004956-3c1f35247d10 - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

      -

      Remediation

      -

      Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Denial of Service (DoS)

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - golang.org/x/net/http2 -
        • - -
      • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.0.0-20220909164309-bea034e7d591 - - - -
        • -
      • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.0.0-20220927171203-f486391704dc - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      -

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.6.7/haproxy_2.6.9-alpine.html b/docs/snyk/v2.6.7/haproxy_2.6.9-alpine.html deleted file mode 100644 index 79007c2b55b0b..0000000000000 --- a/docs/snyk/v2.6.7/haproxy_2.6.9-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      April 16th 2023, 12:20:15 am

      -
      -
      - Scanned the following path: -
        -
      • haproxy:2.6.9-alpine (apk)
        • -
      -
      - -
      -
      3 known vulnerabilities
      -
      27 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|haproxy
      Path haproxy:2.6.9-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      Improper Certificate Validation

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Certificate Validation

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

      -

      Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

      -

      Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Certificate Validation

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

      -

      As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

      -

      Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

      -

      Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.6.7/redis_7.0.8-alpine.html b/docs/snyk/v2.6.7/redis_7.0.8-alpine.html deleted file mode 100644 index 4d024459c9a15..0000000000000 --- a/docs/snyk/v2.6.7/redis_7.0.8-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      April 16th 2023, 12:20:50 am

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.8-alpine (apk)
        • -
      -
      - -
      -
      3 known vulnerabilities
      -
      27 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.8-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      Improper Certificate Validation

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Certificate Validation

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

      -

      Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

      -

      Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Certificate Validation

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.8-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - .redis-rundeps@20230211.132806 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.8-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

      -

      As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

      -

      Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

      -

      Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.6.7/argocd-iac-install.html b/docs/snyk/v2.6.8/argocd-iac-install.html similarity index 98% rename from docs/snyk/v2.6.7/argocd-iac-install.html rename to docs/snyk/v2.6.8/argocd-iac-install.html index dd0af7c9c7391..90e59283c3d75 100644 --- a/docs/snyk/v2.6.7/argocd-iac-install.html +++ b/docs/snyk/v2.6.8/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      April 16th 2023, 12:22:08 am

      +

      May 27th 2023, 11:32:32 pm (UTC+00:00)

      Scanned the following path: @@ -2267,7 +2267,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2323,7 +2323,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2379,7 +2379,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2435,7 +2435,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2491,7 +2491,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2547,7 +2547,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2603,7 +2603,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2659,7 +2659,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2715,7 +2715,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      diff --git a/docs/snyk/v2.6.7/argocd-iac-namespace-install.html b/docs/snyk/v2.6.8/argocd-iac-namespace-install.html similarity index 98% rename from docs/snyk/v2.6.7/argocd-iac-namespace-install.html rename to docs/snyk/v2.6.8/argocd-iac-namespace-install.html index 2a97e0f83f223..a880f4a802ee3 100644 --- a/docs/snyk/v2.6.7/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.6.8/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      April 16th 2023, 12:22:20 am

      +

      May 27th 2023, 11:32:47 pm (UTC+00:00)

      Scanned the following path: @@ -2267,7 +2267,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2323,7 +2323,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2379,7 +2379,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2435,7 +2435,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2491,7 +2491,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2547,7 +2547,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2603,7 +2603,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2659,7 +2659,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      @@ -2715,7 +2715,7 @@

      Impact

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10000

      +

      Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

      diff --git a/docs/snyk/v2.6.7/argocd-test.html b/docs/snyk/v2.6.8/argocd-test.html similarity index 98% rename from docs/snyk/v2.6.7/argocd-test.html rename to docs/snyk/v2.6.8/argocd-test.html index 1c67b4ab7060a..bcb13efeadeef 100644 --- a/docs/snyk/v2.6.7/argocd-test.html +++ b/docs/snyk/v2.6.8/argocd-test.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      April 16th 2023, 12:20:00 am

      +

      May 27th 2023, 11:29:32 pm (UTC+00:00)

      Scanned the following paths: @@ -468,7 +468,7 @@

      Snyk test report

      0 known vulnerabilities
      0 vulnerable dependency paths
      -
      1730 dependencies
      +
      1727 dependencies
      diff --git a/docs/snyk/master/redis_7.0.9-alpine.html b/docs/snyk/v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html similarity index 83% rename from docs/snyk/master/redis_7.0.9-alpine.html rename to docs/snyk/v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html index 16dbeeed589fe..b10c128ac615d 100644 --- a/docs/snyk/master/redis_7.0.9-alpine.html +++ b/docs/snyk/v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,33 +456,24 @@

      Snyk test report

      -

      April 16th 2023, 12:15:38 am

      +

      May 27th 2023, 11:29:42 pm (UTC+00:00)

      - Scanned the following path: + Scanned the following paths:
        -
      • redis:7.0.9-alpine (apk)
        • +
      • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
      • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
      • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
      • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
      -
      3 known vulnerabilities
      -
      27 vulnerable dependency paths
      -
      18 dependencies
      +
      4 known vulnerabilities
      +
      28 vulnerable dependency paths
      +
      760 dependencies
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.9-alpine
      Package Manager apk
      -
      +
      @@ -507,7 +498,7 @@

      Improper Certificate Validation

    • Introduced through: - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -520,7 +511,7 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -529,7 +520,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -540,18 +531,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -562,7 +542,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -573,18 +553,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -593,7 +562,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -604,7 +573,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -663,7 +632,7 @@

      Improper Certificate Validation

    • Introduced through: - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -676,7 +645,7 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -685,7 +654,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -696,18 +665,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -718,7 +676,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -729,7 +687,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -738,18 +696,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -760,7 +707,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -827,7 +774,7 @@

      Improper Certificate Validation

    • Introduced through: - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -840,7 +787,7 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -849,7 +796,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -860,18 +807,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -882,7 +818,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -893,18 +829,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -913,7 +838,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -924,7 +849,7 @@

      Detailed paths

    • Introduced through: - docker-image|redis@7.0.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -975,6 +900,153 @@

      References

    +
    +

    Out-of-bounds Read

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html b/docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html new file mode 100644 index 0000000000000..f5deaadb8af60 --- /dev/null +++ b/docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html @@ -0,0 +1,662 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    May 27th 2023, 11:29:48 pm (UTC+00:00)

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.12-alpine (apk)
      • +
    +
    + +
    +
    1 known vulnerabilities
    +
    9 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.12-alpine
    Package Manager apk
    +
    +
    +
    +
    +

    Out-of-bounds Read

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.12-alpine and openssl/libcrypto3@3.0.8-r3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.6.7/quay.io_argoproj_argocd_v2.6.7.html b/docs/snyk/v2.6.8/quay.io_argoproj_argocd_v2.6.8.html similarity index 77% rename from docs/snyk/v2.6.7/quay.io_argoproj_argocd_v2.6.7.html rename to docs/snyk/v2.6.8/quay.io_argoproj_argocd_v2.6.8.html index 6568d084437ab..44a364a377ed1 100644 --- a/docs/snyk/v2.6.7/quay.io_argoproj_argocd_v2.6.7.html +++ b/docs/snyk/v2.6.8/quay.io_argoproj_argocd_v2.6.8.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    April 16th 2023, 12:20:43 am

    +

    May 27th 2023, 11:30:28 pm (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.6.7/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.6.7/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.6.7/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.6.7/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.6.7/git-lfs/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.6.8/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.6.8/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.6.8/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.6.8/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.6.8/git-lfs/git-lfs (gomodules)
    27 known vulnerabilities
    -
    120 vulnerable dependency paths
    +
    86 vulnerable dependency paths
    2063 dependencies
    @@ -525,8 +525,8 @@

    Detailed paths

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language. - Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    +

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    PoC

    package main
         
@@ -615,8 +615,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    gopkg.in/yaml.v3 is a YAML support package for the Go language.
-        Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.
    
+        
    gopkg.in/yaml.v3 is a YAML support package for the Go language.
    
+        
    Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.
    
         
    PoC
    
         
    package main
         
@@ -781,8 +781,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
-        Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.
    
+        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
    
+        
    Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.
    
         
    Remediation
    
         
    Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.
    
         
    References
    
@@ -847,8 +847,8 @@ 
    Detailed paths
    
               
    
               
               
    Overview
    
-        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
-        Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.
    
+        
    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
    
+        
    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.
    
         
    Details
    
         
    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
    
         
    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
    
@@ -877,6 +877,134 @@ 
    References
    
                 
    More about this vulnerability
    +
    +
    +

    Improper Certificate Validation

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + perl/perl-modules-5.34 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.8, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/perl-modules-5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/libperl5.34@5.34.0-3ubuntu1.1 + + perl/perl-modules-5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/libperl5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + meta-common-packages@meta + + perl/perl-base@5.34.0-3ubuntu1.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 perl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    @@ -1069,8 +1197,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -1123,7 +1251,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.6.8, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1135,7 +1263,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1171,6 +1299,107 @@

      References

      More about this vulnerability

    +
    +
    +

    Arbitrary Code Injection

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + shadow/passwd +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.8 and shadow/passwd@1:4.8.1-2ubuntu2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + shadow/login@1:4.8.1-2ubuntu2.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 shadow.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Uncontrolled Recursion

    @@ -1194,7 +1423,7 @@

    Uncontrolled Recursion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.6.8 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    • @@ -1207,7 +1436,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1216,7 +1445,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 grep@3.7-1build1 @@ -1278,7 +1507,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.6.8 and patch@2.7.6-7build2
    @@ -1291,7 +1520,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 patch@2.7.6-7build2 @@ -1345,7 +1574,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.6.8 and patch@2.7.6-7build2
    @@ -1358,7 +1587,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 patch@2.7.6-7build2 @@ -1396,7 +1625,7 @@

      References

    -

    Improper Locking

    +

    Out-of-bounds Read

    @@ -1417,7 +1646,7 @@

    Improper Locking

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.6.8 and openssl/libssl3@3.0.2-0ubuntu1.9
    • @@ -1430,77 +1659,77 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 libfido2/libfido2-1@1.10.0-1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 openssh/openssh-client@1:8.9p1-3ubuntu0.1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - ca-certificates@20211016ubuntu0.22.04.1 + ca-certificates@20230311ubuntu0.22.04.1 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2build1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 adduser@3.118ubuntu5 @@ -1512,31 +1741,31 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - ca-certificates@20211016ubuntu0.22.04.1 + ca-certificates@20230311ubuntu0.22.04.1 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9 @@ -1550,25 +1779,41 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

      +

      Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

      +

      Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

      +

      The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

      +

      If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

      Remediation

      There is no fixed version for Ubuntu:22.04 openssl.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Improper Certificate Validation

    +

    Improper Privilege Management

    @@ -1584,12 +1829,12 @@

    Improper Certificate Validation

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.6.8 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1602,590 +1847,43 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 + openssh/openssh-client@1:8.9p1-3ubuntu0.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl@3.0.2-0ubuntu1.8 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
    • - - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Privilege Management

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    +

    More about this vulnerability

    @@ -2214,149 +1912,7 @@

    Information Exposure

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
    • - - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-28531

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.7 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.7 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.6.8 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -2364,205 +1920,88 @@

    Out-of-bounds Read

    -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - bash@5.1-6ubuntu1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/libncursesw6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - less@590-1ubuntu0.22.04.1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/libncurses6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/ncurses-bin@6.3-2 - - ncurses/libtinfo6@6.3-2 - - +

      Detailed paths

      -
      • +
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - procps@2:3.3.17-6ubuntu2 + docker-image|quay.io/argoproj/argocd@v2.6.8 - ncurses/libtinfo6@6.3-2 + openssh/openssh-client@1:8.9p1-3ubuntu0.1
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - util-linux@2.37.2-4ubuntu3 - - ncurses/libtinfo6@6.3-2 - - +
      - -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/libncursesw6@6.3-2 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - +
    • +
    +

    CVE-2023-28531

    +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/libncurses6@6.3-2 - - +
    + low severity +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncurses6@6.3-2 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 - - ncurses/ncurses-base@6.3-2 - - +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: -
      • + openssh/openssh-client + + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.8 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - ncurses/ncurses-bin@6.3-2 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2574,25 +2013,22 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

      +

      ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      There is no fixed version for Ubuntu:22.04 openssh.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -2619,7 +2055,7 @@

    Resource Exhaustion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.6.8, meta-common-packages@meta and others
    • @@ -2631,7 +2067,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 meta-common-packages@meta @@ -2687,7 +2123,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.8 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2700,16 +2136,16 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 adduser@3.118ubuntu5 @@ -2721,16 +2157,16 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 adduser@3.118ubuntu5 @@ -2742,27 +2178,27 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 adduser@3.118ubuntu5 @@ -2774,64 +2210,64 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 openssh/openssh-client@1:8.9p1-3ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2build1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 adduser@3.118ubuntu5 @@ -2843,18 +2279,18 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 meta-common-packages@meta - krb5/libkrb5support0@1.19.2-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.2 @@ -2909,7 +2345,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.6.8 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2922,7 +2358,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2931,9 +2367,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - apt@2.4.8 + apt@2.4.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2942,7 +2378,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2953,7 +2389,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2964,7 +2400,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2975,7 +2411,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2988,7 +2424,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3001,7 +2437,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3010,7 +2446,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3021,7 +2457,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3034,7 +2470,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3043,7 +2479,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3054,7 +2490,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -3063,7 +2499,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3074,7 +2510,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3083,7 +2519,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3094,7 +2530,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3107,7 +2543,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3120,7 +2556,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -3129,7 +2565,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3140,7 +2576,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3153,7 +2589,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3166,7 +2602,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -3175,7 +2611,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3186,7 +2622,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -3195,7 +2631,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3206,7 +2642,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3215,7 +2651,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3226,7 +2662,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3285,7 +2721,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.6.8 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -3298,7 +2734,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 glibc/libc-bin@2.35-0ubuntu3.1 @@ -3307,7 +2743,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 meta-common-packages@meta @@ -3366,7 +2802,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@v2.6.8, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3378,31 +2814,31 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 - git/git-man@1:2.34.1-1ubuntu1.8 + git/git-man@1:2.34.1-1ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 - git-lfs@3.0.2-1ubuntu0.1 + git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 @@ -3432,6 +2868,144 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-28322

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.8, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-28321

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.8, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    @@ -3455,7 +3029,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.8 and coreutils@8.32-4.1ubuntu1
    • @@ -3468,7 +3042,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 coreutils@8.32-4.1ubuntu1 @@ -3525,7 +3099,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.8 and bash@5.1-6ubuntu1
    @@ -3538,7 +3112,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.7 + docker-image|quay.io/argoproj/argocd@v2.6.8 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.6.8/redis_7.0.11-alpine.html b/docs/snyk/v2.6.8/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..250d1de7c4bf8 --- /dev/null +++ b/docs/snyk/v2.6.8/redis_7.0.11-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      May 27th 2023, 11:30:34 pm (UTC+00:00)

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.11-alpine (apk)
        • +
      +
      + +
      +
      0 known vulnerabilities
      +
      0 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      +
      +
      + No known vulnerabilities detected. +
      +
      + + + diff --git a/docs/snyk/v2.7.0-rc2/haproxy_2.6.9-alpine.html b/docs/snyk/v2.7.0-rc2/haproxy_2.6.9-alpine.html deleted file mode 100644 index 00a94ccf10b8d..0000000000000 --- a/docs/snyk/v2.7.0-rc2/haproxy_2.6.9-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      April 16th 2023, 12:17:45 am

      -
      -
      - Scanned the following path: -
        -
      • haproxy:2.6.9-alpine (apk)
        • -
      -
      - -
      -
      3 known vulnerabilities
      -
      27 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|haproxy
      Path haproxy:2.6.9-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      Improper Certificate Validation

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Certificate Validation

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

      -

      Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

      -

      Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Certificate Validation

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

      -

      As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

      -

      Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

      -

      Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.7.0-rc2/redis_7.0.9-alpine.html b/docs/snyk/v2.7.0-rc2/redis_7.0.9-alpine.html deleted file mode 100644 index 384625bb54320..0000000000000 --- a/docs/snyk/v2.7.0-rc2/redis_7.0.9-alpine.html +++ /dev/null @@ -1,983 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      April 16th 2023, 12:18:11 am

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.9-alpine (apk)
        • -
      -
      - -
      -
      3 known vulnerabilities
      -
      27 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.9-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      Improper Certificate Validation

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Certificate Validation

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

      -

      Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

      -

      Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Certificate Validation

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.17 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.9-alpine and openssl/libcrypto3@3.0.8-r0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libcrypto3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - .redis-rundeps@20230301.015803 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - apk-tools/apk-tools@2.12.10-r1 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.9-alpine - - busybox/ssl_client@1.35.0-r29 - - openssl/libssl3@3.0.8-r0 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. - See How to fix? for Alpine:3.17 relevant fixed versions and status.

      -

      The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

      -

      As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

      -

      Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

      -

      Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

      -

      Remediation

      -

      Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.7.0-rc2/argocd-iac-install.html b/docs/snyk/v2.7.3/argocd-iac-install.html similarity index 97% rename from docs/snyk/v2.7.0-rc2/argocd-iac-install.html rename to docs/snyk/v2.7.3/argocd-iac-install.html index 7157e4c8173d6..45b3053cbf037 100644 --- a/docs/snyk/v2.7.0-rc2/argocd-iac-install.html +++ b/docs/snyk/v2.7.3/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      April 16th 2023, 12:19:33 am

      +

      May 27th 2023, 11:28:53 pm (UTC+00:00)

      Scanned the following path: @@ -789,7 +789,7 @@

      Container could be running with outdated image

    • - Line number: 17517 + Line number: 17512
    @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 17517 + Line number: 17512
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 17339 + Line number: 17336
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 17602 + Line number: 17597
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 17906 + Line number: 17901
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 17293 + Line number: 17290
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 17517 + Line number: 17512
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 17517 + Line number: 17512
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 17339 + Line number: 17336
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 17602 + Line number: 17597
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 17906 + Line number: 17901
    • @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2481,7 +2481,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17293 + Line number: 17290
    • @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17524 + Line number: 17519
    • @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17490 + Line number: 17485
    • @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2649,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17816 + Line number: 17811
    • @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2705,7 +2705,7 @@

    Container's UID could clash with host's UID
  • - Line number: 18048 + Line number: 18043
    • @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/v2.7.0-rc2/argocd-iac-namespace-install.html b/docs/snyk/v2.7.3/argocd-iac-namespace-install.html similarity index 97% rename from docs/snyk/v2.7.0-rc2/argocd-iac-namespace-install.html rename to docs/snyk/v2.7.3/argocd-iac-namespace-install.html index 5edff3bd73f64..9810dd3636d46 100644 --- a/docs/snyk/v2.7.0-rc2/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.3/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:19:46 am

    +

    May 27th 2023, 11:29:12 pm (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1177 + Line number: 1172
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1177 + Line number: 1172
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 999 + Line number: 996
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1262 + Line number: 1257
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1566 + Line number: 1561
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 953 + Line number: 950
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 1177 + Line number: 1172
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 1177 + Line number: 1172
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 999 + Line number: 996
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 1262 + Line number: 1257
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 1566 + Line number: 1561
    • @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2481,7 +2481,7 @@

    Container's UID could clash with host's UID
  • - Line number: 953 + Line number: 950
    • @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1184 + Line number: 1179
    • @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1150 + Line number: 1145
    • @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2649,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1476 + Line number: 1471
    • @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    @@ -2705,7 +2705,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1708 + Line number: 1703
    • @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000

    +

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/v2.7.0-rc2/argocd-test.html b/docs/snyk/v2.7.3/argocd-test.html similarity index 99% rename from docs/snyk/v2.7.0-rc2/argocd-test.html rename to docs/snyk/v2.7.3/argocd-test.html index 6f565fda92d96..406dd92e13ea7 100644 --- a/docs/snyk/v2.7.0-rc2/argocd-test.html +++ b/docs/snyk/v2.7.3/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 16th 2023, 12:17:33 am

    +

    May 27th 2023, 11:25:45 pm (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.5.16/haproxy_2.6.9-alpine.html b/docs/snyk/v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html similarity index 83% rename from docs/snyk/v2.5.16/haproxy_2.6.9-alpine.html rename to docs/snyk/v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html index 92c0d5749b882..19e1cd62d839e 100644 --- a/docs/snyk/v2.5.16/haproxy_2.6.9-alpine.html +++ b/docs/snyk/v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,33 +456,24 @@

    Snyk test report

    -

    April 16th 2023, 12:22:53 am

    +

    May 27th 2023, 11:25:55 pm (UTC+00:00)

    - Scanned the following path: + Scanned the following paths:
      -
    • haproxy:2.6.9-alpine (apk)
      • +
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
    -
    3 known vulnerabilities
    -
    27 vulnerable dependency paths
    -
    18 dependencies
    +
    4 known vulnerabilities
    +
    28 vulnerable dependency paths
    +
    760 dependencies
    -
    - - - - - - - -
    Project docker-image|haproxy
    Path haproxy:2.6.9-alpine
    Package Manager apk
    -
    +
    @@ -507,7 +498,7 @@

    Improper Certificate Validation

  • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    • @@ -520,7 +511,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -529,7 +520,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -540,18 +531,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -562,7 +542,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -573,18 +553,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -593,7 +562,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -604,7 +573,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -663,7 +632,7 @@

      Improper Certificate Validation

    • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -676,7 +645,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -685,7 +654,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -696,18 +665,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -718,7 +676,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -729,7 +687,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -738,18 +696,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -760,7 +707,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -827,7 +774,7 @@

      Improper Certificate Validation

    • Introduced through: - docker-image|haproxy@2.6.9-alpine and openssl/libcrypto3@3.0.8-r0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -840,7 +787,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libcrypto3@3.0.8-r0 @@ -849,7 +796,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -860,18 +807,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 - - openssl/libcrypto3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -882,7 +818,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -893,18 +829,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine - - openssl/libssl3@3.0.8-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.9-alpine - - .haproxy-rundeps@20230214.193603 + docker-image|ghcr.io/dexidp/dex@v2.36.0 openssl/libssl3@3.0.8-r0 @@ -913,7 +838,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 apk-tools/apk-tools@2.12.10-r1 @@ -924,7 +849,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.9-alpine + docker-image|ghcr.io/dexidp/dex@v2.36.0 busybox/ssl_client@1.35.0-r29 @@ -975,6 +900,153 @@

      References

    +
    +

    Out-of-bounds Read

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html b/docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html new file mode 100644 index 0000000000000..f09200213d076 --- /dev/null +++ b/docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html @@ -0,0 +1,662 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    May 27th 2023, 11:26:02 pm (UTC+00:00)

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.12-alpine (apk)
      • +
    +
    + +
    +
    1 known vulnerabilities
    +
    9 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.12-alpine
    Package Manager apk
    +
    +
    +
    +
    +

    Out-of-bounds Read

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.12-alpine and openssl/libcrypto3@3.0.8-r3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.7.0-rc2/quay.io_argoproj_argocd_v2.7.0-rc2.html b/docs/snyk/v2.7.3/quay.io_argoproj_argocd_v2.7.3.html similarity index 75% rename from docs/snyk/v2.7.0-rc2/quay.io_argoproj_argocd_v2.7.0-rc2.html rename to docs/snyk/v2.7.3/quay.io_argoproj_argocd_v2.7.3.html index 035feec2af812..67fe3880d5c42 100644 --- a/docs/snyk/v2.7.0-rc2/quay.io_argoproj_argocd_v2.7.0-rc2.html +++ b/docs/snyk/v2.7.3/quay.io_argoproj_argocd_v2.7.3.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    April 16th 2023, 12:18:06 am

    +

    May 27th 2023, 11:26:34 pm (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.7.0-rc2/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.7.0-rc2/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.7.0-rc2/kustomize/kustomize/v5 (gomodules)
    • quay.io/argoproj/argocd:v2.7.0-rc2/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.7.0-rc2/git-lfs/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.3/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.7.3/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.7.3/kustomize/kustomize/v5 (gomodules)
    • quay.io/argoproj/argocd:v2.7.3/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.7.3/git-lfs/git-lfs (gomodules)
    21 known vulnerabilities
    -
    112 vulnerable dependency paths
    +
    78 vulnerable dependency paths
    2065 dependencies
    @@ -604,8 +604,8 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. - Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -634,6 +634,134 @@

    References

    More about this vulnerability

    +
    +
    +

    Improper Certificate Validation

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + perl/perl-modules-5.34 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.3, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/perl-modules-5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/libperl5.34@5.34.0-3ubuntu1.1 + + perl/perl-modules-5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + perl/libperl5.34@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + git@1:2.34.1-1ubuntu1.9 + + perl@5.34.0-3ubuntu1.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + meta-common-packages@meta + + perl/perl-base@5.34.0-3ubuntu1.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 perl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2022-46908

    @@ -658,7 +786,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.7.3, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -670,7 +798,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -706,6 +834,107 @@

      References

      More about this vulnerability

    +
    +
    +

    Arbitrary Code Injection

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + shadow/passwd +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.3 and shadow/passwd@1:4.8.1-2ubuntu2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + shadow/login@1:4.8.1-2ubuntu2.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 shadow.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Uncontrolled Recursion

    @@ -729,7 +958,7 @@

    Uncontrolled Recursion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.7.3 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    • @@ -742,7 +971,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -751,7 +980,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 grep@3.7-1build1 @@ -813,7 +1042,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.3 and patch@2.7.6-7build2
    @@ -826,7 +1055,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 patch@2.7.6-7build2 @@ -880,7 +1109,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.3 and patch@2.7.6-7build2
    @@ -893,7 +1122,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 patch@2.7.6-7build2 @@ -931,7 +1160,7 @@

      References

    -

    Improper Locking

    +

    Out-of-bounds Read

    @@ -952,7 +1181,7 @@

    Improper Locking

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.7.3 and openssl/libssl3@3.0.2-0ubuntu1.9
    • @@ -965,77 +1194,77 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 libfido2/libfido2-1@1.10.0-1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 openssh/openssh-client@1:8.9p1-3ubuntu0.1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 ca-certificates@20211016ubuntu0.22.04.1 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2build1 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 adduser@3.118ubuntu5 @@ -1047,31 +1276,31 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssl/libssl3@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 ca-certificates@20211016ubuntu0.22.04.1 - openssl@3.0.2-0ubuntu1.8 + openssl@3.0.2-0ubuntu1.9 @@ -1085,25 +1314,41 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

      +

      Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

      +

      Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

      +

      The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

      +

      If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

      Remediation

      There is no fixed version for Ubuntu:22.04 openssl.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Improper Certificate Validation

    +

    Improper Privilege Management

    @@ -1119,12 +1364,12 @@

    Improper Certificate Validation

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssl/libssl3@3.0.2-0ubuntu1.8 + docker-image|quay.io/argoproj/argocd@v2.7.3 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1137,594 +1382,47 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - openssl/libssl3@3.0.2-0ubuntu1.8 + openssh/openssh-client@1:8.9p1-3ubuntu0.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssl@3.0.2-0ubuntu1.8 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
    • - - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssl/libssl3@3.0.2-0ubuntu1.8 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - git@1:2.34.1-1ubuntu1.8 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.8 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Privilege Management

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    +
    +

    More about this vulnerability

    +
    @@ -1749,149 +1447,7 @@

    Information Exposure

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
    • - - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-28531

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and ncurses/libtinfo6@6.3-2 + docker-image|quay.io/argoproj/argocd@v2.7.3 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -1899,205 +1455,88 @@

    Out-of-bounds Read

    -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - bash@5.1-6ubuntu1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/libncursesw6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - less@590-1ubuntu0.22.04.1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/libncurses6@6.3-2 - - ncurses/libtinfo6@6.3-2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/ncurses-bin@6.3-2 - - ncurses/libtinfo6@6.3-2 - - +

      Detailed paths

      -
      • +
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - procps@2:3.3.17-6ubuntu2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - ncurses/libtinfo6@6.3-2 + openssh/openssh-client@1:8.9p1-3ubuntu0.1
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - util-linux@2.37.2-4ubuntu3 - - ncurses/libtinfo6@6.3-2 - - +
      - -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/libncursesw6@6.3-2 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncursesw6@6.3-2 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2 - - +
    • +
    +

    CVE-2023-28531

    +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/libncurses6@6.3-2 - - +
    + low severity +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - procps@2:3.3.17-6ubuntu2 - - ncurses/libncurses6@6.3-2 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 - - ncurses/ncurses-base@6.3-2 - - +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: -
      • + openssh/openssh-client + + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.3 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - ncurses/ncurses-bin@6.3-2 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2109,25 +1548,22 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

      +

      ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      There is no fixed version for Ubuntu:22.04 openssh.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -2154,7 +1590,7 @@

    Resource Exhaustion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.7.3, meta-common-packages@meta and others
    • @@ -2166,7 +1602,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 meta-common-packages@meta @@ -2222,7 +1658,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and krb5/libk5crypto3@1.19.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2235,16 +1671,16 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 adduser@3.118ubuntu5 @@ -2256,16 +1692,16 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 adduser@3.118ubuntu5 @@ -2277,27 +1713,27 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 adduser@3.118ubuntu5 @@ -2309,64 +1745,64 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - krb5/libkrb5-3@1.19.2-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 openssh/openssh-client@1:8.9p1-3ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2build1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 adduser@3.118ubuntu5 @@ -2378,18 +1814,18 @@

      Detailed paths

      libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 meta-common-packages@meta - krb5/libkrb5support0@1.19.2-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.2 @@ -2444,7 +1880,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.3 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2457,7 +1893,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2466,9 +1902,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - apt@2.4.8 + apt@2.4.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2477,7 +1913,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2488,7 +1924,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2499,7 +1935,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2510,7 +1946,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2523,7 +1959,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2536,7 +1972,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2545,7 +1981,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2556,7 +1992,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2569,7 +2005,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2578,7 +2014,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2589,7 +2025,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2598,7 +2034,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2609,7 +2045,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2618,7 +2054,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2629,7 +2065,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2642,7 +2078,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2655,7 +2091,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2664,7 +2100,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2675,7 +2111,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2688,7 +2124,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2701,7 +2137,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2710,7 +2146,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2721,7 +2157,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2730,7 +2166,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2741,7 +2177,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2750,7 +2186,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2761,7 +2197,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2820,7 +2256,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.7.3 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2833,7 +2269,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2842,7 +2278,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 meta-common-packages@meta @@ -2901,7 +2337,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2, git@1:2.34.1-1ubuntu1.8 and others + docker-image|quay.io/argoproj/argocd@v2.7.3, git@1:2.34.1-1ubuntu1.9 and others
    @@ -2913,31 +2349,31 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 - git/git-man@1:2.34.1-1ubuntu1.8 + git/git-man@1:2.34.1-1ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 - git-lfs@3.0.2-1ubuntu0.1 + git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.8 + git@1:2.34.1-1ubuntu1.9 @@ -2967,6 +2403,144 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-28322

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.3, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-28321

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.3, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    @@ -2990,7 +2564,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.3 and coreutils@8.32-4.1ubuntu1
    • @@ -3003,7 +2577,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 coreutils@8.32-4.1ubuntu1 @@ -3060,7 +2634,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.3 and bash@5.1-6ubuntu1
    @@ -3073,7 +2647,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.0-rc2 + docker-image|quay.io/argoproj/argocd@v2.7.3 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.7.3/redis_7.0.11-alpine.html b/docs/snyk/v2.7.3/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..aaae7f3257d3e --- /dev/null +++ b/docs/snyk/v2.7.3/redis_7.0.11-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      May 27th 2023, 11:26:39 pm (UTC+00:00)

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.11-alpine (apk)
        • +
      +
      + +
      +
      0 known vulnerabilities
      +
      0 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      +
      +
      + No known vulnerabilities detected. +
      +
      + + + From d49d2aef16510b9b3303d64cf64e1b79d3121334 Mon Sep 17 00:00:00 2001 From: Radon Rosborough <69264599+raxod502-plaid@users.noreply.github.com> Date: Sun, 28 May 2023 11:31:41 -0700 Subject: [PATCH 043/252] fix(appset): return error on invalid annotations (#13743) Signed-off-by: Radon Rosborough --- util/argo/resource_tracking.go | 40 ++++++++++--- util/argo/resource_tracking_test.go | 6 +- util/kube/kube.go | 49 +++++++++++----- util/kube/kube_test.go | 57 ++++++++++++++++++- util/kube/testdata/svc-with-invalid-data.yaml | 17 ++++++ 5 files changed, 143 insertions(+), 26 deletions(-) create mode 100644 util/kube/testdata/svc-with-invalid-data.yaml diff --git a/util/argo/resource_tracking.go b/util/argo/resource_tracking.go index 53659115e8b10..92f3f69d6c1ea 100644 --- a/util/argo/resource_tracking.go +++ b/util/argo/resource_tracking.go @@ -61,7 +61,10 @@ func IsOldTrackingMethod(trackingMethod string) bool { } func (rt *resourceTracking) getAppInstanceValue(un *unstructured.Unstructured, key string, trackingMethod v1alpha1.TrackingMethod) *AppInstanceValue { - appInstanceAnnotation := argokube.GetAppInstanceAnnotation(un, common.AnnotationKeyAppInstance) + appInstanceAnnotation, err := argokube.GetAppInstanceAnnotation(un, common.AnnotationKeyAppInstance) + if err != nil { + return nil + } value, err := rt.ParseAppInstanceValue(appInstanceAnnotation) if err != nil { return nil @@ -80,13 +83,21 @@ func (rt *resourceTracking) GetAppName(un *unstructured.Unstructured, key string } switch trackingMethod { case TrackingMethodLabel: - return argokube.GetAppInstanceLabel(un, key) + label, err := argokube.GetAppInstanceLabel(un, key) + if err != nil { + return "" + } + return label case TrackingMethodAnnotationAndLabel: return retrieveAppInstanceValue() case TrackingMethodAnnotation: return retrieveAppInstanceValue() default: - return argokube.GetAppInstanceLabel(un, key) + label, err := argokube.GetAppInstanceLabel(un, key) + if err != nil { + return "" + } + return label } } @@ -185,19 +196,32 @@ func (rt *resourceTracking) Normalize(config, live *unstructured.Unstructured, l return nil } - label := kube.GetAppInstanceLabel(live, labelKey) + label, err := kube.GetAppInstanceLabel(live, labelKey) + if err != nil { + return err + } if label == "" { return nil } - annotation := argokube.GetAppInstanceAnnotation(config, common.AnnotationKeyAppInstance) - err := argokube.SetAppInstanceAnnotation(live, common.AnnotationKeyAppInstance, annotation) + annotation, err := argokube.GetAppInstanceAnnotation(config, common.AnnotationKeyAppInstance) + if err != nil { + return err + } + err = argokube.SetAppInstanceAnnotation(live, common.AnnotationKeyAppInstance, annotation) if err != nil { return err } - if argokube.GetAppInstanceLabel(config, labelKey) == "" { - argokube.RemoveLabel(live, labelKey) + label, err = argokube.GetAppInstanceLabel(config, labelKey) + if err != nil { + return err + } + if label == "" { + err = argokube.RemoveLabel(live, labelKey) + if err != nil { + return err + } } return nil diff --git a/util/argo/resource_tracking_test.go b/util/argo/resource_tracking_test.go index e737e831fb255..36f94747ffd78 100644 --- a/util/argo/resource_tracking_test.go +++ b/util/argo/resource_tracking_test.go @@ -136,7 +136,8 @@ func TestResourceIdNormalizer_Normalize(t *testing.T) { _ = rt.Normalize(configObj, liveObj, common.LabelKeyAppInstance, string(TrackingMethodAnnotation)) // the normalization should affect add the new style annotation and drop old tracking label from live object - annotation := kube.GetAppInstanceAnnotation(configObj, common.AnnotationKeyAppInstance) + annotation, err := kube.GetAppInstanceAnnotation(configObj, common.AnnotationKeyAppInstance) + assert.Nil(t, err) assert.Equal(t, liveObj.GetAnnotations()[common.AnnotationKeyAppInstance], annotation) _, hasOldLabel := liveObj.GetLabels()[common.LabelKeyAppInstance] assert.False(t, hasOldLabel) @@ -160,7 +161,8 @@ func TestResourceIdNormalizer_Normalize_ConfigHasOldLabel(t *testing.T) { _ = rt.Normalize(configObj, liveObj, common.LabelKeyAppInstance, string(TrackingMethodAnnotation)) // the normalization should affect add the new style annotation and drop old tracking label from live object - annotation := kube.GetAppInstanceAnnotation(configObj, common.AnnotationKeyAppInstance) + annotation, err := kube.GetAppInstanceAnnotation(configObj, common.AnnotationKeyAppInstance) + assert.Nil(t, err) assert.Equal(t, liveObj.GetAnnotations()[common.AnnotationKeyAppInstance], annotation) _, hasOldLabel := liveObj.GetLabels()[common.LabelKeyAppInstance] assert.True(t, hasOldLabel) diff --git a/util/kube/kube.go b/util/kube/kube.go index 0df9a36d813ca..ad3dd47e804eb 100644 --- a/util/kube/kube.go +++ b/util/kube/kube.go @@ -20,7 +20,11 @@ func IsValidResourceName(name string) bool { // SetAppInstanceLabel the recommended app.kubernetes.io/instance label against an unstructured object // Uses the legacy labeling if environment variable is set func SetAppInstanceLabel(target *unstructured.Unstructured, key, val string) error { - labels := target.GetLabels() + // Do not use target.GetLabels(), https://github.com/argoproj/argo-cd/issues/13730 + labels, _, err := unstructured.NestedStringMap(target.Object, "metadata", "labels") + if err != nil { + return err + } if labels == nil { labels = make(map[string]string) } @@ -96,7 +100,11 @@ func SetAppInstanceLabel(target *unstructured.Unstructured, key, val string) err // SetAppInstanceAnnotation the recommended app.kubernetes.io/instance annotation against an unstructured object // Uses the legacy labeling if environment variable is set func SetAppInstanceAnnotation(target *unstructured.Unstructured, key, val string) error { - annotations := target.GetAnnotations() + // Do not use target.GetAnnotations(), https://github.com/argoproj/argo-cd/issues/13730 + annotations, _, err := unstructured.NestedStringMap(target.Object, "metadata", "annotations") + if err != nil { + return err + } if annotations == nil { annotations = make(map[string]string) } @@ -106,26 +114,40 @@ func SetAppInstanceAnnotation(target *unstructured.Unstructured, key, val string } // GetAppInstanceAnnotation returns the application instance name from annotation -func GetAppInstanceAnnotation(un *unstructured.Unstructured, key string) string { - if annotations := un.GetAnnotations(); annotations != nil { - return annotations[key] +func GetAppInstanceAnnotation(un *unstructured.Unstructured, key string) (string, error) { + // Do not use target.GetAnnotations(), https://github.com/argoproj/argo-cd/issues/13730 + annotations, _, err := unstructured.NestedStringMap(un.Object, "metadata", "annotations") + if err != nil { + return "", err } - return "" + if annotations != nil { + return annotations[key], nil + } + return "", nil } // GetAppInstanceLabel returns the application instance name from labels -func GetAppInstanceLabel(un *unstructured.Unstructured, key string) string { - if labels := un.GetLabels(); labels != nil { - return labels[key] +func GetAppInstanceLabel(un *unstructured.Unstructured, key string) (string, error) { + // Do not use target.GetLabels(), https://github.com/argoproj/argo-cd/issues/13730 + labels, _, err := unstructured.NestedStringMap(un.Object, "metadata", "labels") + if err != nil { + return "", err + } + if labels != nil { + return labels[key], nil } - return "" + return "", nil } // RemoveLabel removes label with the specified name -func RemoveLabel(un *unstructured.Unstructured, key string) { - labels := un.GetLabels() +func RemoveLabel(un *unstructured.Unstructured, key string) error { + // Do not use target.GetLabels(), https://github.com/argoproj/argo-cd/issues/13730 + labels, _, err := unstructured.NestedStringMap(un.Object, "metadata", "labels") + if err != nil { + return err + } if labels == nil { - return + return nil } for k := range labels { @@ -139,4 +161,5 @@ func RemoveLabel(un *unstructured.Unstructured, key string) { break } } + return nil } diff --git a/util/kube/kube_test.go b/util/kube/kube_test.go index 247f4124fac4c..f7fc1607aaa39 100644 --- a/util/kube/kube_test.go +++ b/util/kube/kube_test.go @@ -184,6 +184,17 @@ func TestSetAppInstanceAnnotation(t *testing.T) { assert.Equal(t, "my-app", s.ObjectMeta.Annotations[common.LabelKeyAppInstance]) } +func TestSetAppInstanceAnnotationWithInvalidData(t *testing.T) { + yamlBytes, err := os.ReadFile("testdata/svc-with-invalid-data.yaml") + assert.Nil(t, err) + var obj unstructured.Unstructured + err = yaml.Unmarshal(yamlBytes, &obj) + assert.Nil(t, err) + err = SetAppInstanceAnnotation(&obj, common.LabelKeyAppInstance, "my-app") + assert.Error(t, err) + assert.Equal(t, ".metadata.annotations accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) +} + func TestGetAppInstanceAnnotation(t *testing.T) { yamlBytes, err := os.ReadFile("testdata/svc.yaml") assert.Nil(t, err) @@ -193,7 +204,21 @@ func TestGetAppInstanceAnnotation(t *testing.T) { err = SetAppInstanceAnnotation(&obj, common.LabelKeyAppInstance, "my-app") assert.Nil(t, err) - assert.Equal(t, "my-app", GetAppInstanceAnnotation(&obj, common.LabelKeyAppInstance)) + annotation, err := GetAppInstanceAnnotation(&obj, common.LabelKeyAppInstance) + assert.Nil(t, err) + assert.Equal(t, "my-app", annotation) +} + +func TestGetAppInstanceAnnotationWithInvalidData(t *testing.T) { + yamlBytes, err := os.ReadFile("testdata/svc-with-invalid-data.yaml") + assert.Nil(t, err) + var obj unstructured.Unstructured + err = yaml.Unmarshal(yamlBytes, &obj) + assert.Nil(t, err) + + _, err = GetAppInstanceAnnotation(&obj, "valid-annotation") + assert.Error(t, err) + assert.Equal(t, ".metadata.annotations accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) } func TestGetAppInstanceLabel(t *testing.T) { @@ -204,7 +229,20 @@ func TestGetAppInstanceLabel(t *testing.T) { assert.Nil(t, err) err = SetAppInstanceLabel(&obj, common.LabelKeyAppInstance, "my-app") assert.Nil(t, err) - assert.Equal(t, "my-app", GetAppInstanceLabel(&obj, common.LabelKeyAppInstance)) + label, err := GetAppInstanceLabel(&obj, common.LabelKeyAppInstance) + assert.Nil(t, err) + assert.Equal(t, "my-app", label) +} + +func TestGetAppInstanceLabelWithInvalidData(t *testing.T) { + yamlBytes, err := os.ReadFile("testdata/svc-with-invalid-data.yaml") + assert.Nil(t, err) + var obj unstructured.Unstructured + err = yaml.Unmarshal(yamlBytes, &obj) + assert.Nil(t, err) + _, err = GetAppInstanceLabel(&obj, "valid-label") + assert.Error(t, err) + assert.Equal(t, ".metadata.labels accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) } func TestRemoveLabel(t *testing.T) { @@ -215,7 +253,20 @@ func TestRemoveLabel(t *testing.T) { assert.Nil(t, err) obj.SetLabels(map[string]string{"test": "value"}) - RemoveLabel(&obj, "test") + err = RemoveLabel(&obj, "test") + assert.Nil(t, err) assert.Nil(t, obj.GetLabels()) } + +func TestRemoveLabelWithInvalidData(t *testing.T) { + yamlBytes, err := os.ReadFile("testdata/svc-with-invalid-data.yaml") + assert.Nil(t, err) + var obj unstructured.Unstructured + err = yaml.Unmarshal(yamlBytes, &obj) + assert.Nil(t, err) + + err = RemoveLabel(&obj, "valid-label") + assert.Error(t, err) + assert.Equal(t, ".metadata.labels accessor error: contains non-string key in the map: is of the type , expected string", err.Error()) +} diff --git a/util/kube/testdata/svc-with-invalid-data.yaml b/util/kube/testdata/svc-with-invalid-data.yaml new file mode 100644 index 0000000000000..bdae0d671131a --- /dev/null +++ b/util/kube/testdata/svc-with-invalid-data.yaml @@ -0,0 +1,17 @@ +kind: Service +apiVersion: v1 +metadata: + name: my-service + annotations: + valid-annotation: existing-value + invalid-annotation: null + labels: + valid-label: existing-value + invalid-label: null +spec: + selector: + app: MyApp + ports: + - protocol: TCP + port: 80 + targetPort: 9376 From 43c8d62362fd3ba4cc301be808cff4528fe344ba Mon Sep 17 00:00:00 2001 From: James Harris Date: Mon, 29 May 2023 05:20:13 +1000 Subject: [PATCH 044/252] Implement Proclaim CRD health checks. (#12930) Signed-off-by: James Harris Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .../DNSSDServiceInstance/health.lua | 29 +++++++++++++++ .../DNSSDServiceInstance/health_test.yaml | 29 +++++++++++++++ .../testdata/degraded_advertiseError.yaml | 35 +++++++++++++++++++ .../testdata/degraded_notAdopted.yaml | 35 +++++++++++++++++++ .../testdata/degraded_unadvertiseError.yaml | 35 +++++++++++++++++++ .../testdata/healthy.yaml | 35 +++++++++++++++++++ .../testdata/progressing_negativeBrowse.yaml | 35 +++++++++++++++++++ .../testdata/progressing_negativeLookup.yaml | 35 +++++++++++++++++++ .../testdata/unknown_discoveryError.yaml | 35 +++++++++++++++++++ 9 files changed, 303 insertions(+) create mode 100644 resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health.lua create mode 100644 resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health_test.yaml create mode 100644 resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_advertiseError.yaml create mode 100644 resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_notAdopted.yaml create mode 100644 resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_unadvertiseError.yaml create mode 100644 resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/healthy.yaml create mode 100644 resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeBrowse.yaml create mode 100644 resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeLookup.yaml create mode 100644 resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/unknown_discoveryError.yaml diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health.lua b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health.lua new file mode 100644 index 0000000000000..ca1e046c001ef --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health.lua @@ -0,0 +1,29 @@ +adopted = { status = "Unknown" } +advertised = { status = "Unknown" } +discovered = { status = "Unknown" } + +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, c in ipairs(obj.status.conditions) do + if c.type == "Adopted" then + adopted = c + elseif c.type == "Advertised" then + advertised = c + elseif c.type == "Discoverable" then + discovered = c + end + end + end +end + +if adopted.status == "False" then + return { status = "Degraded", message = adopted.message } +elseif advertised.reason == "AdvertiseError" or advertised.reason == "UnadvertiseError" then + return { status = "Degraded", message = advertised.message } +elseif discovered.reason == "DiscoveryError" then + return { status = "Unknown", message = discovered.message } +elseif discovered.status == "True" then + return { status = "Healthy", message = discovered.message } +else + return { status = "Progressing", message = discovered.message } +end diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health_test.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health_test.yaml new file mode 100644 index 0000000000000..1b9b30cf2e44b --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/health_test.yaml @@ -0,0 +1,29 @@ +tests: + - healthStatus: + status: Healthy + message: DNS-SD browse and lookup results match the advertised DNS records + inputPath: testdata/healthy.yaml + - healthStatus: + status: Progressing + message: DNS-SD browse could not find this instance + inputPath: testdata/progressing_negativeBrowse.yaml + - healthStatus: + status: Progressing + message: DNS-SD lookup could not find this instance + inputPath: testdata/progressing_negativeLookup.yaml + - healthStatus: + status: Degraded + message: none of the configured providers can advertise on "example.org" + inputPath: testdata/degraded_notAdopted.yaml + - healthStatus: + status: Degraded + message: "" + inputPath: testdata/degraded_advertiseError.yaml + - healthStatus: + status: Degraded + message: "" + inputPath: testdata/degraded_unadvertiseError.yaml + - healthStatus: + status: Unknown + message: "" + inputPath: testdata/unknown_discoveryError.yaml diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_advertiseError.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_advertiseError.yaml new file mode 100644 index 0000000000000..905b2e9194e8b --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_advertiseError.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: "" + observedGeneration: 2 + reason: AdvertiseError + status: "False" + type: Advertised diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_notAdopted.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_notAdopted.yaml new file mode 100644 index 0000000000000..efccdb2c3f247 --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_notAdopted.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: none of the configured providers can advertise on "example.org" + observedGeneration: 2 + reason: InstanceIgnored + status: "False" + type: Adopted diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_unadvertiseError.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_unadvertiseError.yaml new file mode 100644 index 0000000000000..552eadbe702cc --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/degraded_unadvertiseError.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: "" + observedGeneration: 2 + reason: UnadvertiseError + status: "False" + type: Advertised diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/healthy.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/healthy.yaml new file mode 100644 index 0000000000000..f8ad890b9f934 --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/healthy.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: DNS-SD browse and lookup results match the advertised DNS records + observedGeneration: 2 + reason: Discovered + status: "True" + type: Discoverable diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeBrowse.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeBrowse.yaml new file mode 100644 index 0000000000000..e34e6c18f853a --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeBrowse.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: DNS-SD browse could not find this instance + observedGeneration: 2 + reason: NegativeBrowseResult + status: "False" + type: Discoverable diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeLookup.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeLookup.yaml new file mode 100644 index 0000000000000..a563e7c9c40ca --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/progressing_negativeLookup.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: DNS-SD lookup could not find this instance + observedGeneration: 2 + reason: NegativeLookupResult + status: "False" + type: Discoverable diff --git a/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/unknown_discoveryError.yaml b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/unknown_discoveryError.yaml new file mode 100644 index 0000000000000..c6139a504c3ff --- /dev/null +++ b/resource_customizations/proclaim.dogmatiq.io/DNSSDServiceInstance/testdata/unknown_discoveryError.yaml @@ -0,0 +1,35 @@ +apiVersion: proclaim.dogmatiq.io/v1 +kind: DNSSDServiceInstance +metadata: + creationTimestamp: "2023-03-20T01:47:37Z" + finalizers: + - proclaim.dogmatiq.io/unadvertise + generation: 2 + name: test-instance + namespace: proclaim + resourceVersion: "308914" + uid: 991a66a3-9b7e-4515-9a41-f7513e9b7b33 +spec: + instance: + attributes: + - baz: qux + flag: "" + foo: bar + - more: attrs + domain: example.org + name: test-instance + serviceType: _proclaim._tcp + targets: + - host: test.example.org + port: 8080 + priority: 0 + weight: 0 + ttl: 1m0s +status: + conditions: + - lastTransitionTime: "2023-03-20T01:47:40Z" + message: "" + observedGeneration: 2 + reason: DiscoveryError + status: "Unknown" + type: Discoverable From cd05e6809fb9ba8a8f16c305761d52a606f18785 Mon Sep 17 00:00:00 2001 From: Divyang Patel Date: Mon, 29 May 2023 05:39:21 +1000 Subject: [PATCH 045/252] docs: Update disaster_recovery.md to reflect quay.io as docker container registry (#13520) ArgoCD docker images are being used from `quay.io` registry. Updated document to reflect that in the `bash` commands. Signed-off-by: Divyang Patel --- docs/operator-manual/disaster_recovery.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/operator-manual/disaster_recovery.md b/docs/operator-manual/disaster_recovery.md index 6bb52847d978a..97d2868051d65 100644 --- a/docs/operator-manual/disaster_recovery.md +++ b/docs/operator-manual/disaster_recovery.md @@ -15,13 +15,13 @@ export VERSION=v1.0.1 Export to a backup: ```bash -docker run -v ~/.kube:/home/argocd/.kube --rm argoproj/argocd:$VERSION argocd admin export > backup.yaml +docker run -v ~/.kube:/home/argocd/.kube --rm quay.io/argoproj/argocd:$VERSION argocd admin export > backup.yaml ``` Import from a backup: ```bash -docker run -i -v ~/.kube:/home/argocd/.kube --rm argoproj/argocd:$VERSION argocd admin import - < backup.yaml +docker run -i -v ~/.kube:/home/argocd/.kube --rm quay.io/argoproj/argocd:$VERSION argocd admin import - < backup.yaml ``` !!! note From d839933f0a43b3fd36463dc6d028a2938dfe816e Mon Sep 17 00:00:00 2001 From: Samir-NT <133138781+Samir-NT@users.noreply.github.com> Date: Sun, 28 May 2023 21:49:30 +0200 Subject: [PATCH 046/252] docs: update openunison authChainName (#13531) Signed-off-by: Samir-NT <133138781+Samir-NT@users.noreply.github.com> --- docs/operator-manual/user-management/openunison.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/user-management/openunison.md b/docs/operator-manual/user-management/openunison.md index 469d85f14935b..fecaafd074aa1 100644 --- a/docs/operator-manual/user-management/openunison.md +++ b/docs/operator-manual/user-management/openunison.md @@ -19,7 +19,7 @@ metadata: spec: accessTokenSkewMillis: 120000 accessTokenTimeToLive: 1200000 - authChainName: LoginService + authChainName: login-service clientId: argocd codeLastMileKeyName: lastmile-oidc codeTokenSkewMilis: 60000 From 9cb8fdaec13a3133344d60fdaa1d46be69e87844 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 28 May 2023 15:52:24 -0400 Subject: [PATCH 047/252] chore(deps-dev): bump webpack from 5.70.0 to 5.84.1 in /ui (#13750) Bumps [webpack](https://github.com/webpack/webpack) from 5.70.0 to 5.84.1. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.70.0...v5.84.1) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- ui/package.json | 2 +- ui/yarn.lock | 387 +++++++++++++++++++++++------------------------- 2 files changed, 187 insertions(+), 202 deletions(-) diff --git a/ui/package.json b/ui/package.json index 19c31bdccf7bf..1a414729f960c 100644 --- a/ui/package.json +++ b/ui/package.json @@ -116,7 +116,7 @@ "tslint-plugin-prettier": "^2.0.1", "tslint-react": "^5.0.0", "typescript": "^4.9.5", - "webpack": "^5.70.0", + "webpack": "^5.84.1", "webpack-cli": "^4.9.2", "webpack-dev-server": "^4.7.4", "yarn": "^1.22.10" diff --git a/ui/yarn.lock b/ui/yarn.lock index 94ebeb0d7f237..789a99a74c767 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -1407,7 +1407,7 @@ "@jridgewell/sourcemap-codec" "^1.4.10" "@jridgewell/trace-mapping" "^0.3.9" -"@jridgewell/resolve-uri@^3.0.3": +"@jridgewell/resolve-uri@3.1.0", "@jridgewell/resolve-uri@^3.0.3": version "3.1.0" resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz#2203b118c157721addfe69d47b70465463066d78" integrity sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w== @@ -1425,7 +1425,7 @@ "@jridgewell/gen-mapping" "^0.3.0" "@jridgewell/trace-mapping" "^0.3.9" -"@jridgewell/sourcemap-codec@^1.4.10": +"@jridgewell/sourcemap-codec@1.4.14", "@jridgewell/sourcemap-codec@^1.4.10": version "1.4.14" resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24" integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw== @@ -1438,6 +1438,14 @@ "@jridgewell/resolve-uri" "^3.0.3" "@jridgewell/sourcemap-codec" "^1.4.10" +"@jridgewell/trace-mapping@^0.3.17": + version "0.3.18" + resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.18.tgz#25783b2086daf6ff1dcb53c9249ae480e4dd4cd6" + integrity sha512-w+niJYzMHdd7USdiH2U6869nqhD2nbfZXND5Yp93qIbEmnDNk7PD48o+YchRVpzMU7M6jVCbenTR7PA1FLQ9pA== + dependencies: + "@jridgewell/resolve-uri" "3.1.0" + "@jridgewell/sourcemap-codec" "1.4.14" + "@jridgewell/trace-mapping@^0.3.9": version "0.3.14" resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.14.tgz#b231a081d8f66796e475ad588a1ef473112701ed" @@ -1689,10 +1697,10 @@ "@types/estree" "*" "@types/json-schema" "*" -"@types/estree@*", "@types/estree@^0.0.51": - version "0.0.51" - resolved "https://registry.yarnpkg.com/@types/estree/-/estree-0.0.51.tgz#cfd70924a25a3fd32b218e5e420e6897e1ac4f40" - integrity sha512-CuPgU6f3eT/XgKKPqKd/gLZV1Xmvf1a2R5POBOGQa6uv82xpls89HU5zKeVoyR8XzHd1RGNOlQlvUe3CFkjWNQ== +"@types/estree@*", "@types/estree@^1.0.0": + version "1.0.1" + resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.1.tgz#aa22750962f3bf0e79d753d3cc067f010c95f194" + integrity sha512-LG4opVs2ANWZ1TJoKc937iMmNstM/d0ae1vNbnBvBhqCSezgVUOzcLCqbI5elV8Vy6WKwKjaqR+zO9VKirBBCA== "@types/express-serve-static-core@*", "@types/express-serve-static-core@^4.17.18": version "4.17.28" @@ -2021,125 +2029,125 @@ dependencies: "@types/yargs-parser" "*" -"@webassemblyjs/ast@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.11.1.tgz#2bfd767eae1a6996f432ff7e8d7fc75679c0b6a7" - integrity sha512-ukBh14qFLjxTQNTXocdyksN5QdM28S1CxHt2rdskFyL+xFV7VremuBLVbmCePj+URalXBENx/9Lm7lnhihtCSw== +"@webassemblyjs/ast@1.11.6", "@webassemblyjs/ast@^1.11.5": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.11.6.tgz#db046555d3c413f8966ca50a95176a0e2c642e24" + integrity sha512-IN1xI7PwOvLPgjcf180gC1bqn3q/QaOCwYUahIOhbYUu8KA/3tw2RT/T0Gidi1l7Hhj5D/INhJxiICObqpMu4Q== dependencies: - "@webassemblyjs/helper-numbers" "1.11.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.1" + "@webassemblyjs/helper-numbers" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" -"@webassemblyjs/floating-point-hex-parser@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.1.tgz#f6c61a705f0fd7a6aecaa4e8198f23d9dc179e4f" - integrity sha512-iGRfyc5Bq+NnNuX8b5hwBrRjzf0ocrJPI6GWFodBFzmFnyvrQ83SHKhmilCU/8Jv67i4GJZBMhEzltxzcNagtQ== +"@webassemblyjs/floating-point-hex-parser@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz#dacbcb95aff135c8260f77fa3b4c5fea600a6431" + integrity sha512-ejAj9hfRJ2XMsNHk/v6Fu2dGS+i4UaXBXGemOfQ/JfQ6mdQg/WXtwleQRLLS4OvfDhv8rYnVwH27YJLMyYsxhw== -"@webassemblyjs/helper-api-error@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.1.tgz#1a63192d8788e5c012800ba6a7a46c705288fd16" - integrity sha512-RlhS8CBCXfRUR/cwo2ho9bkheSXG0+NwooXcc3PAILALf2QLdFyj7KGsKRbVc95hZnhnERon4kW/D3SZpp6Tcg== +"@webassemblyjs/helper-api-error@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz#6132f68c4acd59dcd141c44b18cbebbd9f2fa768" + integrity sha512-o0YkoP4pVu4rN8aTJgAyj9hC2Sv5UlkzCHhxqWj8butaLvnpdc2jOwh4ewE6CX0txSfLn/UYaV/pheS2Txg//Q== -"@webassemblyjs/helper-buffer@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.1.tgz#832a900eb444884cde9a7cad467f81500f5e5ab5" - integrity sha512-gwikF65aDNeeXa8JxXa2BAk+REjSyhrNC9ZwdT0f8jc4dQQeDQ7G4m0f2QCLPJiMTTO6wfDmRmj/pW0PsUvIcA== +"@webassemblyjs/helper-buffer@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.6.tgz#b66d73c43e296fd5e88006f18524feb0f2c7c093" + integrity sha512-z3nFzdcp1mb8nEOFFk8DrYLpHvhKC3grJD2ardfKOzmbmJvEf/tPIqCY+sNcwZIY8ZD7IkB2l7/pqhUhqm7hLA== -"@webassemblyjs/helper-numbers@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.1.tgz#64d81da219fbbba1e3bd1bfc74f6e8c4e10a62ae" - integrity sha512-vDkbxiB8zfnPdNK9Rajcey5C0w+QJugEglN0of+kmO8l7lDb77AnlKYQF7aarZuCrv+l0UvqL+68gSDr3k9LPQ== +"@webassemblyjs/helper-numbers@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz#cbce5e7e0c1bd32cf4905ae444ef64cea919f1b5" + integrity sha512-vUIhZ8LZoIWHBohiEObxVm6hwP034jwmc9kuq5GdHZH0wiLVLIPcMCdpJzG4C11cHoQ25TFIQj9kaVADVX7N3g== dependencies: - "@webassemblyjs/floating-point-hex-parser" "1.11.1" - "@webassemblyjs/helper-api-error" "1.11.1" + "@webassemblyjs/floating-point-hex-parser" "1.11.6" + "@webassemblyjs/helper-api-error" "1.11.6" "@xtuc/long" "4.2.2" -"@webassemblyjs/helper-wasm-bytecode@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.1.tgz#f328241e41e7b199d0b20c18e88429c4433295e1" - integrity sha512-PvpoOGiJwXeTrSf/qfudJhwlvDQxFgelbMqtq52WWiXC6Xgg1IREdngmPN3bs4RoO83PnL/nFrxucXj1+BX62Q== +"@webassemblyjs/helper-wasm-bytecode@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz#bb2ebdb3b83aa26d9baad4c46d4315283acd51e9" + integrity sha512-sFFHKwcmBprO9e7Icf0+gddyWYDViL8bpPjJJl0WHxCdETktXdmtWLGVzoHbqUcY4Be1LkNfwTmXOJUFZYSJdA== -"@webassemblyjs/helper-wasm-section@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.1.tgz#21ee065a7b635f319e738f0dd73bfbda281c097a" - integrity sha512-10P9No29rYX1j7F3EVPX3JvGPQPae+AomuSTPiF9eBQeChHI6iqjMIwR9JmOJXwpnn/oVGDk7I5IlskuMwU/pg== +"@webassemblyjs/helper-wasm-section@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.6.tgz#ff97f3863c55ee7f580fd5c41a381e9def4aa577" + integrity sha512-LPpZbSOwTpEC2cgn4hTydySy1Ke+XEu+ETXuoyvuyezHO3Kjdu90KK95Sh9xTbmjrCsUwvWwCOQQNta37VrS9g== dependencies: - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/helper-buffer" "1.11.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.1" - "@webassemblyjs/wasm-gen" "1.11.1" + "@webassemblyjs/ast" "1.11.6" + "@webassemblyjs/helper-buffer" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/wasm-gen" "1.11.6" -"@webassemblyjs/ieee754@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.11.1.tgz#963929e9bbd05709e7e12243a099180812992614" - integrity sha512-hJ87QIPtAMKbFq6CGTkZYJivEwZDbQUgYd3qKSadTNOhVY7p+gfP6Sr0lLRVTaG1JjFj+r3YchoqRYxNH3M0GQ== +"@webassemblyjs/ieee754@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz#bb665c91d0b14fffceb0e38298c329af043c6e3a" + integrity sha512-LM4p2csPNvbij6U1f19v6WR56QZ8JcHg3QIJTlSwzFcmx6WSORicYj6I63f9yU1kEUtrpG+kjkiIAkevHpDXrg== dependencies: "@xtuc/ieee754" "^1.2.0" -"@webassemblyjs/leb128@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.11.1.tgz#ce814b45574e93d76bae1fb2644ab9cdd9527aa5" - integrity sha512-BJ2P0hNZ0u+Th1YZXJpzW6miwqQUGcIHT1G/sf72gLVD9DZ5AdYTqPNbHZh6K1M5VmKvFXwGSWZADz+qBWxeRw== +"@webassemblyjs/leb128@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.11.6.tgz#70e60e5e82f9ac81118bc25381a0b283893240d7" + integrity sha512-m7a0FhE67DQXgouf1tbN5XQcdWoNgaAuoULHIfGFIEVKA6tu/edls6XnIlkmS6FrXAquJRPni3ZZKjw6FSPjPQ== dependencies: "@xtuc/long" "4.2.2" -"@webassemblyjs/utf8@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.11.1.tgz#d1f8b764369e7c6e6bae350e854dec9a59f0a3ff" - integrity sha512-9kqcxAEdMhiwQkHpkNiorZzqpGrodQQ2IGrHHxCy+Ozng0ofyMA0lTqiLkVs1uzTRejX+/O0EOT7KxqVPuXosQ== - -"@webassemblyjs/wasm-edit@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.1.tgz#ad206ebf4bf95a058ce9880a8c092c5dec8193d6" - integrity sha512-g+RsupUC1aTHfR8CDgnsVRVZFJqdkFHpsHMfJuWQzWU3tvnLC07UqHICfP+4XyL2tnr1amvl1Sdp06TnYCmVkA== - dependencies: - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/helper-buffer" "1.11.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.1" - "@webassemblyjs/helper-wasm-section" "1.11.1" - "@webassemblyjs/wasm-gen" "1.11.1" - "@webassemblyjs/wasm-opt" "1.11.1" - "@webassemblyjs/wasm-parser" "1.11.1" - "@webassemblyjs/wast-printer" "1.11.1" - -"@webassemblyjs/wasm-gen@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.1.tgz#86c5ea304849759b7d88c47a32f4f039ae3c8f76" - integrity sha512-F7QqKXwwNlMmsulj6+O7r4mmtAlCWfO/0HdgOxSklZfQcDu0TpLiD1mRt/zF25Bk59FIjEuGAIyn5ei4yMfLhA== - dependencies: - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.1" - "@webassemblyjs/ieee754" "1.11.1" - "@webassemblyjs/leb128" "1.11.1" - "@webassemblyjs/utf8" "1.11.1" - -"@webassemblyjs/wasm-opt@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.1.tgz#657b4c2202f4cf3b345f8a4c6461c8c2418985f2" - integrity sha512-VqnkNqnZlU5EB64pp1l7hdm3hmQw7Vgqa0KF/KCNO9sIpI6Fk6brDEiX+iCOYrvMuBWDws0NkTOxYEb85XQHHw== - dependencies: - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/helper-buffer" "1.11.1" - "@webassemblyjs/wasm-gen" "1.11.1" - "@webassemblyjs/wasm-parser" "1.11.1" - -"@webassemblyjs/wasm-parser@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.1.tgz#86ca734534f417e9bd3c67c7a1c75d8be41fb199" - integrity sha512-rrBujw+dJu32gYB7/Lup6UhdkPx9S9SnobZzRVL7VcBH9Bt9bCBLEuX/YXOOtBsOZ4NQrRykKhffRWHvigQvOA== - dependencies: - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/helper-api-error" "1.11.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.1" - "@webassemblyjs/ieee754" "1.11.1" - "@webassemblyjs/leb128" "1.11.1" - "@webassemblyjs/utf8" "1.11.1" - -"@webassemblyjs/wast-printer@1.11.1": - version "1.11.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.11.1.tgz#d0c73beda8eec5426f10ae8ef55cee5e7084c2f0" - integrity sha512-IQboUWM4eKzWW+N/jij2sRatKMh99QEelo3Eb2q0qXkvPRISAj8Qxtmw5itwqK+TTkBuUIE45AxYPToqPtL5gg== - dependencies: - "@webassemblyjs/ast" "1.11.1" +"@webassemblyjs/utf8@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.11.6.tgz#90f8bc34c561595fe156603be7253cdbcd0fab5a" + integrity sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA== + +"@webassemblyjs/wasm-edit@^1.11.5": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.6.tgz#c72fa8220524c9b416249f3d94c2958dfe70ceab" + integrity sha512-Ybn2I6fnfIGuCR+Faaz7YcvtBKxvoLV3Lebn1tM4o/IAJzmi9AWYIPWpyBfU8cC+JxAO57bk4+zdsTjJR+VTOw== + dependencies: + "@webassemblyjs/ast" "1.11.6" + "@webassemblyjs/helper-buffer" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/helper-wasm-section" "1.11.6" + "@webassemblyjs/wasm-gen" "1.11.6" + "@webassemblyjs/wasm-opt" "1.11.6" + "@webassemblyjs/wasm-parser" "1.11.6" + "@webassemblyjs/wast-printer" "1.11.6" + +"@webassemblyjs/wasm-gen@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.6.tgz#fb5283e0e8b4551cc4e9c3c0d7184a65faf7c268" + integrity sha512-3XOqkZP/y6B4F0PBAXvI1/bky7GryoogUtfwExeP/v7Nzwo1QLcq5oQmpKlftZLbT+ERUOAZVQjuNVak6UXjPA== + dependencies: + "@webassemblyjs/ast" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/ieee754" "1.11.6" + "@webassemblyjs/leb128" "1.11.6" + "@webassemblyjs/utf8" "1.11.6" + +"@webassemblyjs/wasm-opt@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.6.tgz#d9a22d651248422ca498b09aa3232a81041487c2" + integrity sha512-cOrKuLRE7PCe6AsOVl7WasYf3wbSo4CeOk6PkrjS7g57MFfVUF9u6ysQBBODX0LdgSvQqRiGz3CXvIDKcPNy4g== + dependencies: + "@webassemblyjs/ast" "1.11.6" + "@webassemblyjs/helper-buffer" "1.11.6" + "@webassemblyjs/wasm-gen" "1.11.6" + "@webassemblyjs/wasm-parser" "1.11.6" + +"@webassemblyjs/wasm-parser@1.11.6", "@webassemblyjs/wasm-parser@^1.11.5": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.6.tgz#bb85378c527df824004812bbdb784eea539174a1" + integrity sha512-6ZwPeGzMJM3Dqp3hCsLgESxBGtT/OeCvCZ4TA1JUPYgmhAx38tTPR9JaKy0S5H3evQpO/h2uWs2j6Yc/fjkpTQ== + dependencies: + "@webassemblyjs/ast" "1.11.6" + "@webassemblyjs/helper-api-error" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/ieee754" "1.11.6" + "@webassemblyjs/leb128" "1.11.6" + "@webassemblyjs/utf8" "1.11.6" + +"@webassemblyjs/wast-printer@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.11.6.tgz#a7bf8dd7e362aeb1668ff43f35cb849f188eff20" + integrity sha512-JM7AhRcE+yW2GWYaKeHL5vt4xqee5N2WcezptmgyhNS+ScggqcT1OtXykhAb13Sn5Yas0j2uv9tHgrjwvzAP4A== + dependencies: + "@webassemblyjs/ast" "1.11.6" "@xtuc/long" "4.2.2" "@webpack-cli/configtest@^1.1.1": @@ -2190,10 +2198,10 @@ acorn-globals@^6.0.0: acorn "^7.1.1" acorn-walk "^7.1.1" -acorn-import-assertions@^1.7.6: - version "1.8.0" - resolved "https://registry.yarnpkg.com/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz#ba2b5939ce62c238db6d93d81c9b111b29b855e9" - integrity sha512-m7VZ3jwz4eK6A4Vtt8Ew1/mNbP24u0FhdyfA7fSvnJR6LMdfOYnmuIrrJAgrYfYJ10F/otaHTtrtrtmHdMNzEw== +acorn-import-assertions@^1.9.0: + version "1.9.0" + resolved "https://registry.yarnpkg.com/acorn-import-assertions/-/acorn-import-assertions-1.9.0.tgz#507276249d684797c84e0734ef84860334cfb1ac" + integrity sha512-cmMwop9x+8KFhxvKrKfPYmN6/pKTYYHBqLa0DfvVZcKMJWNyWLnaqND7dx/qn66R7ewM1UX5XMaDVP5wlVTaVA== acorn-walk@^7.1.1: version "7.2.0" @@ -2210,10 +2218,10 @@ acorn@^7.1.1: resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.1.tgz#feaed255973d2e77555b83dbc08851a6c63520fa" integrity sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A== -acorn@^8.2.4, acorn@^8.4.1, acorn@^8.5.0: - version "8.7.1" - resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.7.1.tgz#0197122c843d1bf6d0a5e83220a788f278f63c30" - integrity sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A== +acorn@^8.2.4, acorn@^8.4.1, acorn@^8.5.0, acorn@^8.7.1: + version "8.8.2" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.8.2.tgz#1b2f25db02af965399b9776b0c2c391276d37c4a" + integrity sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw== add@^2.0.6: version "2.0.6" @@ -2772,7 +2780,7 @@ browser-process-hrtime@^1.0.0: resolved "https://registry.yarnpkg.com/browser-process-hrtime/-/browser-process-hrtime-1.0.0.tgz#3c9b4b7d782c8121e56f10106d84c0d0ffc94626" integrity sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow== -browserslist@^4.14.5, browserslist@^4.17.5: +browserslist@^4.14.5, browserslist@^4.16.6, browserslist@^4.17.5, browserslist@^4.6.0: version "4.20.2" resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.20.2.tgz#567b41508757ecd904dab4d1c646c612cd3d4f88" integrity sha512-CQOBCqp/9pDvDbx3xfMi+86pr4KXIf2FDkTTdeuYw8OxS9t898LA1Khq57gtufFILXpfgsSx5woNgsBgvGjpsA== @@ -2783,17 +2791,6 @@ browserslist@^4.14.5, browserslist@^4.17.5: node-releases "^2.0.2" picocolors "^1.0.0" -browserslist@^4.16.6, browserslist@^4.6.0: - version "4.16.6" - resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.16.6.tgz#d7901277a5a88e554ed305b183ec9b0c08f66fa2" - integrity sha512-Wspk/PqO+4W9qp5iUTJsa1B/QrYn1keNCcEP5OvP7WBwT4KaDly0uONYmC6Xa3Z5IqnUgS0KcgLYu1l74x0ZXQ== - dependencies: - caniuse-lite "^1.0.30001219" - colorette "^1.2.2" - electron-to-chromium "^1.3.723" - escalade "^3.1.1" - node-releases "^1.1.71" - bs-logger@0.x: version "0.2.6" resolved "https://registry.yarnpkg.com/bs-logger/-/bs-logger-0.2.6.tgz#eb7d365307a72cf974cc6cda76b68354ad336bd8" @@ -2915,11 +2912,6 @@ camelcase@^6.2.0: resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-6.3.0.tgz#5685b95eb209ac9c0c177467778c9c84df58ba9a" integrity sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA== -caniuse-lite@^1.0.30001219: - version "1.0.30001243" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001243.tgz#d9250155c91e872186671c523f3ae50cfc94a3aa" - integrity sha512-vNxw9mkTBtkmLFnJRv/2rhs1yufpDfCkBZexG3Y0xdOH2Z/eE/85E4Dl5j1YUN34nZVsSp6vVRFQRrez9wJMRA== - caniuse-lite@^1.0.30001317: version "1.0.30001319" resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001319.tgz#eb4da4eb3ecdd409f7ba1907820061d56096e88f" @@ -3792,11 +3784,6 @@ ee-first@1.1.1: resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== -electron-to-chromium@^1.3.723: - version "1.3.772" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.772.tgz#fd1ed39f9f3149f62f581734e4f026e600369479" - integrity sha512-X/6VRCXWALzdX+RjCtBU6cyg8WZgoxm9YA02COmDOiNJEZ59WkQggDbWZ4t/giHi/3GS+cvdrP6gbLISANAGYA== - electron-to-chromium@^1.4.84: version "1.4.89" resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.89.tgz#33c06592812a17a7131873f4596579084ce33ff8" @@ -3834,10 +3821,10 @@ end-of-stream@^1.1.0: dependencies: once "^1.4.0" -enhanced-resolve@^5.9.2: - version "5.9.2" - resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.9.2.tgz#0224dcd6a43389ebfb2d55efee517e5466772dd9" - integrity sha512-GIm3fQfwLJ8YZx2smuHpBKkXC1yOk+OBEmKckVyL0i/ea8mqDEykK3ld5dgH1QYPNyT/lIllxV2LULnxCHaHkA== +enhanced-resolve@^5.14.1: + version "5.14.1" + resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.14.1.tgz#de684b6803724477a4af5d74ccae5de52c25f6b3" + integrity sha512-Vklwq2vDKtl0y/vtwjSesgJ5MYS7Etuk5txS8VdKL4AOS1aUlD96zqIfsOSLQsdv3xgMRbtkWM8eG9XDfKUPow== dependencies: graceful-fs "^4.2.4" tapable "^2.2.0" @@ -3871,10 +3858,10 @@ es-module-lexer@^0.10.5: resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-0.10.5.tgz#06f76d51fa53b1f78e3bd8bb36dd275eda2fdd53" integrity sha512-+7IwY/kiGAacQfY+YBhKMvEmyAJnw5grTUgjG85Pe7vcUI/6b7pZjZG8nQ7+48YhzEAEqrEgD2dCz/JIK+AYvw== -es-module-lexer@^0.9.0: - version "0.9.3" - resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-0.9.3.tgz#6f13db00cc38417137daf74366f535c8eb438f19" - integrity sha512-1HQ2M2sPtxwnvOvT1ZClHyQDiggdNjURWpY2we6aMKCQiUVxTmVs2UYPLIrD84sS+kMdUwfBSylbJPwNnBrnHQ== +es-module-lexer@^1.2.1: + version "1.2.1" + resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-1.2.1.tgz#ba303831f63e6a394983fde2f97ad77b22324527" + integrity sha512-9978wrXM50Y4rTMmW5kXIC09ZdXQZqkE4mxhwkd8VbzsGkXGPgV4zWuqQJgCEzYngdo2dYDa0l8xhX4fkSwJSg== es6-promise@^3.2.1: version "3.3.1" @@ -6037,12 +6024,12 @@ json-merge-patch@^0.2.3: dependencies: deep-equal "^1.0.0" -json-parse-better-errors@^1.0.1, json-parse-better-errors@^1.0.2: +json-parse-better-errors@^1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz#bb867cfb3450e69107c131d1c514bab3dc8bcaa9" integrity sha512-mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw== -json-parse-even-better-errors@^2.3.0: +json-parse-even-better-errors@^2.3.0, json-parse-even-better-errors@^2.3.1: version "2.3.1" resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz#7c47805a94319928e05777405dc12e1f7a4ee02d" integrity sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w== @@ -6365,24 +6352,17 @@ micromatch@^4.0.4: braces "^3.0.1" picomatch "^2.2.3" -mime-db@1.48.0, "mime-db@>= 1.43.0 < 2": - version "1.48.0" - resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.48.0.tgz#e35b31045dd7eada3aaad537ed88a33afbef2d1d" - integrity sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ== - mime-db@1.52.0: version "1.52.0" resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70" integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== -mime-types@^2.1.12, mime-types@~2.1.17: - version "2.1.31" - resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.31.tgz#a00d76b74317c61f9c2db2218b8e9f8e9c5c9e6b" - integrity sha512-XGZnNzm3QvgKxa8dpzyhFTHmpP3l5YNusmne07VUOXxou9CqUqYa/HBy124RqtVh/O2pECas/MOcsDgpilPOPg== - dependencies: - mime-db "1.48.0" +"mime-db@>= 1.43.0 < 2": + version "1.48.0" + resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.48.0.tgz#e35b31045dd7eada3aaad537ed88a33afbef2d1d" + integrity sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ== -mime-types@^2.1.27, mime-types@^2.1.31, mime-types@~2.1.24, mime-types@~2.1.34: +mime-types@^2.1.12, mime-types@^2.1.27, mime-types@^2.1.31, mime-types@~2.1.17, mime-types@~2.1.24, mime-types@~2.1.34: version "2.1.35" resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a" integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== @@ -6681,11 +6661,6 @@ node-readfiles@^0.2.0: dependencies: es6-promise "^3.2.1" -node-releases@^1.1.71: - version "1.1.73" - resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-1.1.73.tgz#dd4e81ddd5277ff846b80b52bb40c49edf7a7b20" - integrity sha512-uW7fodD6pyW2FZNZnp/Z3hvWKeEW1Y8R1+1CnErE8cXFXzl5blBOoVB41CvMer6P6Q0S5FXDwcHgFd1Wj0U9zg== - node-releases@^2.0.2: version "2.0.2" resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.2.tgz#7139fe71e2f4f11b47d4d2986aaf8c48699e0c01" @@ -8512,10 +8487,10 @@ schema-utils@^2.7.1: ajv "^6.12.4" ajv-keywords "^3.5.2" -schema-utils@^3.1.0, schema-utils@^3.1.1: - version "3.1.1" - resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.1.1.tgz#bc74c4b6b6995c1d88f76a8b77bea7219e0c8281" - integrity sha512-Y5PQxS4ITlC+EahLuXaY86TXfR7Dc5lw294alXOq86JAHCihAIZfqv8nNCWvaEJvaC51uN9hbLGeV0cFBdH+Fw== +schema-utils@^3.1.1, schema-utils@^3.1.2: + version "3.1.2" + resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.1.2.tgz#36c10abca6f7577aeae136c804b0c741edeadc99" + integrity sha512-pvjEHOgWc9OWA/f/DE3ohBWTD6EleVLf7iFUkoSwAxttdBhB9QUebQgxER2kWueOvRJXPHNnyrvvh9eZINB8Eg== dependencies: "@types/json-schema" "^7.0.8" ajv "^6.12.5" @@ -8614,10 +8589,10 @@ serialize-javascript@^5.0.1: dependencies: randombytes "^2.1.0" -serialize-javascript@^6.0.0: - version "6.0.0" - resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.0.tgz#efae5d88f45d7924141da8b5c3a7a7e663fefeb8" - integrity sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag== +serialize-javascript@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.1.tgz#b206efb27c3da0b0ab6b52f48d170b7996458e5c" + integrity sha512-owoXEFjWRllis8/M1Q+Cw5k8ZH40e3zhp/ovX+Xr/vi1qj6QesbyXXViFbpNvWvPNAD62SutwEXavefrLJWj7w== dependencies: randombytes "^2.1.0" @@ -9234,18 +9209,18 @@ terminal-link@^2.0.0: ansi-escapes "^4.2.1" supports-hyperlinks "^2.0.0" -terser-webpack-plugin@^5.1.3: - version "5.3.1" - resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.1.tgz#0320dcc270ad5372c1e8993fabbd927929773e54" - integrity sha512-GvlZdT6wPQKbDNW/GDQzZFg/j4vKU96yl2q6mcUkzKOgW4gwf1Z8cZToUCrz31XHlPWH8MVb1r2tFtdDtTGJ7g== +terser-webpack-plugin@^5.3.7: + version "5.3.9" + resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.9.tgz#832536999c51b46d468067f9e37662a3b96adfe1" + integrity sha512-ZuXsqE07EcggTWQjXUj+Aot/OMcD0bMKGgF63f7UxYcu5/AJF53aIpK1YoP5xR9l6s/Hy2b+t1AM0bLNPRuhwA== dependencies: + "@jridgewell/trace-mapping" "^0.3.17" jest-worker "^27.4.5" schema-utils "^3.1.1" - serialize-javascript "^6.0.0" - source-map "^0.6.1" - terser "^5.7.2" + serialize-javascript "^6.0.1" + terser "^5.16.8" -terser@^5.10.0, terser@^5.7.2: +terser@^5.10.0: version "5.14.2" resolved "https://registry.yarnpkg.com/terser/-/terser-5.14.2.tgz#9ac9f22b06994d736174f4091aa368db896f1c10" integrity sha512-oL0rGeM/WFQCUd0y2QrWxYnq7tfSuKBiqTjRPWrRgB46WD/kiwHwF8T23z78H6Q6kGCuuHcPB+KULHRdxvVGQA== @@ -9255,6 +9230,16 @@ terser@^5.10.0, terser@^5.7.2: commander "^2.20.0" source-map-support "~0.5.20" +terser@^5.16.8: + version "5.17.6" + resolved "https://registry.yarnpkg.com/terser/-/terser-5.17.6.tgz#d810e75e1bb3350c799cd90ebefe19c9412c12de" + integrity sha512-V8QHcs8YuyLkLHsJO5ucyff1ykrLVsR4dNnS//L5Y3NiSXpbK1J+WMVUs67eI0KTxs9JtHhgEQpXQVHlHI92DQ== + dependencies: + "@jridgewell/source-map" "^0.3.2" + acorn "^8.5.0" + commander "^2.20.0" + source-map-support "~0.5.20" + test-exclude@^6.0.0: version "6.0.0" resolved "https://registry.yarnpkg.com/test-exclude/-/test-exclude-6.0.0.tgz#04a8698661d805ea6fa293b6cb9e63ac044ef15e" @@ -9744,10 +9729,10 @@ warning@^4.0.1, warning@^4.0.2: dependencies: loose-envify "^1.0.0" -watchpack@^2.3.1: - version "2.3.1" - resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.3.1.tgz#4200d9447b401156eeca7767ee610f8809bc9d25" - integrity sha512-x0t0JuydIo8qCNctdDrn1OzH/qDzk2+rdCOC3YzumZ42fiMqmQ7T3xQurykYMhYfHaPHTp4ZxAx2NfUo1K6QaA== +watchpack@^2.4.0: + version "2.4.0" + resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.4.0.tgz#fa33032374962c78113f93c7f2fb4c54c9862a5d" + integrity sha512-Lcvm7MGST/4fup+ifyKi2hjyIAwcdI4HRgtvTpIUxBRhB+RFtUh8XtDOxUfctVCnhVi+QQj49i91OyvzkJl6cg== dependencies: glob-to-regexp "^0.4.1" graceful-fs "^4.1.2" @@ -9873,34 +9858,34 @@ webpack-sources@^3.2.3: resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde" integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w== -webpack@^5.70.0: - version "5.70.0" - resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.70.0.tgz#3461e6287a72b5e6e2f4872700bc8de0d7500e6d" - integrity sha512-ZMWWy8CeuTTjCxbeaQI21xSswseF2oNOwc70QSKNePvmxE7XW36i7vpBMYZFAUHPwQiEbNGCEYIOOlyRbdGmxw== +webpack@^5.84.1: + version "5.84.1" + resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.84.1.tgz#d4493acdeca46b26ffc99d86d784cabfeb925a15" + integrity sha512-ZP4qaZ7vVn/K8WN/p990SGATmrL1qg4heP/MrVneczYtpDGJWlrgZv55vxaV2ul885Kz+25MP2kSXkPe3LZfmg== dependencies: "@types/eslint-scope" "^3.7.3" - "@types/estree" "^0.0.51" - "@webassemblyjs/ast" "1.11.1" - "@webassemblyjs/wasm-edit" "1.11.1" - "@webassemblyjs/wasm-parser" "1.11.1" - acorn "^8.4.1" - acorn-import-assertions "^1.7.6" + "@types/estree" "^1.0.0" + "@webassemblyjs/ast" "^1.11.5" + "@webassemblyjs/wasm-edit" "^1.11.5" + "@webassemblyjs/wasm-parser" "^1.11.5" + acorn "^8.7.1" + acorn-import-assertions "^1.9.0" browserslist "^4.14.5" chrome-trace-event "^1.0.2" - enhanced-resolve "^5.9.2" - es-module-lexer "^0.9.0" + enhanced-resolve "^5.14.1" + es-module-lexer "^1.2.1" eslint-scope "5.1.1" events "^3.2.0" glob-to-regexp "^0.4.1" graceful-fs "^4.2.9" - json-parse-better-errors "^1.0.2" + json-parse-even-better-errors "^2.3.1" loader-runner "^4.2.0" mime-types "^2.1.27" neo-async "^2.6.2" - schema-utils "^3.1.0" + schema-utils "^3.1.2" tapable "^2.1.1" - terser-webpack-plugin "^5.1.3" - watchpack "^2.3.1" + terser-webpack-plugin "^5.3.7" + watchpack "^2.4.0" webpack-sources "^3.2.3" websocket-driver@>=0.5.1: From 1de8f94cdc1edaa5f3c3b8ef7818c260a3a26075 Mon Sep 17 00:00:00 2001 From: Christoph Girstenbrei Date: Mon, 29 May 2023 03:34:15 +0200 Subject: [PATCH 048/252] feat(appset): Implement additional values and their interpolation for Git and SCM generators (#10751) (#10754) * Factor out value interpolation Signed-off-by: Christoph Girstenbrei * Pass on useGoTemplate directly Signed-off-by: Christoph Girstenbrei * Add values for git directories & files Interpolate values in git files generator Document git generator value interpolation Signed-off-by: Christoph Girstenbrei * Consolidate value interpolation tests Signed-off-by: Christoph Girstenbrei * Enable multiple testcases for SCM provider test Signed-off-by: Christoph Girstenbrei * Add values to SCM provider & document Signed-off-by: Christoph Girstenbrei * Add merge generator example Signed-off-by: Christoph Girstenbrei * Codegen - run to autogen docs & code Signed-off-by: Christoph Girstenbrei * Re-run codegen Signed-off-by: Christoph Girstenbrei * Re-do codegen Signed-off-by: Christoph Girstenbrei * Note about unsupported nested merge Signed-off-by: Christoph Girstenbrei --------- Signed-off-by: Christoph Girstenbrei Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Christoph Girstenbrei Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- applicationset/generators/cluster.go | 42 +- applicationset/generators/git.go | 23 +- applicationset/generators/git_test.go | 103 +- applicationset/generators/scm_provider.go | 15 +- .../generators/scm_provider_test.go | 147 +- .../generators/value_interpolation.go | 43 + .../generators/value_interpolation_test.go | 125 ++ assets/swagger.json | 14 + .../applicationset/Generators-Git.md | 78 + .../applicationset/Generators-Merge.md | 73 + .../applicationset/Generators-SCM-Provider.md | 44 + manifests/core-install.yaml | 24 + manifests/crds/applicationset-crd.yaml | 24 + manifests/ha/install.yaml | 24 + manifests/install.yaml | 24 + .../v1alpha1/applicationset_types.go | 6 + pkg/apis/application/v1alpha1/generated.pb.go | 1592 ++++++++++------- pkg/apis/application/v1alpha1/generated.proto | 6 + .../application/v1alpha1/openapi_generated.go | 32 + .../v1alpha1/zz_generated.deepcopy.go | 14 + 20 files changed, 1744 insertions(+), 709 deletions(-) create mode 100644 applicationset/generators/value_interpolation.go create mode 100644 applicationset/generators/value_interpolation_test.go diff --git a/applicationset/generators/cluster.go b/applicationset/generators/cluster.go index 6e40391901e7a..589f42d02de84 100644 --- a/applicationset/generators/cluster.go +++ b/applicationset/generators/cluster.go @@ -109,7 +109,7 @@ func (g *ClusterGenerator) GenerateParams( params["nameNormalized"] = cluster.Name params["server"] = cluster.Server - err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet) + err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate) if err != nil { return nil, err } @@ -149,7 +149,7 @@ func (g *ClusterGenerator) GenerateParams( } } - err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet) + err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate) if err != nil { return nil, err } @@ -162,44 +162,6 @@ func (g *ClusterGenerator) GenerateParams( return res, nil } -func appendTemplatedValues(clusterValues map[string]string, params map[string]interface{}, appSet *argoappsetv1alpha1.ApplicationSet) error { - // We create a local map to ensure that we do not fall victim to a billion-laughs attack. We iterate through the - // cluster values map and only replace values in said map if it has already been whitelisted in the params map. - // Once we iterate through all the cluster values we can then safely merge the `tmp` map into the main params map. - tmp := map[string]interface{}{} - - for key, value := range clusterValues { - result, err := replaceTemplatedString(value, params, appSet) - - if err != nil { - return fmt.Errorf("error replacing templated String: %w", err) - } - - if appSet.Spec.GoTemplate { - if tmp["values"] == nil { - tmp["values"] = map[string]string{} - } - tmp["values"].(map[string]string)[key] = result - } else { - tmp[fmt.Sprintf("values.%s", key)] = result - } - } - - for key, value := range tmp { - params[key] = value - } - - return nil -} - -func replaceTemplatedString(value string, params map[string]interface{}, appSet *argoappsetv1alpha1.ApplicationSet) (string, error) { - replacedTmplStr, err := render.Replace(value, params, appSet.Spec.GoTemplate) - if err != nil { - return "", err - } - return replacedTmplStr, nil -} - func (g *ClusterGenerator) getSecretsByClusterName(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) (map[string]corev1.Secret, error) { // List all Clusters: clusterSecretList := &corev1.SecretList{} diff --git a/applicationset/generators/git.go b/applicationset/generators/git.go index 911dc49391f18..3936411117fc1 100644 --- a/applicationset/generators/git.go +++ b/applicationset/generators/git.go @@ -90,7 +90,10 @@ func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoproj requestedApps := g.filterApps(appSetGenerator.Git.Directories, allPaths) - res := g.generateParamsFromApps(requestedApps, appSetGenerator, useGoTemplate) + res, err := g.generateParamsFromApps(requestedApps, appSetGenerator, useGoTemplate) + if err != nil { + return nil, fmt.Errorf("failed to generate params from apps: %w", err) + } return res, nil } @@ -122,7 +125,7 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al for _, path := range allPaths { // A JSON / YAML file path can contain multiple sets of parameters (ie it is an array) - paramsArray, err := g.generateParamsFromGitFile(path, allFiles[path], useGoTemplate, appSetGenerator.Git.PathParamPrefix) + paramsArray, err := g.generateParamsFromGitFile(path, allFiles[path], appSetGenerator.Git.Values, useGoTemplate, appSetGenerator.Git.PathParamPrefix) if err != nil { return nil, fmt.Errorf("unable to process file '%s': %v", path, err) } @@ -132,7 +135,7 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al return res, nil } -func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []byte, useGoTemplate bool, pathParamPrefix string) ([]map[string]interface{}, error) { +func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []byte, values map[string]string, useGoTemplate bool, pathParamPrefix string) ([]map[string]interface{}, error) { objectsFound := []map[string]interface{}{} // First, we attempt to parse as an array @@ -195,6 +198,11 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent [] } } + err := appendTemplatedValues(values, params, useGoTemplate) + if err != nil { + return nil, fmt.Errorf("failed to append templated values: %w", err) + } + res = append(res, params) } @@ -229,7 +237,7 @@ func (g *GitGenerator) filterApps(Directories []argoprojiov1alpha1.GitDirectoryG return res } -func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool) []map[string]interface{} { +func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool) ([]map[string]interface{}, error) { res := make([]map[string]interface{}, len(requestedApps)) for i, a := range requestedApps { @@ -261,8 +269,13 @@ func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGene } } + err := appendTemplatedValues(appSetGenerator.Git.Values, params, useGoTemplate) + if err != nil { + return nil, fmt.Errorf("failed to append templated values: %w", err) + } + res[i] = params } - return res + return res, nil } diff --git a/applicationset/generators/git_test.go b/applicationset/generators/git_test.go index dadb7ec29c0b5..e1d8d1ee31527 100644 --- a/applicationset/generators/git_test.go +++ b/applicationset/generators/git_test.go @@ -14,10 +14,11 @@ import ( func Test_generateParamsFromGitFile(t *testing.T) { + values := map[string]string{} params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), false, "") +`), values, false, "") if err != nil { t.Fatal(err) } @@ -36,10 +37,11 @@ foo: } func Test_generatePrefixedParamsFromGitFile(t *testing.T) { + values := map[string]string{} params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), false, "myRepo") +`), values, false, "myRepo") if err != nil { t.Fatal(err) } @@ -58,10 +60,11 @@ foo: } func Test_generateParamsFromGitFileGoTemplate(t *testing.T) { + values := map[string]string{} params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), true, "") +`), values, true, "") if err != nil { t.Fatal(err) } @@ -86,10 +89,11 @@ foo: } func Test_generatePrefixedParamsFromGitFileGoTemplate(t *testing.T) { + values := map[string]string{} params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), true, "myRepo") +`), values, true, "myRepo") if err != nil { t.Fatal(err) } @@ -123,6 +127,7 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) { pathParamPrefix string repoApps []string repoError error + values map[string]string expected []map[string]interface{} expectedError error }{ @@ -213,6 +218,25 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) { }, expectedError: nil, }, + { + name: "Value variable interpolation", + directories: []argoprojiov1alpha1.GitDirectoryGeneratorItem{{Path: "*"}, {Path: "*/*"}}, + repoApps: []string{ + "app1", + "p1/app2", + }, + repoError: nil, + values: map[string]string{ + "foo": "bar", + "aaa": "{{ path[0] }}", + "no-op": "{{ this-does-not-exist }}", + }, + expected: []map[string]interface{}{ + {"values.foo": "bar", "values.no-op": "{{ this-does-not-exist }}", "values.aaa": "app1", "path": "app1", "path.basename": "app1", "path[0]": "app1", "path.basenameNormalized": "app1"}, + {"values.foo": "bar", "values.no-op": "{{ this-does-not-exist }}", "values.aaa": "p1", "path": "p1/app2", "path.basename": "app2", "path[0]": "p1", "path[1]": "app2", "path.basenameNormalized": "app2"}, + }, + expectedError: nil, + }, { name: "handles empty response from repo server", directories: []argoprojiov1alpha1.GitDirectoryGeneratorItem{{Path: "*"}}, @@ -253,6 +277,7 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) { Revision: "Revision", Directories: testCaseCopy.directories, PathParamPrefix: testCaseCopy.pathParamPrefix, + Values: testCaseCopy.values, }, }}, }, @@ -579,6 +604,7 @@ func TestGitGenerateParamsFromFiles(t *testing.T) { repoFileContents map[string][]byte // if repoPathsError is non-nil, the call to GetPaths(...) will return this error value repoPathsError error + values map[string]string expected []map[string]interface{} expectedError error }{ @@ -642,6 +668,74 @@ func TestGitGenerateParamsFromFiles(t *testing.T) { }, expectedError: nil, }, + { + name: "Value variable interpolation", + files: []argoprojiov1alpha1.GitFileGeneratorItem{{Path: "**/config.json"}}, + repoFileContents: map[string][]byte{ + "cluster-config/production/config.json": []byte(`{ + "cluster": { + "owner": "john.doe@example.com", + "name": "production", + "address": "https://kubernetes.default.svc" + }, + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 +}`), + "cluster-config/staging/config.json": []byte(`{ + "cluster": { + "owner": "foo.bar@example.com", + "name": "staging", + "address": "https://kubernetes.default.svc" + } +}`), + }, + repoPathsError: nil, + values: map[string]string{ + "aaa": "{{ cluster.owner }}", + "no-op": "{{ this-does-not-exist }}", + }, + expected: []map[string]interface{}{ + { + "cluster.owner": "john.doe@example.com", + "cluster.name": "production", + "cluster.address": "https://kubernetes.default.svc", + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "path": "cluster-config/production", + "path.basename": "production", + "path[0]": "cluster-config", + "path[1]": "production", + "path.basenameNormalized": "production", + "path.filename": "config.json", + "path.filenameNormalized": "config.json", + "values.aaa": "john.doe@example.com", + "values.no-op": "{{ this-does-not-exist }}", + }, + { + "cluster.owner": "foo.bar@example.com", + "cluster.name": "staging", + "cluster.address": "https://kubernetes.default.svc", + "path": "cluster-config/staging", + "path.basename": "staging", + "path[0]": "cluster-config", + "path[1]": "staging", + "path.basenameNormalized": "staging", + "path.filename": "config.json", + "path.filenameNormalized": "config.json", + "values.aaa": "foo.bar@example.com", + "values.no-op": "{{ this-does-not-exist }}", + }, + }, + expectedError: nil, + }, { name: "handles error during getting repo paths", files: []argoprojiov1alpha1.GitFileGeneratorItem{{Path: "**/config.json"}}, @@ -838,6 +932,7 @@ cluster: RepoURL: "RepoURL", Revision: "Revision", Files: testCaseCopy.files, + Values: testCaseCopy.values, }, }}, }, diff --git a/applicationset/generators/scm_provider.go b/applicationset/generators/scm_provider.go index b5e11162b77a9..9121a7a23e808 100644 --- a/applicationset/generators/scm_provider.go +++ b/applicationset/generators/scm_provider.go @@ -140,7 +140,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if err != nil { return nil, fmt.Errorf("error listing repos: %v", err) } - params := make([]map[string]interface{}, 0, len(repos)) + paramsArray := make([]map[string]interface{}, 0, len(repos)) var shortSHALength int var shortSHALength7 int for _, repo := range repos { @@ -154,7 +154,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha shortSHALength7 = len(repo.SHA) } - params = append(params, map[string]interface{}{ + params := map[string]interface{}{ "organization": repo.Organization, "repository": repo.Repository, "url": repo.URL, @@ -164,9 +164,16 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha "short_sha_7": repo.SHA[:shortSHALength7], "labels": strings.Join(repo.Labels, ","), "branchNormalized": utils.SanitizeName(repo.Branch), - }) + } + + err := appendTemplatedValues(appSetGenerator.SCMProvider.Values, params, applicationSetInfo.Spec.GoTemplate) + if err != nil { + return nil, fmt.Errorf("failed to append templated values: %w", err) + } + + paramsArray = append(paramsArray, params) } - return params, nil + return paramsArray, nil } func (g *SCMProviderGenerator) getSecretRef(ctx context.Context, ref *argoprojiov1alpha1.SecretRef, namespace string) (string, error) { diff --git a/applicationset/generators/scm_provider_test.go b/applicationset/generators/scm_provider_test.go index 3b129dfb71ff9..b83f5d892312b 100644 --- a/applicationset/generators/scm_provider_test.go +++ b/applicationset/generators/scm_provider_test.go @@ -80,40 +80,123 @@ func TestSCMProviderGetSecretRef(t *testing.T) { } func TestSCMProviderGenerateParams(t *testing.T) { - mockProvider := &scm_provider.MockProvider{ - Repos: []*scm_provider.Repository{ - { - Organization: "myorg", - Repository: "repo1", - URL: "git@github.com:myorg/repo1.git", - Branch: "main", - SHA: "0bc57212c3cbbec69d20b34c507284bd300def5b", - Labels: []string{"prod", "staging"}, + cases := []struct { + name string + repos []*scm_provider.Repository + values map[string]string + expected []map[string]interface{} + expectedError error + }{ + { + name: "Multiple repos with labels", + repos: []*scm_provider.Repository{ + { + Organization: "myorg", + Repository: "repo1", + URL: "git@github.com:myorg/repo1.git", + Branch: "main", + SHA: "0bc57212c3cbbec69d20b34c507284bd300def5b", + Labels: []string{"prod", "staging"}, + }, + { + Organization: "myorg", + Repository: "repo2", + URL: "git@github.com:myorg/repo2.git", + Branch: "main", + SHA: "59d0", + }, + }, + expected: []map[string]interface{}{ + { + "organization": "myorg", + "repository": "repo1", + "url": "git@github.com:myorg/repo1.git", + "branch": "main", + "branchNormalized": "main", + "sha": "0bc57212c3cbbec69d20b34c507284bd300def5b", + "short_sha": "0bc57212", + "short_sha_7": "0bc5721", + "labels": "prod,staging", + }, + { + "organization": "myorg", + "repository": "repo2", + "url": "git@github.com:myorg/repo2.git", + "branch": "main", + "branchNormalized": "main", + "sha": "59d0", + "short_sha": "59d0", + "short_sha_7": "59d0", + "labels": "", + }, + }, + }, + { + name: "Value interpolation", + repos: []*scm_provider.Repository{ + { + Organization: "myorg", + Repository: "repo3", + URL: "git@github.com:myorg/repo3.git", + Branch: "main", + SHA: "0bc57212c3cbbec69d20b34c507284bd300def5b", + Labels: []string{"prod", "staging"}, + }, + }, + values: map[string]string{ + "foo": "bar", + "should_i_force_push_to": "{{ branch }}?", }, - { - Organization: "myorg", - Repository: "repo2", - URL: "git@github.com:myorg/repo2.git", - Branch: "main", - SHA: "59d0", + expected: []map[string]interface{}{ + { + "organization": "myorg", + "repository": "repo3", + "url": "git@github.com:myorg/repo3.git", + "branch": "main", + "branchNormalized": "main", + "sha": "0bc57212c3cbbec69d20b34c507284bd300def5b", + "short_sha": "0bc57212", + "short_sha_7": "0bc5721", + "labels": "prod,staging", + "values.foo": "bar", + "values.should_i_force_push_to": "main?", + }, }, }, } - gen := &SCMProviderGenerator{overrideProvider: mockProvider} - params, err := gen.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{ - SCMProvider: &argoprojiov1alpha1.SCMProviderGenerator{}, - }, nil) - assert.Nil(t, err) - assert.Len(t, params, 2) - assert.Equal(t, "myorg", params[0]["organization"]) - assert.Equal(t, "repo1", params[0]["repository"]) - assert.Equal(t, "git@github.com:myorg/repo1.git", params[0]["url"]) - assert.Equal(t, "main", params[0]["branch"]) - assert.Equal(t, "0bc57212c3cbbec69d20b34c507284bd300def5b", params[0]["sha"]) - assert.Equal(t, "0bc57212", params[0]["short_sha"]) - assert.Equal(t, "59d0", params[1]["short_sha"]) - assert.Equal(t, "0bc5721", params[0]["short_sha_7"]) - assert.Equal(t, "59d0", params[1]["short_sha_7"]) - assert.Equal(t, "prod,staging", params[0]["labels"]) - assert.Equal(t, "repo2", params[1]["repository"]) + + for _, testCase := range cases { + testCaseCopy := testCase + + t.Run(testCaseCopy.name, func(t *testing.T) { + t.Parallel() + + mockProvider := &scm_provider.MockProvider{ + Repos: testCaseCopy.repos, + } + scmGenerator := &SCMProviderGenerator{overrideProvider: mockProvider} + applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "set", + }, + Spec: argoprojiov1alpha1.ApplicationSetSpec{ + Generators: []argoprojiov1alpha1.ApplicationSetGenerator{{ + SCMProvider: &argoprojiov1alpha1.SCMProviderGenerator{ + Values: testCaseCopy.values, + }, + }}, + }, + } + + got, err := scmGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) + + if testCaseCopy.expectedError != nil { + assert.EqualError(t, err, testCaseCopy.expectedError.Error()) + } else { + assert.NoError(t, err) + assert.Equal(t, testCaseCopy.expected, got) + } + + }) + } } diff --git a/applicationset/generators/value_interpolation.go b/applicationset/generators/value_interpolation.go new file mode 100644 index 0000000000000..f78999c029ed2 --- /dev/null +++ b/applicationset/generators/value_interpolation.go @@ -0,0 +1,43 @@ +package generators + +import ( + "fmt" +) + +func appendTemplatedValues(values map[string]string, params map[string]interface{}, useGoTemplate bool) error { + // We create a local map to ensure that we do not fall victim to a billion-laughs attack. We iterate through the + // cluster values map and only replace values in said map if it has already been allowlisted in the params map. + // Once we iterate through all the cluster values we can then safely merge the `tmp` map into the main params map. + tmp := map[string]interface{}{} + + for key, value := range values { + result, err := replaceTemplatedString(value, params, useGoTemplate) + + if err != nil { + return fmt.Errorf("failed to replace templated string: %w", err) + } + + if useGoTemplate { + if tmp["values"] == nil { + tmp["values"] = map[string]string{} + } + tmp["values"].(map[string]string)[key] = result + } else { + tmp[fmt.Sprintf("values.%s", key)] = result + } + } + + for key, value := range tmp { + params[key] = value + } + + return nil +} + +func replaceTemplatedString(value string, params map[string]interface{}, useGoTemplate bool) (string, error) { + replacedTmplStr, err := render.Replace(value, params, useGoTemplate) + if err != nil { + return "", fmt.Errorf("failed to replace templated string with rendered values: %w", err) + } + return replacedTmplStr, nil +} diff --git a/applicationset/generators/value_interpolation_test.go b/applicationset/generators/value_interpolation_test.go new file mode 100644 index 0000000000000..c575042549c68 --- /dev/null +++ b/applicationset/generators/value_interpolation_test.go @@ -0,0 +1,125 @@ +package generators + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestValueInterpolation(t *testing.T) { + testCases := []struct { + name string + values map[string]string + params map[string]interface{} + expected map[string]interface{} + }{ + { + name: "Simple interpolation", + values: map[string]string{ + "hello": "{{ world }}", + }, + params: map[string]interface{}{ + "world": "world!", + }, + expected: map[string]interface{}{ + "world": "world!", + "values.hello": "world!", + }, + }, + { + name: "Non-existent", + values: map[string]string{ + "non-existent": "{{ non-existent }}", + }, + params: map[string]interface{}{}, + expected: map[string]interface{}{ + "values.non-existent": "{{ non-existent }}", + }, + }, + { + name: "Billion laughs", + values: map[string]string{ + "lol1": "lol", + "lol2": "{{values.lol1}}{{values.lol1}}", + "lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", + }, + params: map[string]interface{}{}, + expected: map[string]interface{}{ + "values.lol1": "lol", + "values.lol2": "{{values.lol1}}{{values.lol1}}", + "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", + }, + }, + } + + for _, testCase := range testCases { + + t.Run(testCase.name, func(t *testing.T) { + err := appendTemplatedValues(testCase.values, testCase.params, false) + assert.NoError(t, err) + assert.EqualValues(t, testCase.expected, testCase.params) + }) + } +} + +func TestValueInterpolationWithGoTemplating(t *testing.T) { + testCases := []struct { + name string + values map[string]string + params map[string]interface{} + expected map[string]interface{} + }{ + { + name: "Simple interpolation", + values: map[string]string{ + "hello": "{{ .world }}", + }, + params: map[string]interface{}{ + "world": "world!", + }, + expected: map[string]interface{}{ + "world": "world!", + "values": map[string]string{ + "hello": "world!", + }, + }, + }, + { + name: "Non-existent to default", + values: map[string]string{ + "non_existent": "{{ default \"bar\" .non_existent }}", + }, + params: map[string]interface{}{}, + expected: map[string]interface{}{ + "values": map[string]string{ + "non_existent": "bar", + }, + }, + }, + { + name: "Billion laughs", + values: map[string]string{ + "lol1": "lol", + "lol2": "{{.values.lol1}}{{.values.lol1}}", + "lol3": "{{.values.lol2}}{{.values.lol2}}{{.values.lol2}}", + }, + params: map[string]interface{}{}, + expected: map[string]interface{}{ + "values": map[string]string{ + "lol1": "lol", + "lol2": "", + "lol3": "", + }, + }, + }, + } + + for _, testCase := range testCases { + + t.Run(testCase.name, func(t *testing.T) { + err := appendTemplatedValues(testCase.values, testCase.params, true) + assert.NoError(t, err) + assert.EqualValues(t, testCase.expected, testCase.params) + }) + } +} diff --git a/assets/swagger.json b/assets/swagger.json index ea503998bc1b6..0f101f38241f3 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -6863,6 +6863,13 @@ }, "template": { "$ref": "#/definitions/v1alpha1ApplicationSetTemplate" + }, + "values": { + "type": "object", + "title": "Values contains key/value pairs which are passed directly as parameters to the template", + "additionalProperties": { + "type": "string" + } } } }, @@ -8169,6 +8176,13 @@ }, "template": { "$ref": "#/definitions/v1alpha1ApplicationSetTemplate" + }, + "values": { + "type": "object", + "title": "Values contains key/value pairs which are passed directly as parameters to the template", + "additionalProperties": { + "type": "string" + } } } }, diff --git a/docs/operator-manual/applicationset/Generators-Git.md b/docs/operator-manual/applicationset/Generators-Git.md index 4c470a78f47a7..cc8bb9167a643 100644 --- a/docs/operator-manual/applicationset/Generators-Git.md +++ b/docs/operator-manual/applicationset/Generators-Git.md @@ -192,6 +192,45 @@ spec: namespace: '{{path.basename}}' ``` +### Pass additional key-value pairs via `values` field + +You may pass additional, arbitrary string key-value pairs via the `values` field of the git directory generator. Values added via the `values` field are added as `values.(field)`. + +In this example, a `cluster` parameter value is passed. It is interpolated from the `branch` and `path` variable, to then be used to determine the destination namespace. +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-addons + namespace: argocd +spec: + generators: + - git: + repoURL: https://github.com/example/example-repo.git + revision: HEAD + directories: + - path: '*' + values: + cluster: '{{branch}}-{{path}}' + template: + metadata: + name: '{{path.basename}}' + spec: + project: "my-project" + source: + repoURL: https://github.com/example/example-repo.git + targetRevision: HEAD + path: '{{path}}' + destination: + server: https://kubernetes.default.svc + namespace: '{{values.cluster}}' +``` + +!!! note + The `values.` prefix is always prepended to values provided via `generators.git.values` field. Ensure you include this prefix in the parameter name within the `template` when using it. + +In `values` we can also interpolate all fields set by the git directory generator as mentioned above. + ## Git Generator: Files The Git file generator is the second subtype of the Git generator. The Git file generator generates parameters using the contents of JSON/YAML files found within a specified repository. @@ -290,6 +329,45 @@ The filename can always be accessed using `{{path.filename}}`. **Note**: The default behavior of the Git file generator is very greedy. Please see [Git File Generator Globbing](./Generators-Git-File-Globbing.md) for more information. +### Pass additional key-value pairs via `values` field + +You may pass additional, arbitrary string key-value pairs via the `values` field of the git files generator. Values added via the `values` field are added as `values.(field)`. + +In this example, a `base_dir` parameter value is passed. It is interpolated from `path` segments, to then be used to determine the source path. +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: guestbook + namespace: argocd +spec: + generators: + - git: + repoURL: https://github.com/argoproj/argo-cd.git + revision: HEAD + files: + - path: "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" + values: + base_dir: "{{path[0]}}/{{path[1]}}/{{path[2]}}" + template: + metadata: + name: '{{cluster.name}}-guestbook' + spec: + project: default + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + path: "{{values.base_dir}}/apps/guestbook" + destination: + server: '{{cluster.address}}' + namespace: guestbook +``` + +!!! note + The `values.` prefix is always prepended to values provided via `generators.git.values` field. Ensure you include this prefix in the parameter name within the `template` when using it. + +In `values` we can also interpolate all fields set by the git files generator as mentioned above. + ## Webhook Configuration When using a Git generator, ApplicationSet polls Git repositories every three minutes to detect changes. To eliminate diff --git a/docs/operator-manual/applicationset/Generators-Merge.md b/docs/operator-manual/applicationset/Generators-Merge.md index eb32343accbf4..c2306e9e842de 100644 --- a/docs/operator-manual/applicationset/Generators-Merge.md +++ b/docs/operator-manual/applicationset/Generators-Merge.md @@ -111,6 +111,70 @@ When merged with the updated base parameters, the `values.redis` value for the p values.redis: 'true' ``` +## Example: Use value interpolation in merge + +Some generators support additional values and interpolating from generated variables to selected values. This can be used to teach the merge generator which generated variables to use to combine different generators. + +The following example combines discovered clusters and a git repository by cluster labels and the branch name: +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-git +spec: + generators: + # merge 'parent' generator: + # Use the selector set by both child generators to combine them. + - merge: + mergeKeys: + # Note that this would not work with goTemplate enabled, + # nested merge keys are not supported there. + - values.selector + generators: + # Assuming, all configured clusters have a label for their location: + # Set the selector to this location. + - clusters: + values: + selector: '{{ metadata.labels.location }}' + # The git repo may have different directories which correspond to the + # cluster locations, using these as a selector. + - git: + repoURL: https://github.com/argoproj/argocd-example-apps/ + revision: HEAD + directories: + - path: '*' + values: + selector: '{{ path }}' + template: + metadata: + name: '{{name}}' + spec: + project: '{{metadata.labels.environment}}' + source: + repoURL: https://github.com/argoproj/argocd-example-apps/ + # The cluster values field for each generator will be substituted here: + targetRevision: HEAD + path: '{{path}}' + destination: + server: '{{server}}' + namespace: default +``` + +Assuming a cluster named `germany01` with the label `metadata.labels.location=Germany` and a git repository containing a directory called `Germany`, this could combine to values as follows: + +```yaml + # From the cluster generator +- name: germany01 + server: https://1.2.3.4 + # From the git generator + path: Germany + # Combining selector with the merge generator + values.selector: 'Germany' + # More values from cluster & git generator + # […] +``` + + ## Restrictions 1. You should specify only a single generator per array entry. This is not valid: @@ -142,3 +206,12 @@ When merged with the updated base parameters, the `values.redis` value for the p - list: elements: - # (...) + +1. Merging on nested values while using `goTemplate: true` is currently not supported, this will not work + + spec: + goTemplate: true + generators: + - merge: + mergeKeys: + - values.merge diff --git a/docs/operator-manual/applicationset/Generators-SCM-Provider.md b/docs/operator-manual/applicationset/Generators-SCM-Provider.md index 24c2ad71a333b..fd7dbe0f15ce8 100644 --- a/docs/operator-manual/applicationset/Generators-SCM-Provider.md +++ b/docs/operator-manual/applicationset/Generators-SCM-Provider.md @@ -322,3 +322,47 @@ spec: * `short_sha_7`: The abbreviated Git commit SHA for the branch (7 chars or the length of the `sha` if it's shorter). * `labels`: A comma-separated list of repository labels. * `branchNormalized`: The value of `branch` normalized to contain only lowercase alphanumeric characters, '-' or '.'. + +## Pass additional key-value pairs via `values` field + +You may pass additional, arbitrary string key-value pairs via the `values` field of any SCM generator. Values added via the `values` field are added as `values.(field)`. + +In this example, a `name` parameter value is passed. It is interpolated from `organization` and `repository` to generate a different template name. +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: myapps +spec: + generators: + - scmProvider: + bitbucketServer: + project: myproject + api: https://mycompany.bitbucket.org + allBranches: true + basicAuth: + username: myuser + passwordRef: + secretName: mypassword + key: password + values: + name: "{{organization}}-{{repository}}" + + template: + metadata: + name: '{{ values.name }}' + spec: + source: + repoURL: '{{ url }}' + targetRevision: '{{ branch }}' + path: kubernetes/ + project: default + destination: + server: https://kubernetes.default.svc + namespace: default +``` + +!!! note + The `values.` prefix is always prepended to values provided via `generators.scmProvider.values` field. Ensure you include this prefix in the parameter name within the `template` when using it. + +In `values` we can also interpolate all fields set by the SCM generator as mentioned above. diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 2af87d20a808c..a957e1b141500 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -5939,6 +5939,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -7983,6 +7987,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -9743,6 +9751,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -11801,6 +11813,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -13561,6 +13577,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -15336,6 +15356,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index 3b4efe274847f..56d83c5b0b72c 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -1575,6 +1575,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -3619,6 +3623,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -5379,6 +5387,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -7437,6 +7449,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -9197,6 +9213,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -10972,6 +10992,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 8bfd905118811..8527b80458cb7 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -5939,6 +5939,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -7983,6 +7987,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -9743,6 +9751,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -11801,6 +11813,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -13561,6 +13577,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -15336,6 +15356,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: diff --git a/manifests/install.yaml b/manifests/install.yaml index dc96b15b7ae70..a0762e9b9eaf1 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -5939,6 +5939,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -7983,6 +7987,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -9743,6 +9751,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -11801,6 +11813,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -13561,6 +13577,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -15336,6 +15356,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index babb76eae4ca9..c24f8e2986839 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -320,6 +320,9 @@ type GitGenerator struct { RequeueAfterSeconds *int64 `json:"requeueAfterSeconds,omitempty" protobuf:"bytes,5,name=requeueAfterSeconds"` Template ApplicationSetTemplate `json:"template,omitempty" protobuf:"bytes,6,name=template"` PathParamPrefix string `json:"pathParamPrefix,omitempty" protobuf:"bytes,7,name=pathParamPrefix"` + + // Values contains key/value pairs which are passed directly as parameters to the template + Values map[string]string `json:"values,omitempty" protobuf:"bytes,8,name=values"` } type GitDirectoryGeneratorItem struct { @@ -348,6 +351,9 @@ type SCMProviderGenerator struct { // Standard parameters. RequeueAfterSeconds *int64 `json:"requeueAfterSeconds,omitempty" protobuf:"varint,9,opt,name=requeueAfterSeconds"` Template ApplicationSetTemplate `json:"template,omitempty" protobuf:"bytes,10,opt,name=template"` + + // Values contains key/value pairs which are passed directly as parameters to the template + Values map[string]string `json:"values,omitempty" protobuf:"bytes,11,name=values"` } // SCMProviderGeneratorGitea defines a connection info specific to Gitea. diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index e217a27cf0e70..de063ea32c88f 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -3971,6 +3971,7 @@ func init() { proto.RegisterType((*GitDirectoryGeneratorItem)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GitDirectoryGeneratorItem") proto.RegisterType((*GitFileGeneratorItem)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GitFileGeneratorItem") proto.RegisterType((*GitGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GitGenerator") + proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GitGenerator.ValuesEntry") proto.RegisterType((*GnuPGPublicKey)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GnuPGPublicKey") proto.RegisterType((*GnuPGPublicKeyList)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.GnuPGPublicKeyList") proto.RegisterType((*HealthStatus)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HealthStatus") @@ -4036,6 +4037,7 @@ func init() { proto.RegisterType((*RevisionHistory)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RevisionHistory") proto.RegisterType((*RevisionMetadata)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RevisionMetadata") proto.RegisterType((*SCMProviderGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGenerator") + proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGenerator.ValuesEntry") proto.RegisterType((*SCMProviderGeneratorAzureDevOps)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorAzureDevOps") proto.RegisterType((*SCMProviderGeneratorBitbucket)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorBitbucket") proto.RegisterType((*SCMProviderGeneratorBitbucketServer)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorBitbucketServer") @@ -4063,630 +4065,632 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 9961 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x7d, 0x70, 0x24, 0xc7, - 0x75, 0x18, 0xae, 0xd9, 0xc5, 0x02, 0xbb, 0x0f, 0x1f, 0x77, 0xe8, 0xbb, 0x23, 0xc1, 0x23, 0x79, - 0xb8, 0xdf, 0xb0, 0x4c, 0x51, 0x3f, 0x91, 0x80, 0x79, 0xa2, 0x94, 0x8b, 0x69, 0x53, 0xc6, 0x02, - 0x77, 0x38, 0xdc, 0x01, 0x07, 0xb0, 0x81, 0xbb, 0x93, 0x48, 0x53, 0xd4, 0x60, 0xb6, 0x77, 0x31, - 0x87, 0xd9, 0x99, 0xbd, 0x99, 0x59, 0x1c, 0x40, 0xcb, 0xb2, 0x64, 0x4b, 0xb1, 0x12, 0x7d, 0x50, - 0xa1, 0x52, 0x65, 0x39, 0x1f, 0x8e, 0x62, 0xbb, 0x5c, 0x71, 0x25, 0xac, 0x38, 0x95, 0x3f, 0xe2, - 0x7c, 0xfd, 0x61, 0x3b, 0x7f, 0x30, 0xa5, 0xa4, 0xa2, 0xaa, 0xb8, 0x2c, 0x27, 0x76, 0x60, 0x0a, - 0xa9, 0x54, 0x52, 0xa9, 0x8a, 0xab, 0xf2, 0xf1, 0x4f, 0xae, 0x5c, 0x95, 0x54, 0x7f, 0xf7, 0xcc, - 0xee, 0x1e, 0x16, 0xc0, 0xe0, 0xee, 0xa4, 0xe2, 0x7f, 0xbb, 0xfd, 0xde, 0xbc, 0xf7, 0xa6, 0xa7, - 0xfb, 0xf5, 0x7b, 0xdd, 0xef, 0xbd, 0x86, 0xc5, 0x86, 0x97, 0x6c, 0xb4, 0xd7, 0xa7, 0xdc, 0xb0, - 0x39, 0xed, 0x44, 0x8d, 0xb0, 0x15, 0x85, 0xb7, 0xd9, 0x8f, 0x17, 0xdc, 0xda, 0xf4, 0xd6, 0x85, - 0xe9, 0xd6, 0x66, 0x63, 0xda, 0x69, 0x79, 0xf1, 0xb4, 0xd3, 0x6a, 0xf9, 0x9e, 0xeb, 0x24, 0x5e, - 0x18, 0x4c, 0x6f, 0xbd, 0xe8, 0xf8, 0xad, 0x0d, 0xe7, 0xc5, 0xe9, 0x06, 0x09, 0x48, 0xe4, 0x24, - 0xa4, 0x36, 0xd5, 0x8a, 0xc2, 0x24, 0x44, 0x3f, 0xa9, 0xa9, 0x4d, 0x49, 0x6a, 0xec, 0xc7, 0x9b, - 0x6e, 0x6d, 0x6a, 0xeb, 0xc2, 0x54, 0x6b, 0xb3, 0x31, 0x45, 0xa9, 0x4d, 0x19, 0xd4, 0xa6, 0x24, - 0xb5, 0xb3, 0x2f, 0x18, 0xb2, 0x34, 0xc2, 0x46, 0x38, 0xcd, 0x88, 0xae, 0xb7, 0xeb, 0xec, 0x1f, - 0xfb, 0xc3, 0x7e, 0x71, 0x66, 0x67, 0xed, 0xcd, 0x8b, 0xf1, 0x94, 0x17, 0x52, 0xf1, 0xa6, 0xdd, - 0x30, 0x22, 0xd3, 0x5b, 0x1d, 0x02, 0x9d, 0xbd, 0xa2, 0x71, 0xc8, 0x76, 0x42, 0x82, 0xd8, 0x0b, - 0x83, 0xf8, 0x05, 0x2a, 0x02, 0x89, 0xb6, 0x48, 0x64, 0xbe, 0x9e, 0x81, 0xd0, 0x8d, 0xd2, 0x4b, - 0x9a, 0x52, 0xd3, 0x71, 0x37, 0xbc, 0x80, 0x44, 0x3b, 0xfa, 0xf1, 0x26, 0x49, 0x9c, 0x6e, 0x4f, - 0x4d, 0xf7, 0x7a, 0x2a, 0x6a, 0x07, 0x89, 0xd7, 0x24, 0x1d, 0x0f, 0x7c, 0x62, 0xbf, 0x07, 0x62, - 0x77, 0x83, 0x34, 0x9d, 0x8e, 0xe7, 0x3e, 0xd6, 0xeb, 0xb9, 0x76, 0xe2, 0xf9, 0xd3, 0x5e, 0x90, - 0xc4, 0x49, 0x94, 0x7d, 0xc8, 0xbe, 0x03, 0xa3, 0x33, 0xb7, 0x56, 0x67, 0xda, 0xc9, 0xc6, 0x6c, - 0x18, 0xd4, 0xbd, 0x06, 0xfa, 0x38, 0x0c, 0xbb, 0x7e, 0x3b, 0x4e, 0x48, 0x74, 0xdd, 0x69, 0x92, - 0x09, 0xeb, 0xbc, 0xf5, 0x5c, 0xa5, 0x7a, 0xea, 0xbd, 0xdd, 0xc9, 0x0f, 0xed, 0xed, 0x4e, 0x0e, - 0xcf, 0x6a, 0x10, 0x36, 0xf1, 0xd0, 0x47, 0x60, 0x28, 0x0a, 0x7d, 0x32, 0x83, 0xaf, 0x4f, 0x14, - 0xd8, 0x23, 0x27, 0xc4, 0x23, 0x43, 0x98, 0x37, 0x63, 0x09, 0xb7, 0xff, 0xb0, 0x00, 0x30, 0xd3, - 0x6a, 0xad, 0x44, 0xe1, 0x6d, 0xe2, 0x26, 0xe8, 0xb3, 0x50, 0xa6, 0x5d, 0x57, 0x73, 0x12, 0x87, - 0x71, 0x1b, 0xbe, 0xf0, 0xe3, 0x53, 0xfc, 0x4d, 0xa6, 0xcc, 0x37, 0xd1, 0x03, 0x87, 0x62, 0x4f, - 0x6d, 0xbd, 0x38, 0xb5, 0xbc, 0x4e, 0x9f, 0x5f, 0x22, 0x89, 0x53, 0x45, 0x82, 0x19, 0xe8, 0x36, - 0xac, 0xa8, 0xa2, 0x00, 0x06, 0xe2, 0x16, 0x71, 0x99, 0x60, 0xc3, 0x17, 0x16, 0xa7, 0x8e, 0x32, - 0x42, 0xa7, 0xb4, 0xe4, 0xab, 0x2d, 0xe2, 0x56, 0x47, 0x04, 0xe7, 0x01, 0xfa, 0x0f, 0x33, 0x3e, - 0x68, 0x0b, 0x06, 0xe3, 0xc4, 0x49, 0xda, 0xf1, 0x44, 0x91, 0x71, 0xbc, 0x9e, 0x1b, 0x47, 0x46, - 0xb5, 0x3a, 0x26, 0x78, 0x0e, 0xf2, 0xff, 0x58, 0x70, 0xb3, 0xff, 0xa3, 0x05, 0x63, 0x1a, 0x79, - 0xd1, 0x8b, 0x13, 0xf4, 0x33, 0x1d, 0x9d, 0x3b, 0xd5, 0x5f, 0xe7, 0xd2, 0xa7, 0x59, 0xd7, 0x9e, - 0x14, 0xcc, 0xca, 0xb2, 0xc5, 0xe8, 0xd8, 0x26, 0x94, 0xbc, 0x84, 0x34, 0xe3, 0x89, 0xc2, 0xf9, - 0xe2, 0x73, 0xc3, 0x17, 0xae, 0xe4, 0xf5, 0x9e, 0xd5, 0x51, 0xc1, 0xb4, 0xb4, 0x40, 0xc9, 0x63, - 0xce, 0xc5, 0xfe, 0xad, 0x11, 0xf3, 0xfd, 0x68, 0x87, 0xa3, 0x17, 0x61, 0x38, 0x0e, 0xdb, 0x91, - 0x4b, 0x30, 0x69, 0x85, 0xf1, 0x84, 0x75, 0xbe, 0x48, 0x87, 0x1e, 0x1d, 0xa9, 0xab, 0xba, 0x19, - 0x9b, 0x38, 0xe8, 0x1b, 0x16, 0x8c, 0xd4, 0x48, 0x9c, 0x78, 0x01, 0xe3, 0x2f, 0x85, 0x5f, 0x3b, - 0xb2, 0xf0, 0xb2, 0x71, 0x4e, 0x13, 0xaf, 0x9e, 0x16, 0x2f, 0x32, 0x62, 0x34, 0xc6, 0x38, 0xc5, - 0x9f, 0xce, 0xb8, 0x1a, 0x89, 0xdd, 0xc8, 0x6b, 0xd1, 0xff, 0x6c, 0xcc, 0x18, 0x33, 0x6e, 0x4e, - 0x83, 0xb0, 0x89, 0x87, 0x02, 0x28, 0xd1, 0x19, 0x15, 0x4f, 0x0c, 0x30, 0xf9, 0x17, 0x8e, 0x26, - 0xbf, 0xe8, 0x54, 0x3a, 0x59, 0x75, 0xef, 0xd3, 0x7f, 0x31, 0xe6, 0x6c, 0xd0, 0xd7, 0x2d, 0x98, - 0x10, 0x33, 0x1e, 0x13, 0xde, 0xa1, 0xb7, 0x36, 0xbc, 0x84, 0xf8, 0x5e, 0x9c, 0x4c, 0x94, 0x98, - 0x0c, 0xd3, 0xfd, 0x8d, 0xad, 0xf9, 0x28, 0x6c, 0xb7, 0xae, 0x79, 0x41, 0xad, 0x7a, 0x5e, 0x70, - 0x9a, 0x98, 0xed, 0x41, 0x18, 0xf7, 0x64, 0x89, 0xbe, 0x65, 0xc1, 0xd9, 0xc0, 0x69, 0x92, 0xb8, - 0xe5, 0xd0, 0x4f, 0xcb, 0xc1, 0x55, 0xdf, 0x71, 0x37, 0x99, 0x44, 0x83, 0x87, 0x93, 0xc8, 0x16, - 0x12, 0x9d, 0xbd, 0xde, 0x93, 0x34, 0xbe, 0x0f, 0x5b, 0xf4, 0xeb, 0x16, 0x8c, 0x87, 0x51, 0x6b, - 0xc3, 0x09, 0x48, 0x4d, 0x42, 0xe3, 0x89, 0x21, 0x36, 0xf5, 0x3e, 0x73, 0xb4, 0x4f, 0xb4, 0x9c, - 0x25, 0xbb, 0x14, 0x06, 0x5e, 0x12, 0x46, 0xab, 0x24, 0x49, 0xbc, 0xa0, 0x11, 0x57, 0xcf, 0xec, - 0xed, 0x4e, 0x8e, 0x77, 0x60, 0xe1, 0x4e, 0x79, 0xd0, 0xcf, 0xc2, 0x70, 0xbc, 0x13, 0xb8, 0xb7, - 0xbc, 0xa0, 0x16, 0xde, 0x8d, 0x27, 0xca, 0x79, 0x4c, 0xdf, 0x55, 0x45, 0x50, 0x4c, 0x40, 0xcd, - 0x00, 0x9b, 0xdc, 0xba, 0x7f, 0x38, 0x3d, 0x94, 0x2a, 0x79, 0x7f, 0x38, 0x3d, 0x98, 0xee, 0xc3, - 0x16, 0xfd, 0x92, 0x05, 0xa3, 0xb1, 0xd7, 0x08, 0x9c, 0xa4, 0x1d, 0x91, 0x6b, 0x64, 0x27, 0x9e, - 0x00, 0x26, 0xc8, 0xd5, 0x23, 0xf6, 0x8a, 0x41, 0xb2, 0x7a, 0x46, 0xc8, 0x38, 0x6a, 0xb6, 0xc6, - 0x38, 0xcd, 0xb7, 0xdb, 0x44, 0xd3, 0xc3, 0x7a, 0x38, 0xdf, 0x89, 0xa6, 0x07, 0x75, 0x4f, 0x96, - 0xe8, 0xa7, 0xe1, 0x24, 0x6f, 0x52, 0x3d, 0x1b, 0x4f, 0x8c, 0x30, 0x45, 0x7b, 0x7a, 0x6f, 0x77, - 0xf2, 0xe4, 0x6a, 0x06, 0x86, 0x3b, 0xb0, 0xd1, 0x1d, 0x98, 0x6c, 0x91, 0xa8, 0xe9, 0x25, 0xcb, - 0x81, 0xbf, 0x23, 0xd5, 0xb7, 0x1b, 0xb6, 0x48, 0x4d, 0x88, 0x13, 0x4f, 0x8c, 0x9e, 0xb7, 0x9e, - 0x2b, 0x57, 0x3f, 0x2c, 0xc4, 0x9c, 0x5c, 0xb9, 0x3f, 0x3a, 0xde, 0x8f, 0x9e, 0xfd, 0xaf, 0x0a, - 0x70, 0x32, 0xbb, 0x70, 0xa2, 0xdf, 0xb4, 0xe0, 0xc4, 0xed, 0xbb, 0xc9, 0x5a, 0xb8, 0x49, 0x82, - 0xb8, 0xba, 0x43, 0xd5, 0x1b, 0x5b, 0x32, 0x86, 0x2f, 0xb8, 0xf9, 0x2e, 0xd1, 0x53, 0x57, 0xd3, - 0x5c, 0x2e, 0x05, 0x49, 0xb4, 0x53, 0x7d, 0x5c, 0xbc, 0xdd, 0x89, 0xab, 0xb7, 0xd6, 0x4c, 0x28, - 0xce, 0x0a, 0x75, 0xf6, 0xab, 0x16, 0x9c, 0xee, 0x46, 0x02, 0x9d, 0x84, 0xe2, 0x26, 0xd9, 0xe1, - 0x56, 0x19, 0xa6, 0x3f, 0xd1, 0x1b, 0x50, 0xda, 0x72, 0xfc, 0x36, 0x11, 0xd6, 0xcd, 0xfc, 0xd1, - 0x5e, 0x44, 0x49, 0x86, 0x39, 0xd5, 0x9f, 0x28, 0x5c, 0xb4, 0xec, 0x7f, 0x5b, 0x84, 0x61, 0x63, - 0x7d, 0x7b, 0x00, 0x16, 0x5b, 0x98, 0xb2, 0xd8, 0x96, 0x72, 0x5b, 0x9a, 0x7b, 0x9a, 0x6c, 0x77, - 0x33, 0x26, 0xdb, 0x72, 0x7e, 0x2c, 0xef, 0x6b, 0xb3, 0xa1, 0x04, 0x2a, 0x61, 0x8b, 0x5a, 0xe4, - 0x74, 0xe9, 0x1f, 0xc8, 0xe3, 0x13, 0x2e, 0x4b, 0x72, 0xd5, 0xd1, 0xbd, 0xdd, 0xc9, 0x8a, 0xfa, - 0x8b, 0x35, 0x23, 0xfb, 0xfb, 0x16, 0x9c, 0x36, 0x64, 0x9c, 0x0d, 0x83, 0x9a, 0xc7, 0x3e, 0xed, - 0x79, 0x18, 0x48, 0x76, 0x5a, 0xd2, 0xec, 0x57, 0x3d, 0xb5, 0xb6, 0xd3, 0x22, 0x98, 0x41, 0xa8, - 0xa1, 0xdf, 0x24, 0x71, 0xec, 0x34, 0x48, 0xd6, 0xd0, 0x5f, 0xe2, 0xcd, 0x58, 0xc2, 0x51, 0x04, - 0xc8, 0x77, 0xe2, 0x64, 0x2d, 0x72, 0x82, 0x98, 0x91, 0x5f, 0xf3, 0x9a, 0x44, 0x74, 0xf0, 0xff, - 0xdf, 0xdf, 0x88, 0xa1, 0x4f, 0x54, 0x1f, 0xdb, 0xdb, 0x9d, 0x44, 0x8b, 0x1d, 0x94, 0x70, 0x17, - 0xea, 0xf6, 0xb7, 0x2c, 0x78, 0xac, 0xbb, 0x2d, 0x86, 0x9e, 0x85, 0x41, 0xee, 0xf2, 0x89, 0xb7, - 0xd3, 0x9f, 0x84, 0xb5, 0x62, 0x01, 0x45, 0xd3, 0x50, 0x51, 0xeb, 0x84, 0x78, 0xc7, 0x71, 0x81, - 0x5a, 0xd1, 0x8b, 0x8b, 0xc6, 0xa1, 0x9d, 0x46, 0xff, 0x08, 0xcb, 0x4d, 0x75, 0x1a, 0x73, 0x92, - 0x18, 0xc4, 0xfe, 0x53, 0x0b, 0x4e, 0x18, 0x52, 0x3d, 0x00, 0xd3, 0x3c, 0x48, 0x9b, 0xe6, 0x0b, - 0xb9, 0x8d, 0xe7, 0x1e, 0xb6, 0xf9, 0xd7, 0x2d, 0x38, 0x6b, 0x60, 0x2d, 0x39, 0x89, 0xbb, 0x71, - 0x69, 0xbb, 0x15, 0x91, 0x98, 0xba, 0xd3, 0xe8, 0x69, 0x43, 0x6f, 0x55, 0x87, 0x05, 0x85, 0xe2, - 0x35, 0xb2, 0xc3, 0x95, 0xd8, 0xf3, 0x50, 0xe6, 0x83, 0x33, 0x8c, 0x44, 0x8f, 0xab, 0x77, 0x5b, - 0x16, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0x72, 0xa2, 0x93, 0x95, 0x2e, 0x43, 0x40, 0x3f, - 0xe2, 0x4d, 0xd6, 0x82, 0x05, 0xc4, 0x5e, 0x4e, 0x89, 0xb3, 0x12, 0x11, 0xf6, 0x71, 0x6b, 0x97, - 0x3d, 0xe2, 0xd7, 0x62, 0xea, 0x36, 0x38, 0x41, 0x10, 0x26, 0xc2, 0x03, 0x30, 0xdc, 0x86, 0x19, - 0xdd, 0x8c, 0x4d, 0x1c, 0x7b, 0xaf, 0xc0, 0x9c, 0x0f, 0x35, 0xad, 0xc9, 0x83, 0xf0, 0x5c, 0xa3, - 0x94, 0x1e, 0x5c, 0xc9, 0x4f, 0x29, 0x91, 0xde, 0xde, 0xeb, 0x5b, 0x19, 0x55, 0x88, 0x73, 0xe5, - 0x7a, 0x7f, 0x0f, 0xf6, 0x77, 0x0b, 0x30, 0x99, 0x7e, 0xa0, 0x43, 0x93, 0x52, 0x77, 0xc9, 0x60, - 0x94, 0xdd, 0xa0, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x19, 0x15, 0x8e, 0x53, 0x19, 0x99, 0xba, - 0xb2, 0xb8, 0x8f, 0xae, 0x7c, 0x56, 0xf5, 0xfa, 0x40, 0x46, 0x39, 0xa5, 0xd7, 0x8b, 0xf3, 0x30, - 0x10, 0x27, 0xa4, 0x35, 0x51, 0x4a, 0xeb, 0x9a, 0xd5, 0x84, 0xb4, 0x30, 0x83, 0xd8, 0xff, 0xad, - 0x00, 0x8f, 0xa7, 0xfb, 0x50, 0xab, 0xf7, 0x4f, 0xa6, 0xd4, 0xfb, 0x47, 0x4d, 0xf5, 0x7e, 0x6f, - 0x77, 0xf2, 0xc9, 0x1e, 0x8f, 0xfd, 0xd0, 0x68, 0x7f, 0x34, 0x9f, 0xe9, 0xc5, 0xe9, 0x74, 0x2f, - 0xde, 0xdb, 0x9d, 0x7c, 0xba, 0xc7, 0x3b, 0x66, 0xba, 0xf9, 0x59, 0x18, 0x8c, 0x88, 0x13, 0x87, - 0x81, 0xe8, 0x68, 0xf5, 0x39, 0x30, 0x6b, 0xc5, 0x02, 0x6a, 0xff, 0x69, 0x39, 0xdb, 0xd9, 0xf3, - 0x7c, 0x83, 0x2d, 0x8c, 0x90, 0x07, 0x03, 0xcc, 0x64, 0xe7, 0xaa, 0xe1, 0xda, 0xd1, 0xa6, 0x11, - 0x55, 0xf1, 0x8a, 0x74, 0xb5, 0x4c, 0xbf, 0x1a, 0x6d, 0xc2, 0x8c, 0x05, 0xda, 0x86, 0xb2, 0x2b, - 0x2d, 0xe9, 0x42, 0x1e, 0x7b, 0x4e, 0xc2, 0x8e, 0xd6, 0x1c, 0x47, 0xa8, 0x2e, 0x56, 0xe6, 0xb7, - 0xe2, 0x86, 0x08, 0x14, 0x1b, 0x5e, 0x22, 0x3e, 0xeb, 0x11, 0x7d, 0xa5, 0x79, 0xcf, 0x78, 0xc5, - 0x21, 0xba, 0x40, 0xcc, 0x7b, 0x09, 0xa6, 0xf4, 0xd1, 0x97, 0x2d, 0x18, 0x8e, 0xdd, 0xe6, 0x4a, - 0x14, 0x6e, 0x79, 0x35, 0x12, 0x09, 0x4b, 0xe9, 0x88, 0xaa, 0x69, 0x75, 0x76, 0x49, 0x12, 0xd4, - 0x7c, 0xb9, 0xef, 0xaa, 0x21, 0xd8, 0xe4, 0x4b, 0x3d, 0x88, 0xc7, 0xc5, 0xbb, 0xcf, 0x11, 0xd7, - 0xa3, 0x6b, 0x9b, 0x74, 0x98, 0xd8, 0x48, 0x39, 0xb2, 0xe5, 0x38, 0xd7, 0x76, 0x37, 0xe9, 0x7c, - 0xd3, 0x02, 0x3d, 0xb9, 0xb7, 0x3b, 0xf9, 0xf8, 0x6c, 0x77, 0x9e, 0xb8, 0x97, 0x30, 0xac, 0xc3, - 0x5a, 0x6d, 0xdf, 0xc7, 0xe4, 0x4e, 0x9b, 0xb0, 0xed, 0x90, 0x1c, 0x3a, 0x6c, 0x45, 0x13, 0xcc, - 0x74, 0x98, 0x01, 0xc1, 0x26, 0x5f, 0x74, 0x07, 0x06, 0x9b, 0x4e, 0x12, 0x79, 0xdb, 0x62, 0x0f, - 0xe4, 0x88, 0xb6, 0xfc, 0x12, 0xa3, 0xa5, 0x99, 0xb3, 0xa5, 0x9f, 0x37, 0x62, 0xc1, 0x08, 0x35, - 0xa1, 0xd4, 0x24, 0x51, 0x83, 0x4c, 0x94, 0xf3, 0xd8, 0xef, 0x5d, 0xa2, 0xa4, 0x34, 0xc3, 0x0a, - 0xb5, 0x7c, 0x58, 0x1b, 0xe6, 0x5c, 0xd0, 0x1b, 0x50, 0x8e, 0x89, 0x4f, 0x5c, 0x6a, 0xbb, 0x54, - 0x18, 0xc7, 0x8f, 0xf5, 0x69, 0xc7, 0x39, 0xeb, 0xc4, 0x5f, 0x15, 0x8f, 0xf2, 0x09, 0x26, 0xff, - 0x61, 0x45, 0xd2, 0xfe, 0xcf, 0x16, 0xa0, 0xb4, 0x86, 0x79, 0x00, 0xd6, 0xe3, 0x9d, 0xb4, 0xf5, - 0xb8, 0x98, 0xa7, 0x09, 0xd0, 0xc3, 0x80, 0x7c, 0xaf, 0x0c, 0x19, 0xdd, 0x7c, 0x9d, 0xc4, 0x09, - 0xa9, 0x7d, 0xa0, 0x4f, 0x3f, 0xd0, 0xa7, 0x1f, 0xe8, 0x53, 0xa5, 0x4f, 0xd7, 0x33, 0xfa, 0xf4, - 0x15, 0x63, 0xd6, 0xeb, 0xd3, 0xcb, 0x37, 0xd5, 0xf1, 0xa6, 0x29, 0x81, 0x81, 0x40, 0x35, 0xc1, - 0xd5, 0xd5, 0xe5, 0xeb, 0x5d, 0x15, 0xe8, 0x9b, 0x69, 0x05, 0x7a, 0x54, 0x16, 0x0f, 0x5c, 0x65, - 0xfe, 0x8d, 0x02, 0x3c, 0x91, 0x56, 0x25, 0x38, 0xf4, 0xfd, 0xb0, 0x9d, 0x50, 0x2b, 0x19, 0xfd, - 0xaa, 0x05, 0x27, 0x9b, 0x69, 0xf7, 0x34, 0x16, 0xbb, 0x80, 0x9f, 0xca, 0x4d, 0xcf, 0x65, 0xfc, - 0xdf, 0xea, 0x84, 0xd0, 0x79, 0x27, 0x33, 0x80, 0x18, 0x77, 0xc8, 0x82, 0xde, 0x80, 0x4a, 0xd3, - 0xd9, 0xbe, 0xd1, 0xaa, 0x39, 0x89, 0x74, 0x50, 0x7a, 0xfb, 0x95, 0xed, 0xc4, 0xf3, 0xa7, 0xf8, - 0xd9, 0xee, 0xd4, 0x42, 0x90, 0x2c, 0x47, 0xab, 0x49, 0xe4, 0x05, 0x0d, 0xbe, 0xf7, 0xb3, 0x24, - 0xc9, 0x60, 0x4d, 0xd1, 0xfe, 0x5b, 0x56, 0x56, 0xd1, 0xaa, 0xde, 0x89, 0x9c, 0x84, 0x34, 0x76, - 0xd0, 0xe7, 0xa0, 0x44, 0x3d, 0x09, 0xd9, 0x2b, 0xb7, 0xf2, 0xd4, 0xfe, 0xc6, 0x97, 0xd0, 0x0b, - 0x01, 0xfd, 0x17, 0x63, 0xce, 0xd4, 0xfe, 0xf3, 0x52, 0x76, 0xc1, 0x63, 0x27, 0x7d, 0x17, 0x00, - 0x1a, 0xe1, 0x1a, 0x69, 0xb6, 0x7c, 0xda, 0x2d, 0x16, 0xdb, 0x2e, 0x56, 0xce, 0xf3, 0xbc, 0x82, - 0x60, 0x03, 0x0b, 0xfd, 0x65, 0x0b, 0xa0, 0x21, 0x27, 0x96, 0x5c, 0xcc, 0x6e, 0xe4, 0xf9, 0x3a, - 0x7a, 0xda, 0x6a, 0x59, 0x14, 0x43, 0x6c, 0x30, 0x47, 0xbf, 0x60, 0x41, 0x39, 0x91, 0xe2, 0x73, - 0xf5, 0xbe, 0x96, 0xa7, 0x24, 0xf2, 0xa5, 0xf5, 0xba, 0xae, 0xba, 0x44, 0xf1, 0x45, 0x7f, 0xc9, - 0x02, 0x88, 0x77, 0x02, 0x77, 0x25, 0xf4, 0x3d, 0x77, 0x47, 0x68, 0xfd, 0x9b, 0xb9, 0x3a, 0xf8, - 0x8a, 0x7a, 0x75, 0x8c, 0xf6, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0xf3, 0x50, 0x8e, 0xc5, 0x70, - 0x13, 0x7a, 0x7e, 0x2d, 0xdf, 0x6d, 0x06, 0x4e, 0x5b, 0xa8, 0x08, 0xf1, 0x0f, 0x2b, 0x9e, 0xe8, - 0x97, 0x2d, 0x38, 0xd1, 0x4a, 0x6f, 0x0a, 0x09, 0x95, 0x9e, 0x9f, 0x0e, 0xc8, 0x6c, 0x3a, 0x55, - 0x4f, 0xed, 0xed, 0x4e, 0x9e, 0xc8, 0x34, 0xe2, 0xac, 0x14, 0xf6, 0x77, 0x0b, 0xa9, 0xad, 0x59, - 0xb5, 0x67, 0xc2, 0x06, 0xb3, 0x2b, 0xdd, 0x55, 0x39, 0x37, 0x73, 0x1d, 0xcc, 0xca, 0x19, 0xd6, - 0x83, 0x59, 0x35, 0xc5, 0xd8, 0x60, 0x4e, 0x97, 0xed, 0x71, 0x27, 0xbb, 0x33, 0x23, 0xe6, 0xd7, - 0x1b, 0x79, 0x8a, 0xd4, 0xb9, 0x91, 0xfe, 0x84, 0x10, 0x6d, 0xbc, 0x03, 0x84, 0x3b, 0x45, 0xb2, - 0xbf, 0x9b, 0xde, 0x0e, 0x36, 0x86, 0x46, 0x1f, 0x5b, 0xdd, 0xdf, 0xb0, 0x60, 0x38, 0x0a, 0x7d, - 0xdf, 0x0b, 0x1a, 0x74, 0x18, 0x0b, 0x5d, 0xfc, 0xfa, 0xb1, 0xa8, 0x43, 0x31, 0x5e, 0xd9, 0xe2, - 0x8f, 0x35, 0x4f, 0x6c, 0x0a, 0x60, 0x7f, 0xd1, 0x82, 0x89, 0x5e, 0xd3, 0x0d, 0x11, 0x78, 0x52, - 0x8e, 0x25, 0x75, 0xd0, 0xbb, 0x1c, 0xcc, 0x11, 0x9f, 0xa8, 0x7d, 0xb2, 0x72, 0xf5, 0x19, 0xf1, - 0x9a, 0x4f, 0xae, 0xf4, 0x46, 0xc5, 0xf7, 0xa3, 0x63, 0xff, 0x46, 0x21, 0xdb, 0xa3, 0x4a, 0xdd, - 0x7e, 0xdb, 0xea, 0x70, 0x4a, 0x3e, 0x75, 0x1c, 0x2a, 0x8e, 0xb9, 0x2f, 0xea, 0xbc, 0xb7, 0x37, - 0xce, 0x43, 0x3c, 0x50, 0xb2, 0xff, 0xf5, 0x00, 0xdc, 0x47, 0x32, 0x75, 0x64, 0x60, 0xf5, 0x3a, - 0x32, 0x38, 0xf8, 0x29, 0xc4, 0xd7, 0x2c, 0x18, 0xf4, 0xa9, 0x7d, 0xc4, 0xb7, 0xc5, 0x87, 0x2f, - 0xd4, 0x8e, 0xab, 0xef, 0xb9, 0x19, 0x16, 0xf3, 0x43, 0x4d, 0xb5, 0x33, 0xc6, 0x1b, 0xb1, 0x90, - 0x01, 0x7d, 0xc7, 0x4a, 0xef, 0xb1, 0xf3, 0x28, 0x15, 0xef, 0xd8, 0x64, 0x32, 0x36, 0xee, 0xb9, - 0x60, 0x7a, 0x4b, 0xb8, 0xc7, 0x96, 0x3e, 0x9a, 0x02, 0xa8, 0x7b, 0x81, 0xe3, 0x7b, 0x6f, 0x51, - 0x3f, 0xaf, 0xc4, 0x0e, 0x01, 0xd8, 0xa2, 0x75, 0x59, 0xb5, 0x62, 0x03, 0xe3, 0xec, 0x5f, 0x84, - 0x61, 0xe3, 0xcd, 0xbb, 0x9c, 0xc5, 0x9e, 0x36, 0xcf, 0x62, 0x2b, 0xc6, 0x11, 0xea, 0xd9, 0x57, - 0xe0, 0x64, 0x56, 0xc0, 0x83, 0x3c, 0x6f, 0xff, 0xe6, 0x60, 0x76, 0x63, 0x7c, 0x8d, 0x44, 0x4d, - 0x2a, 0xda, 0x07, 0xfe, 0xf1, 0x07, 0xfe, 0xf1, 0x07, 0xfe, 0xb1, 0xfc, 0x63, 0xef, 0x95, 0x20, - 0x65, 0x19, 0x70, 0xe9, 0x3e, 0x02, 0x43, 0x11, 0x69, 0x85, 0x37, 0xf0, 0xa2, 0xd0, 0xb8, 0x3a, - 0x3a, 0x95, 0x37, 0x63, 0x09, 0xa7, 0x9a, 0xb9, 0xe5, 0x24, 0x1b, 0x42, 0xe5, 0x2a, 0xcd, 0xbc, - 0xe2, 0x24, 0x1b, 0x98, 0x41, 0xd0, 0x2b, 0x30, 0x96, 0x38, 0x51, 0x83, 0x24, 0x98, 0x6c, 0xb1, - 0x4e, 0x10, 0x87, 0x0d, 0x8f, 0x09, 0xdc, 0xb1, 0xb5, 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x1d, 0x18, - 0xd8, 0x20, 0x7e, 0x53, 0x38, 0xf0, 0xab, 0xf9, 0x69, 0x44, 0xf6, 0xae, 0x57, 0x88, 0xdf, 0xe4, - 0xf3, 0x95, 0xfe, 0xc2, 0x8c, 0x15, 0xfd, 0x3a, 0x95, 0xcd, 0x76, 0x9c, 0x84, 0x4d, 0xef, 0x2d, - 0xe9, 0xd6, 0x7f, 0x2a, 0x67, 0xc6, 0xd7, 0x24, 0x7d, 0xee, 0x7b, 0xaa, 0xbf, 0x58, 0x73, 0x66, - 0x72, 0xd4, 0xbc, 0x88, 0xb9, 0xe9, 0x3b, 0x13, 0x70, 0x2c, 0x72, 0xcc, 0x49, 0xfa, 0x5c, 0x0e, - 0xf5, 0x17, 0x6b, 0xce, 0x68, 0x07, 0x06, 0x5b, 0x7e, 0xbb, 0xe1, 0x05, 0x13, 0xc3, 0x4c, 0x86, - 0x1b, 0x39, 0xcb, 0xb0, 0xc2, 0x88, 0xf3, 0xcd, 0x15, 0xfe, 0x1b, 0x0b, 0x86, 0xe8, 0x19, 0x28, - 0xb9, 0x1b, 0x4e, 0x94, 0x4c, 0x8c, 0xb0, 0x41, 0xa3, 0x7c, 0xe0, 0x59, 0xda, 0x88, 0x39, 0x0c, - 0x3d, 0x0d, 0xc5, 0x88, 0xd4, 0x59, 0x50, 0x94, 0x71, 0x5c, 0x8e, 0x49, 0x1d, 0xd3, 0x76, 0xfb, - 0xef, 0x14, 0xd2, 0xc6, 0x45, 0xfa, 0xbd, 0xf9, 0x68, 0x77, 0xdb, 0x51, 0x2c, 0xfd, 0x64, 0x63, - 0xb4, 0xb3, 0x66, 0x2c, 0xe1, 0xe8, 0x8b, 0x16, 0x0c, 0xdd, 0x8e, 0xc3, 0x20, 0x20, 0x89, 0x50, - 0xe4, 0x37, 0x73, 0xee, 0x8a, 0xab, 0x9c, 0xba, 0x96, 0x41, 0x34, 0x60, 0xc9, 0x97, 0x8a, 0x4b, - 0xb6, 0x5d, 0xbf, 0x5d, 0xeb, 0x38, 0x25, 0xbd, 0xc4, 0x9b, 0xb1, 0x84, 0x53, 0x54, 0x2f, 0xe0, - 0xa8, 0x03, 0x69, 0xd4, 0x85, 0x40, 0xa0, 0x0a, 0xb8, 0xfd, 0xdb, 0x25, 0x38, 0xd3, 0x75, 0x72, - 0xd0, 0x65, 0x9f, 0x2d, 0xac, 0x97, 0x3d, 0x9f, 0xc8, 0xb3, 0x7f, 0xb6, 0xec, 0xdf, 0x54, 0xad, - 0xd8, 0xc0, 0x40, 0x3f, 0x0f, 0xd0, 0x72, 0x22, 0xa7, 0x49, 0xc4, 0x72, 0x57, 0x3c, 0xfa, 0xea, - 0x4a, 0xe5, 0x58, 0x91, 0x34, 0xb5, 0xb7, 0xa5, 0x9a, 0x62, 0x6c, 0xb0, 0x44, 0x1f, 0x87, 0xe1, - 0x88, 0xf8, 0xc4, 0x89, 0x59, 0x4c, 0x5d, 0x36, 0x40, 0x18, 0x6b, 0x10, 0x36, 0xf1, 0xd0, 0xb3, - 0x2a, 0x4c, 0x22, 0x73, 0xa4, 0x9c, 0x0e, 0x95, 0x40, 0x6f, 0x5b, 0x30, 0x56, 0xf7, 0x7c, 0xa2, - 0xb9, 0x8b, 0x70, 0xde, 0xe5, 0xa3, 0xbf, 0xe4, 0x65, 0x93, 0xae, 0xd6, 0x90, 0xa9, 0xe6, 0x18, - 0x67, 0xd8, 0xd3, 0xcf, 0xbc, 0x45, 0x22, 0xa6, 0x5a, 0x07, 0xd3, 0x9f, 0xf9, 0x26, 0x6f, 0xc6, - 0x12, 0x8e, 0x66, 0xe0, 0x44, 0xcb, 0x89, 0xe3, 0xd9, 0x88, 0xd4, 0x48, 0x90, 0x78, 0x8e, 0xcf, - 0x83, 0x6d, 0xcb, 0x3a, 0xd8, 0x6e, 0x25, 0x0d, 0xc6, 0x59, 0x7c, 0xf4, 0x69, 0x78, 0xdc, 0x6b, - 0x04, 0x61, 0x44, 0x96, 0xbc, 0x38, 0xf6, 0x82, 0x86, 0x1e, 0x06, 0x4c, 0x53, 0x96, 0xab, 0x93, - 0x82, 0xd4, 0xe3, 0x0b, 0xdd, 0xd1, 0x70, 0xaf, 0xe7, 0xd1, 0xf3, 0x50, 0x8e, 0x37, 0xbd, 0xd6, - 0x6c, 0x54, 0x8b, 0xd9, 0x46, 0x67, 0x59, 0xef, 0xce, 0xac, 0x8a, 0x76, 0xac, 0x30, 0xec, 0x5f, - 0x29, 0xa4, 0xdd, 0x3b, 0x73, 0xfe, 0xa0, 0x98, 0xce, 0x92, 0xe4, 0xa6, 0x13, 0x49, 0xd7, 0xff, - 0x88, 0xe1, 0xba, 0x82, 0xee, 0x4d, 0x27, 0x32, 0xe7, 0x1b, 0x63, 0x80, 0x25, 0x27, 0x74, 0x1b, - 0x06, 0x12, 0xdf, 0xc9, 0x29, 0xbe, 0xdf, 0xe0, 0xa8, 0xbd, 0xed, 0xc5, 0x99, 0x18, 0x33, 0x1e, - 0xe8, 0x29, 0x6a, 0xbe, 0xae, 0xcb, 0x98, 0x1e, 0x61, 0x71, 0xae, 0xc7, 0x98, 0xb5, 0xda, 0xff, - 0xb7, 0xdc, 0x45, 0xe5, 0xa9, 0x35, 0x06, 0x5d, 0x00, 0xa0, 0x9e, 0xd0, 0x4a, 0x44, 0xea, 0xde, - 0xb6, 0x58, 0xe3, 0xd5, 0xb4, 0xba, 0xae, 0x20, 0xd8, 0xc0, 0x92, 0xcf, 0xac, 0xb6, 0xeb, 0xf4, - 0x99, 0x42, 0xe7, 0x33, 0x1c, 0x82, 0x0d, 0x2c, 0xf4, 0x12, 0x0c, 0x7a, 0x4d, 0xa7, 0xa1, 0x42, - 0x8f, 0x9e, 0xa2, 0xf3, 0x69, 0x81, 0xb5, 0xdc, 0xdb, 0x9d, 0x1c, 0x53, 0x02, 0xb1, 0x26, 0x2c, - 0x70, 0xd1, 0x6f, 0x58, 0x30, 0xe2, 0x86, 0xcd, 0x66, 0x18, 0x70, 0xff, 0x41, 0x38, 0x43, 0xb7, - 0x8f, 0x6b, 0x05, 0x9e, 0x9a, 0x35, 0x98, 0x71, 0x6f, 0x48, 0x25, 0x22, 0x98, 0x20, 0x9c, 0x92, - 0xca, 0x9c, 0x76, 0xa5, 0x7d, 0xa6, 0xdd, 0xef, 0x58, 0x30, 0xce, 0x9f, 0x35, 0xdc, 0x1a, 0x11, - 0x73, 0x1f, 0x1e, 0xf3, 0x6b, 0x75, 0x78, 0x7a, 0x6a, 0x4b, 0xa8, 0x03, 0x8e, 0x3b, 0x85, 0x44, - 0xf3, 0x30, 0x5e, 0x0f, 0x23, 0x97, 0x98, 0x1d, 0x21, 0x74, 0x86, 0x22, 0x74, 0x39, 0x8b, 0x80, - 0x3b, 0x9f, 0x41, 0x37, 0xe1, 0x31, 0xa3, 0xd1, 0xec, 0x07, 0xae, 0x36, 0xce, 0x09, 0x6a, 0x8f, - 0x5d, 0xee, 0x8a, 0x85, 0x7b, 0x3c, 0x9d, 0xf6, 0xfc, 0x2b, 0x7d, 0x78, 0xfe, 0x6f, 0xc2, 0x13, - 0x6e, 0x67, 0xcf, 0x6c, 0xc5, 0xed, 0xf5, 0x38, 0x61, 0x46, 0x56, 0xb9, 0xfa, 0xff, 0x09, 0x02, - 0x4f, 0xcc, 0xf6, 0x42, 0xc4, 0xbd, 0x69, 0xa0, 0xcf, 0x41, 0x39, 0x22, 0xec, 0xab, 0xc4, 0x22, - 0x00, 0xfd, 0x88, 0xee, 0x9e, 0x36, 0x0e, 0x39, 0x59, 0xad, 0x16, 0x45, 0x43, 0x8c, 0x15, 0xc7, - 0xb3, 0x9f, 0x84, 0xf1, 0x8e, 0xf1, 0x7c, 0x20, 0xe7, 0x7b, 0x0e, 0x1e, 0xeb, 0x3e, 0x72, 0x0e, - 0xe4, 0x82, 0xff, 0xa3, 0x4c, 0x5c, 0x95, 0x61, 0xe8, 0xf5, 0xb1, 0x9d, 0xe3, 0x40, 0x91, 0x04, - 0x5b, 0x42, 0x91, 0x5e, 0x3e, 0x5a, 0xef, 0x5d, 0x0a, 0xb6, 0xf8, 0xc0, 0x67, 0x3e, 0xeb, 0xa5, - 0x60, 0x0b, 0x53, 0xda, 0xe8, 0x1d, 0x2b, 0x65, 0xa8, 0xf0, 0x4d, 0xa0, 0xcf, 0x1c, 0x8b, 0x65, - 0xdb, 0xb7, 0xed, 0x62, 0xff, 0x9b, 0x02, 0x9c, 0xdf, 0x8f, 0x48, 0x1f, 0xdd, 0xf7, 0x0c, 0x0c, - 0xc6, 0xec, 0x60, 0x4b, 0x68, 0xa6, 0x61, 0xaa, 0x95, 0xf8, 0x51, 0xd7, 0x9b, 0x58, 0x80, 0x90, - 0x0f, 0xc5, 0xa6, 0xd3, 0x12, 0x7b, 0x03, 0x0b, 0x47, 0x8d, 0xa2, 0xa6, 0xff, 0x1d, 0x7f, 0xc9, - 0x69, 0x71, 0x8f, 0xd3, 0x68, 0xc0, 0x94, 0x0d, 0x4a, 0xa0, 0xe4, 0x44, 0x91, 0x23, 0x4f, 0x51, - 0xae, 0xe5, 0xc3, 0x6f, 0x86, 0x92, 0xac, 0x8e, 0xef, 0xed, 0x4e, 0x8e, 0xa6, 0x9a, 0x30, 0x67, - 0x66, 0x7f, 0x6d, 0x28, 0x15, 0x49, 0xcc, 0x8e, 0xc6, 0x62, 0x18, 0x14, 0x5b, 0x02, 0x56, 0xde, - 0xc1, 0xeb, 0x3c, 0x15, 0x84, 0xf9, 0x31, 0x22, 0xa1, 0x4e, 0xb0, 0x42, 0x5f, 0xb5, 0x58, 0xda, - 0x9a, 0x8c, 0xae, 0x16, 0xde, 0xc3, 0xf1, 0x64, 0xd1, 0x99, 0xc9, 0x70, 0xb2, 0x11, 0x9b, 0xdc, - 0xe9, 0xd2, 0xd5, 0xe2, 0x09, 0x18, 0x59, 0x1f, 0x42, 0x26, 0xb6, 0x49, 0x38, 0xda, 0xee, 0x72, - 0x04, 0x96, 0x43, 0xea, 0x53, 0x1f, 0x87, 0x5e, 0xdf, 0xb1, 0x60, 0x9c, 0x5b, 0x8a, 0x73, 0x5e, - 0xbd, 0x4e, 0x22, 0x12, 0xb8, 0x44, 0xda, 0xda, 0x47, 0x3c, 0x64, 0x95, 0xfb, 0x30, 0x0b, 0x59, - 0xf2, 0x7a, 0x4d, 0xeb, 0x00, 0xe1, 0x4e, 0x61, 0x50, 0x0d, 0x06, 0xbc, 0xa0, 0x1e, 0x8a, 0x95, - 0xbc, 0x7a, 0x34, 0xa1, 0x16, 0x82, 0x7a, 0xa8, 0x67, 0x33, 0xfd, 0x87, 0x19, 0x75, 0xb4, 0x08, - 0xa7, 0x23, 0xb1, 0x1b, 0x72, 0xc5, 0x8b, 0xa9, 0xcf, 0xba, 0xe8, 0x35, 0xbd, 0x84, 0xad, 0xc2, - 0xc5, 0xea, 0xc4, 0xde, 0xee, 0xe4, 0x69, 0xdc, 0x05, 0x8e, 0xbb, 0x3e, 0x85, 0xde, 0x82, 0x21, - 0x99, 0x67, 0x57, 0xce, 0xc3, 0x6f, 0xe9, 0x1c, 0xff, 0x6a, 0x30, 0xad, 0x8a, 0x94, 0x3a, 0xc9, - 0xd0, 0x7e, 0x7b, 0x18, 0x3a, 0x0f, 0xa2, 0xd0, 0xcf, 0x41, 0x25, 0x52, 0xb9, 0x7f, 0x56, 0x1e, - 0x21, 0x54, 0xf2, 0xfb, 0x8a, 0x43, 0x30, 0x65, 0x0f, 0xe8, 0x2c, 0x3f, 0xcd, 0x91, 0x5a, 0xed, - 0xb1, 0x3e, 0xaf, 0xca, 0x61, 0x6c, 0x0b, 0xae, 0xfa, 0x9c, 0x63, 0x27, 0x70, 0x31, 0xe3, 0x81, - 0x22, 0x18, 0xdc, 0x20, 0x8e, 0x9f, 0x6c, 0xe4, 0xb3, 0x25, 0x7b, 0x85, 0xd1, 0xca, 0x46, 0x89, - 0xf3, 0x56, 0x2c, 0x38, 0xa1, 0x6d, 0x18, 0xda, 0xe0, 0x03, 0x40, 0x18, 0xd2, 0x4b, 0x47, 0xed, - 0xdc, 0xd4, 0xa8, 0xd2, 0x9f, 0x5b, 0x34, 0x60, 0xc9, 0x8e, 0x9d, 0x9f, 0x1b, 0x67, 0xb0, 0x7c, - 0xea, 0xe6, 0x17, 0x20, 0xdf, 0xff, 0x01, 0xec, 0x67, 0x61, 0x24, 0x22, 0x6e, 0x18, 0xb8, 0x9e, - 0x4f, 0x6a, 0x33, 0x72, 0xbb, 0xf5, 0x20, 0x61, 0xd5, 0x27, 0xa9, 0x33, 0x80, 0x0d, 0x1a, 0x38, - 0x45, 0x11, 0x7d, 0xc5, 0x82, 0x31, 0x95, 0x30, 0x44, 0x3f, 0x08, 0x11, 0x1b, 0x96, 0x8b, 0x39, - 0xa5, 0x27, 0x31, 0x9a, 0x55, 0xb4, 0xb7, 0x3b, 0x39, 0x96, 0x6e, 0xc3, 0x19, 0xbe, 0xe8, 0x35, - 0x80, 0x70, 0x9d, 0x1f, 0x92, 0xcf, 0x24, 0x62, 0xf7, 0xf2, 0x20, 0xaf, 0x3a, 0xc6, 0xf3, 0x2b, - 0x24, 0x05, 0x6c, 0x50, 0x43, 0xd7, 0x00, 0xf8, 0xb4, 0x59, 0xdb, 0x69, 0x49, 0x6b, 0x5b, 0xc6, - 0xc5, 0xc3, 0xaa, 0x82, 0xdc, 0xdb, 0x9d, 0xec, 0xdc, 0x4d, 0x62, 0x47, 0xc5, 0xc6, 0xe3, 0xe8, - 0x67, 0x61, 0x28, 0x6e, 0x37, 0x9b, 0x8e, 0xda, 0xdb, 0xcc, 0x31, 0x63, 0x83, 0xd3, 0x35, 0x54, - 0x11, 0x6f, 0xc0, 0x92, 0x23, 0xba, 0x4d, 0x95, 0x6a, 0x2c, 0xb6, 0xb9, 0xd8, 0x2c, 0xe2, 0x36, - 0xc1, 0x30, 0x7b, 0xa7, 0x4f, 0x88, 0xe7, 0x4e, 0xe3, 0x2e, 0x38, 0xf7, 0x76, 0x27, 0x1f, 0x4b, - 0xb7, 0x2f, 0x86, 0x22, 0x87, 0xa2, 0x2b, 0x4d, 0x74, 0x55, 0xa6, 0xdd, 0xd3, 0xd7, 0x96, 0xd9, - 0xa0, 0xcf, 0xe9, 0xb4, 0x7b, 0xd6, 0xdc, 0xbb, 0xcf, 0xcc, 0x87, 0xd1, 0x12, 0x9c, 0x72, 0xc3, - 0x20, 0x89, 0x42, 0xdf, 0xe7, 0xb5, 0x24, 0xb8, 0xe3, 0xc3, 0xf7, 0x3e, 0x9f, 0x14, 0x62, 0x9f, - 0x9a, 0xed, 0x44, 0xc1, 0xdd, 0x9e, 0xb3, 0x83, 0x74, 0xf4, 0x90, 0xe8, 0x9c, 0x97, 0x60, 0x84, - 0x6c, 0x27, 0x24, 0x0a, 0x1c, 0xff, 0x06, 0x5e, 0x94, 0xbb, 0x7e, 0x6c, 0x0e, 0x5c, 0x32, 0xda, - 0x71, 0x0a, 0x0b, 0xd9, 0xca, 0xdb, 0x2f, 0xe8, 0x44, 0x23, 0xee, 0xed, 0x4b, 0xdf, 0xde, 0xfe, - 0x3f, 0x85, 0x94, 0x41, 0xb6, 0x16, 0x11, 0x82, 0x42, 0x28, 0x05, 0x61, 0x4d, 0xe9, 0xfe, 0xab, - 0xf9, 0xe8, 0xfe, 0xeb, 0x61, 0xcd, 0xc8, 0xcd, 0xa7, 0xff, 0x62, 0xcc, 0xf9, 0xb0, 0xe4, 0x65, - 0x99, 0xe5, 0xcd, 0x00, 0xc2, 0xd1, 0xc8, 0x93, 0xb3, 0x4a, 0x5e, 0x5e, 0x36, 0x19, 0xe1, 0x34, - 0x5f, 0xb4, 0x09, 0xa5, 0x8d, 0x30, 0x4e, 0xa4, 0xfb, 0x71, 0x44, 0x4f, 0xe7, 0x4a, 0x18, 0x27, - 0xcc, 0x8a, 0x50, 0xaf, 0x4d, 0x5b, 0x62, 0xcc, 0x79, 0xd8, 0xff, 0xc5, 0x4a, 0xed, 0xf1, 0xde, - 0x62, 0x91, 0x74, 0x5b, 0x24, 0xa0, 0xd3, 0xda, 0x0c, 0xee, 0xf8, 0x0b, 0x99, 0x44, 0x97, 0x0f, - 0xf7, 0xaa, 0x94, 0x72, 0x97, 0x52, 0x98, 0x62, 0x24, 0x8c, 0x38, 0x90, 0x2f, 0x58, 0xe9, 0x94, - 0xa3, 0x42, 0x1e, 0x0e, 0x86, 0x99, 0x52, 0xb7, 0x6f, 0xf6, 0x92, 0xfd, 0x8e, 0x05, 0x43, 0x55, - 0xc7, 0xdd, 0x0c, 0xeb, 0x75, 0xf4, 0x3c, 0x94, 0x6b, 0xed, 0xc8, 0xcc, 0x7e, 0x52, 0xde, 0xf3, - 0x9c, 0x68, 0xc7, 0x0a, 0x83, 0x8e, 0xe1, 0xba, 0xe3, 0xca, 0xc4, 0xba, 0x22, 0x1f, 0xc3, 0x97, - 0x59, 0x0b, 0x16, 0x10, 0xf4, 0x71, 0x18, 0x6e, 0x3a, 0xdb, 0xf2, 0xe1, 0xec, 0x06, 0xf3, 0x92, - 0x06, 0x61, 0x13, 0xcf, 0xfe, 0x97, 0x16, 0x4c, 0x54, 0x9d, 0xd8, 0x73, 0x67, 0xda, 0xc9, 0x46, - 0xd5, 0x4b, 0xd6, 0xdb, 0xee, 0x26, 0x49, 0x78, 0x36, 0x25, 0x95, 0xb2, 0x1d, 0xd3, 0xa9, 0xa4, - 0xfc, 0x3a, 0x25, 0xe5, 0x0d, 0xd1, 0x8e, 0x15, 0x06, 0x7a, 0x0b, 0x86, 0x5b, 0x4e, 0x1c, 0xdf, - 0x0d, 0xa3, 0x1a, 0x26, 0xf5, 0x7c, 0x72, 0x99, 0x57, 0x89, 0x1b, 0x91, 0x04, 0x93, 0xba, 0x38, - 0x32, 0xd4, 0xf4, 0xb1, 0xc9, 0xcc, 0xfe, 0xeb, 0x16, 0x8c, 0xb0, 0xd3, 0x97, 0x39, 0x92, 0x38, - 0x9e, 0xdf, 0x51, 0x90, 0xc3, 0xea, 0xb3, 0x20, 0xc7, 0x79, 0x18, 0xd8, 0x08, 0x9b, 0x24, 0x7b, - 0x72, 0x78, 0x25, 0xa4, 0x5e, 0x2c, 0x85, 0xa0, 0x17, 0x69, 0x3f, 0x7b, 0x41, 0xe2, 0xd0, 0x11, - 0x27, 0xb7, 0x10, 0x4f, 0xf0, 0x3e, 0x56, 0xcd, 0xd8, 0xc4, 0xb1, 0x7f, 0xb7, 0x02, 0x43, 0xe2, - 0x30, 0xb6, 0xef, 0x04, 0x56, 0xe9, 0x4e, 0x17, 0x7a, 0xba, 0xd3, 0x31, 0x0c, 0xba, 0xac, 0xdc, - 0x8f, 0xb0, 0xda, 0xae, 0xe5, 0x72, 0x7a, 0xcf, 0x2b, 0x08, 0x69, 0xb1, 0xf8, 0x7f, 0x2c, 0x58, - 0xa1, 0x6f, 0x5a, 0x70, 0xc2, 0x0d, 0x83, 0x80, 0xb8, 0xda, 0xa4, 0x18, 0xc8, 0x23, 0x1e, 0x67, - 0x36, 0x4d, 0x54, 0x6f, 0xfd, 0x67, 0x00, 0x38, 0xcb, 0x1e, 0xbd, 0x0c, 0xa3, 0xbc, 0xcf, 0x6e, - 0xa6, 0xf6, 0x3d, 0x75, 0x9d, 0x06, 0x13, 0x88, 0xd3, 0xb8, 0x68, 0x8a, 0xef, 0x1f, 0x8b, 0x8a, - 0x08, 0x83, 0xfa, 0x1c, 0xc9, 0xa8, 0x85, 0x60, 0x60, 0xa0, 0x08, 0x50, 0x44, 0xea, 0x11, 0x89, - 0x37, 0xc4, 0x61, 0x35, 0x33, 0x67, 0x86, 0x0e, 0x97, 0x10, 0x87, 0x3b, 0x28, 0xe1, 0x2e, 0xd4, - 0xd1, 0xa6, 0xf0, 0xe7, 0xca, 0x79, 0xa8, 0x2c, 0xf1, 0x99, 0x7b, 0xba, 0x75, 0x93, 0x50, 0x8a, - 0x37, 0x9c, 0xa8, 0xc6, 0xcc, 0xa8, 0x22, 0x8f, 0xfb, 0x5e, 0xa5, 0x0d, 0x98, 0xb7, 0xa3, 0x39, - 0x38, 0x99, 0xa9, 0x32, 0x11, 0x8b, 0xfd, 0x49, 0x15, 0x1f, 0x9d, 0xa9, 0x4f, 0x11, 0xe3, 0x8e, - 0x27, 0x4c, 0x5f, 0x7f, 0x78, 0x1f, 0x5f, 0x7f, 0x47, 0x85, 0x44, 0x8d, 0xb0, 0xe5, 0xe8, 0xd5, - 0x5c, 0x3a, 0xa0, 0xaf, 0xf8, 0xa7, 0xaf, 0x67, 0xe2, 0x9f, 0x46, 0x99, 0x00, 0x37, 0xf3, 0x11, - 0xe0, 0xe0, 0xc1, 0x4e, 0x0f, 0x33, 0x78, 0xe9, 0x7f, 0x5b, 0x20, 0xbf, 0xeb, 0xac, 0xe3, 0x6e, - 0x10, 0x3a, 0x64, 0xd0, 0x2b, 0x30, 0xa6, 0x3c, 0xd6, 0xd9, 0xb0, 0x1d, 0xf0, 0xb8, 0xa5, 0xa2, - 0x3e, 0x23, 0xc4, 0x29, 0x28, 0xce, 0x60, 0xa3, 0x69, 0xa8, 0xd0, 0x7e, 0xe2, 0x8f, 0xf2, 0xa5, - 0x4d, 0x79, 0xc5, 0x33, 0x2b, 0x0b, 0xe2, 0x29, 0x8d, 0x83, 0x42, 0x18, 0xf7, 0x9d, 0x38, 0x61, - 0x12, 0x50, 0x07, 0xf6, 0x90, 0xe9, 0xa8, 0xac, 0xc8, 0xce, 0x62, 0x96, 0x10, 0xee, 0xa4, 0x6d, - 0x7f, 0x7f, 0x00, 0x46, 0x53, 0x9a, 0xf1, 0x80, 0x6b, 0xe2, 0xf3, 0x50, 0x96, 0xcb, 0x54, 0x36, - 0x29, 0x5e, 0xad, 0x65, 0x0a, 0x83, 0x2e, 0x5a, 0xeb, 0xc4, 0x89, 0x48, 0xc4, 0xea, 0x77, 0x64, - 0xd7, 0xf0, 0xaa, 0x06, 0x61, 0x13, 0x8f, 0x29, 0xe5, 0xc4, 0x8f, 0x67, 0x7d, 0x8f, 0x04, 0x09, - 0x17, 0x33, 0x1f, 0xa5, 0xbc, 0xb6, 0xb8, 0x6a, 0x12, 0xd5, 0x4a, 0x39, 0x03, 0xc0, 0x59, 0xf6, - 0xe8, 0x4b, 0x16, 0x8c, 0x3a, 0x77, 0x63, 0x5d, 0x93, 0x4e, 0x44, 0x3a, 0x1d, 0x71, 0x91, 0x4a, - 0x95, 0xb9, 0xe3, 0x3b, 0xac, 0xa9, 0x26, 0x9c, 0x66, 0x8a, 0xbe, 0x6d, 0x01, 0x22, 0xdb, 0xc4, - 0x95, 0xb1, 0x58, 0x42, 0x96, 0xc1, 0x3c, 0x1c, 0xbb, 0x4b, 0x1d, 0x74, 0xb9, 0x56, 0xef, 0x6c, - 0xc7, 0x5d, 0x64, 0xb0, 0xff, 0x69, 0x51, 0x4d, 0x28, 0x1d, 0xfe, 0xe7, 0x18, 0x49, 0x35, 0xd6, - 0xe1, 0x93, 0x6a, 0xf4, 0x01, 0x75, 0x47, 0x62, 0x4d, 0x3a, 0x87, 0xa1, 0xf0, 0x90, 0x72, 0x18, - 0x7e, 0xc1, 0x4a, 0x95, 0x7f, 0x18, 0xbe, 0xf0, 0x5a, 0xbe, 0xa1, 0x87, 0x53, 0x3c, 0x3c, 0x22, - 0xa3, 0xdd, 0xd3, 0x31, 0x13, 0x54, 0x9b, 0x1a, 0x68, 0x07, 0xd2, 0x86, 0xff, 0xa1, 0x08, 0xc3, - 0xc6, 0x4a, 0xda, 0xd5, 0x2c, 0xb2, 0x1e, 0x31, 0xb3, 0xa8, 0x70, 0x00, 0xb3, 0xe8, 0xe7, 0xa1, - 0xe2, 0x4a, 0x2d, 0x9f, 0x4f, 0x01, 0xc4, 0xec, 0xda, 0xa1, 0x15, 0xbd, 0x6a, 0xc2, 0x9a, 0x27, - 0x9a, 0x4f, 0xe5, 0x26, 0x88, 0x15, 0x62, 0x80, 0xad, 0x10, 0xdd, 0x92, 0x07, 0xc4, 0x4a, 0xd1, - 0xf9, 0x0c, 0xab, 0x12, 0xd2, 0xf2, 0xc4, 0x7b, 0xc9, 0x00, 0x61, 0x5e, 0x25, 0x64, 0x65, 0x41, - 0x36, 0x63, 0x13, 0xc7, 0xfe, 0xbe, 0xa5, 0x3e, 0xee, 0x03, 0x48, 0xd3, 0xbd, 0x9d, 0x4e, 0xd3, - 0xbd, 0x94, 0x4b, 0x37, 0xf7, 0xc8, 0xcf, 0xbd, 0x0e, 0x43, 0xb3, 0x61, 0xb3, 0xe9, 0x04, 0x35, - 0xf4, 0x63, 0x30, 0xe4, 0xf2, 0x9f, 0x62, 0x1f, 0x85, 0x9d, 0xc6, 0x09, 0x28, 0x96, 0x30, 0xf4, - 0x14, 0x0c, 0x38, 0x51, 0x43, 0xee, 0x9d, 0xb0, 0x80, 0x8e, 0x99, 0xa8, 0x11, 0x63, 0xd6, 0x6a, - 0xbf, 0x5d, 0x04, 0x98, 0x0d, 0x9b, 0x2d, 0x27, 0x22, 0xb5, 0xb5, 0x90, 0x15, 0x60, 0x3a, 0xd6, - 0x33, 0x2c, 0xed, 0x2c, 0x3d, 0xca, 0xe7, 0x58, 0xc6, 0x59, 0x46, 0xf1, 0x41, 0x9f, 0x65, 0x7c, - 0xcd, 0x02, 0x44, 0xbf, 0x48, 0x18, 0x90, 0x20, 0xd1, 0x87, 0xb3, 0xd3, 0x50, 0x71, 0x65, 0xab, - 0xb0, 0x5a, 0xf4, 0xfc, 0x93, 0x00, 0xac, 0x71, 0xfa, 0x70, 0x3f, 0x9f, 0x91, 0xca, 0xb1, 0x98, - 0x8e, 0x81, 0x64, 0x2a, 0x55, 0xe8, 0x4a, 0xfb, 0xf7, 0x0a, 0xf0, 0x18, 0x5f, 0xef, 0x96, 0x9c, - 0xc0, 0x69, 0x90, 0x26, 0x95, 0xaa, 0xdf, 0xe3, 0x76, 0x97, 0xfa, 0x3d, 0x9e, 0x8c, 0x69, 0x3c, - 0xea, 0xc4, 0xe0, 0x03, 0x9a, 0x0f, 0xe1, 0x85, 0xc0, 0x4b, 0x30, 0x23, 0x8e, 0x62, 0x28, 0xcb, - 0x72, 0xba, 0x42, 0xd1, 0xe5, 0xc4, 0x48, 0xcd, 0x79, 0xb1, 0x28, 0x11, 0xac, 0x18, 0x51, 0xab, - 0xd0, 0x0f, 0xdd, 0x4d, 0x4c, 0x5a, 0x21, 0x53, 0x6a, 0x46, 0x48, 0xd9, 0xa2, 0x68, 0xc7, 0x0a, - 0xc3, 0xfe, 0x3d, 0x0b, 0xb2, 0xea, 0xde, 0x28, 0x35, 0x63, 0xdd, 0xb7, 0xd4, 0xcc, 0x01, 0x6a, - 0xbd, 0xfc, 0x0c, 0x0c, 0x3b, 0x09, 0x5d, 0xa1, 0xb9, 0x4f, 0x5b, 0x3c, 0xdc, 0x16, 0xfd, 0x52, - 0x58, 0xf3, 0xea, 0x1e, 0xf3, 0x65, 0x4d, 0x72, 0xf6, 0xff, 0x1c, 0x80, 0xf1, 0x8e, 0x38, 0x75, - 0x74, 0x11, 0x46, 0x5c, 0x31, 0x3c, 0x5a, 0x98, 0xd4, 0xc5, 0xcb, 0x18, 0x71, 0x4e, 0x1a, 0x86, - 0x53, 0x98, 0x7d, 0x0c, 0xd0, 0x05, 0x38, 0x15, 0x51, 0x2f, 0xba, 0x4d, 0x66, 0xea, 0x09, 0x89, - 0x56, 0x89, 0x1b, 0x06, 0x35, 0x5e, 0x10, 0xa9, 0x58, 0x7d, 0x7c, 0x6f, 0x77, 0xf2, 0x14, 0xee, - 0x04, 0xe3, 0x6e, 0xcf, 0xa0, 0x16, 0x8c, 0xfa, 0xa6, 0x81, 0x25, 0xac, 0xeb, 0x43, 0xd9, 0x66, - 0x6a, 0x01, 0x4e, 0x35, 0xe3, 0x34, 0x83, 0xb4, 0x95, 0x56, 0x7a, 0x48, 0x56, 0xda, 0x2f, 0x6a, - 0x2b, 0x8d, 0x9f, 0x25, 0xbf, 0x9e, 0x73, 0x9e, 0xc2, 0x71, 0x9b, 0x69, 0xaf, 0x42, 0x59, 0xc6, - 0xd9, 0xf4, 0x15, 0x9f, 0x62, 0xd2, 0xe9, 0xa1, 0xd1, 0xee, 0x15, 0xa0, 0x8b, 0x85, 0x4f, 0xe7, - 0x99, 0x5e, 0x4e, 0x53, 0xf3, 0xec, 0x60, 0x4b, 0x2a, 0xda, 0xe6, 0x31, 0x46, 0x7c, 0xe1, 0xf8, - 0x74, 0xde, 0x1e, 0x8a, 0x0e, 0x3b, 0x52, 0x01, 0xe9, 0x2a, 0xf4, 0xe8, 0x02, 0x80, 0xb6, 0x82, - 0x44, 0xb8, 0xb1, 0x3a, 0xc2, 0xd4, 0xc6, 0x12, 0x36, 0xb0, 0xa8, 0xc3, 0xea, 0x05, 0x71, 0xe2, - 0xf8, 0xfe, 0x15, 0x2f, 0x48, 0xc4, 0xce, 0x9b, 0x5a, 0x21, 0x17, 0x34, 0x08, 0x9b, 0x78, 0x67, - 0x3f, 0x61, 0x7c, 0x97, 0x83, 0x7c, 0xcf, 0x0d, 0x78, 0x62, 0xde, 0x4b, 0x54, 0x90, 0xbc, 0x1a, - 0x47, 0xd4, 0xc8, 0x51, 0x49, 0x1f, 0x56, 0xcf, 0xa4, 0x0f, 0x23, 0x48, 0xbd, 0x90, 0x8e, 0xa9, - 0xcf, 0x06, 0xa9, 0xdb, 0x17, 0xe1, 0xf4, 0xbc, 0x97, 0x5c, 0xf6, 0x7c, 0x72, 0x40, 0x26, 0xf6, - 0x97, 0x4a, 0x30, 0x62, 0x26, 0x25, 0x1d, 0x24, 0x6f, 0xe5, 0x1b, 0xd4, 0x8e, 0x11, 0x6f, 0xe7, - 0xa9, 0x03, 0xa0, 0x5b, 0x47, 0xce, 0x90, 0xea, 0xde, 0x63, 0x86, 0x29, 0xa3, 0x79, 0x62, 0x53, - 0x00, 0x74, 0x17, 0x4a, 0x75, 0x16, 0x44, 0x5d, 0xcc, 0xe3, 0x94, 0xbc, 0x5b, 0x8f, 0xea, 0x69, - 0xc6, 0xc3, 0xb0, 0x39, 0x3f, 0xba, 0x42, 0x46, 0xe9, 0xcc, 0x1c, 0x23, 0xba, 0x50, 0xe4, 0xe4, - 0x28, 0x8c, 0x5e, 0xaa, 0xbe, 0x74, 0x08, 0x55, 0x9f, 0x52, 0xbc, 0x83, 0x0f, 0x49, 0xf1, 0xb2, - 0x80, 0xf8, 0x64, 0x83, 0xd9, 0x6f, 0x22, 0x1c, 0x7a, 0x88, 0x75, 0x82, 0x11, 0x10, 0x9f, 0x02, - 0xe3, 0x2c, 0xbe, 0xfd, 0xb5, 0x02, 0x8c, 0xcd, 0x07, 0xed, 0x95, 0xf9, 0x95, 0xf6, 0xba, 0xef, - 0xb9, 0xd7, 0xc8, 0x0e, 0xd5, 0x6f, 0x9b, 0x64, 0x67, 0x61, 0x4e, 0x0c, 0x43, 0xd5, 0xf1, 0xd7, - 0x68, 0x23, 0xe6, 0x30, 0x3a, 0xa3, 0xeb, 0x5e, 0xd0, 0x20, 0x51, 0x2b, 0xf2, 0xc4, 0xa6, 0x9c, - 0x31, 0xa3, 0x2f, 0x6b, 0x10, 0x36, 0xf1, 0x28, 0xed, 0xf0, 0x6e, 0x40, 0xa2, 0xac, 0x35, 0xb8, - 0x4c, 0x1b, 0x31, 0x87, 0x51, 0xa4, 0x24, 0x6a, 0xc7, 0x89, 0xf8, 0xa2, 0x0a, 0x69, 0x8d, 0x36, - 0x62, 0x0e, 0xa3, 0xd3, 0x25, 0x6e, 0xaf, 0xb3, 0x93, 0xfc, 0x4c, 0x00, 0xf3, 0x2a, 0x6f, 0xc6, - 0x12, 0x4e, 0x51, 0x37, 0xc9, 0xce, 0x1c, 0xf5, 0xcb, 0x32, 0x29, 0x06, 0xd7, 0x78, 0x33, 0x96, - 0x70, 0x56, 0x81, 0x29, 0xdd, 0x1d, 0x3f, 0x74, 0x15, 0x98, 0xd2, 0xe2, 0xf7, 0xf0, 0xf0, 0x7e, - 0xcd, 0x82, 0x11, 0x33, 0xfe, 0x06, 0x35, 0x32, 0x86, 0xe2, 0x72, 0x47, 0x35, 0xbd, 0x9f, 0xea, - 0x76, 0x75, 0x48, 0xc3, 0x4b, 0xc2, 0x56, 0xfc, 0x02, 0x09, 0x1a, 0x5e, 0x40, 0xd8, 0xb1, 0x2a, - 0x8f, 0xdb, 0x49, 0x05, 0xf7, 0xcc, 0x86, 0x35, 0x72, 0x08, 0x4b, 0xd3, 0xbe, 0x05, 0xe3, 0x1d, - 0x79, 0x25, 0x7d, 0xac, 0xcf, 0xfb, 0x66, 0xf5, 0xd9, 0x18, 0x86, 0x29, 0x61, 0x1e, 0x74, 0x19, - 0xa3, 0x59, 0x18, 0xe7, 0x36, 0x04, 0xe5, 0xb4, 0xea, 0x6e, 0x90, 0xa6, 0xca, 0x15, 0x62, 0x3b, - 0xc0, 0x37, 0xb3, 0x40, 0xdc, 0x89, 0x6f, 0x7f, 0xdd, 0x82, 0xd1, 0x54, 0xaa, 0x4f, 0x4e, 0x96, - 0x04, 0x9b, 0x69, 0x21, 0x0b, 0x07, 0x63, 0x31, 0xb1, 0x45, 0xb6, 0x22, 0xe9, 0x99, 0xa6, 0x41, - 0xd8, 0xc4, 0xb3, 0xdf, 0x29, 0x40, 0x59, 0x1e, 0xa9, 0xf7, 0x21, 0xca, 0x57, 0x2d, 0x18, 0x55, - 0xbb, 0xee, 0x6c, 0x3b, 0xa7, 0x90, 0x47, 0xf0, 0x37, 0x95, 0x40, 0xc5, 0x2b, 0x06, 0xf5, 0x50, - 0x9b, 0xb5, 0xd8, 0x64, 0x86, 0xd3, 0xbc, 0xd1, 0x4d, 0x80, 0x78, 0x27, 0x4e, 0x48, 0xd3, 0xd8, - 0x58, 0xb2, 0x8d, 0x19, 0x37, 0xe5, 0x86, 0x11, 0xa1, 0xf3, 0xeb, 0x7a, 0x58, 0x23, 0xab, 0x0a, - 0x53, 0xdb, 0x21, 0xba, 0x0d, 0x1b, 0x94, 0xec, 0x7f, 0x50, 0x80, 0x93, 0x59, 0x91, 0xd0, 0xeb, - 0x30, 0x22, 0xb9, 0x1b, 0xd7, 0xa0, 0xc8, 0x38, 0x82, 0x11, 0x6c, 0xc0, 0xee, 0xed, 0x4e, 0x4e, - 0x76, 0x5e, 0x43, 0x33, 0x65, 0xa2, 0xe0, 0x14, 0x31, 0x7e, 0xf4, 0x21, 0xce, 0xe8, 0xaa, 0x3b, - 0x33, 0xad, 0x96, 0x38, 0xbf, 0x30, 0x8e, 0x3e, 0x4c, 0x28, 0xce, 0x60, 0xa3, 0x15, 0x38, 0x6d, - 0xb4, 0x5c, 0x27, 0x5e, 0x63, 0x63, 0x3d, 0x8c, 0xa4, 0x7b, 0xf2, 0x94, 0x8e, 0xf4, 0xe9, 0xc4, - 0xc1, 0x5d, 0x9f, 0xa4, 0x4b, 0xa6, 0xeb, 0xb4, 0x1c, 0xd7, 0x4b, 0x76, 0xc4, 0x4e, 0x99, 0xd2, - 0x4d, 0xb3, 0xa2, 0x1d, 0x2b, 0x0c, 0x7b, 0x09, 0x06, 0xfa, 0x1c, 0x41, 0x7d, 0x99, 0xc5, 0xaf, - 0x42, 0x99, 0x92, 0x93, 0x36, 0x52, 0x1e, 0x24, 0x43, 0x28, 0xcb, 0x4a, 0xe6, 0xc8, 0x86, 0xa2, - 0xe7, 0xc8, 0xd3, 0x25, 0xf5, 0x5a, 0x0b, 0x71, 0xdc, 0x66, 0x9e, 0x26, 0x05, 0xa2, 0x67, 0xa0, - 0x48, 0xb6, 0x5b, 0xd9, 0x63, 0xa4, 0x4b, 0xdb, 0x2d, 0x2f, 0x22, 0x31, 0x45, 0x22, 0xdb, 0x2d, - 0x74, 0x16, 0x0a, 0x5e, 0x4d, 0x2c, 0x52, 0x20, 0x70, 0x0a, 0x0b, 0x73, 0xb8, 0xe0, 0xd5, 0xec, - 0x6d, 0xa8, 0xa8, 0xd2, 0xe9, 0x68, 0x53, 0xea, 0x6e, 0x2b, 0x8f, 0x18, 0x18, 0x49, 0xb7, 0x87, - 0xd6, 0x6e, 0x03, 0xe8, 0xc4, 0xaa, 0xbc, 0xf4, 0xcb, 0x79, 0x18, 0x70, 0x43, 0x91, 0x8f, 0x59, - 0xd6, 0x64, 0x98, 0xd2, 0x66, 0x10, 0xfb, 0x16, 0x8c, 0x5d, 0x0b, 0xc2, 0xbb, 0xac, 0x36, 0x2c, - 0xab, 0x5c, 0x43, 0x09, 0xd7, 0xe9, 0x8f, 0xac, 0x89, 0xc0, 0xa0, 0x98, 0xc3, 0x54, 0xd1, 0x95, - 0x42, 0xaf, 0xa2, 0x2b, 0xf6, 0x17, 0x2c, 0x38, 0xa9, 0xd2, 0x43, 0xa4, 0x36, 0xbe, 0x08, 0x23, - 0xeb, 0x6d, 0xcf, 0xaf, 0x89, 0xff, 0x59, 0x5f, 0xbf, 0x6a, 0xc0, 0x70, 0x0a, 0x93, 0x7a, 0x26, - 0xeb, 0x5e, 0xe0, 0x44, 0x3b, 0x2b, 0x5a, 0xfd, 0x2b, 0x8d, 0x50, 0x55, 0x10, 0x6c, 0x60, 0xd9, - 0x5f, 0x35, 0x45, 0x10, 0x09, 0x29, 0x7d, 0xf4, 0xec, 0x0d, 0x28, 0xb9, 0xea, 0x34, 0xf2, 0x50, - 0x35, 0xbb, 0x54, 0x2e, 0x30, 0xdb, 0x91, 0xe6, 0xd4, 0xec, 0x7f, 0x5e, 0x80, 0xd1, 0x54, 0x35, - 0x06, 0xe4, 0x43, 0x99, 0xf8, 0x6c, 0x3f, 0x4c, 0x0e, 0xb1, 0xa3, 0x96, 0x68, 0x53, 0xd3, 0xe2, - 0x92, 0xa0, 0x8b, 0x15, 0x87, 0x47, 0xe3, 0xd0, 0xe7, 0x22, 0x8c, 0x48, 0x81, 0x3e, 0xed, 0x34, - 0x7d, 0x31, 0x0b, 0xd5, 0x00, 0xb8, 0x64, 0xc0, 0x70, 0x0a, 0xd3, 0xfe, 0xfd, 0x22, 0x4c, 0xf0, - 0x0d, 0xc4, 0x9a, 0x8a, 0xcb, 0x58, 0x92, 0x56, 0xd6, 0x5f, 0xd1, 0x35, 0x53, 0x78, 0x47, 0xae, - 0x1f, 0xb5, 0x3c, 0x69, 0x77, 0x46, 0x7d, 0x45, 0x0c, 0xfc, 0x6a, 0x26, 0x62, 0x80, 0x2f, 0xb6, - 0x8d, 0x63, 0x92, 0xe8, 0x87, 0x2b, 0x84, 0xe0, 0xef, 0x16, 0xe0, 0x44, 0xa6, 0xf6, 0x2b, 0x7a, - 0x3b, 0x5d, 0xdd, 0xcd, 0xca, 0x63, 0x9b, 0xe9, 0xbe, 0x15, 0x48, 0x0f, 0x56, 0xe3, 0xed, 0x21, - 0x4d, 0x15, 0xfb, 0x0f, 0x0a, 0x30, 0x96, 0x2e, 0x5a, 0xfb, 0x08, 0xf6, 0xd4, 0x47, 0xa1, 0xc2, - 0x4a, 0x41, 0xb2, 0x8b, 0x76, 0xf8, 0x6e, 0x16, 0xaf, 0x58, 0x28, 0x1b, 0xb1, 0x86, 0x3f, 0x12, - 0xa5, 0xf3, 0xec, 0xbf, 0x67, 0xc1, 0x19, 0xfe, 0x96, 0xd9, 0x71, 0xf8, 0x57, 0xbb, 0xf5, 0xee, - 0x1b, 0xf9, 0x0a, 0x98, 0xa9, 0xf5, 0xb3, 0x5f, 0xff, 0xb2, 0x0b, 0x3e, 0x84, 0xb4, 0xe9, 0xa1, - 0xf0, 0x08, 0x0a, 0x7b, 0xa0, 0xc1, 0x60, 0xff, 0x41, 0x11, 0xf4, 0x9d, 0x26, 0xc8, 0x13, 0xa9, - 0x2e, 0xb9, 0xd4, 0x3c, 0x5a, 0xdd, 0x09, 0x5c, 0x7d, 0x7b, 0x4a, 0x39, 0x93, 0xe9, 0xf2, 0x4b, - 0x16, 0x0c, 0x7b, 0x81, 0x97, 0x78, 0x0e, 0x33, 0x9e, 0xf3, 0xb9, 0x93, 0x41, 0xb1, 0x5b, 0xe0, - 0x94, 0xc3, 0xc8, 0xdc, 0x02, 0x55, 0xcc, 0xb0, 0xc9, 0x19, 0x7d, 0x56, 0x04, 0xf5, 0x15, 0x73, - 0x4b, 0xd2, 0x2a, 0x67, 0x22, 0xf9, 0x5a, 0x50, 0x8a, 0x48, 0x12, 0xe5, 0x94, 0xdb, 0x88, 0x29, - 0x29, 0x55, 0xe2, 0x4e, 0xdf, 0x2e, 0x47, 0x9b, 0x31, 0x67, 0x64, 0xc7, 0x80, 0x3a, 0xfb, 0xe2, - 0x80, 0x01, 0x53, 0xd3, 0x50, 0x71, 0xda, 0x49, 0xd8, 0xa4, 0xdd, 0x24, 0x76, 0x69, 0x75, 0x48, - 0x98, 0x04, 0x60, 0x8d, 0x63, 0xbf, 0x5d, 0x82, 0x4c, 0xee, 0x09, 0xda, 0x36, 0xef, 0xe3, 0xb1, - 0xf2, 0xbd, 0x8f, 0x47, 0x09, 0xd3, 0xed, 0x4e, 0x1e, 0xd4, 0x80, 0x52, 0x6b, 0xc3, 0x89, 0xa5, - 0x6d, 0xfc, 0xaa, 0xec, 0xa6, 0x15, 0xda, 0x78, 0x6f, 0x77, 0xf2, 0xa7, 0xfb, 0xdb, 0x6b, 0xa1, - 0x63, 0x75, 0x9a, 0xa7, 0x72, 0x6b, 0xd6, 0x8c, 0x06, 0xe6, 0xf4, 0x0f, 0x72, 0x2b, 0xc5, 0x17, - 0x45, 0xbd, 0x50, 0x4c, 0xe2, 0xb6, 0x9f, 0x88, 0xd1, 0xf0, 0x6a, 0x8e, 0xb3, 0x8c, 0x13, 0xd6, - 0x59, 0x93, 0xfc, 0x3f, 0x36, 0x98, 0xa2, 0xd7, 0xa1, 0x12, 0x27, 0x4e, 0x94, 0x1c, 0x32, 0xcf, - 0x49, 0x75, 0xfa, 0xaa, 0x24, 0x82, 0x35, 0x3d, 0xf4, 0x1a, 0x2b, 0x01, 0xe7, 0xc5, 0x1b, 0x87, - 0x8c, 0xc5, 0x95, 0xe5, 0xe2, 0x04, 0x05, 0x6c, 0x50, 0xa3, 0xae, 0x07, 0x1b, 0xdb, 0x3c, 0x00, - 0xa5, 0xcc, 0x7c, 0x4b, 0xa5, 0x0a, 0xb1, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x71, 0x48, 0xa7, 0xfd, - 0xa2, 0x49, 0x99, 0x65, 0xcc, 0xf7, 0x9e, 0x58, 0x4c, 0x6d, 0x2a, 0x21, 0xf8, 0x77, 0x2c, 0x30, - 0x73, 0x93, 0xd1, 0x1d, 0x9e, 0x04, 0x6d, 0xe5, 0xb1, 0xe9, 0x6e, 0xd0, 0x9d, 0x5a, 0x72, 0x5a, - 0x99, 0xd3, 0x1f, 0x99, 0x09, 0x7d, 0xf6, 0x13, 0x50, 0x96, 0xd0, 0x03, 0x19, 0x75, 0x9f, 0x87, - 0x53, 0xd9, 0xdb, 0x0a, 0xc5, 0x5e, 0x73, 0x23, 0x0a, 0xdb, 0xad, 0xac, 0x23, 0xc9, 0x6e, 0xb3, - 0xc3, 0x1c, 0x46, 0xdd, 0xb1, 0x4d, 0x2f, 0xa8, 0x65, 0x1d, 0xc9, 0x6b, 0x5e, 0x50, 0xc3, 0x0c, - 0xd2, 0xc7, 0xad, 0x4c, 0xff, 0xcc, 0x82, 0xf3, 0xfb, 0x5d, 0xaa, 0x88, 0x9e, 0x82, 0x81, 0xbb, - 0x4e, 0x24, 0xeb, 0x67, 0x32, 0x45, 0x79, 0xcb, 0x89, 0x02, 0xcc, 0x5a, 0xd1, 0x0e, 0x0c, 0xf2, - 0x24, 0x5a, 0x61, 0xad, 0xbf, 0x9a, 0xef, 0x15, 0x8f, 0xd7, 0x88, 0xe1, 0x2e, 0xf0, 0x04, 0x5e, - 0x2c, 0x18, 0xda, 0xef, 0x5b, 0x80, 0x96, 0xb7, 0x48, 0x14, 0x79, 0x35, 0x23, 0xed, 0x17, 0xbd, - 0x04, 0x23, 0xb7, 0x57, 0x97, 0xaf, 0xaf, 0x84, 0x5e, 0xc0, 0xca, 0x00, 0x18, 0x99, 0x4e, 0x57, - 0x8d, 0x76, 0x9c, 0xc2, 0x42, 0xb3, 0x30, 0x7e, 0xfb, 0x0e, 0x75, 0x7e, 0xcd, 0xa2, 0xd8, 0x05, - 0xbd, 0xdd, 0x79, 0xf5, 0xd5, 0x0c, 0x10, 0x77, 0xe2, 0xa3, 0x65, 0x38, 0xd3, 0xe4, 0xee, 0x06, - 0xaf, 0x65, 0xcb, 0x7d, 0x0f, 0x95, 0xe8, 0xf0, 0xc4, 0xde, 0xee, 0xe4, 0x99, 0xa5, 0x6e, 0x08, - 0xb8, 0xfb, 0x73, 0xf6, 0xbb, 0x05, 0x18, 0x36, 0x2e, 0x26, 0xed, 0xc3, 0x07, 0xcf, 0xa4, 0x6e, - 0x14, 0xfa, 0x4c, 0xdd, 0x78, 0x0e, 0xca, 0xad, 0xd0, 0xf7, 0x5c, 0x4f, 0x15, 0x76, 0x61, 0xf5, - 0x07, 0x57, 0x44, 0x1b, 0x56, 0x50, 0x74, 0x17, 0x2a, 0xea, 0xb2, 0x3e, 0x91, 0x7d, 0x9a, 0xd7, - 0xfe, 0x8e, 0xd2, 0x54, 0xfa, 0x12, 0x3e, 0xcd, 0x0b, 0xd9, 0x30, 0xc8, 0x46, 0xbe, 0x8c, 0x43, - 0x63, 0x79, 0x3c, 0x6c, 0x4a, 0xc4, 0x58, 0x40, 0xec, 0x2f, 0x0f, 0xc1, 0xe9, 0x6e, 0x35, 0xf3, - 0xd0, 0xe7, 0x60, 0x90, 0xcb, 0x98, 0x4f, 0x59, 0xd6, 0x6e, 0x3c, 0xe6, 0x19, 0x41, 0x21, 0x16, - 0xfb, 0x8d, 0x05, 0x4f, 0xc1, 0xdd, 0x77, 0xd6, 0x85, 0xcd, 0x74, 0x3c, 0xdc, 0x17, 0x1d, 0xcd, - 0x7d, 0xd1, 0xe1, 0xdc, 0x7d, 0x67, 0x1d, 0x6d, 0x43, 0xa9, 0xe1, 0x25, 0xc4, 0x11, 0x9e, 0xc3, - 0xad, 0x63, 0x61, 0x4e, 0x1c, 0xae, 0x9a, 0xd9, 0x4f, 0xcc, 0x19, 0xa2, 0xef, 0x58, 0x70, 0x62, - 0x3d, 0x9d, 0x16, 0x25, 0x96, 0x50, 0xe7, 0x18, 0xea, 0x22, 0xa6, 0x19, 0xf1, 0x6a, 0xd3, 0x99, - 0x46, 0x9c, 0x15, 0x07, 0xfd, 0xa2, 0x05, 0x43, 0x75, 0xcf, 0x37, 0x8a, 0x7e, 0x1d, 0xc3, 0xc7, - 0xb9, 0xcc, 0x18, 0x68, 0x33, 0x83, 0xff, 0x8f, 0xb1, 0xe4, 0xdc, 0xeb, 0x0c, 0x76, 0xf0, 0xa8, - 0x67, 0xb0, 0x43, 0x0f, 0xc9, 0x57, 0xfc, 0xe5, 0x02, 0x3c, 0xd3, 0xc7, 0x37, 0x32, 0x33, 0x59, - 0xac, 0x7d, 0x32, 0x59, 0xce, 0xc3, 0x40, 0x44, 0x5a, 0x61, 0x76, 0xbd, 0x63, 0xe1, 0x5e, 0x0c, - 0x82, 0x9e, 0x86, 0xa2, 0xd3, 0xf2, 0xc4, 0x72, 0xa7, 0x16, 0xe9, 0x99, 0x95, 0x05, 0x4c, 0xdb, - 0xe9, 0x97, 0xae, 0xac, 0xcb, 0x64, 0xbd, 0x7c, 0x2a, 0xbf, 0xf7, 0xca, 0xfd, 0xe3, 0xde, 0x9b, - 0x82, 0x62, 0xcd, 0xd7, 0xfe, 0x6b, 0x16, 0x9c, 0xed, 0x3d, 0x44, 0xd0, 0x8b, 0x30, 0xbc, 0x1e, - 0x39, 0x81, 0xbb, 0xc1, 0xae, 0x49, 0x90, 0x9d, 0xc2, 0x12, 0x18, 0x74, 0x33, 0x36, 0x71, 0xe8, - 0xca, 0xc5, 0xeb, 0x6b, 0x1a, 0x18, 0x32, 0x5e, 0x99, 0xae, 0x5c, 0x6b, 0x59, 0x20, 0xee, 0xc4, - 0xb7, 0x7f, 0xbf, 0xd0, 0x5d, 0x2c, 0xae, 0x4a, 0x0e, 0xf2, 0x9d, 0xc4, 0x57, 0x28, 0xf4, 0xf8, - 0x0a, 0x77, 0xa0, 0x9c, 0xb0, 0x24, 0x0c, 0x52, 0x17, 0xfa, 0x28, 0xb7, 0x24, 0x47, 0xb6, 0x62, - 0xad, 0x09, 0xe2, 0x58, 0xb1, 0xa1, 0x0b, 0x87, 0xaf, 0xab, 0x8e, 0x89, 0x85, 0x23, 0xb3, 0xf5, - 0x38, 0x07, 0x27, 0x8d, 0x22, 0xaa, 0x3c, 0x06, 0x9d, 0x9f, 0xa0, 0xab, 0xc4, 0xac, 0x95, 0x0c, - 0x1c, 0x77, 0x3c, 0x61, 0xff, 0x5a, 0x01, 0x9e, 0xe8, 0xa9, 0x1f, 0xf5, 0x31, 0xbf, 0x75, 0x9f, - 0x63, 0xfe, 0x23, 0x0f, 0x73, 0xb3, 0x83, 0x07, 0x1e, 0x4c, 0x07, 0x3f, 0x0f, 0x65, 0x2f, 0x88, - 0x89, 0xdb, 0x8e, 0x78, 0xa7, 0x19, 0x11, 0x99, 0x0b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x0f, 0x7b, - 0x0f, 0x35, 0xba, 0x56, 0xfe, 0xc8, 0xf6, 0xd2, 0xcb, 0x30, 0xea, 0xb4, 0x5a, 0x1c, 0x8f, 0x1d, - 0xa9, 0x66, 0x52, 0x2d, 0x67, 0x4c, 0x20, 0x4e, 0xe3, 0x1a, 0x63, 0x78, 0xb0, 0xd7, 0x18, 0xb6, - 0xff, 0xc4, 0x82, 0x0a, 0x26, 0x75, 0x3e, 0xdf, 0xd1, 0x6d, 0xd1, 0x45, 0x56, 0x1e, 0x35, 0x50, - 0x68, 0xc7, 0xc6, 0x1e, 0xab, 0x0d, 0xd2, 0xad, 0xb3, 0x3b, 0x0b, 0x02, 0x17, 0x0e, 0x54, 0x10, - 0x58, 0x95, 0x84, 0x2d, 0xf6, 0x2e, 0x09, 0x6b, 0xbf, 0x3b, 0x44, 0x5f, 0xaf, 0x15, 0xce, 0x46, - 0xa4, 0x16, 0xd3, 0xef, 0xdb, 0x8e, 0xfc, 0xec, 0x7d, 0xaa, 0x37, 0xf0, 0x22, 0xa6, 0xed, 0xa9, - 0x7d, 0x93, 0xc2, 0x81, 0x12, 0xcd, 0x8a, 0xfb, 0x26, 0x9a, 0xbd, 0x0c, 0xa3, 0x71, 0xbc, 0xb1, - 0x12, 0x79, 0x5b, 0x4e, 0x42, 0x1d, 0x14, 0x11, 0x91, 0xa3, 0x93, 0x43, 0x56, 0xaf, 0x68, 0x20, - 0x4e, 0xe3, 0xa2, 0x79, 0x18, 0xd7, 0xe9, 0x5e, 0x24, 0x4a, 0x58, 0x00, 0x0e, 0x1f, 0x09, 0x2a, - 0x37, 0x43, 0x27, 0x88, 0x09, 0x04, 0xdc, 0xf9, 0x0c, 0xd5, 0x58, 0xa9, 0x46, 0x2a, 0xc8, 0x60, - 0x5a, 0x63, 0xa5, 0xe8, 0x50, 0x59, 0x3a, 0x9e, 0x40, 0x4b, 0x70, 0x8a, 0x0f, 0x0c, 0x76, 0x81, - 0xb7, 0x7a, 0xa3, 0xa1, 0x74, 0xed, 0x89, 0xf9, 0x4e, 0x14, 0xdc, 0xed, 0x39, 0xea, 0x7d, 0xa8, - 0xe6, 0x85, 0x39, 0xe1, 0xf2, 0x2b, 0xef, 0x43, 0x91, 0x59, 0xa8, 0x61, 0x13, 0x0f, 0x7d, 0x1a, - 0x1e, 0xd7, 0x7f, 0x79, 0xa8, 0x23, 0xdf, 0x07, 0x9b, 0x13, 0x99, 0xb4, 0xaa, 0x00, 0xe9, 0x7c, - 0x57, 0xb4, 0x1a, 0xee, 0xf5, 0x3c, 0x5a, 0x87, 0xb3, 0x0a, 0x74, 0x89, 0xba, 0x7a, 0xad, 0xc8, - 0x8b, 0x49, 0xd5, 0x89, 0xc9, 0x8d, 0xc8, 0x67, 0xb9, 0xb7, 0x15, 0x7d, 0x93, 0xc2, 0xbc, 0x97, - 0x5c, 0xe9, 0x86, 0x89, 0x17, 0xf1, 0x7d, 0xa8, 0xa0, 0x69, 0xa8, 0x90, 0xc0, 0x59, 0xf7, 0xc9, - 0xf2, 0xec, 0x02, 0xcb, 0xc8, 0x35, 0xb6, 0xdd, 0x2e, 0x49, 0x00, 0xd6, 0x38, 0xea, 0x10, 0x78, - 0xa4, 0xe7, 0xcd, 0x1b, 0x2b, 0x70, 0xba, 0xe1, 0xb6, 0xa8, 0x35, 0xe1, 0xb9, 0x64, 0xc6, 0x65, - 0x07, 0xa1, 0xf4, 0xc3, 0xf0, 0xa2, 0x20, 0x2a, 0xc2, 0x61, 0x7e, 0x76, 0xa5, 0x03, 0x07, 0x77, - 0x7d, 0x92, 0xce, 0xb1, 0x56, 0x14, 0x6e, 0xef, 0x4c, 0x9c, 0x4a, 0xcf, 0xb1, 0x15, 0xda, 0x88, - 0x39, 0x0c, 0x5d, 0x05, 0xc4, 0xc2, 0x65, 0xae, 0x24, 0x49, 0x4b, 0x99, 0x2f, 0x13, 0xa7, 0xd9, - 0x2b, 0x9d, 0x15, 0x4f, 0xa0, 0xcb, 0x1d, 0x18, 0xb8, 0xcb, 0x53, 0xf6, 0x1f, 0x5b, 0x30, 0xaa, - 0xe6, 0xeb, 0x03, 0x08, 0x18, 0xf3, 0xd3, 0x01, 0x63, 0xf3, 0x47, 0xd7, 0x78, 0x4c, 0xf2, 0x1e, - 0x51, 0x07, 0x5f, 0x1e, 0x06, 0xd0, 0x5a, 0x51, 0x2d, 0x48, 0x56, 0xcf, 0x05, 0xe9, 0x91, 0xd5, - 0x48, 0xdd, 0xd2, 0xef, 0x4a, 0x0f, 0x37, 0xfd, 0x6e, 0x15, 0xce, 0x48, 0x73, 0x81, 0x6f, 0xec, - 0x5c, 0x09, 0x63, 0xa5, 0xe0, 0xca, 0xd5, 0xa7, 0x05, 0xa1, 0x33, 0x0b, 0xdd, 0x90, 0x70, 0xf7, - 0x67, 0x53, 0x56, 0xca, 0xd0, 0x7e, 0x56, 0x8a, 0x9e, 0xd3, 0x8b, 0x75, 0x59, 0xce, 0x34, 0x33, - 0xa7, 0x17, 0x2f, 0xaf, 0x62, 0x8d, 0xd3, 0x5d, 0xb1, 0x57, 0x72, 0x52, 0xec, 0x70, 0x60, 0xc5, - 0x2e, 0x55, 0xcc, 0x70, 0x4f, 0x15, 0x23, 0xf7, 0x92, 0x46, 0x7a, 0xee, 0x25, 0xbd, 0x02, 0x63, - 0x5e, 0xb0, 0x41, 0x22, 0x2f, 0x21, 0x35, 0x36, 0x17, 0x98, 0xfa, 0x29, 0xeb, 0x65, 0x7d, 0x21, - 0x05, 0xc5, 0x19, 0xec, 0xb4, 0x5e, 0x1c, 0xeb, 0x43, 0x2f, 0xf6, 0x58, 0x8d, 0x4e, 0xe4, 0xb3, - 0x1a, 0x9d, 0x3c, 0xfa, 0x6a, 0x34, 0x7e, 0xac, 0xab, 0x11, 0xca, 0x65, 0x35, 0xea, 0x4b, 0xd1, - 0x1b, 0x0e, 0xdd, 0xe9, 0x7d, 0x1c, 0xba, 0x5e, 0x4b, 0xd1, 0x99, 0x43, 0x2f, 0x45, 0xdd, 0x57, - 0x99, 0xc7, 0x0e, 0xb5, 0xca, 0x7c, 0xa5, 0x00, 0x67, 0xb4, 0x1e, 0xa6, 0xa3, 0xdf, 0xab, 0x53, - 0x4d, 0xc4, 0x2a, 0x62, 0xf3, 0xd8, 0x1f, 0x23, 0x7e, 0x51, 0x87, 0x42, 0x2a, 0x08, 0x36, 0xb0, - 0x58, 0x18, 0x20, 0x89, 0x58, 0xe9, 0xa3, 0xac, 0x92, 0x9e, 0x15, 0xed, 0x58, 0x61, 0xd0, 0xf1, - 0x45, 0x7f, 0x8b, 0xd0, 0xea, 0x6c, 0xc5, 0x81, 0x59, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x8e, 0x33, - 0x61, 0x0a, 0x82, 0x2a, 0xea, 0x11, 0x71, 0xd7, 0x8b, 0xd4, 0x09, 0x0a, 0x2a, 0xc5, 0x61, 0xf1, - 0x9e, 0xa5, 0x4e, 0x71, 0xd8, 0x79, 0xa5, 0xc2, 0xb0, 0xff, 0x97, 0x05, 0x4f, 0x74, 0xed, 0x8a, - 0x07, 0xb0, 0xf8, 0x6e, 0xa7, 0x17, 0xdf, 0xd5, 0xbc, 0xdc, 0x0d, 0xe3, 0x2d, 0x7a, 0x2c, 0xc4, - 0xff, 0xde, 0x82, 0x31, 0x8d, 0xff, 0x00, 0x5e, 0xd5, 0x4b, 0xbf, 0x6a, 0x7e, 0x9e, 0x55, 0xa5, - 0xe3, 0xdd, 0xfe, 0x98, 0xbd, 0x1b, 0x3f, 0x09, 0x99, 0x71, 0x65, 0x8d, 0xa5, 0x7d, 0x4e, 0x00, - 0x76, 0x60, 0x90, 0x95, 0x1f, 0x8e, 0xf3, 0x39, 0x91, 0x49, 0xf3, 0x67, 0x81, 0xdc, 0xfa, 0x44, - 0x86, 0xfd, 0x8d, 0xb1, 0x60, 0xc8, 0x0a, 0x73, 0x79, 0x31, 0xd5, 0xe6, 0x35, 0x11, 0x39, 0xa9, - 0x0b, 0x73, 0x89, 0x76, 0xac, 0x30, 0xec, 0x26, 0x4c, 0xa4, 0x89, 0xcf, 0x91, 0x3a, 0x3b, 0xe5, - 0xef, 0xeb, 0x35, 0xa7, 0xa1, 0xe2, 0xb0, 0xa7, 0x16, 0xdb, 0x4e, 0xf6, 0x7a, 0xb0, 0x19, 0x09, - 0xc0, 0x1a, 0xc7, 0xfe, 0x2d, 0x0b, 0x4e, 0x75, 0x79, 0x99, 0x1c, 0x23, 0x46, 0x13, 0xad, 0x05, - 0xba, 0x2d, 0xb8, 0x1f, 0x81, 0xa1, 0x1a, 0xa9, 0x3b, 0xf2, 0x1c, 0xd9, 0xd0, 0xb9, 0x73, 0xbc, - 0x19, 0x4b, 0xb8, 0xfd, 0xdf, 0x2d, 0x38, 0x91, 0x96, 0x35, 0xa6, 0x5a, 0x93, 0xbf, 0xcc, 0x9c, - 0x17, 0xbb, 0xe1, 0x16, 0x89, 0x76, 0xe8, 0x9b, 0x73, 0xa9, 0x95, 0xd6, 0x9c, 0xe9, 0xc0, 0xc0, - 0x5d, 0x9e, 0x62, 0xb5, 0x79, 0x6a, 0xaa, 0xb7, 0xe5, 0x48, 0xb9, 0x99, 0xe7, 0x48, 0xd1, 0x1f, - 0xd3, 0x3c, 0x7e, 0x52, 0x2c, 0xb1, 0xc9, 0xdf, 0x7e, 0x7f, 0x00, 0x54, 0x48, 0x39, 0x3b, 0xc4, - 0xcb, 0xe9, 0x08, 0x34, 0x55, 0x49, 0xbe, 0xd8, 0x47, 0x25, 0x79, 0x39, 0x18, 0x06, 0xee, 0x77, - 0xc0, 0xc6, 0x77, 0x2f, 0xcc, 0x4d, 0x42, 0xf5, 0x86, 0x6b, 0x1a, 0x84, 0x4d, 0x3c, 0x2a, 0x89, - 0xef, 0x6d, 0x11, 0xfe, 0xd0, 0x60, 0x5a, 0x92, 0x45, 0x09, 0xc0, 0x1a, 0x87, 0x4a, 0x52, 0xf3, - 0xea, 0x75, 0xe1, 0x8a, 0x2b, 0x49, 0x68, 0xef, 0x60, 0x06, 0xe1, 0xe5, 0xd6, 0xc2, 0x4d, 0x61, - 0x9d, 0x1a, 0xe5, 0xd6, 0xc2, 0x4d, 0xcc, 0x20, 0xd4, 0x9e, 0x0a, 0xc2, 0xa8, 0xc9, 0xae, 0x6f, - 0xab, 0x29, 0x2e, 0xc2, 0x2a, 0x55, 0xf6, 0xd4, 0xf5, 0x4e, 0x14, 0xdc, 0xed, 0x39, 0x3a, 0x02, - 0x5b, 0x11, 0xa9, 0x79, 0x6e, 0x62, 0x52, 0x83, 0xf4, 0x08, 0x5c, 0xe9, 0xc0, 0xc0, 0x5d, 0x9e, - 0x42, 0x33, 0x70, 0x42, 0xa6, 0x04, 0xc8, 0xac, 0xc9, 0xe1, 0x74, 0x96, 0x16, 0x4e, 0x83, 0x71, - 0x16, 0x9f, 0x6a, 0x9b, 0xa6, 0x48, 0x98, 0x66, 0x46, 0xac, 0xa1, 0x6d, 0x64, 0x22, 0x35, 0x56, - 0x18, 0xf6, 0x17, 0x8b, 0x74, 0x75, 0xec, 0x51, 0x24, 0xfa, 0x81, 0x1d, 0xb9, 0xa7, 0x47, 0xe4, - 0x40, 0x1f, 0x23, 0xf2, 0x25, 0x18, 0xb9, 0x1d, 0x87, 0x81, 0x3a, 0xce, 0x2e, 0xf5, 0x3c, 0xce, - 0x36, 0xb0, 0xba, 0x1f, 0x67, 0x0f, 0xe6, 0x75, 0x9c, 0x3d, 0x74, 0xc8, 0xe3, 0xec, 0xef, 0x96, - 0x40, 0x95, 0x59, 0xbd, 0x4e, 0x92, 0xbb, 0x61, 0xb4, 0xe9, 0x05, 0x0d, 0x96, 0x4a, 0xf1, 0x1d, - 0x0b, 0x46, 0xf8, 0x7c, 0x59, 0x34, 0xc3, 0x91, 0xeb, 0x39, 0xd5, 0xef, 0x4c, 0x31, 0x9b, 0x5a, - 0x33, 0x18, 0x65, 0x6e, 0x07, 0x31, 0x41, 0x38, 0x25, 0x11, 0xfa, 0x39, 0x00, 0xb9, 0x6f, 0x59, - 0x97, 0x2a, 0x73, 0x21, 0x1f, 0xf9, 0x30, 0xa9, 0x6b, 0xdb, 0x74, 0x4d, 0x31, 0xc1, 0x06, 0x43, - 0xf4, 0x95, 0xec, 0xf5, 0x96, 0x9f, 0x3d, 0x96, 0xbe, 0xe9, 0x27, 0x50, 0x1b, 0xc3, 0x90, 0x17, - 0x34, 0xe8, 0x38, 0x11, 0x11, 0x00, 0x1f, 0xee, 0x96, 0x86, 0xb4, 0x18, 0x3a, 0xb5, 0xaa, 0xe3, - 0x3b, 0x81, 0x4b, 0xa2, 0x05, 0x8e, 0x6e, 0x5e, 0x57, 0xc5, 0x1a, 0xb0, 0x24, 0xd4, 0x51, 0xa0, - 0xb6, 0xd4, 0x4f, 0x81, 0xda, 0xb3, 0x9f, 0x84, 0xf1, 0x8e, 0x8f, 0x79, 0xa0, 0xb8, 0xec, 0xc3, - 0x87, 0x74, 0xdb, 0xff, 0x62, 0x50, 0x2f, 0x5a, 0xd7, 0xc3, 0x1a, 0x2f, 0x93, 0x1a, 0xe9, 0x2f, - 0x2a, 0x6c, 0xcf, 0x1c, 0x87, 0x88, 0x71, 0xe5, 0x95, 0x6a, 0xc4, 0x26, 0x4b, 0x3a, 0x46, 0x5b, - 0x4e, 0x44, 0x82, 0xe3, 0x1e, 0xa3, 0x2b, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0x8d, 0x54, 0x60, 0xe6, - 0xe5, 0xa3, 0x07, 0x66, 0xb2, 0x2c, 0xe7, 0x6e, 0xa5, 0x16, 0xbf, 0x69, 0xc1, 0x58, 0x90, 0x1a, - 0xb9, 0xe2, 0x1c, 0x67, 0xed, 0x38, 0x66, 0x05, 0xaf, 0xd2, 0x9d, 0x6e, 0xc3, 0x19, 0xfe, 0xdd, - 0x96, 0xb4, 0xd2, 0x01, 0x97, 0x34, 0x5d, 0x6f, 0x79, 0xb0, 0x57, 0xbd, 0x65, 0x14, 0xa8, 0x82, - 0xf3, 0x43, 0xb9, 0x17, 0x9c, 0x87, 0x2e, 0xc5, 0xe6, 0x6f, 0x41, 0xc5, 0x8d, 0x88, 0x93, 0x1c, - 0xb2, 0xf6, 0x38, 0x3b, 0x0a, 0x9f, 0x95, 0x04, 0xb0, 0xa6, 0x65, 0xff, 0xbb, 0x22, 0x9c, 0x94, - 0x3d, 0x22, 0xe3, 0xb8, 0xe8, 0xfa, 0xc8, 0xf9, 0x6a, 0xe3, 0x56, 0xad, 0x8f, 0x57, 0x24, 0x00, - 0x6b, 0x1c, 0x6a, 0x8f, 0xb5, 0x63, 0xb2, 0xdc, 0x22, 0xc1, 0xa2, 0xb7, 0x1e, 0x8b, 0xf3, 0x47, - 0x35, 0x51, 0x6e, 0x68, 0x10, 0x36, 0xf1, 0xa8, 0x31, 0xce, 0xed, 0xe2, 0x38, 0x1b, 0x03, 0x2a, - 0xec, 0x6d, 0x2c, 0xe1, 0xe8, 0x57, 0xba, 0xde, 0x5a, 0x91, 0x4f, 0xf4, 0x73, 0x47, 0xf8, 0xda, - 0x01, 0xaf, 0xab, 0x78, 0xdb, 0x82, 0x13, 0x9b, 0xa9, 0x34, 0x34, 0xa9, 0x92, 0x8f, 0x98, 0x30, - 0x9d, 0xce, 0x6d, 0xd3, 0x43, 0x38, 0xdd, 0x1e, 0xe3, 0x2c, 0x77, 0xfb, 0x7f, 0x58, 0x60, 0xaa, - 0xa7, 0xfe, 0x2c, 0x2b, 0xe3, 0xe2, 0xad, 0xc2, 0x3e, 0x17, 0x6f, 0x49, 0x23, 0xac, 0xd8, 0x9f, - 0xd1, 0x3f, 0x70, 0x00, 0xa3, 0xbf, 0xd4, 0xd3, 0x6a, 0x7b, 0x1a, 0x8a, 0x6d, 0xaf, 0x26, 0xec, - 0x76, 0x7d, 0xda, 0xb8, 0x30, 0x87, 0x69, 0xbb, 0xfd, 0x4f, 0x4a, 0xda, 0x4f, 0x17, 0x41, 0xbb, - 0x3f, 0x12, 0xaf, 0x5d, 0x57, 0xf9, 0xef, 0xfc, 0xcd, 0xaf, 0x77, 0xe4, 0xbf, 0xff, 0xe4, 0xc1, - 0x63, 0xb2, 0x79, 0x07, 0xf5, 0x4a, 0x7f, 0x1f, 0xda, 0x27, 0x20, 0xfb, 0x36, 0x94, 0xa9, 0x6b, - 0xc3, 0x36, 0xdc, 0xca, 0x29, 0xa1, 0xca, 0x57, 0x44, 0xfb, 0xbd, 0xdd, 0xc9, 0x9f, 0x38, 0xb8, - 0x58, 0xf2, 0x69, 0xac, 0xe8, 0xa3, 0x18, 0x2a, 0xf4, 0x37, 0x8b, 0x1d, 0x17, 0x4e, 0xd3, 0x0d, - 0xa5, 0x8b, 0x24, 0x20, 0x97, 0xc0, 0x74, 0xcd, 0x07, 0x05, 0x50, 0x61, 0x37, 0xe6, 0x30, 0xa6, - 0xdc, 0xb7, 0x5a, 0x51, 0x11, 0xdc, 0x12, 0x70, 0x6f, 0x77, 0xf2, 0xe5, 0x83, 0x33, 0x55, 0x8f, - 0x63, 0xcd, 0xc2, 0x7e, 0x67, 0x40, 0x8f, 0x5d, 0x51, 0xf6, 0xe0, 0x47, 0x62, 0xec, 0x5e, 0xcc, - 0x8c, 0xdd, 0xf3, 0x1d, 0x63, 0x77, 0x4c, 0xdf, 0xec, 0x92, 0x1a, 0x8d, 0x0f, 0x7a, 0x81, 0xdd, - 0xdf, 0x8f, 0x67, 0x96, 0xc5, 0x9d, 0xb6, 0x17, 0x91, 0x78, 0x25, 0x6a, 0x07, 0x5e, 0xd0, 0x10, - 0x97, 0x69, 0x1a, 0x96, 0x45, 0x0a, 0x8c, 0xb3, 0xf8, 0xec, 0x22, 0xce, 0x9d, 0xc0, 0xbd, 0xe5, - 0x6c, 0xf1, 0x51, 0x65, 0x64, 0x82, 0xaf, 0x8a, 0x76, 0xac, 0x30, 0xec, 0x77, 0xd9, 0xd9, 0xad, - 0x91, 0xb4, 0x42, 0xc7, 0x84, 0xcf, 0xae, 0x28, 0xe2, 0x69, 0xe4, 0x6a, 0x4c, 0xf0, 0x7b, 0x89, - 0x38, 0x0c, 0xdd, 0x85, 0xa1, 0x75, 0x5e, 0xa3, 0x3f, 0x9f, 0xba, 0x73, 0xa2, 0xe0, 0x3f, 0x2b, - 0x0d, 0x2b, 0xab, 0xff, 0xdf, 0xd3, 0x3f, 0xb1, 0xe4, 0x66, 0xbf, 0x37, 0x00, 0x27, 0x32, 0x97, - 0xd8, 0xa4, 0xaa, 0xe0, 0x14, 0xf6, 0xad, 0x82, 0xf3, 0x19, 0x80, 0x1a, 0x69, 0xf9, 0xe1, 0x0e, - 0x33, 0x73, 0x06, 0x0e, 0x6c, 0xe6, 0x28, 0xcb, 0x78, 0x4e, 0x51, 0xc1, 0x06, 0x45, 0x91, 0x3b, - 0xcf, 0x8b, 0xea, 0x64, 0x72, 0xe7, 0x8d, 0xd2, 0x8f, 0x83, 0x0f, 0xb6, 0xf4, 0xa3, 0x07, 0x27, - 0xb8, 0x88, 0x2a, 0x35, 0xe4, 0x10, 0x19, 0x20, 0x2c, 0xce, 0x76, 0x2e, 0x4d, 0x06, 0x67, 0xe9, - 0x3e, 0xcc, 0x3b, 0xaa, 0xd0, 0x47, 0xa1, 0x22, 0xbf, 0x73, 0x3c, 0x51, 0xd1, 0xe9, 0x75, 0x72, - 0x18, 0xb0, 0xbb, 0xa3, 0xc4, 0x4f, 0xfb, 0x1b, 0x05, 0x6a, 0x95, 0xf2, 0x7f, 0x2a, 0x4d, 0xfa, - 0x59, 0x18, 0x74, 0xda, 0xc9, 0x46, 0xd8, 0x71, 0xf1, 0xc0, 0x0c, 0x6b, 0xc5, 0x02, 0x8a, 0x16, - 0x61, 0xa0, 0xa6, 0x53, 0x5f, 0x0f, 0xd2, 0x8b, 0x7a, 0x83, 0xcf, 0x49, 0x08, 0x66, 0x54, 0xd0, - 0x53, 0x30, 0x90, 0x38, 0x8d, 0xd4, 0x85, 0xb0, 0x6b, 0x4e, 0x23, 0xc6, 0xac, 0xd5, 0x5c, 0x34, - 0x07, 0xf6, 0x59, 0x34, 0x5f, 0x86, 0xd1, 0xd8, 0x6b, 0x04, 0x4e, 0xd2, 0x8e, 0x88, 0x71, 0x98, - 0xa4, 0xe3, 0x03, 0x4c, 0x20, 0x4e, 0xe3, 0xda, 0xef, 0x57, 0xe0, 0x74, 0xb7, 0x8b, 0xfb, 0xf3, - 0x8e, 0xa9, 0xef, 0xc6, 0xe3, 0xc1, 0xc5, 0xd4, 0xf7, 0xe0, 0xee, 0x1b, 0x31, 0xf5, 0xbe, 0x11, - 0x53, 0xff, 0x15, 0x0b, 0x2a, 0x2a, 0x94, 0x5c, 0x04, 0xb2, 0xbe, 0x9e, 0xbf, 0x04, 0x2a, 0xae, - 0x58, 0x44, 0x14, 0xcb, 0xbf, 0x58, 0x33, 0x3f, 0xbe, 0x20, 0xfb, 0xfb, 0x0a, 0x74, 0xa0, 0x20, - 0x7b, 0x95, 0x81, 0x50, 0xca, 0x23, 0x03, 0xa1, 0xc7, 0xa7, 0xea, 0x9a, 0x81, 0xf0, 0x4d, 0x0b, - 0x86, 0x9d, 0xb7, 0xda, 0x11, 0x99, 0x23, 0x5b, 0xcb, 0xad, 0x58, 0x28, 0xd8, 0x37, 0xf2, 0x17, - 0x60, 0x46, 0x33, 0x11, 0x15, 0x92, 0x75, 0x03, 0x36, 0x45, 0x48, 0x65, 0x1c, 0x0c, 0xe5, 0x91, - 0x71, 0xd0, 0x4d, 0x9c, 0x7d, 0x33, 0x0e, 0x5e, 0x86, 0x51, 0xd7, 0x0f, 0x03, 0xb2, 0x12, 0x85, - 0x49, 0xe8, 0x86, 0xbe, 0x30, 0xa6, 0x95, 0x4a, 0x98, 0x35, 0x81, 0x38, 0x8d, 0xdb, 0x2b, 0x5d, - 0xa1, 0x72, 0xd4, 0x74, 0x05, 0x78, 0x48, 0xe9, 0x0a, 0x7f, 0x56, 0x80, 0xc9, 0x7d, 0x3e, 0x2a, - 0xba, 0x08, 0x23, 0x61, 0xd4, 0x70, 0x02, 0xef, 0x2d, 0x9e, 0x1a, 0x5b, 0x4a, 0x17, 0xe0, 0x58, - 0x36, 0x60, 0x38, 0x85, 0x29, 0x43, 0x91, 0x07, 0x7b, 0x84, 0x22, 0x7f, 0x1c, 0x86, 0x13, 0xe2, - 0x34, 0x45, 0xdc, 0x85, 0x70, 0x80, 0xf4, 0x81, 0x92, 0x06, 0x61, 0x13, 0x8f, 0x0e, 0xa3, 0x31, - 0xc7, 0x75, 0x49, 0x1c, 0xcb, 0x58, 0x63, 0xb1, 0x39, 0x93, 0x5b, 0x20, 0x33, 0xdb, 0xf3, 0x9a, - 0x49, 0xb1, 0xc0, 0x19, 0x96, 0x54, 0x78, 0xc7, 0xf7, 0x79, 0x26, 0x01, 0x91, 0x57, 0xbc, 0xeb, - 0x42, 0x1a, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xd7, 0x0b, 0xf0, 0xf4, 0x7d, 0xd5, 0x4b, 0xdf, 0x61, - 0xe0, 0xed, 0x98, 0x44, 0xd9, 0x03, 0x99, 0x1b, 0x31, 0x89, 0x30, 0x83, 0xf0, 0x5e, 0x6a, 0xb5, - 0x8c, 0xab, 0x8f, 0xf2, 0xce, 0x3a, 0xe0, 0xbd, 0x94, 0x62, 0x81, 0x33, 0x2c, 0xb3, 0xbd, 0x34, - 0xd0, 0x67, 0x2f, 0xfd, 0xfd, 0x02, 0x3c, 0xd3, 0x87, 0x12, 0xce, 0x31, 0x3b, 0x23, 0x9d, 0x23, - 0x53, 0x7c, 0x38, 0x39, 0x32, 0x87, 0xed, 0xae, 0x77, 0x0b, 0x70, 0xb6, 0xb7, 0x2e, 0x44, 0x3f, - 0x45, 0x9d, 0x28, 0x19, 0x6c, 0x61, 0xa6, 0xd7, 0x9c, 0xe2, 0x0e, 0x54, 0x0a, 0x84, 0xb3, 0xb8, - 0x68, 0x0a, 0xa0, 0xe5, 0x24, 0x1b, 0xf1, 0xa5, 0x6d, 0x2f, 0x4e, 0x44, 0x66, 0xe8, 0x18, 0xdf, - 0x0a, 0x97, 0xad, 0xd8, 0xc0, 0xa0, 0xec, 0xd8, 0xbf, 0xb9, 0xf0, 0x7a, 0x98, 0xf0, 0x87, 0xb8, - 0x1d, 0x77, 0x4a, 0x96, 0xa0, 0x34, 0x40, 0x38, 0x8b, 0x4b, 0xd9, 0xb1, 0xc3, 0x16, 0x2e, 0x28, - 0x37, 0xf0, 0x18, 0xbb, 0x45, 0xd5, 0x8a, 0x0d, 0x8c, 0x6c, 0xe2, 0x50, 0x69, 0xff, 0xc4, 0x21, - 0xfb, 0x1f, 0x17, 0xe0, 0x89, 0x9e, 0x6b, 0x69, 0x7f, 0x13, 0xf0, 0xd1, 0x4b, 0xf6, 0x39, 0xdc, - 0xd8, 0x39, 0x60, 0x0a, 0xcb, 0x9f, 0xf4, 0x18, 0x69, 0x22, 0x85, 0x25, 0xbb, 0x54, 0x58, 0x07, - 0x5d, 0x2a, 0x1e, 0xa1, 0xfe, 0xec, 0xc8, 0x5a, 0x19, 0x38, 0x40, 0xd6, 0x4a, 0xe6, 0x63, 0x94, - 0xfa, 0x9c, 0xc8, 0xdf, 0xeb, 0xdd, 0xbd, 0xd4, 0xf6, 0xee, 0x6b, 0x7b, 0x6a, 0x0e, 0x4e, 0x7a, - 0x01, 0x2b, 0x47, 0xbc, 0xda, 0x5e, 0x17, 0x79, 0xc3, 0x85, 0xf4, 0x4d, 0x5b, 0x0b, 0x19, 0x38, - 0xee, 0x78, 0xe2, 0x11, 0xcc, 0x22, 0x3a, 0x64, 0x97, 0x7e, 0x06, 0x2a, 0x8a, 0x36, 0x8f, 0x8c, - 0x54, 0x1f, 0xb4, 0x23, 0x32, 0x52, 0x7d, 0x4d, 0x03, 0x8b, 0xf6, 0xc4, 0x26, 0xd9, 0xc9, 0x8e, - 0xcc, 0x6b, 0x64, 0x87, 0x9d, 0x92, 0xda, 0x1f, 0x83, 0x11, 0xe5, 0x44, 0xf6, 0x5b, 0x2e, 0xd7, - 0x7e, 0x67, 0x10, 0x46, 0x53, 0xc5, 0x30, 0x52, 0x7b, 0x36, 0xd6, 0xbe, 0x7b, 0x36, 0x2c, 0xd2, - 0xb5, 0x1d, 0xc8, 0x82, 0xd4, 0x46, 0xa4, 0x6b, 0x3b, 0x20, 0x98, 0xc3, 0xa8, 0xeb, 0x5e, 0x8b, - 0x76, 0x70, 0x3b, 0x10, 0x11, 0x69, 0xca, 0x75, 0x9f, 0x63, 0xad, 0x58, 0x40, 0xd1, 0x17, 0x2c, - 0x18, 0x89, 0xd9, 0x86, 0x20, 0xdf, 0xf1, 0x12, 0x1f, 0xf4, 0x6a, 0x1e, 0x97, 0x47, 0x8b, 0xc2, - 0x2f, 0xec, 0x30, 0xdb, 0x6c, 0xc1, 0x29, 0x8e, 0xe8, 0x4b, 0x96, 0x79, 0x6d, 0xf6, 0x60, 0x1e, - 0x91, 0x94, 0xd9, 0x5a, 0x23, 0x7c, 0xab, 0xe4, 0xfe, 0xb7, 0x67, 0xeb, 0xdb, 0xf4, 0x87, 0x1e, - 0xdc, 0x6d, 0xfa, 0x1f, 0x85, 0x4a, 0xd3, 0x09, 0xbc, 0x3a, 0x89, 0x13, 0xbe, 0x43, 0x24, 0x4b, - 0x20, 0xc9, 0x46, 0xac, 0xe1, 0x74, 0xb1, 0x8b, 0xd9, 0x8b, 0x25, 0xc6, 0x96, 0x0e, 0x5b, 0xec, - 0x56, 0x75, 0x33, 0x36, 0x71, 0xcc, 0xfd, 0x27, 0x78, 0xa8, 0xfb, 0x4f, 0xc3, 0xfb, 0xec, 0x3f, - 0xfd, 0x43, 0x0b, 0xce, 0x74, 0xfd, 0x6a, 0x8f, 0x6e, 0x8c, 0x92, 0xfd, 0xad, 0x12, 0x9c, 0xea, - 0x52, 0xd5, 0x06, 0xed, 0x1c, 0xdb, 0x35, 0xf0, 0xa2, 0x6c, 0xce, 0x68, 0xcf, 0x41, 0x7c, 0xb0, - 0xdd, 0x5f, 0xbd, 0x03, 0x5b, 0x7c, 0xb0, 0x3b, 0xb0, 0xc6, 0xb0, 0x1c, 0x78, 0xa8, 0xc3, 0xb2, - 0x74, 0xff, 0x61, 0x89, 0x7e, 0xdb, 0x82, 0x89, 0x66, 0x8f, 0x52, 0x8a, 0x62, 0x57, 0xe5, 0xe6, - 0xf1, 0x14, 0x6a, 0xac, 0x3e, 0xb5, 0xb7, 0x3b, 0xd9, 0xb3, 0x82, 0x25, 0xee, 0x29, 0x95, 0xfd, - 0x7e, 0x11, 0x58, 0x49, 0x25, 0x56, 0xc4, 0x64, 0x07, 0x7d, 0xde, 0x2c, 0x8e, 0x65, 0xe5, 0x55, - 0xc8, 0x89, 0x13, 0x57, 0xc5, 0xb5, 0x78, 0x0f, 0x76, 0xab, 0xb5, 0x95, 0x55, 0x5a, 0x85, 0x3e, - 0x94, 0x96, 0x2f, 0xab, 0x90, 0x15, 0xf3, 0xaf, 0x42, 0x56, 0xc9, 0x56, 0x20, 0xbb, 0xff, 0x27, - 0x1e, 0x78, 0x24, 0x3f, 0xf1, 0xdf, 0xb4, 0xb8, 0xe2, 0xc9, 0x7c, 0x05, 0x6d, 0x19, 0x58, 0xf7, - 0xb1, 0x0c, 0x9e, 0x67, 0xf7, 0x05, 0xd6, 0xaf, 0x10, 0xc7, 0x17, 0x16, 0x84, 0x79, 0xf5, 0x1f, - 0x6b, 0xc7, 0x0a, 0x83, 0xdd, 0xf0, 0xe1, 0xfb, 0xe1, 0xdd, 0x4b, 0xcd, 0x56, 0xb2, 0x23, 0x6c, - 0x09, 0x7d, 0xc3, 0x87, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0xdb, 0x05, 0x3e, 0x02, 0xc5, 0xb9, 0xea, - 0xc5, 0x4c, 0x39, 0xf9, 0xfe, 0x8f, 0x24, 0x3f, 0x07, 0xe0, 0xaa, 0xab, 0xc2, 0xc4, 0x86, 0xf7, - 0x95, 0x23, 0x5f, 0xb5, 0x24, 0xe8, 0xe9, 0xd7, 0xd0, 0x6d, 0xd8, 0xe0, 0x97, 0xd2, 0xa5, 0xc5, - 0x7d, 0x75, 0x69, 0x4a, 0xad, 0x0c, 0xec, 0xb3, 0xda, 0xfd, 0x99, 0x05, 0x29, 0x8b, 0x08, 0xb5, - 0xa0, 0x44, 0xc5, 0xdd, 0xc9, 0xe7, 0x16, 0x34, 0x93, 0x34, 0x55, 0x8d, 0x62, 0xd8, 0xb3, 0x9f, - 0x98, 0x33, 0x42, 0xbe, 0x38, 0x7e, 0x2d, 0xe4, 0x71, 0x53, 0x9f, 0xc9, 0xf0, 0x4a, 0x18, 0x6e, - 0xf2, 0x53, 0x1b, 0x7d, 0x94, 0x6b, 0x5f, 0x84, 0xf1, 0x0e, 0xa1, 0x58, 0xe5, 0xe8, 0x50, 0x5e, - 0xfd, 0x66, 0x0c, 0x57, 0x96, 0x03, 0x85, 0x39, 0xcc, 0x7e, 0xd7, 0x82, 0x93, 0x59, 0xf2, 0xe8, - 0xdb, 0x16, 0x8c, 0xc7, 0x59, 0x7a, 0xc7, 0xd5, 0x77, 0x2a, 0x34, 0xa9, 0x03, 0x84, 0x3b, 0x85, - 0xb0, 0xff, 0x5c, 0x0c, 0xfe, 0x5b, 0x5e, 0x50, 0x0b, 0xef, 0x2a, 0xc3, 0xc4, 0xea, 0x69, 0x98, - 0xd0, 0xf9, 0xe8, 0x6e, 0x90, 0x5a, 0xdb, 0xef, 0x48, 0xbe, 0x5a, 0x15, 0xed, 0x58, 0x61, 0xa4, - 0x2e, 0x81, 0x2f, 0xee, 0x7b, 0x09, 0xfc, 0x4b, 0x30, 0x62, 0x5e, 0x6f, 0x28, 0xc6, 0x25, 0x33, - 0xc8, 0xcd, 0x9b, 0x10, 0x71, 0x0a, 0x2b, 0x73, 0xc1, 0x75, 0x69, 0xdf, 0x0b, 0xae, 0x9f, 0x83, - 0xb2, 0xb8, 0xac, 0x59, 0x06, 0xf0, 0xf1, 0xcc, 0x2e, 0xd1, 0x86, 0x15, 0x94, 0x6a, 0x93, 0xa6, - 0x13, 0xb4, 0x1d, 0x9f, 0xf6, 0x90, 0x48, 0x47, 0x55, 0xd3, 0x70, 0x49, 0x41, 0xb0, 0x81, 0x45, - 0xdf, 0x38, 0xf1, 0x9a, 0xe4, 0xb5, 0x30, 0x90, 0xa1, 0x2f, 0x7a, 0x4f, 0x5b, 0xb4, 0x63, 0x85, - 0x61, 0xff, 0x57, 0x0b, 0xb2, 0x37, 0xcd, 0xa6, 0x76, 0x39, 0xac, 0x7d, 0x53, 0x60, 0xd3, 0x09, - 0x74, 0x85, 0xbe, 0x12, 0xe8, 0xcc, 0xdc, 0xb6, 0xe2, 0x7d, 0x73, 0xdb, 0x7e, 0x4c, 0xdf, 0x3f, - 0xc2, 0x93, 0xe0, 0x86, 0xbb, 0xdd, 0x3d, 0x82, 0x6c, 0x18, 0x74, 0x1d, 0x55, 0x24, 0x61, 0x84, - 0xfb, 0x0e, 0xb3, 0x33, 0x0c, 0x49, 0x40, 0xaa, 0xeb, 0xef, 0xfd, 0xe0, 0xdc, 0x87, 0xbe, 0xf7, - 0x83, 0x73, 0x1f, 0xfa, 0xa3, 0x1f, 0x9c, 0xfb, 0xd0, 0x17, 0xf6, 0xce, 0x59, 0xef, 0xed, 0x9d, - 0xb3, 0xbe, 0xb7, 0x77, 0xce, 0xfa, 0xa3, 0xbd, 0x73, 0xd6, 0xfb, 0x7b, 0xe7, 0xac, 0x6f, 0xfe, - 0xa7, 0x73, 0x1f, 0x7a, 0xad, 0x6b, 0xa8, 0x12, 0xfd, 0xf1, 0x82, 0x5b, 0x9b, 0xde, 0xba, 0xc0, - 0xa2, 0x65, 0xe8, 0x6c, 0x98, 0x36, 0x86, 0xc0, 0xb4, 0x9c, 0x0d, 0xff, 0x2f, 0x00, 0x00, 0xff, - 0xff, 0x30, 0x64, 0xb5, 0x42, 0x24, 0xc8, 0x00, 0x00, + // 9996 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x1c, 0xc9, + 0x75, 0x98, 0x66, 0x17, 0x0b, 0x2c, 0xde, 0x02, 0x20, 0xd1, 0x24, 0xef, 0x70, 0xbc, 0x3b, 0x82, + 0x99, 0x2b, 0x9f, 0x4e, 0xd1, 0x1d, 0xe0, 0xa3, 0x4e, 0x0a, 0xe3, 0xb3, 0x4f, 0xc6, 0x02, 0x24, + 0x08, 0x12, 0x20, 0x70, 0x0d, 0x90, 0x94, 0xee, 0x7c, 0x3a, 0x0d, 0x66, 0x7b, 0x17, 0x43, 0xcc, + 0xce, 0x2c, 0x67, 0x66, 0x41, 0xe0, 0x2c, 0xcb, 0x92, 0x6d, 0xd9, 0x4a, 0xf4, 0x71, 0xca, 0x29, + 0x55, 0x96, 0xf3, 0xe1, 0x28, 0xb6, 0xca, 0x15, 0x57, 0x72, 0x15, 0xa7, 0xf2, 0x23, 0xce, 0x57, + 0xa5, 0x6c, 0xe7, 0xc7, 0xa5, 0x94, 0x54, 0x54, 0x15, 0x97, 0xe5, 0xc4, 0x0e, 0x2c, 0x21, 0x95, + 0x4a, 0x2a, 0x55, 0x71, 0x55, 0x3e, 0xfe, 0x84, 0xe5, 0xaa, 0xb8, 0xfa, 0xbb, 0x67, 0x76, 0x97, + 0x58, 0x00, 0x03, 0x92, 0x52, 0xdd, 0xbf, 0xdd, 0x7e, 0x6f, 0xde, 0xeb, 0xe9, 0xe9, 0x7e, 0xfd, + 0xde, 0xeb, 0xf7, 0x5e, 0xc3, 0x62, 0xc3, 0x4b, 0x36, 0xda, 0xeb, 0x53, 0x6e, 0xd8, 0x9c, 0x76, + 0xa2, 0x46, 0xd8, 0x8a, 0xc2, 0xdb, 0xec, 0xc7, 0x0b, 0x6e, 0x6d, 0x7a, 0xeb, 0xc2, 0x74, 0x6b, + 0xb3, 0x31, 0xed, 0xb4, 0xbc, 0x78, 0xda, 0x69, 0xb5, 0x7c, 0xcf, 0x75, 0x12, 0x2f, 0x0c, 0xa6, + 0xb7, 0x5e, 0x74, 0xfc, 0xd6, 0x86, 0xf3, 0xe2, 0x74, 0x83, 0x04, 0x24, 0x72, 0x12, 0x52, 0x9b, + 0x6a, 0x45, 0x61, 0x12, 0xa2, 0x1f, 0xd7, 0xd4, 0xa6, 0x24, 0x35, 0xf6, 0xe3, 0x4d, 0xb7, 0x36, + 0xb5, 0x75, 0x61, 0xaa, 0xb5, 0xd9, 0x98, 0xa2, 0xd4, 0xa6, 0x0c, 0x6a, 0x53, 0x92, 0xda, 0xd9, + 0x17, 0x8c, 0xbe, 0x34, 0xc2, 0x46, 0x38, 0xcd, 0x88, 0xae, 0xb7, 0xeb, 0xec, 0x1f, 0xfb, 0xc3, + 0x7e, 0x71, 0x66, 0x67, 0xed, 0xcd, 0x8b, 0xf1, 0x94, 0x17, 0xd2, 0xee, 0x4d, 0xbb, 0x61, 0x44, + 0xa6, 0xb7, 0x3a, 0x3a, 0x74, 0xf6, 0x8a, 0xc6, 0x21, 0xdb, 0x09, 0x09, 0x62, 0x2f, 0x0c, 0xe2, + 0x17, 0x68, 0x17, 0x48, 0xb4, 0x45, 0x22, 0xf3, 0xf5, 0x0c, 0x84, 0x6e, 0x94, 0x5e, 0xd2, 0x94, + 0x9a, 0x8e, 0xbb, 0xe1, 0x05, 0x24, 0xda, 0xd1, 0x8f, 0x37, 0x49, 0xe2, 0x74, 0x7b, 0x6a, 0xba, + 0xd7, 0x53, 0x51, 0x3b, 0x48, 0xbc, 0x26, 0xe9, 0x78, 0xe0, 0x63, 0xfb, 0x3d, 0x10, 0xbb, 0x1b, + 0xa4, 0xe9, 0x74, 0x3c, 0xf7, 0x91, 0x5e, 0xcf, 0xb5, 0x13, 0xcf, 0x9f, 0xf6, 0x82, 0x24, 0x4e, + 0xa2, 0xec, 0x43, 0xf6, 0x1d, 0x18, 0x9d, 0xb9, 0xb5, 0x3a, 0xd3, 0x4e, 0x36, 0x66, 0xc3, 0xa0, + 0xee, 0x35, 0xd0, 0x47, 0xa1, 0xe2, 0xfa, 0xed, 0x38, 0x21, 0xd1, 0x75, 0xa7, 0x49, 0x26, 0xac, + 0xf3, 0xd6, 0x73, 0xc3, 0xd5, 0x53, 0xef, 0xed, 0x4e, 0x7e, 0x60, 0x6f, 0x77, 0xb2, 0x32, 0xab, + 0x41, 0xd8, 0xc4, 0x43, 0x1f, 0x82, 0xa1, 0x28, 0xf4, 0xc9, 0x0c, 0xbe, 0x3e, 0x51, 0x60, 0x8f, + 0x9c, 0x10, 0x8f, 0x0c, 0x61, 0xde, 0x8c, 0x25, 0xdc, 0xfe, 0x83, 0x02, 0xc0, 0x4c, 0xab, 0xb5, + 0x12, 0x85, 0xb7, 0x89, 0x9b, 0xa0, 0x4f, 0x43, 0x99, 0x0e, 0x5d, 0xcd, 0x49, 0x1c, 0xc6, 0xad, + 0x72, 0xe1, 0x47, 0xa7, 0xf8, 0x9b, 0x4c, 0x99, 0x6f, 0xa2, 0x27, 0x0e, 0xc5, 0x9e, 0xda, 0x7a, + 0x71, 0x6a, 0x79, 0x9d, 0x3e, 0xbf, 0x44, 0x12, 0xa7, 0x8a, 0x04, 0x33, 0xd0, 0x6d, 0x58, 0x51, + 0x45, 0x01, 0x0c, 0xc4, 0x2d, 0xe2, 0xb2, 0x8e, 0x55, 0x2e, 0x2c, 0x4e, 0x1d, 0x65, 0x86, 0x4e, + 0xe9, 0x9e, 0xaf, 0xb6, 0x88, 0x5b, 0x1d, 0x11, 0x9c, 0x07, 0xe8, 0x3f, 0xcc, 0xf8, 0xa0, 0x2d, + 0x18, 0x8c, 0x13, 0x27, 0x69, 0xc7, 0x13, 0x45, 0xc6, 0xf1, 0x7a, 0x6e, 0x1c, 0x19, 0xd5, 0xea, + 0x98, 0xe0, 0x39, 0xc8, 0xff, 0x63, 0xc1, 0xcd, 0xfe, 0xcf, 0x16, 0x8c, 0x69, 0xe4, 0x45, 0x2f, + 0x4e, 0xd0, 0x4f, 0x75, 0x0c, 0xee, 0x54, 0x7f, 0x83, 0x4b, 0x9f, 0x66, 0x43, 0x7b, 0x52, 0x30, + 0x2b, 0xcb, 0x16, 0x63, 0x60, 0x9b, 0x50, 0xf2, 0x12, 0xd2, 0x8c, 0x27, 0x0a, 0xe7, 0x8b, 0xcf, + 0x55, 0x2e, 0x5c, 0xc9, 0xeb, 0x3d, 0xab, 0xa3, 0x82, 0x69, 0x69, 0x81, 0x92, 0xc7, 0x9c, 0x8b, + 0xfd, 0x9b, 0x23, 0xe6, 0xfb, 0xd1, 0x01, 0x47, 0x2f, 0x42, 0x25, 0x0e, 0xdb, 0x91, 0x4b, 0x30, + 0x69, 0x85, 0xf1, 0x84, 0x75, 0xbe, 0x48, 0xa7, 0x1e, 0x9d, 0xa9, 0xab, 0xba, 0x19, 0x9b, 0x38, + 0xe8, 0xab, 0x16, 0x8c, 0xd4, 0x48, 0x9c, 0x78, 0x01, 0xe3, 0x2f, 0x3b, 0xbf, 0x76, 0xe4, 0xce, + 0xcb, 0xc6, 0x39, 0x4d, 0xbc, 0x7a, 0x5a, 0xbc, 0xc8, 0x88, 0xd1, 0x18, 0xe3, 0x14, 0x7f, 0xba, + 0xe2, 0x6a, 0x24, 0x76, 0x23, 0xaf, 0x45, 0xff, 0xb3, 0x39, 0x63, 0xac, 0xb8, 0x39, 0x0d, 0xc2, + 0x26, 0x1e, 0x0a, 0xa0, 0x44, 0x57, 0x54, 0x3c, 0x31, 0xc0, 0xfa, 0xbf, 0x70, 0xb4, 0xfe, 0x8b, + 0x41, 0xa5, 0x8b, 0x55, 0x8f, 0x3e, 0xfd, 0x17, 0x63, 0xce, 0x06, 0x7d, 0xc5, 0x82, 0x09, 0xb1, + 0xe2, 0x31, 0xe1, 0x03, 0x7a, 0x6b, 0xc3, 0x4b, 0x88, 0xef, 0xc5, 0xc9, 0x44, 0x89, 0xf5, 0x61, + 0xba, 0xbf, 0xb9, 0x35, 0x1f, 0x85, 0xed, 0xd6, 0x35, 0x2f, 0xa8, 0x55, 0xcf, 0x0b, 0x4e, 0x13, + 0xb3, 0x3d, 0x08, 0xe3, 0x9e, 0x2c, 0xd1, 0xd7, 0x2d, 0x38, 0x1b, 0x38, 0x4d, 0x12, 0xb7, 0x1c, + 0xfa, 0x69, 0x39, 0xb8, 0xea, 0x3b, 0xee, 0x26, 0xeb, 0xd1, 0xe0, 0xe1, 0x7a, 0x64, 0x8b, 0x1e, + 0x9d, 0xbd, 0xde, 0x93, 0x34, 0xbe, 0x0f, 0x5b, 0xf4, 0xeb, 0x16, 0x8c, 0x87, 0x51, 0x6b, 0xc3, + 0x09, 0x48, 0x4d, 0x42, 0xe3, 0x89, 0x21, 0xb6, 0xf4, 0x3e, 0x75, 0xb4, 0x4f, 0xb4, 0x9c, 0x25, + 0xbb, 0x14, 0x06, 0x5e, 0x12, 0x46, 0xab, 0x24, 0x49, 0xbc, 0xa0, 0x11, 0x57, 0xcf, 0xec, 0xed, + 0x4e, 0x8e, 0x77, 0x60, 0xe1, 0xce, 0xfe, 0xa0, 0x9f, 0x86, 0x4a, 0xbc, 0x13, 0xb8, 0xb7, 0xbc, + 0xa0, 0x16, 0xde, 0x8d, 0x27, 0xca, 0x79, 0x2c, 0xdf, 0x55, 0x45, 0x50, 0x2c, 0x40, 0xcd, 0x00, + 0x9b, 0xdc, 0xba, 0x7f, 0x38, 0x3d, 0x95, 0x86, 0xf3, 0xfe, 0x70, 0x7a, 0x32, 0xdd, 0x87, 0x2d, + 0xfa, 0x25, 0x0b, 0x46, 0x63, 0xaf, 0x11, 0x38, 0x49, 0x3b, 0x22, 0xd7, 0xc8, 0x4e, 0x3c, 0x01, + 0xac, 0x23, 0x57, 0x8f, 0x38, 0x2a, 0x06, 0xc9, 0xea, 0x19, 0xd1, 0xc7, 0x51, 0xb3, 0x35, 0xc6, + 0x69, 0xbe, 0xdd, 0x16, 0x9a, 0x9e, 0xd6, 0x95, 0x7c, 0x17, 0x9a, 0x9e, 0xd4, 0x3d, 0x59, 0xa2, + 0x9f, 0x84, 0x93, 0xbc, 0x49, 0x8d, 0x6c, 0x3c, 0x31, 0xc2, 0x04, 0xed, 0xe9, 0xbd, 0xdd, 0xc9, + 0x93, 0xab, 0x19, 0x18, 0xee, 0xc0, 0x46, 0x77, 0x60, 0xb2, 0x45, 0xa2, 0xa6, 0x97, 0x2c, 0x07, + 0xfe, 0x8e, 0x14, 0xdf, 0x6e, 0xd8, 0x22, 0x35, 0xd1, 0x9d, 0x78, 0x62, 0xf4, 0xbc, 0xf5, 0x5c, + 0xb9, 0xfa, 0x41, 0xd1, 0xcd, 0xc9, 0x95, 0xfb, 0xa3, 0xe3, 0xfd, 0xe8, 0xd9, 0xff, 0xa6, 0x00, + 0x27, 0xb3, 0x1b, 0x27, 0xfa, 0x0d, 0x0b, 0x4e, 0xdc, 0xbe, 0x9b, 0xac, 0x85, 0x9b, 0x24, 0x88, + 0xab, 0x3b, 0x54, 0xbc, 0xb1, 0x2d, 0xa3, 0x72, 0xc1, 0xcd, 0x77, 0x8b, 0x9e, 0xba, 0x9a, 0xe6, + 0x72, 0x29, 0x48, 0xa2, 0x9d, 0xea, 0xe3, 0xe2, 0xed, 0x4e, 0x5c, 0xbd, 0xb5, 0x66, 0x42, 0x71, + 0xb6, 0x53, 0x67, 0xbf, 0x64, 0xc1, 0xe9, 0x6e, 0x24, 0xd0, 0x49, 0x28, 0x6e, 0x92, 0x1d, 0xae, + 0x95, 0x61, 0xfa, 0x13, 0xbd, 0x01, 0xa5, 0x2d, 0xc7, 0x6f, 0x13, 0xa1, 0xdd, 0xcc, 0x1f, 0xed, + 0x45, 0x54, 0xcf, 0x30, 0xa7, 0xfa, 0x63, 0x85, 0x8b, 0x96, 0xfd, 0xef, 0x8b, 0x50, 0x31, 0xf6, + 0xb7, 0x07, 0xa0, 0xb1, 0x85, 0x29, 0x8d, 0x6d, 0x29, 0xb7, 0xad, 0xb9, 0xa7, 0xca, 0x76, 0x37, + 0xa3, 0xb2, 0x2d, 0xe7, 0xc7, 0xf2, 0xbe, 0x3a, 0x1b, 0x4a, 0x60, 0x38, 0x6c, 0x51, 0x8d, 0x9c, + 0x6e, 0xfd, 0x03, 0x79, 0x7c, 0xc2, 0x65, 0x49, 0xae, 0x3a, 0xba, 0xb7, 0x3b, 0x39, 0xac, 0xfe, + 0x62, 0xcd, 0xc8, 0xfe, 0xae, 0x05, 0xa7, 0x8d, 0x3e, 0xce, 0x86, 0x41, 0xcd, 0x63, 0x9f, 0xf6, + 0x3c, 0x0c, 0x24, 0x3b, 0x2d, 0xa9, 0xf6, 0xab, 0x91, 0x5a, 0xdb, 0x69, 0x11, 0xcc, 0x20, 0x54, + 0xd1, 0x6f, 0x92, 0x38, 0x76, 0x1a, 0x24, 0xab, 0xe8, 0x2f, 0xf1, 0x66, 0x2c, 0xe1, 0x28, 0x02, + 0xe4, 0x3b, 0x71, 0xb2, 0x16, 0x39, 0x41, 0xcc, 0xc8, 0xaf, 0x79, 0x4d, 0x22, 0x06, 0xf8, 0x2f, + 0xf6, 0x37, 0x63, 0xe8, 0x13, 0xd5, 0xc7, 0xf6, 0x76, 0x27, 0xd1, 0x62, 0x07, 0x25, 0xdc, 0x85, + 0xba, 0xfd, 0x75, 0x0b, 0x1e, 0xeb, 0xae, 0x8b, 0xa1, 0x67, 0x61, 0x90, 0x9b, 0x7c, 0xe2, 0xed, + 0xf4, 0x27, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x34, 0x0c, 0xab, 0x7d, 0x42, 0xbc, 0xe3, 0xb8, 0x40, + 0x1d, 0xd6, 0x9b, 0x8b, 0xc6, 0xa1, 0x83, 0x46, 0xff, 0x08, 0xcd, 0x4d, 0x0d, 0x1a, 0x33, 0x92, + 0x18, 0xc4, 0xfe, 0x13, 0x0b, 0x4e, 0x18, 0xbd, 0x7a, 0x00, 0xaa, 0x79, 0x90, 0x56, 0xcd, 0x17, + 0x72, 0x9b, 0xcf, 0x3d, 0x74, 0xf3, 0xaf, 0x58, 0x70, 0xd6, 0xc0, 0x5a, 0x72, 0x12, 0x77, 0xe3, + 0xd2, 0x76, 0x2b, 0x22, 0x31, 0x35, 0xa7, 0xd1, 0xd3, 0x86, 0xdc, 0xaa, 0x56, 0x04, 0x85, 0xe2, + 0x35, 0xb2, 0xc3, 0x85, 0xd8, 0xf3, 0x50, 0xe6, 0x93, 0x33, 0x8c, 0xc4, 0x88, 0xab, 0x77, 0x5b, + 0x16, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0x70, 0xa2, 0x8b, 0x95, 0x6e, 0x43, 0x40, 0x3f, + 0xe2, 0x4d, 0xd6, 0x82, 0x05, 0xc4, 0x5e, 0x4e, 0x75, 0x67, 0x25, 0x22, 0xec, 0xe3, 0xd6, 0x2e, + 0x7b, 0xc4, 0xaf, 0xc5, 0xd4, 0x6c, 0x70, 0x82, 0x20, 0x4c, 0x84, 0x05, 0x60, 0x98, 0x0d, 0x33, + 0xba, 0x19, 0x9b, 0x38, 0xf6, 0x5e, 0x81, 0x19, 0x1f, 0x6a, 0x59, 0x93, 0x07, 0x61, 0xb9, 0x46, + 0x29, 0x39, 0xb8, 0x92, 0x9f, 0x50, 0x22, 0xbd, 0xad, 0xd7, 0xb7, 0x32, 0xa2, 0x10, 0xe7, 0xca, + 0xf5, 0xfe, 0x16, 0xec, 0xef, 0x14, 0x60, 0x32, 0xfd, 0x40, 0x87, 0x24, 0xa5, 0xe6, 0x92, 0xc1, + 0x28, 0xeb, 0xa0, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x18, 0x15, 0x8e, 0x53, 0x18, 0x99, 0xb2, + 0xb2, 0xb8, 0x8f, 0xac, 0x7c, 0x56, 0x8d, 0xfa, 0x40, 0x46, 0x38, 0xa5, 0xf7, 0x8b, 0xf3, 0x30, + 0x10, 0x27, 0xa4, 0x35, 0x51, 0x4a, 0xcb, 0x9a, 0xd5, 0x84, 0xb4, 0x30, 0x83, 0xd8, 0xff, 0xa3, + 0x00, 0x8f, 0xa7, 0xc7, 0x50, 0x8b, 0xf7, 0x8f, 0xa7, 0xc4, 0xfb, 0x87, 0x4d, 0xf1, 0x7e, 0x6f, + 0x77, 0xf2, 0xc9, 0x1e, 0x8f, 0xfd, 0xc0, 0x48, 0x7f, 0x34, 0x9f, 0x19, 0xc5, 0xe9, 0xf4, 0x28, + 0xde, 0xdb, 0x9d, 0x7c, 0xba, 0xc7, 0x3b, 0x66, 0x86, 0xf9, 0x59, 0x18, 0x8c, 0x88, 0x13, 0x87, + 0x81, 0x18, 0x68, 0xf5, 0x39, 0x30, 0x6b, 0xc5, 0x02, 0x6a, 0xff, 0x49, 0x39, 0x3b, 0xd8, 0xf3, + 0xdc, 0xc1, 0x16, 0x46, 0xc8, 0x83, 0x01, 0xa6, 0xb2, 0x73, 0xd1, 0x70, 0xed, 0x68, 0xcb, 0x88, + 0x8a, 0x78, 0x45, 0xba, 0x5a, 0xa6, 0x5f, 0x8d, 0x36, 0x61, 0xc6, 0x02, 0x6d, 0x43, 0xd9, 0x95, + 0x9a, 0x74, 0x21, 0x0f, 0x9f, 0x93, 0xd0, 0xa3, 0x35, 0xc7, 0x11, 0x2a, 0x8b, 0x95, 0xfa, 0xad, + 0xb8, 0x21, 0x02, 0xc5, 0x86, 0x97, 0x88, 0xcf, 0x7a, 0x44, 0x5b, 0x69, 0xde, 0x33, 0x5e, 0x71, + 0x88, 0x6e, 0x10, 0xf3, 0x5e, 0x82, 0x29, 0x7d, 0xf4, 0x05, 0x0b, 0x2a, 0xb1, 0xdb, 0x5c, 0x89, + 0xc2, 0x2d, 0xaf, 0x46, 0x22, 0xa1, 0x29, 0x1d, 0x51, 0x34, 0xad, 0xce, 0x2e, 0x49, 0x82, 0x9a, + 0x2f, 0xb7, 0x5d, 0x35, 0x04, 0x9b, 0x7c, 0xa9, 0x05, 0xf1, 0xb8, 0x78, 0xf7, 0x39, 0xe2, 0x7a, + 0x74, 0x6f, 0x93, 0x06, 0x13, 0x9b, 0x29, 0x47, 0xd6, 0x1c, 0xe7, 0xda, 0xee, 0x26, 0x5d, 0x6f, + 0xba, 0x43, 0x4f, 0xee, 0xed, 0x4e, 0x3e, 0x3e, 0xdb, 0x9d, 0x27, 0xee, 0xd5, 0x19, 0x36, 0x60, + 0xad, 0xb6, 0xef, 0x63, 0x72, 0xa7, 0x4d, 0x98, 0x3b, 0x24, 0x87, 0x01, 0x5b, 0xd1, 0x04, 0x33, + 0x03, 0x66, 0x40, 0xb0, 0xc9, 0x17, 0xdd, 0x81, 0xc1, 0xa6, 0x93, 0x44, 0xde, 0xb6, 0xf0, 0x81, + 0x1c, 0x51, 0x97, 0x5f, 0x62, 0xb4, 0x34, 0x73, 0xb6, 0xf5, 0xf3, 0x46, 0x2c, 0x18, 0xa1, 0x26, + 0x94, 0x9a, 0x24, 0x6a, 0x90, 0x89, 0x72, 0x1e, 0xfe, 0xde, 0x25, 0x4a, 0x4a, 0x33, 0x1c, 0xa6, + 0x9a, 0x0f, 0x6b, 0xc3, 0x9c, 0x0b, 0x7a, 0x03, 0xca, 0x31, 0xf1, 0x89, 0x4b, 0x75, 0x97, 0x61, + 0xc6, 0xf1, 0x23, 0x7d, 0xea, 0x71, 0xce, 0x3a, 0xf1, 0x57, 0xc5, 0xa3, 0x7c, 0x81, 0xc9, 0x7f, + 0x58, 0x91, 0xb4, 0xff, 0xab, 0x05, 0x28, 0x2d, 0x61, 0x1e, 0x80, 0xf6, 0x78, 0x27, 0xad, 0x3d, + 0x2e, 0xe6, 0xa9, 0x02, 0xf4, 0x50, 0x20, 0xdf, 0x2b, 0x43, 0x46, 0x36, 0x5f, 0x27, 0x71, 0x42, + 0x6a, 0xef, 0xcb, 0xd3, 0xf7, 0xe5, 0xe9, 0xfb, 0xf2, 0x54, 0xc9, 0xd3, 0xf5, 0x8c, 0x3c, 0x7d, + 0xc5, 0x58, 0xf5, 0xfa, 0xf4, 0xf2, 0x4d, 0x75, 0xbc, 0x69, 0xf6, 0xc0, 0x40, 0xa0, 0x92, 0xe0, + 0xea, 0xea, 0xf2, 0xf5, 0xae, 0x02, 0xf4, 0xcd, 0xb4, 0x00, 0x3d, 0x2a, 0x8b, 0x07, 0x2e, 0x32, + 0xff, 0x66, 0x01, 0x9e, 0x48, 0x8b, 0x12, 0x1c, 0xfa, 0x7e, 0xd8, 0x4e, 0xa8, 0x96, 0x8c, 0x7e, + 0xd5, 0x82, 0x93, 0xcd, 0xb4, 0x79, 0x1a, 0x0b, 0x2f, 0xe0, 0x27, 0x72, 0x93, 0x73, 0x19, 0xfb, + 0xb7, 0x3a, 0x21, 0x64, 0xde, 0xc9, 0x0c, 0x20, 0xc6, 0x1d, 0x7d, 0x41, 0x6f, 0xc0, 0x70, 0xd3, + 0xd9, 0xbe, 0xd1, 0xaa, 0x39, 0x89, 0x34, 0x50, 0x7a, 0xdb, 0x95, 0xed, 0xc4, 0xf3, 0xa7, 0xf8, + 0xd9, 0xee, 0xd4, 0x42, 0x90, 0x2c, 0x47, 0xab, 0x49, 0xe4, 0x05, 0x0d, 0xee, 0xfb, 0x59, 0x92, + 0x64, 0xb0, 0xa6, 0x68, 0xff, 0x6d, 0x2b, 0x2b, 0x68, 0xd5, 0xe8, 0x44, 0x4e, 0x42, 0x1a, 0x3b, + 0xe8, 0x33, 0x50, 0xa2, 0x96, 0x84, 0x1c, 0x95, 0x5b, 0x79, 0x4a, 0x7f, 0xe3, 0x4b, 0xe8, 0x8d, + 0x80, 0xfe, 0x8b, 0x31, 0x67, 0x6a, 0xff, 0x59, 0x29, 0xbb, 0xe1, 0xb1, 0x93, 0xbe, 0x0b, 0x00, + 0x8d, 0x70, 0x8d, 0x34, 0x5b, 0x3e, 0x1d, 0x16, 0x8b, 0xb9, 0x8b, 0x95, 0xf1, 0x3c, 0xaf, 0x20, + 0xd8, 0xc0, 0x42, 0x7f, 0xc5, 0x02, 0x68, 0xc8, 0x85, 0x25, 0x37, 0xb3, 0x1b, 0x79, 0xbe, 0x8e, + 0x5e, 0xb6, 0xba, 0x2f, 0x8a, 0x21, 0x36, 0x98, 0xa3, 0x9f, 0xb3, 0xa0, 0x9c, 0xc8, 0xee, 0x73, + 0xf1, 0xbe, 0x96, 0x67, 0x4f, 0xe4, 0x4b, 0xeb, 0x7d, 0x5d, 0x0d, 0x89, 0xe2, 0x8b, 0x7e, 0xd1, + 0x02, 0x88, 0x77, 0x02, 0x77, 0x25, 0xf4, 0x3d, 0x77, 0x47, 0x48, 0xfd, 0x9b, 0xb9, 0x1a, 0xf8, + 0x8a, 0x7a, 0x75, 0x8c, 0x8e, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0xb3, 0x50, 0x8e, 0xc5, 0x74, + 0x13, 0x72, 0x7e, 0x2d, 0x5f, 0x37, 0x03, 0xa7, 0x2d, 0x44, 0x84, 0xf8, 0x87, 0x15, 0x4f, 0xf4, + 0xcb, 0x16, 0x9c, 0x68, 0xa5, 0x9d, 0x42, 0x42, 0xa4, 0xe7, 0x27, 0x03, 0x32, 0x4e, 0xa7, 0xea, + 0xa9, 0xbd, 0xdd, 0xc9, 0x13, 0x99, 0x46, 0x9c, 0xed, 0x85, 0xfd, 0xed, 0x42, 0xca, 0x35, 0xab, + 0x7c, 0x26, 0x6c, 0x32, 0xbb, 0xd2, 0x5c, 0x95, 0x6b, 0x33, 0xd7, 0xc9, 0xac, 0x8c, 0x61, 0x3d, + 0x99, 0x55, 0x53, 0x8c, 0x0d, 0xe6, 0x74, 0xdb, 0x1e, 0x77, 0xb2, 0x9e, 0x19, 0xb1, 0xbe, 0xde, + 0xc8, 0xb3, 0x4b, 0x9d, 0x8e, 0xf4, 0x27, 0x44, 0xd7, 0xc6, 0x3b, 0x40, 0xb8, 0xb3, 0x4b, 0xf6, + 0xb7, 0xd3, 0xee, 0x60, 0x63, 0x6a, 0xf4, 0xe1, 0xea, 0xfe, 0xaa, 0x05, 0x95, 0x28, 0xf4, 0x7d, + 0x2f, 0x68, 0xd0, 0x69, 0x2c, 0x64, 0xf1, 0xeb, 0xc7, 0x22, 0x0e, 0xc5, 0x7c, 0x65, 0x9b, 0x3f, + 0xd6, 0x3c, 0xb1, 0xd9, 0x01, 0xfb, 0xf3, 0x16, 0x4c, 0xf4, 0x5a, 0x6e, 0x88, 0xc0, 0x93, 0x72, + 0x2e, 0xa9, 0x83, 0xde, 0xe5, 0x60, 0x8e, 0xf8, 0x44, 0xf9, 0xc9, 0xca, 0xd5, 0x67, 0xc4, 0x6b, + 0x3e, 0xb9, 0xd2, 0x1b, 0x15, 0xdf, 0x8f, 0x8e, 0xfd, 0xad, 0x42, 0x76, 0x44, 0x95, 0xb8, 0xfd, + 0x86, 0xd5, 0x61, 0x94, 0x7c, 0xe2, 0x38, 0x44, 0x1c, 0x33, 0x5f, 0xd4, 0x79, 0x6f, 0x6f, 0x9c, + 0x87, 0x78, 0xa0, 0x64, 0xff, 0xdb, 0x01, 0xb8, 0x4f, 0xcf, 0xd4, 0x91, 0x81, 0xd5, 0xeb, 0xc8, + 0xe0, 0xe0, 0xa7, 0x10, 0x5f, 0xb6, 0x60, 0xd0, 0xa7, 0xfa, 0x11, 0x77, 0x8b, 0x57, 0x2e, 0xd4, + 0x8e, 0x6b, 0xec, 0xb9, 0x1a, 0x16, 0xf3, 0x43, 0x4d, 0xe5, 0x19, 0xe3, 0x8d, 0x58, 0xf4, 0x01, + 0x7d, 0xd3, 0x4a, 0xfb, 0xd8, 0x79, 0x94, 0x8a, 0x77, 0x6c, 0x7d, 0x32, 0x1c, 0xf7, 0xbc, 0x63, + 0xda, 0x25, 0xdc, 0xc3, 0xa5, 0x8f, 0xa6, 0x00, 0xea, 0x5e, 0xe0, 0xf8, 0xde, 0x5b, 0xd4, 0xce, + 0x2b, 0xb1, 0x43, 0x00, 0xb6, 0x69, 0x5d, 0x56, 0xad, 0xd8, 0xc0, 0x38, 0xfb, 0x97, 0xa1, 0x62, + 0xbc, 0x79, 0x97, 0xb3, 0xd8, 0xd3, 0xe6, 0x59, 0xec, 0xb0, 0x71, 0x84, 0x7a, 0xf6, 0x15, 0x38, + 0x99, 0xed, 0xe0, 0x41, 0x9e, 0xb7, 0x7f, 0x63, 0x30, 0xeb, 0x18, 0x5f, 0x23, 0x51, 0x93, 0x76, + 0xed, 0x7d, 0xfb, 0xf8, 0x7d, 0xfb, 0xf8, 0x7d, 0xfb, 0x58, 0xfe, 0xb1, 0xf7, 0x4a, 0x90, 0xd2, + 0x0c, 0x78, 0xef, 0x3e, 0x04, 0x43, 0x11, 0x69, 0x85, 0x37, 0xf0, 0xa2, 0x90, 0xb8, 0x3a, 0x3a, + 0x95, 0x37, 0x63, 0x09, 0xa7, 0x92, 0xb9, 0xe5, 0x24, 0x1b, 0x42, 0xe4, 0x2a, 0xc9, 0xbc, 0xe2, + 0x24, 0x1b, 0x98, 0x41, 0xd0, 0x2b, 0x30, 0x96, 0x38, 0x51, 0x83, 0x24, 0x98, 0x6c, 0xb1, 0x41, + 0x10, 0x87, 0x0d, 0x8f, 0x09, 0xdc, 0xb1, 0xb5, 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x1d, 0x18, 0xd8, + 0x20, 0x7e, 0x53, 0x18, 0xf0, 0xab, 0xf9, 0x49, 0x44, 0xf6, 0xae, 0x57, 0x88, 0xdf, 0xe4, 0xeb, + 0x95, 0xfe, 0xc2, 0x8c, 0x15, 0xfd, 0x3a, 0xc3, 0x9b, 0xed, 0x38, 0x09, 0x9b, 0xde, 0x5b, 0xd2, + 0xac, 0xff, 0x44, 0xce, 0x8c, 0xaf, 0x49, 0xfa, 0xdc, 0xf6, 0x54, 0x7f, 0xb1, 0xe6, 0xcc, 0xfa, + 0x51, 0xf3, 0x22, 0x66, 0xa6, 0xef, 0x4c, 0xc0, 0xb1, 0xf4, 0x63, 0x4e, 0xd2, 0xe7, 0xfd, 0x50, + 0x7f, 0xb1, 0xe6, 0x8c, 0x76, 0x60, 0xb0, 0xe5, 0xb7, 0x1b, 0x5e, 0x30, 0x51, 0x61, 0x7d, 0xb8, + 0x91, 0x73, 0x1f, 0x56, 0x18, 0x71, 0xee, 0x5c, 0xe1, 0xbf, 0xb1, 0x60, 0x88, 0x9e, 0x81, 0x92, + 0xbb, 0xe1, 0x44, 0xc9, 0xc4, 0x08, 0x9b, 0x34, 0xca, 0x06, 0x9e, 0xa5, 0x8d, 0x98, 0xc3, 0xd0, + 0xd3, 0x50, 0x8c, 0x48, 0x9d, 0x05, 0x45, 0x19, 0xc7, 0xe5, 0x98, 0xd4, 0x31, 0x6d, 0xb7, 0xff, + 0x6e, 0x21, 0xad, 0x5c, 0xa4, 0xdf, 0x9b, 0xcf, 0x76, 0xb7, 0x1d, 0xc5, 0xd2, 0x4e, 0x36, 0x66, + 0x3b, 0x6b, 0xc6, 0x12, 0x8e, 0x3e, 0x6f, 0xc1, 0xd0, 0xed, 0x38, 0x0c, 0x02, 0x92, 0x08, 0x41, + 0x7e, 0x33, 0xe7, 0xa1, 0xb8, 0xca, 0xa9, 0xeb, 0x3e, 0x88, 0x06, 0x2c, 0xf9, 0xd2, 0xee, 0x92, + 0x6d, 0xd7, 0x6f, 0xd7, 0x3a, 0x4e, 0x49, 0x2f, 0xf1, 0x66, 0x2c, 0xe1, 0x14, 0xd5, 0x0b, 0x38, + 0xea, 0x40, 0x1a, 0x75, 0x21, 0x10, 0xa8, 0x02, 0x6e, 0xff, 0x56, 0x09, 0xce, 0x74, 0x5d, 0x1c, + 0x74, 0xdb, 0x67, 0x1b, 0xeb, 0x65, 0xcf, 0x27, 0xf2, 0xec, 0x9f, 0x6d, 0xfb, 0x37, 0x55, 0x2b, + 0x36, 0x30, 0xd0, 0xcf, 0x02, 0xb4, 0x9c, 0xc8, 0x69, 0x12, 0xb1, 0xdd, 0x15, 0x8f, 0xbe, 0xbb, + 0xd2, 0x7e, 0xac, 0x48, 0x9a, 0xda, 0xda, 0x52, 0x4d, 0x31, 0x36, 0x58, 0xa2, 0x8f, 0x42, 0x25, + 0x22, 0x3e, 0x71, 0x62, 0x16, 0x53, 0x97, 0x0d, 0x10, 0xc6, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0xac, + 0x0a, 0x93, 0xc8, 0x1c, 0x29, 0xa7, 0x43, 0x25, 0xd0, 0xdb, 0x16, 0x8c, 0xd5, 0x3d, 0x9f, 0x68, + 0xee, 0x22, 0x9c, 0x77, 0xf9, 0xe8, 0x2f, 0x79, 0xd9, 0xa4, 0xab, 0x25, 0x64, 0xaa, 0x39, 0xc6, + 0x19, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x88, 0x89, 0xd6, 0xc1, 0xf4, 0x67, 0xbe, 0xc9, 0x9b, 0xb1, + 0x84, 0xa3, 0x19, 0x38, 0xd1, 0x72, 0xe2, 0x78, 0x36, 0x22, 0x35, 0x12, 0x24, 0x9e, 0xe3, 0xf3, + 0x60, 0xdb, 0xb2, 0x0e, 0xb6, 0x5b, 0x49, 0x83, 0x71, 0x16, 0x1f, 0x7d, 0x12, 0x1e, 0xf7, 0x1a, + 0x41, 0x18, 0x91, 0x25, 0x2f, 0x8e, 0xbd, 0xa0, 0xa1, 0xa7, 0x01, 0x93, 0x94, 0xe5, 0xea, 0xa4, + 0x20, 0xf5, 0xf8, 0x42, 0x77, 0x34, 0xdc, 0xeb, 0x79, 0xf4, 0x3c, 0x94, 0xe3, 0x4d, 0xaf, 0x35, + 0x1b, 0xd5, 0x62, 0xe6, 0xe8, 0x2c, 0x6b, 0xef, 0xcc, 0xaa, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0x95, + 0x42, 0xda, 0xbc, 0x33, 0xd7, 0x0f, 0x8a, 0xe9, 0x2a, 0x49, 0x6e, 0x3a, 0x91, 0x34, 0xfd, 0x8f, + 0x18, 0xae, 0x2b, 0xe8, 0xde, 0x74, 0x22, 0x73, 0xbd, 0x31, 0x06, 0x58, 0x72, 0x42, 0xb7, 0x61, + 0x20, 0xf1, 0x9d, 0x9c, 0xe2, 0xfb, 0x0d, 0x8e, 0xda, 0xda, 0x5e, 0x9c, 0x89, 0x31, 0xe3, 0x81, + 0x9e, 0xa2, 0xea, 0xeb, 0xba, 0x8c, 0xe9, 0x11, 0x1a, 0xe7, 0x7a, 0x8c, 0x59, 0xab, 0xfd, 0xff, + 0xcb, 0x5d, 0x44, 0x9e, 0xda, 0x63, 0xd0, 0x05, 0x00, 0x6a, 0x09, 0xad, 0x44, 0xa4, 0xee, 0x6d, + 0x8b, 0x3d, 0x5e, 0x2d, 0xab, 0xeb, 0x0a, 0x82, 0x0d, 0x2c, 0xf9, 0xcc, 0x6a, 0xbb, 0x4e, 0x9f, + 0x29, 0x74, 0x3e, 0xc3, 0x21, 0xd8, 0xc0, 0x42, 0x2f, 0xc1, 0xa0, 0xd7, 0x74, 0x1a, 0x2a, 0xf4, + 0xe8, 0x29, 0xba, 0x9e, 0x16, 0x58, 0xcb, 0xbd, 0xdd, 0xc9, 0x31, 0xd5, 0x21, 0xd6, 0x84, 0x05, + 0x2e, 0xfa, 0x96, 0x05, 0x23, 0x6e, 0xd8, 0x6c, 0x86, 0x01, 0xb7, 0x1f, 0x84, 0x31, 0x74, 0xfb, + 0xb8, 0x76, 0xe0, 0xa9, 0x59, 0x83, 0x19, 0xb7, 0x86, 0x54, 0x22, 0x82, 0x09, 0xc2, 0xa9, 0x5e, + 0x99, 0xcb, 0xae, 0xb4, 0xcf, 0xb2, 0xfb, 0x6d, 0x0b, 0xc6, 0xf9, 0xb3, 0x86, 0x59, 0x23, 0x62, + 0xee, 0xc3, 0x63, 0x7e, 0xad, 0x0e, 0x4b, 0x4f, 0xb9, 0x84, 0x3a, 0xe0, 0xb8, 0xb3, 0x93, 0x68, + 0x1e, 0xc6, 0xeb, 0x61, 0xe4, 0x12, 0x73, 0x20, 0x84, 0xcc, 0x50, 0x84, 0x2e, 0x67, 0x11, 0x70, + 0xe7, 0x33, 0xe8, 0x26, 0x3c, 0x66, 0x34, 0x9a, 0xe3, 0xc0, 0xc5, 0xc6, 0x39, 0x41, 0xed, 0xb1, + 0xcb, 0x5d, 0xb1, 0x70, 0x8f, 0xa7, 0xd3, 0x96, 0xff, 0x70, 0x1f, 0x96, 0xff, 0x9b, 0xf0, 0x84, + 0xdb, 0x39, 0x32, 0x5b, 0x71, 0x7b, 0x3d, 0x4e, 0x98, 0x92, 0x55, 0xae, 0xfe, 0x05, 0x41, 0xe0, + 0x89, 0xd9, 0x5e, 0x88, 0xb8, 0x37, 0x0d, 0xf4, 0x19, 0x28, 0x47, 0x84, 0x7d, 0x95, 0x58, 0x04, + 0xa0, 0x1f, 0xd1, 0xdc, 0xd3, 0xca, 0x21, 0x27, 0xab, 0xc5, 0xa2, 0x68, 0x88, 0xb1, 0xe2, 0x78, + 0xf6, 0xe3, 0x30, 0xde, 0x31, 0x9f, 0x0f, 0x64, 0x7c, 0xcf, 0xc1, 0x63, 0xdd, 0x67, 0xce, 0x81, + 0x4c, 0xf0, 0x7f, 0x9c, 0x89, 0xab, 0x32, 0x14, 0xbd, 0x3e, 0xdc, 0x39, 0x0e, 0x14, 0x49, 0xb0, + 0x25, 0x04, 0xe9, 0xe5, 0xa3, 0x8d, 0xde, 0xa5, 0x60, 0x8b, 0x4f, 0x7c, 0x66, 0xb3, 0x5e, 0x0a, + 0xb6, 0x30, 0xa5, 0x8d, 0xde, 0xb1, 0x52, 0x8a, 0x0a, 0x77, 0x02, 0x7d, 0xea, 0x58, 0x34, 0xdb, + 0xbe, 0x75, 0x17, 0xfb, 0xdf, 0x15, 0xe0, 0xfc, 0x7e, 0x44, 0xfa, 0x18, 0xbe, 0x67, 0x60, 0x30, + 0x66, 0x07, 0x5b, 0x42, 0x32, 0x55, 0xa8, 0x54, 0xe2, 0x47, 0x5d, 0x6f, 0x62, 0x01, 0x42, 0x3e, + 0x14, 0x9b, 0x4e, 0x4b, 0xf8, 0x06, 0x16, 0x8e, 0x1a, 0x45, 0x4d, 0xff, 0x3b, 0xfe, 0x92, 0xd3, + 0xe2, 0x16, 0xa7, 0xd1, 0x80, 0x29, 0x1b, 0x94, 0x40, 0xc9, 0x89, 0x22, 0x47, 0x9e, 0xa2, 0x5c, + 0xcb, 0x87, 0xdf, 0x0c, 0x25, 0x59, 0x1d, 0xdf, 0xdb, 0x9d, 0x1c, 0x4d, 0x35, 0x61, 0xce, 0xcc, + 0xfe, 0xf2, 0x50, 0x2a, 0x92, 0x98, 0x1d, 0x8d, 0xc5, 0x30, 0x28, 0x5c, 0x02, 0x56, 0xde, 0xc1, + 0xeb, 0x3c, 0x15, 0x84, 0xd9, 0x31, 0x22, 0xa1, 0x4e, 0xb0, 0x42, 0x5f, 0xb2, 0x58, 0xda, 0x9a, + 0x8c, 0xae, 0x16, 0xd6, 0xc3, 0xf1, 0x64, 0xd1, 0x99, 0xc9, 0x70, 0xb2, 0x11, 0x9b, 0xdc, 0xe9, + 0xd6, 0xd5, 0xe2, 0x09, 0x18, 0x59, 0x1b, 0x42, 0x26, 0xb6, 0x49, 0x38, 0xda, 0xee, 0x72, 0x04, + 0x96, 0x43, 0xea, 0x53, 0x1f, 0x87, 0x5e, 0xdf, 0xb4, 0x60, 0x9c, 0x6b, 0x8a, 0x73, 0x5e, 0xbd, + 0x4e, 0x22, 0x12, 0xb8, 0x44, 0xea, 0xda, 0x47, 0x3c, 0x64, 0x95, 0x7e, 0x98, 0x85, 0x2c, 0x79, + 0xbd, 0xa7, 0x75, 0x80, 0x70, 0x67, 0x67, 0x50, 0x0d, 0x06, 0xbc, 0xa0, 0x1e, 0x8a, 0x9d, 0xbc, + 0x7a, 0xb4, 0x4e, 0x2d, 0x04, 0xf5, 0x50, 0xaf, 0x66, 0xfa, 0x0f, 0x33, 0xea, 0x68, 0x11, 0x4e, + 0x47, 0xc2, 0x1b, 0x72, 0xc5, 0x8b, 0xa9, 0xcd, 0xba, 0xe8, 0x35, 0xbd, 0x84, 0xed, 0xc2, 0xc5, + 0xea, 0xc4, 0xde, 0xee, 0xe4, 0x69, 0xdc, 0x05, 0x8e, 0xbb, 0x3e, 0x85, 0xde, 0x82, 0x21, 0x99, + 0x67, 0x57, 0xce, 0xc3, 0x6e, 0xe9, 0x9c, 0xff, 0x6a, 0x32, 0xad, 0x8a, 0x94, 0x3a, 0xc9, 0xd0, + 0x7e, 0xbb, 0x02, 0x9d, 0x07, 0x51, 0xe8, 0x67, 0x60, 0x38, 0x52, 0xb9, 0x7f, 0x56, 0x1e, 0x21, + 0x54, 0xf2, 0xfb, 0x8a, 0x43, 0x30, 0xa5, 0x0f, 0xe8, 0x2c, 0x3f, 0xcd, 0x91, 0x6a, 0xed, 0xb1, + 0x3e, 0xaf, 0xca, 0x61, 0x6e, 0x0b, 0xae, 0xfa, 0x9c, 0x63, 0x27, 0x70, 0x31, 0xe3, 0x81, 0x22, + 0x18, 0xdc, 0x20, 0x8e, 0x9f, 0x6c, 0xe4, 0xe3, 0x92, 0xbd, 0xc2, 0x68, 0x65, 0xa3, 0xc4, 0x79, + 0x2b, 0x16, 0x9c, 0xd0, 0x36, 0x0c, 0x6d, 0xf0, 0x09, 0x20, 0x14, 0xe9, 0xa5, 0xa3, 0x0e, 0x6e, + 0x6a, 0x56, 0xe9, 0xcf, 0x2d, 0x1a, 0xb0, 0x64, 0xc7, 0xce, 0xcf, 0x8d, 0x33, 0x58, 0xbe, 0x74, + 0xf3, 0x0b, 0x90, 0xef, 0xff, 0x00, 0xf6, 0xd3, 0x30, 0x12, 0x11, 0x37, 0x0c, 0x5c, 0xcf, 0x27, + 0xb5, 0x19, 0xe9, 0x6e, 0x3d, 0x48, 0x58, 0xf5, 0x49, 0x6a, 0x0c, 0x60, 0x83, 0x06, 0x4e, 0x51, + 0x44, 0x5f, 0xb4, 0x60, 0x4c, 0x25, 0x0c, 0xd1, 0x0f, 0x42, 0x84, 0xc3, 0x72, 0x31, 0xa7, 0xf4, + 0x24, 0x46, 0xb3, 0x8a, 0xf6, 0x76, 0x27, 0xc7, 0xd2, 0x6d, 0x38, 0xc3, 0x17, 0xbd, 0x06, 0x10, + 0xae, 0xf3, 0x43, 0xf2, 0x99, 0x44, 0x78, 0x2f, 0x0f, 0xf2, 0xaa, 0x63, 0x3c, 0xbf, 0x42, 0x52, + 0xc0, 0x06, 0x35, 0x74, 0x0d, 0x80, 0x2f, 0x9b, 0xb5, 0x9d, 0x96, 0xd4, 0xb6, 0x65, 0x5c, 0x3c, + 0xac, 0x2a, 0xc8, 0xbd, 0xdd, 0xc9, 0x4e, 0x6f, 0x12, 0x3b, 0x2a, 0x36, 0x1e, 0x47, 0x3f, 0x0d, + 0x43, 0x71, 0xbb, 0xd9, 0x74, 0x94, 0x6f, 0x33, 0xc7, 0x8c, 0x0d, 0x4e, 0xd7, 0x10, 0x45, 0xbc, + 0x01, 0x4b, 0x8e, 0xe8, 0x36, 0x15, 0xaa, 0xb1, 0x70, 0x73, 0xb1, 0x55, 0xc4, 0x75, 0x82, 0x0a, + 0x7b, 0xa7, 0x8f, 0x89, 0xe7, 0x4e, 0xe3, 0x2e, 0x38, 0xf7, 0x76, 0x27, 0x1f, 0x4b, 0xb7, 0x2f, + 0x86, 0x22, 0x87, 0xa2, 0x2b, 0x4d, 0x74, 0x55, 0xa6, 0xdd, 0xd3, 0xd7, 0x96, 0xd9, 0xa0, 0xcf, + 0xe9, 0xb4, 0x7b, 0xd6, 0xdc, 0x7b, 0xcc, 0xcc, 0x87, 0xd1, 0x12, 0x9c, 0x72, 0xc3, 0x20, 0x89, + 0x42, 0xdf, 0xe7, 0xb5, 0x24, 0xb8, 0xe1, 0xc3, 0x7d, 0x9f, 0x4f, 0x8a, 0x6e, 0x9f, 0x9a, 0xed, + 0x44, 0xc1, 0xdd, 0x9e, 0xb3, 0x83, 0x74, 0xf4, 0x90, 0x18, 0x9c, 0x97, 0x60, 0x84, 0x6c, 0x27, + 0x24, 0x0a, 0x1c, 0xff, 0x06, 0x5e, 0x94, 0x5e, 0x3f, 0xb6, 0x06, 0x2e, 0x19, 0xed, 0x38, 0x85, + 0x85, 0x6c, 0x65, 0xed, 0x17, 0x74, 0xa2, 0x11, 0xb7, 0xf6, 0xa5, 0x6d, 0x6f, 0xff, 0xbf, 0x42, + 0x4a, 0x21, 0x5b, 0x8b, 0x08, 0x41, 0x21, 0x94, 0x82, 0xb0, 0xa6, 0x64, 0xff, 0xd5, 0x7c, 0x64, + 0xff, 0xf5, 0xb0, 0x66, 0xe4, 0xe6, 0xd3, 0x7f, 0x31, 0xe6, 0x7c, 0x58, 0xf2, 0xb2, 0xcc, 0xf2, + 0x66, 0x00, 0x61, 0x68, 0xe4, 0xc9, 0x59, 0x25, 0x2f, 0x2f, 0x9b, 0x8c, 0x70, 0x9a, 0x2f, 0xda, + 0x84, 0xd2, 0x46, 0x18, 0x27, 0xd2, 0xfc, 0x38, 0xa2, 0xa5, 0x73, 0x25, 0x8c, 0x13, 0xa6, 0x45, + 0xa8, 0xd7, 0xa6, 0x2d, 0x31, 0xe6, 0x3c, 0xec, 0xff, 0x66, 0xa5, 0x7c, 0xbc, 0xb7, 0x58, 0x24, + 0xdd, 0x16, 0x09, 0xe8, 0xb2, 0x36, 0x83, 0x3b, 0xfe, 0x52, 0x26, 0xd1, 0xe5, 0x83, 0xbd, 0x2a, + 0xa5, 0xdc, 0xa5, 0x14, 0xa6, 0x18, 0x09, 0x23, 0x0e, 0xe4, 0x73, 0x56, 0x3a, 0xe5, 0xa8, 0x90, + 0x87, 0x81, 0x61, 0xa6, 0xd4, 0xed, 0x9b, 0xbd, 0x64, 0xbf, 0x63, 0xc1, 0x50, 0xd5, 0x71, 0x37, + 0xc3, 0x7a, 0x1d, 0x3d, 0x0f, 0xe5, 0x5a, 0x3b, 0x32, 0xb3, 0x9f, 0x94, 0xf5, 0x3c, 0x27, 0xda, + 0xb1, 0xc2, 0xa0, 0x73, 0xb8, 0xee, 0xb8, 0x32, 0xb1, 0xae, 0xc8, 0xe7, 0xf0, 0x65, 0xd6, 0x82, + 0x05, 0x04, 0x7d, 0x14, 0x2a, 0x4d, 0x67, 0x5b, 0x3e, 0x9c, 0x75, 0x30, 0x2f, 0x69, 0x10, 0x36, + 0xf1, 0xec, 0x7f, 0x6d, 0xc1, 0x44, 0xd5, 0x89, 0x3d, 0x77, 0xa6, 0x9d, 0x6c, 0x54, 0xbd, 0x64, + 0xbd, 0xed, 0x6e, 0x92, 0x84, 0x67, 0x53, 0xd2, 0x5e, 0xb6, 0x63, 0xba, 0x94, 0x94, 0x5d, 0xa7, + 0x7a, 0x79, 0x43, 0xb4, 0x63, 0x85, 0x81, 0xde, 0x82, 0x4a, 0xcb, 0x89, 0xe3, 0xbb, 0x61, 0x54, + 0xc3, 0xa4, 0x9e, 0x4f, 0x2e, 0xf3, 0x2a, 0x71, 0x23, 0x92, 0x60, 0x52, 0x17, 0x47, 0x86, 0x9a, + 0x3e, 0x36, 0x99, 0xd9, 0x7f, 0xc3, 0x82, 0x11, 0x76, 0xfa, 0x32, 0x47, 0x12, 0xc7, 0xf3, 0x3b, + 0x0a, 0x72, 0x58, 0x7d, 0x16, 0xe4, 0x38, 0x0f, 0x03, 0x1b, 0x61, 0x93, 0x64, 0x4f, 0x0e, 0xaf, + 0x84, 0xd4, 0x8a, 0xa5, 0x10, 0xf4, 0x22, 0x1d, 0x67, 0x2f, 0x48, 0x1c, 0x3a, 0xe3, 0xa4, 0x0b, + 0xf1, 0x04, 0x1f, 0x63, 0xd5, 0x8c, 0x4d, 0x1c, 0xfb, 0x77, 0x86, 0x61, 0x48, 0x1c, 0xc6, 0xf6, + 0x9d, 0xc0, 0x2a, 0xcd, 0xe9, 0x42, 0x4f, 0x73, 0x3a, 0x86, 0x41, 0x97, 0x95, 0xfb, 0x11, 0x5a, + 0xdb, 0xb5, 0x5c, 0x4e, 0xef, 0x79, 0x05, 0x21, 0xdd, 0x2d, 0xfe, 0x1f, 0x0b, 0x56, 0xe8, 0x6b, + 0x16, 0x9c, 0x70, 0xc3, 0x20, 0x20, 0xae, 0x56, 0x29, 0x06, 0xf2, 0x88, 0xc7, 0x99, 0x4d, 0x13, + 0xd5, 0xae, 0xff, 0x0c, 0x00, 0x67, 0xd9, 0xa3, 0x97, 0x61, 0x94, 0x8f, 0xd9, 0xcd, 0x94, 0xdf, + 0x53, 0xd7, 0x69, 0x30, 0x81, 0x38, 0x8d, 0x8b, 0xa6, 0xb8, 0xff, 0x58, 0x54, 0x44, 0x18, 0xd4, + 0xe7, 0x48, 0x46, 0x2d, 0x04, 0x03, 0x03, 0x45, 0x80, 0x22, 0x52, 0x8f, 0x48, 0xbc, 0x21, 0x0e, + 0xab, 0x99, 0x3a, 0x33, 0x74, 0xb8, 0x84, 0x38, 0xdc, 0x41, 0x09, 0x77, 0xa1, 0x8e, 0x36, 0x85, + 0x3d, 0x57, 0xce, 0x43, 0x64, 0x89, 0xcf, 0xdc, 0xd3, 0xac, 0x9b, 0x84, 0x52, 0xbc, 0xe1, 0x44, + 0x35, 0xa6, 0x46, 0x15, 0x79, 0xdc, 0xf7, 0x2a, 0x6d, 0xc0, 0xbc, 0x1d, 0xcd, 0xc1, 0xc9, 0x4c, + 0x95, 0x89, 0x58, 0xf8, 0x27, 0x55, 0x7c, 0x74, 0xa6, 0x3e, 0x45, 0x8c, 0x3b, 0x9e, 0x30, 0x6d, + 0xfd, 0xca, 0x3e, 0xb6, 0xfe, 0x8e, 0x0a, 0x89, 0x1a, 0x61, 0xdb, 0xd1, 0xab, 0xb9, 0x0c, 0x40, + 0x5f, 0xf1, 0x4f, 0x5f, 0xc9, 0xc4, 0x3f, 0x8d, 0xb2, 0x0e, 0xdc, 0xcc, 0xa7, 0x03, 0x07, 0x0f, + 0x76, 0x7a, 0x98, 0xc1, 0x4b, 0xff, 0xd7, 0x02, 0xf9, 0x5d, 0x67, 0x1d, 0x77, 0x83, 0xd0, 0x29, + 0x83, 0x5e, 0x81, 0x31, 0x65, 0xb1, 0xce, 0x86, 0xed, 0x80, 0xc7, 0x2d, 0x15, 0xf5, 0x19, 0x21, + 0x4e, 0x41, 0x71, 0x06, 0x1b, 0x4d, 0xc3, 0x30, 0x1d, 0x27, 0xfe, 0x28, 0xdf, 0xda, 0x94, 0x55, + 0x3c, 0xb3, 0xb2, 0x20, 0x9e, 0xd2, 0x38, 0x28, 0x84, 0x71, 0xdf, 0x89, 0x13, 0xd6, 0x03, 0x6a, + 0xc0, 0x1e, 0x32, 0x1d, 0x95, 0x15, 0xd9, 0x59, 0xcc, 0x12, 0xc2, 0x9d, 0xb4, 0xed, 0xef, 0x0e, + 0xc0, 0x68, 0x4a, 0x32, 0x1e, 0x70, 0x4f, 0x7c, 0x1e, 0xca, 0x72, 0x9b, 0xca, 0x26, 0xc5, 0xab, + 0xbd, 0x4c, 0x61, 0xd0, 0x4d, 0x6b, 0x9d, 0x38, 0x11, 0x89, 0x58, 0xfd, 0x8e, 0xec, 0x1e, 0x5e, + 0xd5, 0x20, 0x6c, 0xe2, 0x31, 0xa1, 0x9c, 0xf8, 0xf1, 0xac, 0xef, 0x91, 0x20, 0xe1, 0xdd, 0xcc, + 0x47, 0x28, 0xaf, 0x2d, 0xae, 0x9a, 0x44, 0xb5, 0x50, 0xce, 0x00, 0x70, 0x96, 0x3d, 0xfa, 0x05, + 0x0b, 0x46, 0x9d, 0xbb, 0xb1, 0xae, 0x49, 0x27, 0x22, 0x9d, 0x8e, 0xb8, 0x49, 0xa5, 0xca, 0xdc, + 0x71, 0x0f, 0x6b, 0xaa, 0x09, 0xa7, 0x99, 0xa2, 0x6f, 0x58, 0x80, 0xc8, 0x36, 0x71, 0x65, 0x2c, + 0x96, 0xe8, 0xcb, 0x60, 0x1e, 0x86, 0xdd, 0xa5, 0x0e, 0xba, 0x5c, 0xaa, 0x77, 0xb6, 0xe3, 0x2e, + 0x7d, 0xb0, 0xff, 0x59, 0x51, 0x2d, 0x28, 0x1d, 0xfe, 0xe7, 0x18, 0x49, 0x35, 0xd6, 0xe1, 0x93, + 0x6a, 0xf4, 0x01, 0x75, 0x47, 0x62, 0x4d, 0x3a, 0x87, 0xa1, 0xf0, 0x90, 0x72, 0x18, 0x7e, 0xce, + 0x4a, 0x95, 0x7f, 0xa8, 0x5c, 0x78, 0x2d, 0xdf, 0xd0, 0xc3, 0x29, 0x1e, 0x1e, 0x91, 0x91, 0xee, + 0xe9, 0x98, 0x09, 0x2a, 0x4d, 0x0d, 0xb4, 0x03, 0x49, 0xc3, 0xff, 0x54, 0x84, 0x8a, 0xb1, 0x93, + 0x76, 0x55, 0x8b, 0xac, 0x47, 0x4c, 0x2d, 0x2a, 0x1c, 0x40, 0x2d, 0xfa, 0x59, 0x18, 0x76, 0xa5, + 0x94, 0xcf, 0xa7, 0x00, 0x62, 0x76, 0xef, 0xd0, 0x82, 0x5e, 0x35, 0x61, 0xcd, 0x13, 0xcd, 0xa7, + 0x72, 0x13, 0xc4, 0x0e, 0x31, 0xc0, 0x76, 0x88, 0x6e, 0xc9, 0x03, 0x62, 0xa7, 0xe8, 0x7c, 0x86, + 0x55, 0x09, 0x69, 0x79, 0xe2, 0xbd, 0x64, 0x80, 0x30, 0xaf, 0x12, 0xb2, 0xb2, 0x20, 0x9b, 0xb1, + 0x89, 0x63, 0x7f, 0xd7, 0x52, 0x1f, 0xf7, 0x01, 0xa4, 0xe9, 0xde, 0x4e, 0xa7, 0xe9, 0x5e, 0xca, + 0x65, 0x98, 0x7b, 0xe4, 0xe7, 0x5e, 0x87, 0xa1, 0xd9, 0xb0, 0xd9, 0x74, 0x82, 0x1a, 0xfa, 0x11, + 0x18, 0x72, 0xf9, 0x4f, 0xe1, 0x47, 0x61, 0xa7, 0x71, 0x02, 0x8a, 0x25, 0x0c, 0x3d, 0x05, 0x03, + 0x4e, 0xd4, 0x90, 0xbe, 0x13, 0x16, 0xd0, 0x31, 0x13, 0x35, 0x62, 0xcc, 0x5a, 0xed, 0xb7, 0x8b, + 0x00, 0xb3, 0x61, 0xb3, 0xe5, 0x44, 0xa4, 0xb6, 0x16, 0xb2, 0x02, 0x4c, 0xc7, 0x7a, 0x86, 0xa5, + 0x8d, 0xa5, 0x47, 0xf9, 0x1c, 0xcb, 0x38, 0xcb, 0x28, 0x3e, 0xe8, 0xb3, 0x8c, 0x2f, 0x5b, 0x80, + 0xe8, 0x17, 0x09, 0x03, 0x12, 0x24, 0xfa, 0x70, 0x76, 0x1a, 0x86, 0x5d, 0xd9, 0x2a, 0xb4, 0x16, + 0xbd, 0xfe, 0x24, 0x00, 0x6b, 0x9c, 0x3e, 0xcc, 0xcf, 0x67, 0xa4, 0x70, 0x2c, 0xa6, 0x63, 0x20, + 0x99, 0x48, 0x15, 0xb2, 0xd2, 0xfe, 0xdd, 0x02, 0x3c, 0xc6, 0xf7, 0xbb, 0x25, 0x27, 0x70, 0x1a, + 0xa4, 0x49, 0x7b, 0xd5, 0xef, 0x71, 0xbb, 0x4b, 0xed, 0x1e, 0x4f, 0xc6, 0x34, 0x1e, 0x75, 0x61, + 0xf0, 0x09, 0xcd, 0xa7, 0xf0, 0x42, 0xe0, 0x25, 0x98, 0x11, 0x47, 0x31, 0x94, 0x65, 0x39, 0x5d, + 0x21, 0xe8, 0x72, 0x62, 0xa4, 0xd6, 0xbc, 0xd8, 0x94, 0x08, 0x56, 0x8c, 0xa8, 0x56, 0xe8, 0x87, + 0xee, 0x26, 0x26, 0xad, 0x90, 0x09, 0x35, 0x23, 0xa4, 0x6c, 0x51, 0xb4, 0x63, 0x85, 0x61, 0xff, + 0xae, 0x05, 0x59, 0x71, 0x6f, 0x94, 0x9a, 0xb1, 0xee, 0x5b, 0x6a, 0xe6, 0x00, 0xb5, 0x5e, 0x7e, + 0x0a, 0x2a, 0x4e, 0x42, 0x77, 0x68, 0x6e, 0xd3, 0x16, 0x0f, 0xe7, 0xa2, 0x5f, 0x0a, 0x6b, 0x5e, + 0xdd, 0x63, 0xb6, 0xac, 0x49, 0xce, 0xfe, 0xdf, 0x03, 0x30, 0xde, 0x11, 0xa7, 0x8e, 0x2e, 0xc2, + 0x88, 0x2b, 0xa6, 0x47, 0x0b, 0x93, 0xba, 0x78, 0x19, 0x23, 0xce, 0x49, 0xc3, 0x70, 0x0a, 0xb3, + 0x8f, 0x09, 0xba, 0x00, 0xa7, 0x22, 0x6a, 0x45, 0xb7, 0xc9, 0x4c, 0x3d, 0x21, 0xd1, 0x2a, 0x71, + 0xc3, 0xa0, 0xc6, 0x0b, 0x22, 0x15, 0xab, 0x8f, 0xef, 0xed, 0x4e, 0x9e, 0xc2, 0x9d, 0x60, 0xdc, + 0xed, 0x19, 0xd4, 0x82, 0x51, 0xdf, 0x54, 0xb0, 0x84, 0x76, 0x7d, 0x28, 0xdd, 0x4c, 0x6d, 0xc0, + 0xa9, 0x66, 0x9c, 0x66, 0x90, 0xd6, 0xd2, 0x4a, 0x0f, 0x49, 0x4b, 0xfb, 0x79, 0xad, 0xa5, 0xf1, + 0xb3, 0xe4, 0xd7, 0x73, 0xce, 0x53, 0x38, 0x6e, 0x35, 0xed, 0x55, 0x28, 0xcb, 0x38, 0x9b, 0xbe, + 0xe2, 0x53, 0x4c, 0x3a, 0x3d, 0x24, 0xda, 0xbd, 0x02, 0x74, 0xd1, 0xf0, 0xe9, 0x3a, 0xd3, 0xdb, + 0x69, 0x6a, 0x9d, 0x1d, 0x6c, 0x4b, 0x45, 0xdb, 0x3c, 0xc6, 0x88, 0x6f, 0x1c, 0x9f, 0xcc, 0xdb, + 0x42, 0xd1, 0x61, 0x47, 0x2a, 0x20, 0x5d, 0x85, 0x1e, 0x5d, 0x00, 0xd0, 0x5a, 0x90, 0x08, 0x37, + 0x56, 0x47, 0x98, 0x5a, 0x59, 0xc2, 0x06, 0x16, 0x35, 0x58, 0xbd, 0x20, 0x4e, 0x1c, 0xdf, 0xbf, + 0xe2, 0x05, 0x89, 0xf0, 0xbc, 0xa9, 0x1d, 0x72, 0x41, 0x83, 0xb0, 0x89, 0x77, 0xf6, 0x63, 0xc6, + 0x77, 0x39, 0xc8, 0xf7, 0xdc, 0x80, 0x27, 0xe6, 0xbd, 0x44, 0x05, 0xc9, 0xab, 0x79, 0x44, 0x95, + 0x1c, 0x95, 0xf4, 0x61, 0xf5, 0x4c, 0xfa, 0x30, 0x82, 0xd4, 0x0b, 0xe9, 0x98, 0xfa, 0x6c, 0x90, + 0xba, 0x7d, 0x11, 0x4e, 0xcf, 0x7b, 0xc9, 0x65, 0xcf, 0x27, 0x07, 0x64, 0x62, 0xff, 0xab, 0x41, + 0x18, 0x31, 0x93, 0x92, 0x0e, 0x92, 0xb7, 0xf2, 0x55, 0xaa, 0xc7, 0x88, 0xb7, 0xf3, 0xd4, 0x01, + 0xd0, 0xad, 0x23, 0x67, 0x48, 0x75, 0x1f, 0x31, 0x43, 0x95, 0xd1, 0x3c, 0xb1, 0xd9, 0x01, 0x74, + 0x17, 0x4a, 0x75, 0x16, 0x44, 0x5d, 0xcc, 0xe3, 0x94, 0xbc, 0xdb, 0x88, 0xea, 0x65, 0xc6, 0xc3, + 0xb0, 0x39, 0x3f, 0xba, 0x43, 0x46, 0xe9, 0xcc, 0x1c, 0x23, 0xba, 0x50, 0xe4, 0xe4, 0x28, 0x8c, + 0x5e, 0xa2, 0xbe, 0x74, 0x08, 0x51, 0x9f, 0x12, 0xbc, 0x83, 0x0f, 0x49, 0xf0, 0xb2, 0x80, 0xf8, + 0x64, 0x83, 0xe9, 0x6f, 0x22, 0x1c, 0x7a, 0x88, 0x0d, 0x82, 0x11, 0x10, 0x9f, 0x02, 0xe3, 0x2c, + 0x3e, 0xfa, 0xac, 0x12, 0xdd, 0xe5, 0x3c, 0x9c, 0x96, 0xe6, 0x8c, 0x3e, 0x6e, 0xa9, 0xfd, 0xe5, + 0x02, 0x8c, 0xcd, 0x07, 0xed, 0x95, 0xf9, 0x95, 0xf6, 0xba, 0xef, 0xb9, 0xd7, 0xc8, 0x0e, 0x15, + 0xcd, 0x9b, 0x64, 0x67, 0x61, 0x4e, 0xac, 0x20, 0x35, 0x67, 0xae, 0xd1, 0x46, 0xcc, 0x61, 0x54, + 0x18, 0xd5, 0xbd, 0xa0, 0x41, 0xa2, 0x56, 0xe4, 0x09, 0x7f, 0xa2, 0x21, 0x8c, 0x2e, 0x6b, 0x10, + 0x36, 0xf1, 0x28, 0xed, 0xf0, 0x6e, 0x40, 0xa2, 0xac, 0x22, 0xbb, 0x4c, 0x1b, 0x31, 0x87, 0x51, + 0xa4, 0x24, 0x6a, 0xc7, 0x89, 0x98, 0x8c, 0x0a, 0x69, 0x8d, 0x36, 0x62, 0x0e, 0xa3, 0x2b, 0x3d, + 0x6e, 0xaf, 0xb3, 0x20, 0x84, 0x4c, 0xec, 0xf5, 0x2a, 0x6f, 0xc6, 0x12, 0x4e, 0x51, 0x37, 0xc9, + 0xce, 0x1c, 0x35, 0x29, 0x33, 0xd9, 0x11, 0xd7, 0x78, 0x33, 0x96, 0x70, 0x56, 0x3c, 0x2a, 0x3d, + 0x1c, 0x3f, 0x70, 0xc5, 0xa3, 0xd2, 0xdd, 0xef, 0x61, 0x9c, 0xfe, 0x9a, 0x05, 0x23, 0x66, 0xe8, + 0x10, 0x6a, 0x64, 0x74, 0xdc, 0xe5, 0x8e, 0x42, 0x80, 0x3f, 0xd1, 0xed, 0xd6, 0x93, 0x86, 0x97, + 0x84, 0xad, 0xf8, 0x05, 0x12, 0x34, 0xbc, 0x80, 0xb0, 0x13, 0x61, 0x1e, 0x72, 0x94, 0x8a, 0x4b, + 0x9a, 0x0d, 0x6b, 0xe4, 0x10, 0x4a, 0xb2, 0x7d, 0x0b, 0xc6, 0x3b, 0x52, 0x62, 0xfa, 0x50, 0x2d, + 0xf6, 0x4d, 0x48, 0xb4, 0x31, 0x54, 0x28, 0x61, 0x1e, 0x2f, 0x1a, 0xa3, 0x59, 0x18, 0xe7, 0x0b, + 0x89, 0x72, 0x5a, 0x75, 0x37, 0x48, 0x53, 0xa5, 0x39, 0x31, 0xe7, 0xf5, 0xcd, 0x2c, 0x10, 0x77, + 0xe2, 0xdb, 0x5f, 0xb1, 0x60, 0x34, 0x95, 0xa5, 0x94, 0x93, 0x12, 0xc4, 0x56, 0x5a, 0xc8, 0x22, + 0xd9, 0x58, 0x38, 0x6f, 0x91, 0x6d, 0xa6, 0x7a, 0xa5, 0x69, 0x10, 0x36, 0xf1, 0xec, 0x77, 0x0a, + 0x50, 0x96, 0xd1, 0x00, 0x7d, 0x74, 0xe5, 0x4b, 0x16, 0x8c, 0xaa, 0x03, 0x03, 0xe6, 0x89, 0x2a, + 0xe4, 0x11, 0xb7, 0x4e, 0x7b, 0xa0, 0x42, 0x2d, 0x83, 0x7a, 0xa8, 0x35, 0x72, 0x6c, 0x32, 0xc3, + 0x69, 0xde, 0xe8, 0x26, 0x40, 0xbc, 0x13, 0x27, 0xa4, 0x69, 0xf8, 0xc4, 0x6c, 0x63, 0xc5, 0x4d, + 0xb9, 0x61, 0x44, 0xe8, 0xfa, 0xba, 0x1e, 0xd6, 0xc8, 0xaa, 0xc2, 0xd4, 0x2a, 0x94, 0x6e, 0xc3, + 0x06, 0x25, 0xfb, 0x1f, 0x16, 0xe0, 0x64, 0xb6, 0x4b, 0xe8, 0x75, 0x18, 0x91, 0xdc, 0x8d, 0x1b, + 0x5c, 0x64, 0x08, 0xc4, 0x08, 0x36, 0x60, 0xf7, 0x76, 0x27, 0x27, 0x3b, 0x6f, 0xd0, 0x99, 0x32, + 0x51, 0x70, 0x8a, 0x18, 0x3f, 0xb5, 0x11, 0xc7, 0x8b, 0xd5, 0x9d, 0x99, 0x56, 0x4b, 0x1c, 0xbd, + 0x18, 0xa7, 0x36, 0x26, 0x14, 0x67, 0xb0, 0xd1, 0x0a, 0x9c, 0x36, 0x5a, 0xae, 0x13, 0xaf, 0xb1, + 0xb1, 0x1e, 0x46, 0xd2, 0xb2, 0x7a, 0x4a, 0x07, 0x29, 0x75, 0xe2, 0xe0, 0xae, 0x4f, 0xd2, 0xdd, + 0xde, 0x75, 0x5a, 0x8e, 0xeb, 0x25, 0x3b, 0xc2, 0xc9, 0xa7, 0x64, 0xd3, 0xac, 0x68, 0xc7, 0x0a, + 0xc3, 0x5e, 0x82, 0x81, 0x3e, 0x67, 0x50, 0x5f, 0x1a, 0xfd, 0xab, 0x50, 0xa6, 0xe4, 0xa4, 0x7a, + 0x97, 0x07, 0xc9, 0x10, 0xca, 0xb2, 0x08, 0x3b, 0xb2, 0xa1, 0xe8, 0x39, 0xf2, 0x60, 0x4c, 0xbd, + 0xd6, 0x42, 0x1c, 0xb7, 0x99, 0x91, 0x4c, 0x81, 0xe8, 0x19, 0x28, 0x92, 0xed, 0x56, 0xf6, 0x04, + 0xec, 0xd2, 0x76, 0xcb, 0x8b, 0x48, 0x4c, 0x91, 0xc8, 0x76, 0x0b, 0x9d, 0x85, 0x82, 0x57, 0x13, + 0x9b, 0x14, 0x08, 0x9c, 0xc2, 0xc2, 0x1c, 0x2e, 0x78, 0x35, 0x7b, 0x1b, 0x86, 0x55, 0xd5, 0x77, + 0xb4, 0x29, 0x65, 0xb7, 0x95, 0x47, 0xf8, 0x8e, 0xa4, 0xdb, 0x43, 0x6a, 0xb7, 0x01, 0x74, 0x4e, + 0x58, 0x5e, 0xf2, 0xe5, 0x3c, 0x0c, 0xb8, 0xa1, 0x48, 0x25, 0x2d, 0x6b, 0x32, 0x4c, 0x68, 0x33, + 0x88, 0x7d, 0x0b, 0xc6, 0xae, 0x05, 0xe1, 0x5d, 0x56, 0xd6, 0x96, 0x15, 0xdd, 0xa1, 0x84, 0xeb, + 0xf4, 0x47, 0x56, 0x45, 0x60, 0x50, 0xcc, 0x61, 0xaa, 0x5e, 0x4c, 0xa1, 0x57, 0xbd, 0x18, 0xfb, + 0x73, 0x16, 0x9c, 0x54, 0x99, 0x2d, 0x52, 0x1a, 0x5f, 0x84, 0x91, 0xf5, 0xb6, 0xe7, 0xd7, 0xc4, + 0xff, 0xac, 0x9b, 0xa2, 0x6a, 0xc0, 0x70, 0x0a, 0x93, 0x1a, 0x55, 0xeb, 0x5e, 0xe0, 0x44, 0x3b, + 0x2b, 0x5a, 0xfc, 0x2b, 0x89, 0x50, 0x55, 0x10, 0x6c, 0x60, 0xd9, 0x5f, 0x32, 0xbb, 0x20, 0x72, + 0x69, 0xfa, 0x18, 0xd9, 0x1b, 0x50, 0x72, 0xd5, 0x41, 0xea, 0xa1, 0xca, 0x8d, 0xa9, 0x34, 0x66, + 0xe6, 0x4c, 0xe7, 0xd4, 0xec, 0x7f, 0x51, 0x80, 0xd1, 0x54, 0x21, 0x09, 0xe4, 0x43, 0x99, 0xf8, + 0xcc, 0x95, 0x27, 0xa7, 0xd8, 0x51, 0xab, 0xcb, 0xa9, 0x65, 0x71, 0x49, 0xd0, 0xc5, 0x8a, 0xc3, + 0xa3, 0x71, 0x5e, 0x75, 0x11, 0x46, 0x64, 0x87, 0x3e, 0xe9, 0x34, 0x7d, 0xb1, 0x0a, 0xd5, 0x04, + 0xb8, 0x64, 0xc0, 0x70, 0x0a, 0xd3, 0xfe, 0xbd, 0x22, 0x4c, 0x70, 0xdf, 0x67, 0x4d, 0x85, 0x94, + 0x2c, 0x49, 0x2d, 0xeb, 0xaf, 0xea, 0x72, 0x2f, 0x7c, 0x20, 0xd7, 0x8f, 0x5a, 0x59, 0xb5, 0x3b, + 0xa3, 0xbe, 0x82, 0x1d, 0x7e, 0x35, 0x13, 0xec, 0xc0, 0x37, 0xdb, 0xc6, 0x31, 0xf5, 0xe8, 0x07, + 0x2b, 0xfa, 0xe1, 0xef, 0x15, 0xe0, 0x44, 0xa6, 0x6c, 0x2d, 0x7a, 0x3b, 0x5d, 0x98, 0xce, 0xca, + 0xc3, 0x43, 0x76, 0xdf, 0xe2, 0xa9, 0x07, 0x2b, 0x4f, 0xf7, 0x90, 0x96, 0x8a, 0xfd, 0xfb, 0x05, + 0x18, 0x4b, 0xd7, 0xdb, 0x7d, 0x04, 0x47, 0xea, 0xc3, 0x30, 0xcc, 0xaa, 0x58, 0xb2, 0x3b, 0x82, + 0xb8, 0x23, 0x8e, 0x17, 0x5b, 0x94, 0x8d, 0x58, 0xc3, 0x1f, 0x89, 0xaa, 0x7f, 0xf6, 0xdf, 0xb7, + 0xe0, 0x0c, 0x7f, 0xcb, 0xec, 0x3c, 0xfc, 0x6b, 0xdd, 0x46, 0xf7, 0x8d, 0x7c, 0x3b, 0x98, 0x29, + 0x53, 0xb4, 0xdf, 0xf8, 0xb2, 0xbb, 0x49, 0x44, 0x6f, 0xd3, 0x53, 0xe1, 0x11, 0xec, 0xec, 0x81, + 0x26, 0x83, 0xfd, 0xfb, 0x45, 0xd0, 0xd7, 0xb1, 0x20, 0x4f, 0x64, 0xe9, 0xe4, 0x52, 0xae, 0x69, + 0x75, 0x27, 0x70, 0xf5, 0xc5, 0x2f, 0xe5, 0x4c, 0x92, 0xce, 0x2f, 0x59, 0x50, 0xf1, 0x02, 0x2f, + 0xf1, 0x1c, 0xa6, 0x3c, 0xe7, 0x73, 0x9d, 0x84, 0x62, 0xb7, 0xc0, 0x29, 0x87, 0x91, 0xe9, 0xbd, + 0x55, 0xcc, 0xb0, 0xc9, 0x19, 0x7d, 0x5a, 0xc4, 0x23, 0x16, 0x73, 0xcb, 0x2f, 0x2b, 0x67, 0x82, + 0x10, 0x5b, 0x50, 0x8a, 0x48, 0x12, 0xe5, 0x94, 0x96, 0x89, 0x29, 0x29, 0x55, 0x9d, 0x4f, 0x5f, + 0x8c, 0x47, 0x9b, 0x31, 0x67, 0x64, 0xc7, 0x80, 0x3a, 0xc7, 0xe2, 0x80, 0xb1, 0x5e, 0xd3, 0x30, + 0xec, 0xb4, 0x93, 0xb0, 0x49, 0x87, 0x49, 0x38, 0x98, 0x75, 0x34, 0x9b, 0x04, 0x60, 0x8d, 0x63, + 0xbf, 0x5d, 0x82, 0x4c, 0xda, 0x0c, 0xda, 0x36, 0xaf, 0x12, 0xb2, 0xf2, 0xbd, 0x4a, 0x48, 0x75, + 0xa6, 0xdb, 0x75, 0x42, 0xa8, 0x01, 0xa5, 0xd6, 0x86, 0x13, 0x4b, 0xdd, 0xf8, 0x55, 0x39, 0x4c, + 0x2b, 0xb4, 0xf1, 0xde, 0xee, 0xe4, 0x4f, 0xf6, 0xe7, 0x6b, 0xa1, 0x73, 0x75, 0x9a, 0x67, 0xa1, + 0x6b, 0xd6, 0x8c, 0x06, 0xe6, 0xf4, 0x0f, 0x72, 0xa1, 0xc6, 0xe7, 0x45, 0xa9, 0x53, 0x4c, 0xe2, + 0xb6, 0x9f, 0x88, 0xd9, 0xf0, 0x6a, 0x8e, 0xab, 0x8c, 0x13, 0xd6, 0x09, 0x9f, 0xfc, 0x3f, 0x36, + 0x98, 0xa2, 0xd7, 0x61, 0x38, 0x4e, 0x9c, 0x28, 0x39, 0x64, 0x8a, 0x96, 0x1a, 0xf4, 0x55, 0x49, + 0x04, 0x6b, 0x7a, 0xe8, 0x35, 0x56, 0xbd, 0xce, 0x8b, 0x37, 0x0e, 0x19, 0x46, 0x2c, 0x2b, 0xdd, + 0x09, 0x0a, 0xd8, 0xa0, 0x46, 0x4d, 0x0f, 0x36, 0xb7, 0x79, 0xec, 0x4c, 0x99, 0xd9, 0x96, 0x4a, + 0x14, 0x62, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0xa3, 0x90, 0xce, 0x58, 0x46, 0x93, 0x32, 0x41, 0x9a, + 0xfb, 0x9e, 0x58, 0x38, 0x70, 0x2a, 0x97, 0xf9, 0xb7, 0x2d, 0x30, 0xd3, 0xaa, 0xd1, 0x1d, 0x9e, + 0xbf, 0x6d, 0xe5, 0x71, 0x5e, 0x60, 0xd0, 0x9d, 0x5a, 0x72, 0x5a, 0x99, 0x83, 0x2b, 0x99, 0xc4, + 0x7d, 0xf6, 0x63, 0x50, 0x96, 0xd0, 0x03, 0x29, 0x75, 0x9f, 0x85, 0x53, 0xd9, 0x8b, 0x16, 0x85, + 0xaf, 0xb9, 0x11, 0x85, 0xed, 0x56, 0xd6, 0x90, 0x64, 0x17, 0xf1, 0x61, 0x0e, 0xa3, 0xe6, 0xd8, + 0xa6, 0x17, 0xd4, 0xb2, 0x86, 0xe4, 0x35, 0x2f, 0xa8, 0x61, 0x06, 0xe9, 0xe3, 0x42, 0xa9, 0x7f, + 0x6e, 0xc1, 0xf9, 0xfd, 0xee, 0x83, 0x44, 0x4f, 0xc1, 0xc0, 0x5d, 0x27, 0x92, 0xa5, 0x3f, 0x99, + 0xa0, 0xbc, 0xe5, 0x44, 0x01, 0x66, 0xad, 0x68, 0x07, 0x06, 0x79, 0xfe, 0xaf, 0xd0, 0xd6, 0x5f, + 0xcd, 0xf7, 0x76, 0xca, 0x6b, 0xc4, 0x30, 0x17, 0x78, 0xee, 0x31, 0x16, 0x0c, 0xed, 0xef, 0x59, + 0x80, 0x96, 0xb7, 0x48, 0x14, 0x79, 0x35, 0x23, 0x63, 0x19, 0xbd, 0x04, 0x23, 0xb7, 0x57, 0x97, + 0xaf, 0xaf, 0x84, 0x5e, 0xc0, 0x2a, 0x18, 0x18, 0x49, 0x5a, 0x57, 0x8d, 0x76, 0x9c, 0xc2, 0x42, + 0xb3, 0x30, 0x7e, 0xfb, 0x0e, 0x35, 0x7e, 0xcd, 0x7a, 0xde, 0x05, 0xed, 0xee, 0xbc, 0xfa, 0x6a, + 0x06, 0x88, 0x3b, 0xf1, 0xd1, 0x32, 0x9c, 0x69, 0x72, 0x73, 0x83, 0x97, 0xe1, 0xe5, 0xb6, 0x87, + 0xca, 0xd1, 0x78, 0x62, 0x6f, 0x77, 0xf2, 0xcc, 0x52, 0x37, 0x04, 0xdc, 0xfd, 0x39, 0xfb, 0xdd, + 0x02, 0x54, 0x8c, 0x3b, 0x55, 0xfb, 0xb0, 0xc1, 0x33, 0x59, 0x27, 0x85, 0x3e, 0xb3, 0x4e, 0x9e, + 0x83, 0x72, 0x2b, 0xf4, 0x3d, 0xd7, 0x53, 0x35, 0x69, 0x58, 0xe9, 0xc4, 0x15, 0xd1, 0x86, 0x15, + 0x14, 0xdd, 0x85, 0x61, 0x75, 0xcf, 0xa0, 0x48, 0x9c, 0xcd, 0xcb, 0xbf, 0xa3, 0x24, 0x95, 0xbe, + 0x3f, 0x50, 0xf3, 0x42, 0x36, 0x0c, 0xb2, 0x99, 0x2f, 0x43, 0xe8, 0x58, 0x0a, 0x12, 0x5b, 0x12, + 0x31, 0x16, 0x10, 0xfb, 0x0b, 0x43, 0x70, 0xba, 0x5b, 0xb9, 0x3f, 0xf4, 0x19, 0x18, 0xe4, 0x7d, + 0xcc, 0xa7, 0xa2, 0x6c, 0x37, 0x1e, 0xf3, 0x8c, 0xa0, 0xe8, 0x16, 0xfb, 0x8d, 0x05, 0x4f, 0xc1, + 0xdd, 0x77, 0xd6, 0x85, 0xce, 0x74, 0x3c, 0xdc, 0x17, 0x1d, 0xcd, 0x7d, 0xd1, 0xe1, 0xdc, 0x7d, + 0x67, 0x1d, 0x6d, 0x43, 0xa9, 0xe1, 0x25, 0xc4, 0x11, 0x96, 0xc3, 0xad, 0x63, 0x61, 0x4e, 0x1c, + 0x2e, 0x9a, 0xd9, 0x4f, 0xcc, 0x19, 0xa2, 0x6f, 0x5a, 0x70, 0x62, 0x3d, 0x9d, 0xd1, 0x25, 0xb6, + 0x50, 0xe7, 0x18, 0x4a, 0x3a, 0xa6, 0x19, 0xf1, 0x42, 0xd9, 0x99, 0x46, 0x9c, 0xed, 0x0e, 0xfa, + 0x79, 0x0b, 0x86, 0xea, 0x9e, 0x6f, 0xd4, 0x2b, 0x3b, 0x86, 0x8f, 0x73, 0x99, 0x31, 0xd0, 0x6a, + 0x06, 0xff, 0x1f, 0x63, 0xc9, 0xb9, 0xd7, 0xf1, 0xf1, 0xe0, 0x51, 0x8f, 0x8f, 0x87, 0x1e, 0x92, + 0xad, 0xf8, 0xcb, 0x05, 0x78, 0xa6, 0x8f, 0x6f, 0x64, 0x26, 0xe1, 0x58, 0xfb, 0x24, 0xe1, 0x9c, + 0x87, 0x81, 0x88, 0xb4, 0xc2, 0xec, 0x7e, 0xc7, 0x22, 0xd5, 0x18, 0x04, 0x3d, 0x0d, 0x45, 0xa7, + 0xe5, 0x89, 0xed, 0x4e, 0x6d, 0xd2, 0x33, 0x2b, 0x0b, 0x98, 0xb6, 0xd3, 0x2f, 0x3d, 0xbc, 0x2e, + 0xf3, 0x0c, 0xf3, 0x29, 0x5a, 0xdf, 0x2b, 0x6d, 0x91, 0x5b, 0x6f, 0x0a, 0x8a, 0x35, 0x5f, 0xfb, + 0xaf, 0x5b, 0x70, 0xb6, 0xf7, 0x14, 0x41, 0x2f, 0x42, 0x65, 0x3d, 0x72, 0x02, 0x77, 0x83, 0xdd, + 0xf0, 0x20, 0x07, 0x85, 0xe5, 0x5e, 0xe8, 0x66, 0x6c, 0xe2, 0xd0, 0x9d, 0x8b, 0x97, 0x06, 0x35, + 0x30, 0x64, 0xa8, 0x35, 0xdd, 0xb9, 0xd6, 0xb2, 0x40, 0xdc, 0x89, 0x6f, 0xff, 0x5e, 0xa1, 0x7b, + 0xb7, 0xb8, 0x28, 0x39, 0xc8, 0x77, 0x12, 0x5f, 0xa1, 0xd0, 0xe3, 0x2b, 0xdc, 0x81, 0x72, 0xc2, + 0xf2, 0x47, 0x48, 0x5d, 0xc8, 0xa3, 0xdc, 0xf2, 0x33, 0xd9, 0x8e, 0xb5, 0x26, 0x88, 0x63, 0xc5, + 0x86, 0x6e, 0x1c, 0xbe, 0x2e, 0x98, 0x26, 0x36, 0x8e, 0x8c, 0xeb, 0x71, 0x0e, 0x4e, 0x1a, 0xf5, + 0x5f, 0x79, 0xf8, 0x3c, 0x3f, 0x41, 0x57, 0x39, 0x65, 0x2b, 0x19, 0x38, 0xee, 0x78, 0xc2, 0xfe, + 0xb5, 0x02, 0x3c, 0xd1, 0x53, 0x3e, 0xea, 0x63, 0x7e, 0xeb, 0x3e, 0xc7, 0xfc, 0x47, 0x9e, 0xe6, + 0xe6, 0x00, 0x0f, 0x3c, 0x98, 0x01, 0x7e, 0x1e, 0xca, 0x5e, 0x10, 0x13, 0xb7, 0x1d, 0xf1, 0x41, + 0x33, 0x82, 0x49, 0x17, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x1f, 0xf4, 0x9e, 0x6a, 0x74, 0xaf, 0xfc, + 0xa1, 0x1d, 0xa5, 0x97, 0x61, 0xd4, 0x69, 0xb5, 0x38, 0x1e, 0x3b, 0x52, 0xcd, 0x64, 0x89, 0xce, + 0x98, 0x40, 0x9c, 0xc6, 0x35, 0xe6, 0xf0, 0x60, 0xaf, 0x39, 0x6c, 0xff, 0xb1, 0x05, 0xc3, 0x98, + 0xd4, 0xf9, 0x7a, 0x47, 0xb7, 0xc5, 0x10, 0x59, 0x79, 0x94, 0x6f, 0xa1, 0x03, 0x1b, 0x7b, 0xac, + 0xac, 0x49, 0xb7, 0xc1, 0xee, 0xac, 0x65, 0x5c, 0x38, 0x50, 0x2d, 0x63, 0x55, 0xcd, 0xb6, 0xd8, + 0xbb, 0x9a, 0xad, 0xfd, 0xee, 0x10, 0x7d, 0xbd, 0x56, 0x38, 0x1b, 0x91, 0x5a, 0x4c, 0xbf, 0x6f, + 0x3b, 0xf2, 0xb3, 0x57, 0xc1, 0xde, 0xc0, 0x8b, 0x98, 0xb6, 0xa7, 0xfc, 0x26, 0x85, 0x03, 0xe5, + 0xc8, 0x15, 0xf7, 0xcd, 0x91, 0x7b, 0x19, 0x46, 0xe3, 0x78, 0x63, 0x25, 0xf2, 0xb6, 0x9c, 0x84, + 0x1a, 0x28, 0x22, 0x22, 0x47, 0xe7, 0xb5, 0xac, 0x5e, 0xd1, 0x40, 0x9c, 0xc6, 0x45, 0xf3, 0x30, + 0xae, 0x33, 0xd5, 0x48, 0x94, 0xb0, 0x00, 0x1c, 0x3e, 0x13, 0x54, 0x5a, 0x89, 0xce, 0x6d, 0x13, + 0x08, 0xb8, 0xf3, 0x19, 0x2a, 0xb1, 0x52, 0x8d, 0xb4, 0x23, 0x83, 0x69, 0x89, 0x95, 0xa2, 0x43, + 0xfb, 0xd2, 0xf1, 0x04, 0x5a, 0x82, 0x53, 0x7c, 0x62, 0xb0, 0xbb, 0xc7, 0xd5, 0x1b, 0x0d, 0xa5, + 0xcb, 0x66, 0xcc, 0x77, 0xa2, 0xe0, 0x6e, 0xcf, 0x51, 0xeb, 0x43, 0x35, 0x2f, 0xcc, 0x09, 0x93, + 0x5f, 0x59, 0x1f, 0x8a, 0xcc, 0x42, 0x0d, 0x9b, 0x78, 0xe8, 0x93, 0xf0, 0xb8, 0xfe, 0xcb, 0xa3, + 0x34, 0xb9, 0x1f, 0x6c, 0x4e, 0x24, 0x01, 0xab, 0xda, 0xa9, 0xf3, 0x5d, 0xd1, 0x6a, 0xb8, 0xd7, + 0xf3, 0x68, 0x1d, 0xce, 0x2a, 0xd0, 0x25, 0x6a, 0xea, 0xb5, 0x22, 0x2f, 0x26, 0x55, 0x27, 0x26, + 0x37, 0x22, 0x9f, 0xa5, 0x0d, 0x0f, 0xeb, 0x4b, 0x20, 0xe6, 0xbd, 0xe4, 0x4a, 0x37, 0x4c, 0xbc, + 0x88, 0xef, 0x43, 0x05, 0x4d, 0xc3, 0x30, 0x09, 0x9c, 0x75, 0x9f, 0x2c, 0xcf, 0x2e, 0xb0, 0x64, + 0x62, 0xc3, 0xed, 0x76, 0x49, 0x02, 0xb0, 0xc6, 0x51, 0x87, 0xc0, 0x23, 0x3d, 0x2f, 0x0d, 0x59, + 0x81, 0xd3, 0x0d, 0xb7, 0x45, 0xb5, 0x09, 0xcf, 0x25, 0x33, 0x2e, 0x3b, 0x08, 0xa5, 0x1f, 0x86, + 0xd7, 0x33, 0x51, 0x11, 0x0e, 0xf3, 0xb3, 0x2b, 0x1d, 0x38, 0xb8, 0xeb, 0x93, 0x74, 0x8d, 0xb5, + 0xa2, 0x70, 0x7b, 0x67, 0xe2, 0x54, 0x7a, 0x8d, 0xad, 0xd0, 0x46, 0xcc, 0x61, 0xe8, 0x2a, 0x20, + 0x16, 0x2e, 0x73, 0x25, 0x49, 0x5a, 0x4a, 0x7d, 0x99, 0x38, 0xcd, 0x5e, 0xe9, 0xac, 0x78, 0x02, + 0x5d, 0xee, 0xc0, 0xc0, 0x5d, 0x9e, 0xb2, 0xff, 0xc8, 0x82, 0x51, 0xb5, 0x5e, 0x1f, 0x40, 0xc0, + 0x98, 0x9f, 0x0e, 0x18, 0x9b, 0x3f, 0xba, 0xc4, 0x63, 0x3d, 0xef, 0x11, 0x75, 0xf0, 0x85, 0x0a, + 0x80, 0x96, 0x8a, 0x6a, 0x43, 0xb2, 0x7a, 0x6e, 0x48, 0x8f, 0xac, 0x44, 0xea, 0x96, 0x39, 0x58, + 0x7a, 0xb8, 0x99, 0x83, 0xab, 0x70, 0x46, 0xaa, 0x0b, 0xdc, 0xb1, 0x73, 0x25, 0x8c, 0x95, 0x80, + 0x2b, 0x57, 0x9f, 0x16, 0x84, 0xce, 0x2c, 0x74, 0x43, 0xc2, 0xdd, 0x9f, 0x4d, 0x69, 0x29, 0x43, + 0xfb, 0x69, 0x29, 0x7a, 0x4d, 0x2f, 0xd6, 0x65, 0x25, 0xd6, 0xcc, 0x9a, 0x5e, 0xbc, 0xbc, 0x8a, + 0x35, 0x4e, 0x77, 0xc1, 0x3e, 0x9c, 0x93, 0x60, 0x87, 0x03, 0x0b, 0x76, 0x29, 0x62, 0x2a, 0x3d, + 0x45, 0x8c, 0xf4, 0x25, 0x8d, 0xf4, 0xf4, 0x25, 0xbd, 0x02, 0x63, 0x5e, 0xb0, 0x41, 0x22, 0x2f, + 0x21, 0x35, 0xb6, 0x16, 0x98, 0xf8, 0x29, 0xeb, 0x6d, 0x7d, 0x21, 0x05, 0xc5, 0x19, 0xec, 0xb4, + 0x5c, 0x1c, 0xeb, 0x43, 0x2e, 0xf6, 0xd8, 0x8d, 0x4e, 0xe4, 0xb3, 0x1b, 0x9d, 0x3c, 0xfa, 0x6e, + 0x34, 0x7e, 0xac, 0xbb, 0x11, 0xca, 0x65, 0x37, 0xea, 0x4b, 0xd0, 0x1b, 0x06, 0xdd, 0xe9, 0x7d, + 0x0c, 0xba, 0x5e, 0x5b, 0xd1, 0x99, 0x43, 0x6f, 0x45, 0xdd, 0x77, 0x99, 0xc7, 0x0e, 0xb5, 0xcb, + 0x7c, 0xb1, 0x00, 0x67, 0xb4, 0x1c, 0xa6, 0xb3, 0xdf, 0xab, 0x53, 0x49, 0xc4, 0x8a, 0x79, 0xf3, + 0xd8, 0x1f, 0x23, 0x7e, 0x51, 0x87, 0x42, 0x2a, 0x08, 0x36, 0xb0, 0x58, 0x18, 0x20, 0x89, 0x58, + 0xd5, 0xa6, 0xac, 0x90, 0x9e, 0x15, 0xed, 0x58, 0x61, 0xd0, 0xf9, 0x45, 0x7f, 0x8b, 0xd0, 0xea, + 0x6c, 0xb1, 0x84, 0x59, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x8e, 0x33, 0x61, 0x02, 0x82, 0x0a, 0xea, + 0x11, 0x71, 0x4d, 0x8d, 0x94, 0x09, 0x0a, 0x2a, 0xbb, 0xc3, 0xe2, 0x3d, 0x4b, 0x9d, 0xdd, 0x61, + 0xe7, 0x95, 0x0a, 0xc3, 0xfe, 0x3f, 0x16, 0x3c, 0xd1, 0x75, 0x28, 0x1e, 0xc0, 0xe6, 0xbb, 0x9d, + 0xde, 0x7c, 0x57, 0xf3, 0x32, 0x37, 0x8c, 0xb7, 0xe8, 0xb1, 0x11, 0xff, 0x47, 0x0b, 0xc6, 0x34, + 0xfe, 0x03, 0x78, 0x55, 0x2f, 0xfd, 0xaa, 0xf9, 0x59, 0x56, 0xc3, 0x1d, 0xef, 0xf6, 0x47, 0xec, + 0xdd, 0xf8, 0x49, 0xc8, 0x8c, 0x2b, 0xcb, 0x43, 0xed, 0x73, 0x02, 0xb0, 0x03, 0x83, 0xac, 0x72, + 0x72, 0x9c, 0xcf, 0x89, 0x4c, 0x9a, 0x3f, 0x0b, 0xe4, 0xd6, 0x27, 0x32, 0xec, 0x6f, 0x8c, 0x05, + 0x43, 0x56, 0x53, 0xcc, 0x8b, 0xa9, 0x34, 0xaf, 0x89, 0xc8, 0x49, 0x5d, 0x53, 0x4c, 0xb4, 0x63, + 0x85, 0x61, 0x37, 0x61, 0x22, 0x4d, 0x7c, 0x8e, 0xd4, 0xd9, 0x29, 0x7f, 0x5f, 0xaf, 0x39, 0x0d, + 0xc3, 0x0e, 0x7b, 0x6a, 0xb1, 0xed, 0x64, 0x6f, 0x36, 0x9b, 0x91, 0x00, 0xac, 0x71, 0xec, 0xdf, + 0xb4, 0xe0, 0x54, 0x97, 0x97, 0xc9, 0x31, 0x62, 0x34, 0xd1, 0x52, 0xa0, 0xdb, 0x86, 0xfb, 0x21, + 0x18, 0xaa, 0x91, 0xba, 0x23, 0xcf, 0x91, 0x0d, 0x99, 0x3b, 0xc7, 0x9b, 0xb1, 0x84, 0xdb, 0xff, + 0xd3, 0x82, 0x13, 0xe9, 0xbe, 0xc6, 0x54, 0x6a, 0xf2, 0x97, 0x99, 0xf3, 0x62, 0x37, 0xdc, 0x22, + 0xd1, 0x0e, 0x7d, 0x73, 0xde, 0x6b, 0x25, 0x35, 0x67, 0x3a, 0x30, 0x70, 0x97, 0xa7, 0x58, 0x59, + 0xa1, 0x9a, 0x1a, 0x6d, 0x39, 0x53, 0x6e, 0xe6, 0x39, 0x53, 0xf4, 0xc7, 0x34, 0x8f, 0x9f, 0x14, + 0x4b, 0x6c, 0xf2, 0xb7, 0xbf, 0x37, 0x00, 0x2a, 0xa4, 0x9c, 0x1d, 0xe2, 0xe5, 0x74, 0x04, 0x9a, + 0x2a, 0x82, 0x5f, 0xec, 0xa3, 0x08, 0xbe, 0x9c, 0x0c, 0x03, 0xf7, 0x3b, 0x60, 0xe3, 0xde, 0x0b, + 0xd3, 0x49, 0xa8, 0xde, 0x70, 0x4d, 0x83, 0xb0, 0x89, 0x47, 0x7b, 0xe2, 0x7b, 0x5b, 0x84, 0x3f, + 0x34, 0x98, 0xee, 0xc9, 0xa2, 0x04, 0x60, 0x8d, 0x43, 0x7b, 0x52, 0xf3, 0xea, 0x75, 0x61, 0x8a, + 0xab, 0x9e, 0xd0, 0xd1, 0xc1, 0x0c, 0xc2, 0x2b, 0xc5, 0x85, 0x9b, 0x42, 0x3b, 0x35, 0x2a, 0xc5, + 0x85, 0x9b, 0x98, 0x41, 0xa8, 0x3e, 0x15, 0x84, 0x51, 0x93, 0xdd, 0x3c, 0x57, 0x53, 0x5c, 0x84, + 0x56, 0xaa, 0xf4, 0xa9, 0xeb, 0x9d, 0x28, 0xb8, 0xdb, 0x73, 0x74, 0x06, 0xb6, 0x22, 0x52, 0xf3, + 0xdc, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xd2, 0x81, 0x81, 0xbb, 0x3c, 0x85, 0x66, 0xe0, 0x84, + 0x4c, 0x09, 0x90, 0x09, 0x9f, 0x95, 0x74, 0x82, 0x19, 0x4e, 0x83, 0x71, 0x16, 0x9f, 0x4a, 0x9b, + 0xa6, 0xc8, 0xf5, 0x66, 0x4a, 0xac, 0x21, 0x6d, 0x64, 0x0e, 0x38, 0x56, 0x18, 0xf6, 0xe7, 0x8b, + 0x74, 0x77, 0xec, 0x51, 0xdf, 0xfa, 0x81, 0x1d, 0xb9, 0xa7, 0x67, 0xe4, 0x40, 0x1f, 0x33, 0xf2, + 0x25, 0x18, 0xb9, 0x1d, 0x87, 0x81, 0x3a, 0xce, 0x2e, 0xf5, 0x3c, 0xce, 0x36, 0xb0, 0xba, 0x1f, + 0x67, 0x0f, 0xe6, 0x75, 0x9c, 0x3d, 0x74, 0xc8, 0xe3, 0xec, 0x6f, 0x97, 0x40, 0x55, 0x88, 0xbd, + 0x4e, 0x92, 0xbb, 0x61, 0xb4, 0xe9, 0x05, 0x0d, 0x96, 0x4a, 0xf1, 0x4d, 0x0b, 0x46, 0xf8, 0x7a, + 0x59, 0x34, 0xc3, 0x91, 0xeb, 0x39, 0x95, 0x1e, 0x4d, 0x31, 0x9b, 0x5a, 0x33, 0x18, 0x65, 0x2e, + 0x36, 0x31, 0x41, 0x38, 0xd5, 0x23, 0xf4, 0x33, 0x00, 0xd2, 0x6f, 0x59, 0x97, 0x22, 0x73, 0x21, + 0x9f, 0xfe, 0x61, 0x52, 0xd7, 0xba, 0xe9, 0x9a, 0x62, 0x82, 0x0d, 0x86, 0xe8, 0x8b, 0xd9, 0x9b, + 0x39, 0x3f, 0x7d, 0x2c, 0x63, 0xd3, 0x4f, 0xa0, 0x36, 0x86, 0x21, 0x2f, 0x68, 0xd0, 0x79, 0x22, + 0x22, 0x00, 0x3e, 0xd8, 0x2d, 0x0d, 0x69, 0x31, 0x74, 0x6a, 0x55, 0xc7, 0x77, 0x02, 0x97, 0x44, + 0x0b, 0x1c, 0xdd, 0xbc, 0x69, 0x8b, 0x35, 0x60, 0x49, 0xa8, 0xa3, 0xb6, 0x6e, 0xa9, 0x9f, 0xda, + 0xba, 0x67, 0x3f, 0x0e, 0xe3, 0x1d, 0x1f, 0xf3, 0x40, 0x71, 0xd9, 0x87, 0x0f, 0xe9, 0xb6, 0xff, + 0xe5, 0xa0, 0xde, 0xb4, 0xae, 0x87, 0x35, 0x5e, 0xe1, 0x35, 0xd2, 0x5f, 0x54, 0xe8, 0x9e, 0x39, + 0x4e, 0x11, 0xe3, 0xb6, 0x2e, 0xd5, 0x88, 0x4d, 0x96, 0x74, 0x8e, 0xb6, 0x9c, 0x88, 0x04, 0xc7, + 0x3d, 0x47, 0x57, 0x14, 0x13, 0x6c, 0x30, 0x44, 0x1b, 0xa9, 0xc0, 0xcc, 0xcb, 0x47, 0x0f, 0xcc, + 0x64, 0x09, 0xda, 0xdd, 0xaa, 0x44, 0x7e, 0xcd, 0x82, 0xb1, 0x20, 0x35, 0x73, 0xc5, 0x39, 0xce, + 0xda, 0x71, 0xac, 0x0a, 0x5e, 0x60, 0x3c, 0xdd, 0x86, 0x33, 0xfc, 0xbb, 0x6d, 0x69, 0xa5, 0x03, + 0x6e, 0x69, 0xba, 0x54, 0xf4, 0x60, 0xaf, 0x52, 0xd1, 0x28, 0x50, 0xb5, 0xf2, 0x87, 0x72, 0xaf, + 0x95, 0x0f, 0x5d, 0xea, 0xe4, 0xdf, 0x82, 0x61, 0x37, 0x22, 0x4e, 0x72, 0xc8, 0xb2, 0xe9, 0xec, + 0x28, 0x7c, 0x56, 0x12, 0xc0, 0x9a, 0x96, 0xfd, 0x1f, 0x8a, 0x70, 0x52, 0x8e, 0x88, 0x8c, 0xe3, + 0xa2, 0xfb, 0x23, 0xe7, 0xab, 0x95, 0x5b, 0xb5, 0x3f, 0x5e, 0x91, 0x00, 0xac, 0x71, 0xa8, 0x3e, + 0xd6, 0x8e, 0xc9, 0x72, 0x8b, 0x04, 0x8b, 0xde, 0x7a, 0x2c, 0xce, 0x1f, 0xd5, 0x42, 0xb9, 0xa1, + 0x41, 0xd8, 0xc4, 0xa3, 0xca, 0x38, 0xd7, 0x8b, 0xe3, 0x6c, 0x0c, 0xa8, 0xd0, 0xb7, 0xb1, 0x84, + 0xa3, 0x5f, 0xe9, 0x7a, 0xe1, 0x46, 0x3e, 0xd1, 0xcf, 0x1d, 0xe1, 0x6b, 0x07, 0xbc, 0x69, 0xe3, + 0x6d, 0x0b, 0x4e, 0x6c, 0xa6, 0xd2, 0xd0, 0xa4, 0x48, 0x3e, 0x62, 0xc2, 0x74, 0x3a, 0xb7, 0x4d, + 0x4f, 0xe1, 0x74, 0x7b, 0x8c, 0xb3, 0xdc, 0xed, 0xff, 0x65, 0x81, 0x29, 0x9e, 0xfa, 0xd3, 0xac, + 0x8c, 0x3b, 0xc3, 0x0a, 0xfb, 0xdc, 0x19, 0x26, 0x95, 0xb0, 0x62, 0x7f, 0x4a, 0xff, 0xc0, 0x01, + 0x94, 0xfe, 0x52, 0x4f, 0xad, 0xed, 0x69, 0x28, 0xb6, 0xbd, 0x9a, 0xd0, 0xdb, 0xf5, 0x69, 0xe3, + 0xc2, 0x1c, 0xa6, 0xed, 0xf6, 0x3f, 0x2d, 0x69, 0x3b, 0x5d, 0x04, 0xed, 0xfe, 0x50, 0xbc, 0x76, + 0x5d, 0xe5, 0xbf, 0xf3, 0x37, 0xbf, 0xde, 0x91, 0xff, 0xfe, 0xe3, 0x07, 0x8f, 0xc9, 0xe6, 0x03, + 0xd4, 0x2b, 0xfd, 0x7d, 0x68, 0x9f, 0x80, 0xec, 0xdb, 0x50, 0xa6, 0xa6, 0x0d, 0x73, 0xb8, 0x95, + 0x53, 0x9d, 0x2a, 0x5f, 0x11, 0xed, 0xf7, 0x76, 0x27, 0x7f, 0xec, 0xe0, 0xdd, 0x92, 0x4f, 0x63, + 0x45, 0x1f, 0xc5, 0x30, 0x4c, 0x7f, 0xb3, 0xd8, 0x71, 0x61, 0x34, 0xdd, 0x50, 0xb2, 0x48, 0x02, + 0x72, 0x09, 0x4c, 0xd7, 0x7c, 0x50, 0x00, 0xc3, 0xec, 0xb2, 0x1f, 0xc6, 0x94, 0xdb, 0x56, 0x2b, + 0x2a, 0x82, 0x5b, 0x02, 0xee, 0xed, 0x4e, 0xbe, 0x7c, 0x70, 0xa6, 0xea, 0x71, 0xac, 0x59, 0xd8, + 0xef, 0x0c, 0xe8, 0xb9, 0x2b, 0xca, 0x1e, 0xfc, 0x50, 0xcc, 0xdd, 0x8b, 0x99, 0xb9, 0x7b, 0xbe, + 0x63, 0xee, 0x8e, 0xe9, 0x4b, 0x69, 0x52, 0xb3, 0xf1, 0x41, 0x6f, 0xb0, 0xfb, 0xdb, 0xf1, 0x4c, + 0xb3, 0xb8, 0xd3, 0xf6, 0x22, 0x12, 0xaf, 0x44, 0xed, 0xc0, 0x0b, 0x1a, 0xe2, 0x1e, 0x50, 0x43, + 0xb3, 0x48, 0x81, 0x71, 0x16, 0x9f, 0xdd, 0x21, 0xba, 0x13, 0xb8, 0xb7, 0x9c, 0x2d, 0x3e, 0xab, + 0x8c, 0x4c, 0xf0, 0x55, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0x2e, 0x3b, 0xbb, 0x35, 0x92, 0x56, 0xe8, + 0x9c, 0xf0, 0xd9, 0xed, 0x4a, 0x3c, 0x8d, 0x5c, 0xcd, 0x09, 0x7e, 0xa5, 0x12, 0x87, 0xa1, 0xbb, + 0x30, 0xb4, 0xce, 0xaf, 0x17, 0xc8, 0xa7, 0x64, 0x9e, 0xb8, 0xab, 0x80, 0x55, 0xb5, 0x95, 0x17, + 0x17, 0xdc, 0xd3, 0x3f, 0xb1, 0xe4, 0x66, 0xbf, 0x37, 0x00, 0x27, 0x32, 0xf7, 0xef, 0xa4, 0x0a, + 0xf8, 0x14, 0xf6, 0x2d, 0xe0, 0xf3, 0x29, 0x80, 0x1a, 0x69, 0xf9, 0xe1, 0x0e, 0x53, 0x73, 0x06, + 0x0e, 0xac, 0xe6, 0x28, 0xcd, 0x78, 0x4e, 0x51, 0xc1, 0x06, 0x45, 0x91, 0x3b, 0xcf, 0xeb, 0x01, + 0x65, 0x72, 0xe7, 0x8d, 0xaa, 0x95, 0x83, 0x0f, 0xb6, 0x6a, 0xa5, 0x07, 0x27, 0x78, 0x17, 0x55, + 0x6a, 0xc8, 0x21, 0x32, 0x40, 0x58, 0x9c, 0xed, 0x5c, 0x9a, 0x0c, 0xce, 0xd2, 0x7d, 0x98, 0xd7, + 0x6b, 0xa1, 0x0f, 0xc3, 0xb0, 0xfc, 0xce, 0xf1, 0xc4, 0xb0, 0x4e, 0xaf, 0x93, 0xd3, 0x80, 0x5d, + 0x7b, 0x25, 0x7e, 0xda, 0x5f, 0x2d, 0x50, 0xad, 0x94, 0xff, 0x53, 0x69, 0xd2, 0xcf, 0xc2, 0xa0, + 0xd3, 0x4e, 0x36, 0xc2, 0x8e, 0x3b, 0x13, 0x66, 0x58, 0x2b, 0x16, 0x50, 0xb4, 0x08, 0x03, 0x35, + 0x9d, 0xfa, 0x7a, 0x90, 0x51, 0xd4, 0x0e, 0x3e, 0x27, 0x21, 0x98, 0x51, 0x41, 0x4f, 0xc1, 0x40, + 0xe2, 0x34, 0x52, 0x77, 0xd9, 0xae, 0x39, 0x8d, 0x18, 0xb3, 0x56, 0x73, 0xd3, 0x1c, 0xd8, 0x67, + 0xd3, 0x7c, 0x19, 0x46, 0x63, 0xaf, 0x11, 0x38, 0x49, 0x3b, 0x22, 0xc6, 0x61, 0x92, 0x8e, 0x0f, + 0x30, 0x81, 0x38, 0x8d, 0x6b, 0x7f, 0xab, 0x02, 0xa7, 0x57, 0x67, 0x97, 0x64, 0x19, 0xb7, 0x63, + 0x8b, 0xa9, 0xef, 0xc6, 0xe3, 0xc1, 0xc5, 0xd4, 0xf7, 0xe0, 0xee, 0x1b, 0x31, 0xf5, 0xbe, 0x11, + 0x53, 0xff, 0x45, 0x0b, 0x86, 0x55, 0x28, 0xb9, 0x08, 0x64, 0x7d, 0x3d, 0xff, 0x1e, 0xa8, 0xb8, + 0x62, 0x11, 0x51, 0x2c, 0xff, 0x62, 0xcd, 0xfc, 0xf8, 0x82, 0xec, 0xef, 0xdb, 0xa1, 0x03, 0x05, + 0xd9, 0xab, 0x0c, 0x84, 0x52, 0x1e, 0x19, 0x08, 0x3d, 0x3e, 0x55, 0xd7, 0x0c, 0x84, 0xaf, 0x59, + 0x50, 0x71, 0xde, 0x6a, 0x47, 0x64, 0x8e, 0x6c, 0x2d, 0xb7, 0x62, 0x21, 0x60, 0xdf, 0xc8, 0xbf, + 0x03, 0x33, 0x9a, 0x89, 0x28, 0xee, 0xac, 0x1b, 0xb0, 0xd9, 0x85, 0x54, 0xc6, 0xc1, 0x50, 0x1e, + 0x19, 0x07, 0xdd, 0xba, 0xb3, 0x6f, 0xc6, 0xc1, 0xcb, 0x30, 0xea, 0xfa, 0x61, 0x40, 0x56, 0xa2, + 0x30, 0x09, 0xdd, 0xd0, 0x17, 0xca, 0xb4, 0x12, 0x09, 0xb3, 0x26, 0x10, 0xa7, 0x71, 0x7b, 0xa5, + 0x2b, 0x0c, 0x1f, 0x35, 0x5d, 0x01, 0x1e, 0x52, 0x71, 0x8d, 0x5f, 0xd4, 0x65, 0x46, 0x2b, 0x79, + 0xdc, 0x77, 0xdb, 0xed, 0x8b, 0x1c, 0x77, 0xcd, 0xba, 0x3f, 0x2d, 0xc0, 0xe4, 0x3e, 0x13, 0x13, + 0x5d, 0x84, 0x91, 0x30, 0x6a, 0x38, 0x81, 0xf7, 0x16, 0x4f, 0xef, 0x2d, 0xa5, 0x8b, 0x88, 0x2c, + 0x1b, 0x30, 0x9c, 0xc2, 0x94, 0xe1, 0xd4, 0x83, 0x3d, 0xc2, 0xa9, 0x3f, 0x0a, 0x95, 0x84, 0x38, + 0x4d, 0x11, 0x3b, 0x22, 0x8c, 0x38, 0x7d, 0x28, 0xa6, 0x41, 0xd8, 0xc4, 0xa3, 0x4b, 0x61, 0xcc, + 0x71, 0x5d, 0x12, 0xc7, 0x32, 0x5e, 0x5a, 0x38, 0x98, 0x72, 0x0b, 0xc6, 0x66, 0x7e, 0xbb, 0x99, + 0x14, 0x0b, 0x9c, 0x61, 0x49, 0x3b, 0xef, 0xf8, 0x3e, 0xcf, 0x86, 0x20, 0xf2, 0x86, 0x7d, 0x5d, + 0x0c, 0x44, 0x83, 0xb0, 0x89, 0x67, 0xff, 0x7a, 0x01, 0x9e, 0xbe, 0xaf, 0x88, 0xec, 0x3b, 0x94, + 0xbd, 0x1d, 0x93, 0x28, 0x7b, 0xa8, 0x74, 0x23, 0x26, 0x11, 0x66, 0x10, 0x3e, 0x4a, 0xad, 0x96, + 0x71, 0xf3, 0x54, 0xde, 0x99, 0x13, 0x7c, 0x94, 0x52, 0x2c, 0x70, 0x86, 0x65, 0x76, 0x94, 0x06, + 0xfa, 0x1c, 0xa5, 0x7f, 0x50, 0x80, 0x67, 0xfa, 0xd8, 0x48, 0x72, 0xcc, 0x30, 0x49, 0xe7, 0xf9, + 0x14, 0x1f, 0x4e, 0x9e, 0xcf, 0x61, 0x87, 0xeb, 0xdd, 0x02, 0x9c, 0xed, 0x2d, 0xcf, 0xd1, 0x4f, + 0x50, 0x43, 0x50, 0x06, 0x8c, 0x98, 0x29, 0x42, 0xa7, 0xb8, 0x11, 0x98, 0x02, 0xe1, 0x2c, 0x2e, + 0x9a, 0x02, 0x68, 0x39, 0xc9, 0x46, 0x7c, 0x69, 0xdb, 0x8b, 0x13, 0x91, 0xdd, 0x3a, 0xc6, 0xdd, + 0xf9, 0xb2, 0x15, 0x1b, 0x18, 0x94, 0x1d, 0xfb, 0x37, 0x17, 0x5e, 0x0f, 0x13, 0xfe, 0x10, 0xd7, + 0x45, 0x4f, 0xc9, 0x0a, 0xa0, 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0x76, 0x60, 0xc4, 0x3b, 0xca, + 0x95, 0x54, 0xc6, 0x6e, 0x51, 0xb5, 0x62, 0x03, 0x23, 0x9b, 0xfc, 0x54, 0xda, 0x3f, 0xf9, 0xc9, + 0xfe, 0x27, 0x05, 0x78, 0xa2, 0xa7, 0x3e, 0xd0, 0xdf, 0x02, 0x7c, 0xf4, 0x12, 0x96, 0x0e, 0x37, + 0x77, 0x0e, 0x98, 0x86, 0xf3, 0xc7, 0x3d, 0x66, 0x9a, 0x48, 0xc3, 0xc9, 0x6e, 0x15, 0xd6, 0x41, + 0xb7, 0x8a, 0x47, 0x68, 0x3c, 0x3b, 0x32, 0x6f, 0x06, 0x0e, 0x90, 0x79, 0x93, 0xf9, 0x18, 0xa5, + 0x3e, 0x17, 0xf2, 0x77, 0x7a, 0x0f, 0x2f, 0xb5, 0x1f, 0xfa, 0x72, 0xb1, 0xcd, 0xc1, 0x49, 0x2f, + 0x60, 0xd5, 0xa0, 0x57, 0xdb, 0xeb, 0x22, 0xf7, 0xb9, 0x90, 0xbe, 0xe8, 0x6c, 0x21, 0x03, 0xc7, + 0x1d, 0x4f, 0x3c, 0x82, 0x99, 0x50, 0x87, 0x1c, 0xd2, 0x4f, 0xc1, 0xb0, 0xa2, 0xcd, 0xa3, 0x3b, + 0xd5, 0x07, 0xed, 0x88, 0xee, 0x54, 0x5f, 0xd3, 0xc0, 0xa2, 0x23, 0x41, 0xd5, 0xa9, 0xcc, 0xcc, + 0xbc, 0x46, 0x76, 0x98, 0x6e, 0x65, 0x7f, 0x04, 0x46, 0x94, 0x21, 0xdc, 0x6f, 0xc9, 0x5f, 0xfb, + 0x9d, 0x41, 0x18, 0x4d, 0x15, 0xf4, 0x48, 0xf9, 0x9d, 0xac, 0x7d, 0xfd, 0x4e, 0x2c, 0x5a, 0xb7, + 0x1d, 0xc8, 0x7a, 0xe0, 0x46, 0xb4, 0x6e, 0x3b, 0x20, 0x98, 0xc3, 0xd0, 0xb3, 0x30, 0x58, 0x8b, + 0x76, 0x70, 0x3b, 0x10, 0x51, 0x75, 0x4a, 0x7d, 0x9c, 0x63, 0xad, 0x58, 0x40, 0xd1, 0xe7, 0x2c, + 0x18, 0x89, 0x99, 0x53, 0x93, 0x7b, 0xed, 0xc4, 0x07, 0xbd, 0x9a, 0xc7, 0xdd, 0xdd, 0xa2, 0x78, + 0x0d, 0x3b, 0x90, 0x37, 0x5b, 0x70, 0x8a, 0x23, 0xfa, 0x05, 0xcb, 0xbc, 0xb5, 0x7c, 0x30, 0x8f, + 0x68, 0xd0, 0x6c, 0xbd, 0x14, 0xee, 0xee, 0xb9, 0xff, 0xe5, 0xe5, 0xb1, 0x72, 0xa9, 0x0d, 0x1d, + 0x8f, 0x4b, 0x0d, 0xba, 0xb8, 0xd3, 0x3e, 0x0c, 0xc3, 0x4d, 0x27, 0xf0, 0xea, 0x24, 0x4e, 0xb8, + 0x97, 0x4b, 0x96, 0x71, 0x92, 0x8d, 0x58, 0xc3, 0xe9, 0x66, 0x17, 0xb3, 0x17, 0x4b, 0x0c, 0xb7, + 0x14, 0xdb, 0xec, 0x56, 0x75, 0x33, 0x36, 0x71, 0x4c, 0x1f, 0x1a, 0x3c, 0x54, 0x1f, 0x5a, 0x65, + 0x1f, 0x1f, 0xda, 0x3f, 0xb2, 0xe0, 0x4c, 0xd7, 0xaf, 0xf6, 0xe8, 0xc6, 0x59, 0xd9, 0x5f, 0x2f, + 0xc1, 0xa9, 0x2e, 0x95, 0x79, 0xd0, 0xce, 0xb1, 0xdd, 0xc2, 0x2f, 0x4a, 0xff, 0x8c, 0xf6, 0x9c, + 0xc4, 0x07, 0xf3, 0x60, 0x6b, 0x2f, 0x72, 0xf1, 0xc1, 0x7a, 0x91, 0x8d, 0x69, 0x39, 0xf0, 0x50, + 0xa7, 0x65, 0xe9, 0xfe, 0xd3, 0x12, 0xfd, 0x96, 0x05, 0x13, 0xcd, 0x1e, 0xe5, 0x20, 0x85, 0x67, + 0xe8, 0xe6, 0xf1, 0x14, 0x9b, 0xac, 0x3e, 0xb5, 0xb7, 0x3b, 0xd9, 0xb3, 0x0a, 0x27, 0xee, 0xd9, + 0x2b, 0xfb, 0x7b, 0x45, 0x60, 0x65, 0xa1, 0x58, 0x21, 0x96, 0x1d, 0xf4, 0x59, 0xb3, 0xc0, 0x97, + 0x95, 0x57, 0x31, 0x2a, 0x4e, 0x5c, 0x15, 0x08, 0xe3, 0x23, 0xd8, 0xad, 0x5e, 0x58, 0x56, 0x68, + 0x15, 0xfa, 0x10, 0x5a, 0xbe, 0xac, 0xa4, 0x56, 0xcc, 0xbf, 0x92, 0xda, 0x70, 0xb6, 0x8a, 0xda, + 0xfd, 0x3f, 0xf1, 0xc0, 0x23, 0xf9, 0x89, 0xff, 0x96, 0xc5, 0x05, 0x4f, 0xe6, 0x2b, 0x68, 0xcd, + 0xc0, 0xba, 0x8f, 0x66, 0xf0, 0x3c, 0xbb, 0xae, 0xb1, 0x7e, 0x85, 0x38, 0xbe, 0xd0, 0x20, 0xcc, + 0x9b, 0x17, 0x59, 0x3b, 0x56, 0x18, 0xec, 0x82, 0x15, 0xdf, 0x0f, 0xef, 0x5e, 0x6a, 0xb6, 0x92, + 0x1d, 0xa1, 0x4b, 0xe8, 0x0b, 0x56, 0x14, 0x04, 0x1b, 0x58, 0xf6, 0xdf, 0x29, 0xf0, 0x19, 0x28, + 0xce, 0x86, 0x2f, 0x66, 0x4a, 0xe2, 0xf7, 0x7f, 0xac, 0xfa, 0x19, 0x00, 0x57, 0xdd, 0xd4, 0x26, + 0x9c, 0xf6, 0x57, 0x8e, 0x7c, 0xd3, 0x95, 0xa0, 0xa7, 0x5f, 0x43, 0xb7, 0x61, 0x83, 0x5f, 0x4a, + 0x96, 0x16, 0xf7, 0x95, 0xa5, 0x29, 0xb1, 0x32, 0xb0, 0xcf, 0x6e, 0xf7, 0xa7, 0x16, 0xa4, 0x34, + 0x22, 0xd4, 0x82, 0x12, 0xed, 0xee, 0x4e, 0x3e, 0x97, 0xd0, 0x99, 0xa4, 0xa9, 0x68, 0x14, 0xd3, + 0x9e, 0xfd, 0xc4, 0x9c, 0x11, 0xf2, 0xc5, 0x11, 0x72, 0x21, 0x8f, 0x8b, 0x12, 0x4d, 0x86, 0x57, + 0xc2, 0x70, 0x93, 0x9f, 0x3c, 0xe9, 0xe3, 0x68, 0xfb, 0x22, 0x8c, 0x77, 0x74, 0x8a, 0x55, 0xbf, + 0x0e, 0xe5, 0xcd, 0x7b, 0xc6, 0x74, 0x65, 0x79, 0x5c, 0x98, 0xc3, 0xec, 0x77, 0x2d, 0x38, 0x99, + 0x25, 0x8f, 0xbe, 0x61, 0xc1, 0x78, 0x9c, 0xa5, 0x77, 0x5c, 0x63, 0xa7, 0xc2, 0xab, 0x3a, 0x40, + 0xb8, 0xb3, 0x13, 0xf6, 0x9f, 0x89, 0xc9, 0x7f, 0xcb, 0x0b, 0x6a, 0xe1, 0x5d, 0xa5, 0x98, 0x58, + 0x3d, 0x15, 0x13, 0xba, 0x1e, 0xdd, 0x0d, 0x52, 0x6b, 0xfb, 0x1d, 0x09, 0x64, 0xab, 0xa2, 0x1d, + 0x2b, 0x8c, 0xd4, 0x1d, 0xfc, 0xc5, 0x7d, 0xef, 0xe0, 0x7f, 0x09, 0x46, 0xcc, 0xdb, 0x25, 0xc5, + 0xbc, 0x64, 0x0a, 0xb9, 0x79, 0x11, 0x25, 0x4e, 0x61, 0x65, 0xee, 0x17, 0x2f, 0xed, 0x7b, 0xbf, + 0xf8, 0x73, 0x50, 0x16, 0x77, 0x65, 0xcb, 0x20, 0x44, 0x9e, 0x9d, 0x26, 0xda, 0xb0, 0x82, 0x52, + 0x69, 0xd2, 0x74, 0x82, 0xb6, 0xe3, 0xd3, 0x11, 0x12, 0x29, 0xb5, 0x6a, 0x19, 0x2e, 0x29, 0x08, + 0x36, 0xb0, 0xe8, 0x1b, 0x27, 0x5e, 0x93, 0xbc, 0x16, 0x06, 0x32, 0x7c, 0x47, 0xfb, 0xe5, 0x45, + 0x3b, 0x56, 0x18, 0xf6, 0x7f, 0xb7, 0x20, 0x7b, 0xd1, 0x6f, 0xca, 0xcb, 0x61, 0xed, 0x9b, 0xc6, + 0x9b, 0x4e, 0x02, 0x2c, 0xf4, 0x95, 0x04, 0x68, 0xe6, 0xe7, 0x15, 0xef, 0x9b, 0x9f, 0xf7, 0x23, + 0xfa, 0x0e, 0x15, 0x9e, 0xc8, 0x57, 0xe9, 0x76, 0x7f, 0x0a, 0xb2, 0x61, 0xd0, 0x75, 0x54, 0xa1, + 0x87, 0x11, 0x6e, 0x3b, 0xcc, 0xce, 0x30, 0x24, 0x01, 0xa9, 0xae, 0xbf, 0xf7, 0xfd, 0x73, 0x1f, + 0xf8, 0xce, 0xf7, 0xcf, 0x7d, 0xe0, 0x0f, 0xbf, 0x7f, 0xee, 0x03, 0x9f, 0xdb, 0x3b, 0x67, 0xbd, + 0xb7, 0x77, 0xce, 0xfa, 0xce, 0xde, 0x39, 0xeb, 0x0f, 0xf7, 0xce, 0x59, 0xdf, 0xdb, 0x3b, 0x67, + 0x7d, 0xed, 0xbf, 0x9c, 0xfb, 0xc0, 0x6b, 0x5d, 0xc3, 0xad, 0xe8, 0x8f, 0x17, 0xdc, 0xda, 0xf4, + 0xd6, 0x05, 0x16, 0xf1, 0x43, 0x57, 0xc3, 0xb4, 0x31, 0x05, 0xa6, 0xe5, 0x6a, 0xf8, 0xf3, 0x00, + 0x00, 0x00, 0xff, 0xff, 0x02, 0x1f, 0x2b, 0x6f, 0xa3, 0xc9, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -8358,6 +8362,30 @@ func (m *GitGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.Values) > 0 { + keysForValues := make([]string, 0, len(m.Values)) + for k := range m.Values { + keysForValues = append(keysForValues, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + for iNdEx := len(keysForValues) - 1; iNdEx >= 0; iNdEx-- { + v := m.Values[string(keysForValues[iNdEx])] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintGenerated(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(keysForValues[iNdEx]) + copy(dAtA[i:], keysForValues[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForValues[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x42 + } + } i -= len(m.PathParamPrefix) copy(dAtA[i:], m.PathParamPrefix) i = encodeVarintGenerated(dAtA, i, uint64(len(m.PathParamPrefix))) @@ -11696,6 +11724,30 @@ func (m *SCMProviderGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.Values) > 0 { + keysForValues := make([]string, 0, len(m.Values)) + for k := range m.Values { + keysForValues = append(keysForValues, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + for iNdEx := len(keysForValues) - 1; iNdEx >= 0; iNdEx-- { + v := m.Values[string(keysForValues[iNdEx])] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintGenerated(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(keysForValues[iNdEx]) + copy(dAtA[i:], keysForValues[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForValues[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x5a + } + } { size, err := m.Template.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -14328,6 +14380,14 @@ func (m *GitGenerator) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = len(m.PathParamPrefix) n += 1 + l + sovGenerated(uint64(l)) + if len(m.Values) > 0 { + for k, v := range m.Values { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } return n } @@ -15608,6 +15668,14 @@ func (m *SCMProviderGenerator) Size() (n int) { } l = m.Template.Size() n += 1 + l + sovGenerated(uint64(l)) + if len(m.Values) > 0 { + for k, v := range m.Values { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } return n } @@ -17085,6 +17153,16 @@ func (this *GitGenerator) String() string { repeatedStringForFiles += strings.Replace(strings.Replace(f.String(), "GitFileGeneratorItem", "GitFileGeneratorItem", 1), `&`, ``, 1) + "," } repeatedStringForFiles += "}" + keysForValues := make([]string, 0, len(this.Values)) + for k := range this.Values { + keysForValues = append(keysForValues, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + mapStringForValues := "map[string]string{" + for _, k := range keysForValues { + mapStringForValues += fmt.Sprintf("%v: %v,", k, this.Values[k]) + } + mapStringForValues += "}" s := strings.Join([]string{`&GitGenerator{`, `RepoURL:` + fmt.Sprintf("%v", this.RepoURL) + `,`, `Directories:` + repeatedStringForDirectories + `,`, @@ -17093,6 +17171,7 @@ func (this *GitGenerator) String() string { `RequeueAfterSeconds:` + valueToStringGenerated(this.RequeueAfterSeconds) + `,`, `Template:` + strings.Replace(strings.Replace(this.Template.String(), "ApplicationSetTemplate", "ApplicationSetTemplate", 1), `&`, ``, 1) + `,`, `PathParamPrefix:` + fmt.Sprintf("%v", this.PathParamPrefix) + `,`, + `Values:` + mapStringForValues + `,`, `}`, }, "") return s @@ -18051,6 +18130,16 @@ func (this *SCMProviderGenerator) String() string { repeatedStringForFilters += strings.Replace(strings.Replace(f.String(), "SCMProviderGeneratorFilter", "SCMProviderGeneratorFilter", 1), `&`, ``, 1) + "," } repeatedStringForFilters += "}" + keysForValues := make([]string, 0, len(this.Values)) + for k := range this.Values { + keysForValues = append(keysForValues, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + mapStringForValues := "map[string]string{" + for _, k := range keysForValues { + mapStringForValues += fmt.Sprintf("%v: %v,", k, this.Values[k]) + } + mapStringForValues += "}" s := strings.Join([]string{`&SCMProviderGenerator{`, `Github:` + strings.Replace(this.Github.String(), "SCMProviderGeneratorGithub", "SCMProviderGeneratorGithub", 1) + `,`, `Gitlab:` + strings.Replace(this.Gitlab.String(), "SCMProviderGeneratorGitlab", "SCMProviderGeneratorGitlab", 1) + `,`, @@ -18062,6 +18151,7 @@ func (this *SCMProviderGenerator) String() string { `CloneProtocol:` + fmt.Sprintf("%v", this.CloneProtocol) + `,`, `RequeueAfterSeconds:` + valueToStringGenerated(this.RequeueAfterSeconds) + `,`, `Template:` + strings.Replace(strings.Replace(this.Template.String(), "ApplicationSetTemplate", "ApplicationSetTemplate", 1), `&`, ``, 1) + `,`, + `Values:` + mapStringForValues + `,`, `}`, }, "") return s @@ -30123,6 +30213,133 @@ func (m *GitGenerator) Unmarshal(dAtA []byte) error { } m.PathParamPrefix = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Values", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Values == nil { + m.Values = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Values[mapkey] = mapvalue + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -41632,6 +41849,133 @@ func (m *SCMProviderGenerator) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Values", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Values == nil { + m.Values = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Values[mapkey] = mapvalue + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index f54ead48d3bfd..9fafae1be5fb5 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -883,6 +883,9 @@ message GitGenerator { optional ApplicationSetTemplate template = 6; optional string pathParamPrefix = 7; + + // Values contains key/value pairs which are passed directly as parameters to the template + map values = 8; } // GnuPGPublicKey is a representation of a GnuPG public key @@ -1769,6 +1772,9 @@ message SCMProviderGenerator { optional int64 requeueAfterSeconds = 9; optional ApplicationSetTemplate template = 10; + + // Values contains key/value pairs which are passed directly as parameters to the template + map values = 11; } // SCMProviderGeneratorAzureDevOps defines connection info specific to Azure DevOps. diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index 580ef6bbef993..e487692452d7d 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -3161,6 +3161,22 @@ func schema_pkg_apis_application_v1alpha1_GitGenerator(ref common.ReferenceCallb Format: "", }, }, + "values": { + SchemaProps: spec.SchemaProps{ + Description: "Values contains key/value pairs which are passed directly as parameters to the template", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, Required: []string{"repoURL", "revision"}, }, @@ -6131,6 +6147,22 @@ func schema_pkg_apis_application_v1alpha1_SCMProviderGenerator(ref common.Refere Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate"), }, }, + "values": { + SchemaProps: spec.SchemaProps{ + Description: "Values contains key/value pairs which are passed directly as parameters to the template", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, }, }, diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 082edeca24366..b9a7340d0655e 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -1801,6 +1801,13 @@ func (in *GitGenerator) DeepCopyInto(out *GitGenerator) { **out = **in } in.Template.DeepCopyInto(&out.Template) + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } return } @@ -3346,6 +3353,13 @@ func (in *SCMProviderGenerator) DeepCopyInto(out *SCMProviderGenerator) { **out = **in } in.Template.DeepCopyInto(&out.Template) + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } return } From 7a5c25f58f0028bb8b3b31aba77b22864ab4ee68 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 10:17:07 -0400 Subject: [PATCH 049/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.164 to 1.44.271 (#13805) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.164 to 1.44.271. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.164...v1.44.271) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 883abc396258c..b653ff86175da 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.164 + github.com/aws/aws-sdk-go v1.44.271 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 diff --git a/go.sum b/go.sum index 0cb42a177aeb5..1686d2ccbd6ff 100644 --- a/go.sum +++ b/go.sum @@ -154,8 +154,9 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:W github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9vXW72U//IgN0BIM= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go v1.44.164 h1:qDj0RutF2Ut0HZYyUJxFdReLxpYrjupsu2JmDIgCvX8= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.271 h1:aa+Nu2JcnFmW1TLIz/67SS7KPq1I1Adl4RmExSMjGVo= +github.com/aws/aws-sdk-go v1.44.271/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From 9e594d495ea955ee00281fb7dca57f1af0f7ecd2 Mon Sep 17 00:00:00 2001 From: Eldar Yusupov Date: Mon, 29 May 2023 17:19:40 +0300 Subject: [PATCH 050/252] feat: specify listen address from env / command line (#11846) * feat: specify listen address from env / command line Signed-off-by: Eldar Yusupov * Make listen addrs configurable through ConfigMap Signed-off-by: Eldar Yusupov * Update autogenerated manifests Signed-off-by: Eldar Yusupov --------- Signed-off-by: Eldar Yusupov --- .../commands/argocd_repo_server.go | 8 +++++-- cmd/argocd-server/commands/argocd_server.go | 6 +++++ cmd/argocd/commands/admin/dashboard.go | 2 +- common/common.go | 6 ++++- .../operator-manual/argocd-cmd-params-cm.yaml | 8 +++++++ .../server-commands/argocd-repo-server.md | 2 ++ .../server-commands/argocd-server.md | 2 ++ docs/operator-manual/tls.md | 5 +++- .../argocd-repo-server-deployment.yaml | 12 ++++++++++ .../base/server/argocd-server-deployment.yaml | 12 ++++++++++ manifests/core-install.yaml | 12 ++++++++++ manifests/ha/install.yaml | 24 +++++++++++++++++++ manifests/ha/namespace-install.yaml | 24 +++++++++++++++++++ manifests/install.yaml | 24 +++++++++++++++++++ manifests/namespace-install.yaml | 24 +++++++++++++++++++ server/server.go | 5 ++-- 16 files changed, 169 insertions(+), 7 deletions(-) diff --git a/cmd/argocd-repo-server/commands/argocd_repo_server.go b/cmd/argocd-repo-server/commands/argocd_repo_server.go index bf6a8840f2b17..2aeac190d7df1 100644 --- a/cmd/argocd-repo-server/commands/argocd_repo_server.go +++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go @@ -72,7 +72,9 @@ func NewCommand() *cobra.Command { var ( parallelismLimit int64 listenPort int + listenHost string metricsPort int + metricsHost string otlpAddress string cacheSrc func() (*reposervercache.Cache, error) tlsConfigCustomizer tls.ConfigCustomizer @@ -150,7 +152,7 @@ func NewCommand() *cobra.Command { } grpc := server.CreateGRPC() - listener, err := net.Listen("tcp", fmt.Sprintf(":%d", listenPort)) + listener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", listenHost, listenPort)) errors.CheckError(err) healthz.ServeHealthCheck(http.DefaultServeMux, func(r *http.Request) error { @@ -176,7 +178,7 @@ func NewCommand() *cobra.Command { return nil }) http.Handle("/metrics", metricsServer.GetHandler()) - go func() { errors.CheckError(http.ListenAndServe(fmt.Sprintf(":%d", metricsPort), nil)) }() + go func() { errors.CheckError(http.ListenAndServe(fmt.Sprintf("%s:%d", metricsHost, metricsPort), nil)) }() go func() { errors.CheckError(askPassServer.Run(askpass.SocketPath)) }() if gpg.IsGPGEnabled() { @@ -207,7 +209,9 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_REPO_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_REPO_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") command.Flags().Int64Var(¶llelismLimit, "parallelismlimit", int64(env.ParseNumFromEnv("ARGOCD_REPO_SERVER_PARALLELISM_LIMIT", 0, 0, math.MaxInt32)), "Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.") + command.Flags().StringVar(&listenHost, "address", env.StringFromEnv("ARGOCD_REPO_SERVER_LISTEN_ADDRESS", common.DefaultAddressRepoServer), "Listen on given address for incoming connections") command.Flags().IntVar(&listenPort, "port", common.DefaultPortRepoServer, "Listen on given port for incoming connections") + command.Flags().StringVar(&metricsHost, "metrics-address", env.StringFromEnv("ARGOCD_REPO_SERVER_METRICS_LISTEN_ADDRESS", common.DefaultAddressRepoServerMetrics), "Listen on given address for metrics") command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortRepoServerMetrics, "Start metrics server on given port") command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_REPO_SERVER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to") command.Flags().BoolVar(&disableTLS, "disable-tls", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_TLS", false), "Disable TLS on the gRPC endpoint") diff --git a/cmd/argocd-server/commands/argocd_server.go b/cmd/argocd-server/commands/argocd_server.go index 76c93c678bead..b4ae0d19d9981 100644 --- a/cmd/argocd-server/commands/argocd_server.go +++ b/cmd/argocd-server/commands/argocd_server.go @@ -49,7 +49,9 @@ func NewCommand() *cobra.Command { var ( redisClient *redis.Client insecure bool + listenHost string listenPort int + metricsHost string metricsPort int otlpAddress string glogLevel int @@ -167,7 +169,9 @@ func NewCommand() *cobra.Command { argoCDOpts := server.ArgoCDServerOpts{ Insecure: insecure, ListenPort: listenPort, + ListenHost: listenHost, MetricsPort: metricsPort, + MetricsHost: metricsHost, Namespace: namespace, BaseHRef: baseHRef, RootPath: rootPath, @@ -226,7 +230,9 @@ func NewCommand() *cobra.Command { command.Flags().BoolVar(&disableAuth, "disable-auth", env.ParseBoolFromEnv("ARGOCD_SERVER_DISABLE_AUTH", false), "Disable client authentication") command.Flags().BoolVar(&enableGZip, "enable-gzip", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_GZIP", false), "Enable GZIP compression") command.AddCommand(cli.NewVersionCmd(cliName)) + command.Flags().StringVar(&listenHost, "address", env.StringFromEnv("ARGOCD_SERVER_LISTEN_ADDRESS", common.DefaultAddressAPIServer), "Listen on given address") command.Flags().IntVar(&listenPort, "port", common.DefaultPortAPIServer, "Listen on given port") + command.Flags().StringVar(&metricsHost, env.StringFromEnv("ARGOCD_SERVER_METRICS_LISTEN_ADDRESS", "metrics-address"), common.DefaultAddressAPIServerMetrics, "Listen for metrics on given address") command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortArgoCDAPIServerMetrics, "Start metrics on given port") command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_SERVER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to") command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", env.ParseNumFromEnv("ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS", 60, 0, math.MaxInt64), "Repo server RPC call timeout seconds.") diff --git a/cmd/argocd/commands/admin/dashboard.go b/cmd/argocd/commands/admin/dashboard.go index 46c81a5385c9e..52a14a42d7a63 100644 --- a/cmd/argocd/commands/admin/dashboard.go +++ b/cmd/argocd/commands/admin/dashboard.go @@ -35,7 +35,7 @@ func NewDashboardCommand() *cobra.Command { } initialize.InitCommand(cmd) cmd.Flags().IntVar(&port, "port", common.DefaultPortAPIServer, "Listen on given port") - cmd.Flags().StringVar(&address, "address", common.DefaultAddressAPIServer, "Listen on given address") + cmd.Flags().StringVar(&address, "address", common.DefaultAddressAdminDashboard, "Listen on given address") cmd.Flags().StringVar(&compressionStr, "redis-compress", env.StringFromEnv("REDIS_COMPRESSION", string(cache.RedisCompressionGZip)), "Enable this if the application controller is configured with redis compression enabled. (possible values: gzip, none)") return cmd } diff --git a/common/common.go b/common/common.go index 7f8875b6041a8..b00d436b1ea50 100644 --- a/common/common.go +++ b/common/common.go @@ -53,7 +53,11 @@ const ( // DefaultAddressAPIServer for ArgoCD components const ( - DefaultAddressAPIServer = "localhost" + DefaultAddressAdminDashboard = "localhost" + DefaultAddressAPIServer = "0.0.0.0" + DefaultAddressAPIServerMetrics = "0.0.0.0" + DefaultAddressRepoServer = "0.0.0.0" + DefaultAddressRepoServerMetrics = "0.0.0.0" ) // Default paths on the pod's file system diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml index b16fbcb1b681b..4aeb9c3bbbe34 100644 --- a/docs/operator-manual/argocd-cmd-params-cm.yaml +++ b/docs/operator-manual/argocd-cmd-params-cm.yaml @@ -61,6 +61,10 @@ data: controller.kubectl.parallelism.limit: "20" ## Server properties + # Listen on given address for incoming connections (default "0.0.0.0") + server.listen.address: "0.0.0.0" + # Listen on given address for metrics (default "0.0.0.0") + server.metrics.listen.address: "0.0.0.0" # Run server without TLS server.insecure: "false" # Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/") @@ -110,6 +114,10 @@ data: server.enable.proxy.extension: "false" ## Repo-server properties + # Listen on given address for incoming connections (default "0.0.0.0") + reposerver.listen.address: "0.0.0.0" + # Listen on given address for metrics (default "0.0.0.0") + reposerver.metrics.listen.address: "0.0.0.0" # Set the logging format. One of: text|json (default "text") reposerver.log.format: "text" # Set the logging level. One of: debug|info|warn|error (default "info") diff --git a/docs/operator-manual/server-commands/argocd-repo-server.md b/docs/operator-manual/server-commands/argocd-repo-server.md index faf5a804d222b..35d8cbe8dfed5 100644 --- a/docs/operator-manual/server-commands/argocd-repo-server.md +++ b/docs/operator-manual/server-commands/argocd-repo-server.md @@ -13,6 +13,7 @@ argocd-repo-server [flags] ### Options ``` + --address string Listen on given address for incoming connections (default "0.0.0.0") --allow-oob-symlinks Allow out-of-bounds symlinks in repositories (not recommended) --default-cache-expiration duration Cache expiration default (default 24h0m0s) --disable-tls Disable TLS on the gRPC endpoint @@ -20,6 +21,7 @@ argocd-repo-server [flags] --logformat string Set the logging format. One of: text|json (default "text") --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") --max-combined-directory-manifests-size string Max combined size of manifest files in a directory-type Application (default "10M") + --metrics-address string Listen on given address for metrics (default "0.0.0.0") --metrics-port int Start metrics server on given port (default 8084) --otlp-address string OpenTelemetry collector address to send traces to --parallelismlimit int Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. diff --git a/docs/operator-manual/server-commands/argocd-server.md b/docs/operator-manual/server-commands/argocd-server.md index 7fcf0cc992a36..65a11def34848 100644 --- a/docs/operator-manual/server-commands/argocd-server.md +++ b/docs/operator-manual/server-commands/argocd-server.md @@ -13,6 +13,7 @@ argocd-server [flags] ### Options ``` + --address string Listen on given address (default "0.0.0.0") --app-state-cache-expiration duration Cache expiration for app state (default 1h0m0s) --application-namespaces strings List of additional namespaces where application resources can be managed in --as string Username to impersonate for the operation @@ -41,6 +42,7 @@ argocd-server [flags] --logformat string Set the logging format. One of: text|json (default "text") --login-attempts-expiration duration Cache expiration for failed login attempts (default 24h0m0s) --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --metrics-address string Listen for metrics on given address (default "0.0.0.0") --metrics-port int Start metrics on given port (default 8083) -n, --namespace string If present, the namespace scope for this CLI request --oidc-cache-expiration duration Cache expiration for OIDC state (default 3m0s) diff --git a/docs/operator-manual/tls.md b/docs/operator-manual/tls.md index 3b80e765f17dd..43409fc568f43 100644 --- a/docs/operator-manual/tls.md +++ b/docs/operator-manual/tls.md @@ -224,7 +224,10 @@ to not use TLS at all. In this case, you will need to: * Configure `argocd-repo-server` with TLS on the gRPC API disabled by specifying - the `--disable-tls` parameter to the pod container's startup arguments + the `--disable-tls` parameter to the pod container's startup arguments. + Also, consider restricting listening addresses to the loopback interface by specifying + `--listen 127.0.0.1` parameter, so that insecure endpoint is not exposed on + the pod's network interfaces, but still available to the side-car container. * Configure `argocd-server` and `argocd-application-controller` to not use TLS for connections to the `argocd-repo-server` by specifying the parameter `--repo-server-plaintext` to the pod container's startup arguments diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 9ced79662dd25..735f6436f6699 100644 --- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -48,6 +48,18 @@ spec: name: argocd-cmd-params-cm key: reposerver.parallelism.limit optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.listen.address + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.metrics.listen.address + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index 6cfd2c1aa5522..66c6ed384b1d2 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -197,6 +197,18 @@ spec: name: argocd-cmd-params-cm key: server.http.cookie.maxnumber optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.listen.address + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.metrics.listen.address + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index a957e1b141500..4b1b1a0bc48b4 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -16956,6 +16956,18 @@ spec: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 8527b80458cb7..f0e6de508484a 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -18400,6 +18400,18 @@ spec: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -18818,6 +18830,18 @@ spec: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 7513c1cd71c6a..63ae690617e46 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -2013,6 +2013,18 @@ spec: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -2431,6 +2443,18 @@ spec: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: diff --git a/manifests/install.yaml b/manifests/install.yaml index a0762e9b9eaf1..353c51b45f4db 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -17469,6 +17469,18 @@ spec: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -17880,6 +17892,18 @@ spec: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 85fd7bed72f71..e82dbe60eec1b 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -1082,6 +1082,18 @@ spec: key: reposerver.parallelism.limit name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -1493,6 +1505,18 @@ spec: key: server.http.cookie.maxnumber name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: diff --git a/server/server.go b/server/server.go index 4f70e415e4d13..1b490a12fe1be 100644 --- a/server/server.go +++ b/server/server.go @@ -202,7 +202,9 @@ type ArgoCDServerOpts struct { Insecure bool StaticAssetsDir string ListenPort int + ListenHost string MetricsPort int + MetricsHost string Namespace string DexServerAddr string DexTLSConfig *dex.DexTLSConfig @@ -216,7 +218,6 @@ type ArgoCDServerOpts struct { TLSConfigCustomizer tlsutil.ConfigCustomizer XFrameOptions string ContentSecurityPolicy string - ListenHost string ApplicationNamespaces []string EnableProxyExtension bool } @@ -447,7 +448,7 @@ func (a *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) { httpsS.Handler = &bug21955Workaround{handler: httpsS.Handler} } - metricsServ := metrics.NewMetricsServer(a.ListenHost, a.MetricsPort) + metricsServ := metrics.NewMetricsServer(a.MetricsHost, a.MetricsPort) if a.RedisClient != nil { cacheutil.CollectMetrics(a.RedisClient, metricsServ) } From 41c16eee00c65be7f6de53945e42baf941e3a866 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 10:20:48 -0400 Subject: [PATCH 051/252] chore(deps): bump golang.org/x/crypto from 0.6.0 to 0.9.0 (#13803) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.9.0. - [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 14 +++++++------- go.sum | 21 ++++++++++++++------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index b653ff86175da..68274babe775b 100644 --- a/go.mod +++ b/go.mod @@ -75,10 +75,10 @@ require ( go.opentelemetry.io/otel v1.11.1 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.1 go.opentelemetry.io/otel/sdk v1.11.1 - golang.org/x/crypto v0.6.0 + golang.org/x/crypto v0.9.0 golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 golang.org/x/sync v0.1.0 - golang.org/x/term v0.5.0 + golang.org/x/term v0.8.0 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 google.golang.org/grpc v1.51.0 google.golang.org/protobuf v1.28.1 @@ -222,12 +222,12 @@ require ( go.opentelemetry.io/otel/trace v1.11.1 // indirect go.opentelemetry.io/proto/otlp v0.19.0 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/mod v0.7.0 // indirect - golang.org/x/net v0.7.0 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/net v0.10.0 // indirect + golang.org/x/sys v0.8.0 // indirect + golang.org/x/text v0.9.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.4.0 // indirect + golang.org/x/tools v0.6.0 // indirect gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect gomodules.xyz/notify v0.1.1 // indirect diff --git a/go.sum b/go.sum index 1686d2ccbd6ff..c3c525c980a10 100644 --- a/go.sum +++ b/go.sum @@ -1164,8 +1164,9 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1214,8 +1215,9 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= -golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1284,8 +1286,9 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180227000427-d7d64896b5ff/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1449,8 +1452,9 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1458,8 +1462,9 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1472,8 +1477,9 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1553,8 +1559,9 @@ golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 3b73678993b67cb3194c69e868c78d068bcffbe8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 15:31:24 +0000 Subject: [PATCH 052/252] chore(deps): bump github.com/bradleyfalzon/ghinstallation/v2 (#13804) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.4.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.1.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 25 +++++++++++++++++-------- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 68274babe775b..4d3bf718af490 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/aws/aws-sdk-go v1.44.271 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 github.com/casbin/casbin/v2 v2.60.0 github.com/coreos/go-oidc/v3 v3.4.0 github.com/dustin/go-humanize v1.0.0 @@ -31,7 +31,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/gogits/go-gogs-client v0.0.0-20190616193657-5a05380e4bc2 github.com/gogo/protobuf v1.3.2 - github.com/golang-jwt/jwt/v4 v4.4.3 + github.com/golang-jwt/jwt/v4 v4.5.0 github.com/golang/protobuf v1.5.2 github.com/google/go-cmp v0.5.9 github.com/google/go-github/v35 v35.3.0 @@ -76,7 +76,7 @@ require ( go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.1 go.opentelemetry.io/otel/sdk v1.11.1 golang.org/x/crypto v0.9.0 - golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 + golang.org/x/oauth2 v0.7.0 golang.org/x/sync v0.1.0 golang.org/x/term v0.8.0 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 @@ -155,7 +155,7 @@ require ( github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-github/v41 v41.0.0 // indirect - github.com/google/go-github/v45 v45.2.0 // indirect + github.com/google/go-github/v52 v52.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/gosimple/unidecode v1.0.1 // indirect diff --git a/go.sum b/go.sum index c3c525c980a10..5dd2b76168db3 100644 --- a/go.sum +++ b/go.sum @@ -43,6 +43,7 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= @@ -174,8 +175,8 @@ github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTS github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= -github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 h1:5+NghM1Zred9Z078QEZtm28G/kfDfZN/92gkDlLwGVA= -github.com/bradleyfalzon/ghinstallation/v2 v2.1.0/go.mod h1:Xg3xPRN5Mcq6GDqeUVhFbjEWMb4JHCyWEeeBGEYQoTU= +github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 h1:zYSzkoIwekCQAr6GT6KxISLt4YRS6kd4/ixfzMN+7yc= +github.com/bradleyfalzon/ghinstallation/v2 v2.4.0/go.mod h1:4MwZLSgBJJgg4i3nJwZJ95AMooSqN8fJDmegLVn9Q2U= github.com/bsm/ginkgo/v2 v2.5.0 h1:aOAnND1T40wEdAtkGSkvSICWeQ8L3UASX7YVCqQx+eQ= github.com/bsm/gomega v1.20.0 h1:JhAwLmtRzXFTx2AkALSLa8ijZafntmhSoU63Ok18Uq8= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= @@ -453,9 +454,8 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU= -github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= @@ -510,8 +510,8 @@ github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTL github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio= github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= -github.com/google/go-github/v45 v45.2.0 h1:5oRLszbrkvxDDqBCNj2hjDZMKmvexaZ1xw/FCD+K3FI= -github.com/google/go-github/v45 v45.2.0/go.mod h1:FObaZJEDSTa/WGCzZ2Z3eoCDXWJKMenWWTrd8jrta28= +github.com/google/go-github/v52 v52.0.0 h1:uyGWOY+jMQ8GVGSX8dkSwCzlehU3WfdxQ7GweO/JP7M= +github.com/google/go-github/v52 v52.0.0/go.mod h1:WJV6VEEUPuMo5pXqqa2ZCZEdbQqua4zAk2MZTIo+m+4= github.com/google/go-jsonnet v0.19.1 h1:MORxkrG0elylUqh36R4AcSPX0oZQa9hvI3lroN+kDhs= github.com/google/go-jsonnet v0.19.1/go.mod h1:5JVT33JVCoehdTj5Z2KJq1eIdt3Nb8PCmZ+W5D8U350= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= @@ -1165,6 +1165,7 @@ golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1287,6 +1288,8 @@ golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180227000427-d7d64896b5ff/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1312,8 +1315,9 @@ golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= -golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8= golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1453,6 +1457,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1463,6 +1469,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1478,6 +1486,7 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 834d01e6e08670bdfd45fab615a6148005125f52 Mon Sep 17 00:00:00 2001 From: Nicholas Orlowsky Date: Mon, 29 May 2023 10:59:17 -0500 Subject: [PATCH 053/252] fix(ui): set arrow into negative space in pod-terminal-viewer (#13060) Signed-off-by: Nicholas Orlowsky Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .../components/pod-terminal-viewer/pod-terminal-viewer.scss | 4 ++++ .../components/pod-terminal-viewer/pod-terminal-viewer.tsx | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.scss b/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.scss index 6190cd23c02e0..3ce4575be2c45 100644 --- a/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.scss +++ b/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.scss @@ -5,3 +5,7 @@ padding: 10px 20px; } } + +.negative-space-arrow { + margin-left: -10px; +} \ No newline at end of file diff --git a/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.tsx b/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.tsx index 62080741c249f..9fe2cf248e024 100644 --- a/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.tsx +++ b/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.tsx @@ -241,7 +241,7 @@ export const PodTerminalViewer: React.FC = ({ onClickContainer(group, i, 'exec'); } }}> - {container.name === containerName && } + {container.name === containerName && } {container.name}
    ))} From 9fa2901ad989d47386e0f7c67ef6ded67f0616d6 Mon Sep 17 00:00:00 2001 From: Pierre Lebrun Date: Mon, 29 May 2023 17:59:37 +0200 Subject: [PATCH 054/252] docs: Update health documentation (#12996) Signed-off-by: Pierre Lebrun --- docs/operator-manual/health.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/operator-manual/health.md b/docs/operator-manual/health.md index 4afa5882dca7b..ad37e06437e17 100644 --- a/docs/operator-manual/health.md +++ b/docs/operator-manual/health.md @@ -137,9 +137,11 @@ setting `resource.customizations.useOpenLibs.`. In the following exa ```yaml data: - resource.customizations.useOpenLibs.cert-manager.io_Certificate: "true" - resource.customizations.health.cert-manager.io_Certificate: - -- Lua standard libraries are enabled for this script + resource.customizations: | + cert-manager.io/Certificate: + health.lua.useOpenLibs: true + health.lua: | + # Lua standard libraries are enabled for this script ``` ### Way 2. Contribute a Custom Health Check From 7192eabaf4715f73eeb2e132df95d3a15762cd09 Mon Sep 17 00:00:00 2001 From: Mmadu Manasseh Date: Mon, 29 May 2023 17:17:50 +0100 Subject: [PATCH 055/252] feat(appset): Add argocd.argoproj.io/application-set-name to rendered appset applications (#13456) * Add app.kubernetes.io/appset-instance to rendered applications Signed-off-by: Mmadu Manasseh * initialize labels map if nil Signed-off-by: Mmadu Manasseh * Fix tests Signed-off-by: Mmadu Manasseh * Fix tests Signed-off-by: Mmadu Manasseh * Fix tests Signed-off-by: Mmadu Manasseh * fix tests Signed-off-by: Mmadu Manasseh * Fix tests Signed-off-by: Mmadu Manasseh * Updated label ->argocd.argoproj.io/application-set-name Signed-off-by: Mmadu Manasseh --------- Signed-off-by: Mmadu Manasseh --- .../controllers/applicationset_controller.go | 8 ++ .../applicationset_controller_test.go | 38 +++++---- test/e2e/applicationset_test.go | 79 ++++++++++++++++--- test/e2e/cluster_generator_test.go | 22 +++++- test/e2e/clusterdecisiongenerator_e2e_test.go | 17 +++- test/e2e/matrix_e2e_test.go | 16 +++- test/e2e/merge_e2e_test.go | 16 +++- 7 files changed, 165 insertions(+), 31 deletions(-) diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 8210433723da1..5bf591bdc1a63 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -57,6 +57,10 @@ const ( // https://github.com/argoproj-labs/argocd-notifications/blob/33d345fa838829bb50fca5c08523aba380d2c12b/pkg/controller/state.go#L17 NotifiedAnnotationKey = "notified.notifications.argoproj.io" ReconcileRequeueOnValidationError = time.Minute * 3 + + // LabelKeyAppSetInstance is the label key to use to uniquely identify the apps of an applicationset + // The ArgoCD applicationset name is used as the instance name + LabelKeyAppSetInstance = "argocd.argoproj.io/application-set-name" ) var ( @@ -504,6 +508,10 @@ func (r *ApplicationSetReconciler) generateApplications(applicationSetInfo argov for _, a := range t { tmplApplication := getTempApplication(a.Template) + if tmplApplication.Labels == nil { + tmplApplication.Labels = make(map[string]string) + } + tmplApplication.Labels[LabelKeyAppSetInstance] = applicationSetInfo.Name for _, p := range a.Params { app, err := r.Renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate) diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index 7ccf6d4c17a10..7084ed847827a 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -164,11 +164,14 @@ func TestExtractApplications(t *testing.T) { if cc.generateParamsError == nil { for _, p := range cc.params { + tmpApplication := getTempApplication(cc.template) + tmpApplication.Labels[LabelKeyAppSetInstance] = appSet.Name + if cc.rendererError != nil { - rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false). + rendererMock.On("RenderTemplateParams", tmpApplication, p, false). Return(nil, cc.rendererError) } else { - rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false). + rendererMock.On("RenderTemplateParams", tmpApplication, p, false). Return(&app, nil) expectedApps = append(expectedApps, app) } @@ -285,7 +288,21 @@ func TestMergeTemplateApplications(t *testing.T) { rendererMock := rendererMock{} - rendererMock.On("RenderTemplateParams", getTempApplication(cc.expectedMerged), cc.params[0], false). + appSet := &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "namespace", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{generator}, + Template: cc.template, + }, + } + + tmpApplication := getTempApplication(cc.expectedMerged) + tmpApplication.Labels[LabelKeyAppSetInstance] = appSet.Name + + rendererMock.On("RenderTemplateParams", tmpApplication, cc.params[0], false). Return(&cc.expectedApps[0], nil) r := ApplicationSetReconciler{ @@ -299,17 +316,7 @@ func TestMergeTemplateApplications(t *testing.T) { KubeClientset: kubefake.NewSimpleClientset(), } - got, _, _ := r.generateApplications(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "namespace", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Generators: []v1alpha1.ApplicationSetGenerator{generator}, - Template: cc.template, - }, - }, - ) + got, _, _ := r.generateApplications(*appSet) assert.Equal(t, cc.expectedApps, got) }) @@ -2041,7 +2048,8 @@ func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "AppSet-branch1-1", Labels: map[string]string{ - "app1": "label1", + "app1": "label1", + LabelKeyAppSetInstance: "", }, }, Spec: v1alpha1.ApplicationSpec{ diff --git a/test/e2e/applicationset_test.go b/test/e2e/applicationset_test.go index 04a3df65bade5..0deedbd0dec98 100644 --- a/test/e2e/applicationset_test.go +++ b/test/e2e/applicationset_test.go @@ -43,6 +43,7 @@ var ( Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, }, } + LabelKeyAppSetInstance = "argocd.argoproj.io/application-set-name" ) func TestSimpleListGenerator(t *testing.T) { @@ -53,8 +54,11 @@ func TestSimpleListGenerator(t *testing.T) { APIVersion: "argoproj.io/v1alpha1", }, ObjectMeta: metav1.ObjectMeta{ - Name: "my-cluster-guestbook", - Namespace: fixture.TestNamespace(), + Name: "my-cluster-guestbook", + Namespace: fixture.TestNamespace(), + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + }, Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, }, Spec: argov1alpha1.ApplicationSpec{ @@ -121,7 +125,10 @@ func TestSimpleListGenerator(t *testing.T) { And(func() { expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + "label-key": "label-value", + } }). Update(func(appset *v1alpha1.ApplicationSet) { appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} @@ -148,6 +155,9 @@ func TestSimpleListGeneratorGoTemplate(t *testing.T) { Name: "my-cluster-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -214,7 +224,10 @@ func TestSimpleListGeneratorGoTemplate(t *testing.T) { And(func() { expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + "label-key": "label-value", + } }). Update(func(appset *v1alpha1.ApplicationSet) { appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} @@ -241,6 +254,9 @@ func TestSimpleGitDirectoryGenerator(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -322,7 +338,10 @@ func TestSimpleGitDirectoryGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + "label-key": "label-value", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -350,6 +369,9 @@ func TestSimpleGitDirectoryGeneratorGoTemplate(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -432,7 +454,10 @@ func TestSimpleGitDirectoryGeneratorGoTemplate(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + "label-key": "label-value", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -461,6 +486,9 @@ func TestSimpleGitFilesGenerator(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -541,7 +569,10 @@ func TestSimpleGitFilesGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + "label-key": "label-value", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -570,6 +601,9 @@ func TestSimpleGitFilesGeneratorGoTemplate(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -651,7 +685,10 @@ func TestSimpleGitFilesGeneratorGoTemplate(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator", + "label-key": "label-value", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -993,6 +1030,9 @@ func TestSimpleSCMProviderGenerator(t *testing.T) { Name: "argo-cd-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-scm-provider-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1066,6 +1106,9 @@ func TestSimpleSCMProviderGeneratorGoTemplate(t *testing.T) { Name: "argo-cd-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-scm-provider-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1135,6 +1178,9 @@ func TestCustomApplicationFinalizers(t *testing.T) { Name: "my-cluster-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io/background"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1201,6 +1247,9 @@ func TestCustomApplicationFinalizersGoTemplate(t *testing.T) { Name: "my-cluster-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io/background"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-list-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1305,6 +1354,9 @@ func TestSimplePullRequestGenerator(t *testing.T) { Name: "guestbook-1", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-pull-request-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1380,7 +1432,10 @@ func TestSimplePullRequestGeneratorGoTemplate(t *testing.T) { Name: "guestbook-1", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, - Labels: map[string]string{"app": "preview"}, + Labels: map[string]string{ + "app": "preview", + LabelKeyAppSetInstance: "simple-pull-request-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1456,6 +1511,9 @@ func TestGitGeneratorPrivateRepo(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator-private", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -1531,6 +1589,9 @@ func TestGitGeneratorPrivateRepoGoTemplate(t *testing.T) { Name: name, Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-git-generator-private", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", diff --git a/test/e2e/cluster_generator_test.go b/test/e2e/cluster_generator_test.go index 260f85c9e8ab0..4906ba9a4f641 100644 --- a/test/e2e/cluster_generator_test.go +++ b/test/e2e/cluster_generator_test.go @@ -26,6 +26,9 @@ func TestSimpleClusterGenerator(t *testing.T) { Name: "cluster1-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -97,7 +100,10 @@ func TestSimpleClusterGenerator(t *testing.T) { And(func() { expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + "label-key": "label-value", + } }). Update(func(appset *v1alpha1.ApplicationSet) { appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} @@ -119,6 +125,9 @@ func TestClusterGeneratorWithLocalCluster(t *testing.T) { Name: "in-cluster-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "in-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -211,7 +220,10 @@ func TestClusterGeneratorWithLocalCluster(t *testing.T) { And(func() { expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "in-cluster-generator", + } }). Update(func(appset *v1alpha1.ApplicationSet) { appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} @@ -236,6 +248,9 @@ func TestSimpleClusterGeneratorAddingCluster(t *testing.T) { Name: "{{name}}-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -318,6 +333,9 @@ func TestSimpleClusterGeneratorDeletingCluster(t *testing.T) { Name: "{{name}}-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", diff --git a/test/e2e/clusterdecisiongenerator_e2e_test.go b/test/e2e/clusterdecisiongenerator_e2e_test.go index 6ead361e9429b..df5e753e3e032 100644 --- a/test/e2e/clusterdecisiongenerator_e2e_test.go +++ b/test/e2e/clusterdecisiongenerator_e2e_test.go @@ -27,6 +27,9 @@ func TestSimpleClusterDecisionResourceGenerator(t *testing.T) { Name: "cluster1-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -106,7 +109,10 @@ func TestSimpleClusterDecisionResourceGenerator(t *testing.T) { And(func() { expectedAppNewMetadata = expectedAppNewNamespace.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + "label-key": "label-value", + } }). Update(func(appset *v1alpha1.ApplicationSet) { appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} @@ -129,6 +135,9 @@ func TestSimpleClusterDecisionResourceGeneratorAddingCluster(t *testing.T) { Name: "{{name}}-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -224,6 +233,9 @@ func TestSimpleClusterDecisionResourceGeneratorDeletingClusterSecret(t *testing. Name: "{{name}}-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -321,6 +333,9 @@ func TestSimpleClusterDecisionResourceGeneratorDeletingClusterFromResource(t *te Name: "{{name}}-guestbook", Namespace: fixture.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "simple-cluster-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", diff --git a/test/e2e/matrix_e2e_test.go b/test/e2e/matrix_e2e_test.go index 02e9b60c7a6b2..891cd5e67ed35 100644 --- a/test/e2e/matrix_e2e_test.go +++ b/test/e2e/matrix_e2e_test.go @@ -26,6 +26,9 @@ func TestListMatrixGenerator(t *testing.T) { Name: fmt.Sprintf("%s-%s", cluster, name), Namespace: utils.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "matrix-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -125,7 +128,10 @@ func TestListMatrixGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "matrix-generator", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -150,6 +156,9 @@ func TestClusterMatrixGenerator(t *testing.T) { Name: fmt.Sprintf("%s-%s", cluster, name), Namespace: utils.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "matrix-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -252,7 +261,10 @@ func TestClusterMatrixGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "matrix-generator", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). diff --git a/test/e2e/merge_e2e_test.go b/test/e2e/merge_e2e_test.go index e2a695bea7be0..3f23e3d42640d 100644 --- a/test/e2e/merge_e2e_test.go +++ b/test/e2e/merge_e2e_test.go @@ -27,6 +27,9 @@ func TestListMergeGenerator(t *testing.T) { Name: fmt.Sprintf("%s-%s", name, nameSuffix), Namespace: utils.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "merge-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -122,7 +125,10 @@ func TestListMergeGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "merge-generator", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). @@ -147,6 +153,9 @@ func TestClusterMergeGenerator(t *testing.T) { Name: fmt.Sprintf("%s-%s-%s", cluster, name, nameSuffix), Namespace: utils.TestNamespace(), Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + Labels: map[string]string{ + LabelKeyAppSetInstance: "merge-generator", + }, }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", @@ -267,7 +276,10 @@ func TestClusterMergeGenerator(t *testing.T) { for _, expectedApp := range expectedAppsNewNamespace { expectedAppNewMetadata := expectedApp.DeepCopy() expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{ + "label-key": "label-value", + LabelKeyAppSetInstance: "merge-generator", + } expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) } }). From e4a7c2efbe6f2c631b6b19c4d6cb0fcb7f480a4c Mon Sep 17 00:00:00 2001 From: Murat Akdeniz Date: Mon, 29 May 2023 18:49:28 +0200 Subject: [PATCH 056/252] docs: Add Mono Repo Usage (#9556) * doc:notifications triggers Signed-off-by: Murat Akdeniz * a small tweak Signed-off-by: Murat Akdeniz --------- Signed-off-by: Murat Akdeniz --- docs/operator-manual/notifications/triggers.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/operator-manual/notifications/triggers.md b/docs/operator-manual/notifications/triggers.md index aecaee81b80c6..c5fe7aa68967f 100644 --- a/docs/operator-manual/notifications/triggers.md +++ b/docs/operator-manual/notifications/triggers.md @@ -28,7 +28,6 @@ The end users just need to subscribe to the trigger and specify the notification triggers might include multiple conditions with a different set of templates for each condition. For example, the following trigger covers all stages of sync status operation and use a different template for different cases: - ```yaml apiVersion: v1 kind: ConfigMap @@ -66,6 +65,10 @@ data: send: [app-sync-succeeded] ``` +**Mono Repo Usage** + +When one repo is used to sync multiple applications, the `oncePer: app.status.sync.revision` field will trigger a notification for each commit. For mono repos, the better approach will be using `oncePer: app.status.operationState.syncResult.revision` statement. This way a notification will be sent only for a particular Application's revision. + ### oncePer The `oncePer` filed is supported like as follows. From dfa80652ee089d7a3ffbe3aaad7b66bb132c543e Mon Sep 17 00:00:00 2001 From: Shoubhik Bose Date: Mon, 29 May 2023 13:09:08 -0400 Subject: [PATCH 057/252] fix: remove rolebinding for missing role (#7510) Signed-off-by: Shoubhik Bose Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .../base/redis/argocd-redis-rolebinding.yaml | 15 --------------- manifests/base/redis/kustomization.yaml | 1 - manifests/core-install.yaml | 16 ---------------- manifests/install.yaml | 16 ---------------- manifests/namespace-install.yaml | 16 ---------------- reposerver/repository/repository_test.go | 2 +- 6 files changed, 1 insertion(+), 65 deletions(-) delete mode 100644 manifests/base/redis/argocd-redis-rolebinding.yaml diff --git a/manifests/base/redis/argocd-redis-rolebinding.yaml b/manifests/base/redis/argocd-redis-rolebinding.yaml deleted file mode 100644 index 87caaa2cd6f57..0000000000000 --- a/manifests/base/redis/argocd-redis-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-redis -subjects: -- kind: ServiceAccount - name: argocd-redis diff --git a/manifests/base/redis/kustomization.yaml b/manifests/base/redis/kustomization.yaml index 95553fe464753..4a0b64c4da6a8 100644 --- a/manifests/base/redis/kustomization.yaml +++ b/manifests/base/redis/kustomization.yaml @@ -3,7 +3,6 @@ kind: Kustomization resources: - argocd-redis-deployment.yaml -- argocd-redis-rolebinding.yaml - argocd-redis-sa.yaml - argocd-redis-service.yaml - argocd-redis-network-policy.yaml diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 4b1b1a0bc48b4..ec0fb85ace9de 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -16487,22 +16487,6 @@ subjects: name: argocd-applicationset-controller --- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-redis -subjects: -- kind: ServiceAccount - name: argocd-redis ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: diff --git a/manifests/install.yaml b/manifests/install.yaml index 353c51b45f4db..5b7a23bca27fc 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -16694,22 +16694,6 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-redis -subjects: -- kind: ServiceAccount - name: argocd-redis ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding metadata: labels: app.kubernetes.io/component: server diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index e82dbe60eec1b..0404924961c95 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -341,22 +341,6 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-redis -subjects: -- kind: ServiceAccount - name: argocd-redis ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding metadata: labels: app.kubernetes.io/component: server diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 6d4ae3127cb71..0e53aa837d3ad 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -160,7 +160,7 @@ func TestGenerateYamlManifestInDir(t *testing.T) { } // update this value if we add/remove manifests - const countOfManifests = 49 + const countOfManifests = 48 res1, err := service.GenerateManifest(context.Background(), &q) From 4c982b22a5e2183723cf7a71825e78d5f0f98325 Mon Sep 17 00:00:00 2001 From: Shyukri Shyukriev <50396675+shuker85@users.noreply.github.com> Date: Mon, 29 May 2023 20:49:39 +0300 Subject: [PATCH 058/252] fix(appset): ArgoCD admin cmd: handle applicationsets RBAC (#11997) Fixes [#11996] Adding more tests on logs/exec Signed-off-by: Shyukri Shyukriev Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- cmd/argocd/commands/admin/settings_rbac.go | 58 ++++++++++--------- .../commands/admin/settings_rbac_test.go | 39 ++++++++++++- .../admin/testdata/rbac/argocd-rbac-cm.yaml | 2 + .../commands/admin/testdata/rbac/policy.csv | 2 + 4 files changed, 72 insertions(+), 29 deletions(-) diff --git a/cmd/argocd/commands/admin/settings_rbac.go b/cmd/argocd/commands/admin/settings_rbac.go index 3b458c6f88f16..6164aa910a6e4 100644 --- a/cmd/argocd/commands/admin/settings_rbac.go +++ b/cmd/argocd/commands/admin/settings_rbac.go @@ -22,38 +22,40 @@ import ( // Provide a mapping of short-hand resource names to their RBAC counterparts var resourceMap map[string]string = map[string]string{ - "account": rbacpolicy.ResourceAccounts, - "app": rbacpolicy.ResourceApplications, - "apps": rbacpolicy.ResourceApplications, - "application": rbacpolicy.ResourceApplications, - "cert": rbacpolicy.ResourceCertificates, - "certs": rbacpolicy.ResourceCertificates, - "certificate": rbacpolicy.ResourceCertificates, - "cluster": rbacpolicy.ResourceClusters, - "gpgkey": rbacpolicy.ResourceGPGKeys, - "key": rbacpolicy.ResourceGPGKeys, - "log": rbacpolicy.ResourceLogs, - "logs": rbacpolicy.ResourceLogs, - "exec": rbacpolicy.ResourceExec, - "proj": rbacpolicy.ResourceProjects, - "projs": rbacpolicy.ResourceProjects, - "project": rbacpolicy.ResourceProjects, - "repo": rbacpolicy.ResourceRepositories, - "repos": rbacpolicy.ResourceRepositories, - "repository": rbacpolicy.ResourceRepositories, + "account": rbacpolicy.ResourceAccounts, + "app": rbacpolicy.ResourceApplications, + "apps": rbacpolicy.ResourceApplications, + "application": rbacpolicy.ResourceApplications, + "applicationsets": rbacpolicy.ResourceApplicationSets, + "cert": rbacpolicy.ResourceCertificates, + "certs": rbacpolicy.ResourceCertificates, + "certificate": rbacpolicy.ResourceCertificates, + "cluster": rbacpolicy.ResourceClusters, + "gpgkey": rbacpolicy.ResourceGPGKeys, + "key": rbacpolicy.ResourceGPGKeys, + "log": rbacpolicy.ResourceLogs, + "logs": rbacpolicy.ResourceLogs, + "exec": rbacpolicy.ResourceExec, + "proj": rbacpolicy.ResourceProjects, + "projs": rbacpolicy.ResourceProjects, + "project": rbacpolicy.ResourceProjects, + "repo": rbacpolicy.ResourceRepositories, + "repos": rbacpolicy.ResourceRepositories, + "repository": rbacpolicy.ResourceRepositories, } // List of allowed RBAC resources var validRBACResources map[string]bool = map[string]bool{ - rbacpolicy.ResourceAccounts: true, - rbacpolicy.ResourceApplications: true, - rbacpolicy.ResourceCertificates: true, - rbacpolicy.ResourceClusters: true, - rbacpolicy.ResourceGPGKeys: true, - rbacpolicy.ResourceLogs: true, - rbacpolicy.ResourceExec: true, - rbacpolicy.ResourceProjects: true, - rbacpolicy.ResourceRepositories: true, + rbacpolicy.ResourceAccounts: true, + rbacpolicy.ResourceApplications: true, + rbacpolicy.ResourceApplicationSets: true, + rbacpolicy.ResourceCertificates: true, + rbacpolicy.ResourceClusters: true, + rbacpolicy.ResourceGPGKeys: true, + rbacpolicy.ResourceLogs: true, + rbacpolicy.ResourceExec: true, + rbacpolicy.ResourceProjects: true, + rbacpolicy.ResourceRepositories: true, } // List of allowed RBAC actions diff --git a/cmd/argocd/commands/admin/settings_rbac_test.go b/cmd/argocd/commands/admin/settings_rbac_test.go index 93601eed1d303..e53a5ed6da1f9 100644 --- a/cmd/argocd/commands/admin/settings_rbac_test.go +++ b/cmd/argocd/commands/admin/settings_rbac_test.go @@ -102,6 +102,22 @@ func Test_PolicyFromK8s(t *testing.T) { ok := checkPolicy("role:user", "get", "certificates", ".*", assets.BuiltinPolicyCSV, uPol, "role:readonly", "regex", true) require.False(t, ok) }) + t.Run("get logs", func(t *testing.T) { + ok := checkPolicy("role:test", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + require.True(t, ok) + }) + t.Run("create exec", func(t *testing.T) { + ok := checkPolicy("role:test", "create", "exec", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + require.True(t, ok) + }) + t.Run("create applicationsets", func(t *testing.T) { + ok := checkPolicy("role:user", "create", "applicationsets", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + require.True(t, ok) + }) + t.Run("delete applicationsets", func(t *testing.T) { + ok := checkPolicy("role:user", "delete", "applicationsets", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + require.True(t, ok) + }) } func Test_PolicyFromK8sUsingRegex(t *testing.T) { @@ -111,7 +127,12 @@ func Test_PolicyFromK8sUsingRegex(t *testing.T) { p, role:user, clusters, get, .+, allow p, role:user, clusters, get, https://kubernetes.*, deny p, role:user, applications, get, .*, allow -p, role:user, applications, create, .*/.*, allow` +p, role:user, applications, create, .*/.*, allow +p, role:user, applicationsets, create, .*/.*, allow +p, role:user, applicationsets, delete, .*/.*, allow +p, role:user, logs, get, .*/.*, allow +p, role:user, exec, create, .*/.*, allow +` kubeclientset := fake.NewSimpleClientset(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -157,4 +178,20 @@ p, role:, certificates, get, .*, allow` ok := checkPolicy("role:user", "get", "certificates", ".+", builtInPolicy, uPol, dRole, "glob", true) require.False(t, ok) }) + t.Run("get logs via glob match mode", func(t *testing.T) { + ok := checkPolicy("role:user", "get", "logs", ".*/.*", builtInPolicy, uPol, dRole, "glob", true) + require.True(t, ok) + }) + t.Run("create exec", func(t *testing.T) { + ok := checkPolicy("role:user", "create", "exec", ".*/.*", builtInPolicy, uPol, dRole, "regex", true) + require.True(t, ok) + }) + t.Run("create applicationsets", func(t *testing.T) { + ok := checkPolicy("role:user", "create", "applicationsets", ".*/.*", builtInPolicy, uPol, dRole, "regex", true) + require.True(t, ok) + }) + t.Run("delete applicationsets", func(t *testing.T) { + ok := checkPolicy("role:user", "delete", "applicationsets", ".*/.*", builtInPolicy, uPol, dRole, "regex", true) + require.True(t, ok) + }) } diff --git a/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml b/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml index 06cb30e8df665..bf947fb8b7110 100644 --- a/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml +++ b/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml @@ -8,6 +8,8 @@ data: p, role:user, applications, create, */*, allow p, role:user, applications, delete, *, allow p, role:user, applications, delete, */guestbook, deny + p, role:user, applicationsets, create, */*, allow + p, role:user, applicationsets, delete, */*, allow p, role:user, logs, get, */*, allow g, test, role:user policy.default: role:unknown diff --git a/cmd/argocd/commands/admin/testdata/rbac/policy.csv b/cmd/argocd/commands/admin/testdata/rbac/policy.csv index a92060ec3b4fe..b18d0904f5f60 100644 --- a/cmd/argocd/commands/admin/testdata/rbac/policy.csv +++ b/cmd/argocd/commands/admin/testdata/rbac/policy.csv @@ -5,6 +5,8 @@ p, role:user, applications, get, *, allow p, role:user, applications, create, */*, allow p, role:user, applications, delete, *, allow p, role:user, applications, delete, */guestbook, deny +p, role:user, applicationsets, create, */*, allow +p, role:user, applicationsets, delete, */*, allow p, role:test, certificates, get, *, allow p, role:test, logs, get, */*, allow p, role:test, exec, create, */*, allow From 01a1ada7b76d569eb06a730e6e1191fa33e0eaf5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 16:07:36 -0400 Subject: [PATCH 059/252] chore(deps): bump foundation-sites from 6.7.4 to 6.7.5 in /ui (#13806) Bumps [foundation-sites](https://github.com/foundation/foundation-sites) from 6.7.4 to 6.7.5. - [Release notes](https://github.com/foundation/foundation-sites/releases) - [Commits](https://github.com/foundation/foundation-sites/compare/v6.7.4...v6.7.5) --- updated-dependencies: - dependency-name: foundation-sites dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- ui/package.json | 2 +- ui/yarn.lock | 13 ++++--------- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/ui/package.json b/ui/package.json index 1a414729f960c..7fa13a62a526f 100644 --- a/ui/package.json +++ b/ui/package.json @@ -22,7 +22,7 @@ "dagre": "^0.8.5", "date-fns": "^2.30.0", "deepmerge": "^3.2.0", - "foundation-sites": "^6.7.4", + "foundation-sites": "^6.7.5", "git-url-parse": "^13.1.0", "history": "^4.7.2", "js-yaml": "^3.14.1", diff --git a/ui/yarn.lock b/ui/yarn.lock index 789a99a74c767..bc2365f8ad2e2 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -4551,15 +4551,10 @@ forwarded@0.2.0: resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811" integrity sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow== -foundation-sites@^6.4.3: - version "6.5.3" - resolved "https://registry.yarnpkg.com/foundation-sites/-/foundation-sites-6.5.3.tgz#85373aaed72233ca0d16fdfcb034e976cc6943c9" - integrity sha512-ZwI0idjHHjezh6jRjpPxkczvmtUuJ1uGatZHpyloX0MvsFHfM0BFoxrqdXryXugGPdmb+yJi3JYMnz6+5t3K1A== - -foundation-sites@^6.7.4: - version "6.7.4" - resolved "https://registry.yarnpkg.com/foundation-sites/-/foundation-sites-6.7.4.tgz#495ddb3b7014ae33df3bf7cc1f9fe74b2cfd572e" - integrity sha512-2QPaZJ0Od0DyklhQyKC3zPbr8AAUXSkr1scZJrQTgj/KTLresuCgUBfi7ft32NlOWhuqVXisjOgTE8N5EPS3cg== +foundation-sites@^6.4.3, foundation-sites@^6.7.5: + version "6.7.5" + resolved "https://registry.yarnpkg.com/foundation-sites/-/foundation-sites-6.7.5.tgz#6bc2bdd06819e6ed4d7fd8e3090246a0b6ac81c0" + integrity sha512-MEjAENdF/IV2XQvlQmg20o+iDTyyWu0N/j440e8fKbEylbKxARzgg5S7vcnxtjukC1Lqg+rRm7ZDSSyGhVVoUQ== fragment-cache@^0.2.1: version "0.2.1" From 550b498de1f1ba11c02a065bbabb8f35afaeabc3 Mon Sep 17 00:00:00 2001 From: Terrence Benade Date: Tue, 30 May 2023 06:08:24 +1000 Subject: [PATCH 060/252] docs: update USERS.md with the addition of seek.com.au (#13297) * Update USERS.md Adding SEEK.com.au as users Signed-off-by: Terrence Benade * fix numbering Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Terrence Benade Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index 0b6c73bf23636..7225e11cedf23 100644 --- a/USERS.md +++ b/USERS.md @@ -227,6 +227,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Sap Labs](http://sap.com) 1. [Sauce Labs](https://saucelabs.com/) 1. [Schwarz IT](https://jobs.schwarz/it-mission) +1. [SEEK](https://seek.com.au) 1. [SI Analytics](https://si-analytics.ai) 1. [Skit](https://skit.ai/) 1. [Skyscanner](https://www.skyscanner.net/) From 8a16fcb4afc169843289a887ee1a410d81eee865 Mon Sep 17 00:00:00 2001 From: ajinkyak423 Date: Tue, 30 May 2023 01:38:41 +0530 Subject: [PATCH 061/252] docs: added command to add environmental PATH (#13240) Added CLI command for adding Argo CD in environmental variables PATH in Windows When Argo CD Is installed using PowerShell in Windows it is required to add an environment variable for getting started this command can be readily used to add it and start using ```argocd``` command. Signed-off-by: ajinkyak423 Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/cli_installation.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/cli_installation.md b/docs/cli_installation.md index 639a9317639fe..42938bcd751ba 100644 --- a/docs/cli_installation.md +++ b/docs/cli_installation.md @@ -115,6 +115,11 @@ $output = "argocd.exe" Invoke-WebRequest -Uri $url -OutFile $output ``` Also please note you will probably need to move the file into your PATH. +Use following command to add Argo CD into environment variables PATH + +```powershell +[Environment]::SetEnvironmentVariable("Path", "$env:Path;C:\Path\To\ArgoCD-CLI", "User") +``` After finishing the instructions above, you should now be able to run `argocd` commands. From 182eb05bf64973021f73c55fc987356f42e4f155 Mon Sep 17 00:00:00 2001 From: Jack Henschel Date: Mon, 29 May 2023 22:13:54 +0200 Subject: [PATCH 062/252] feat(health): Add Health Checks for IngressController resources (#12776) Signed-off-by: Jack Henschel --- .../IngressController/health.lua | 31 ++++++ .../IngressController/health_test.yaml | 17 +++ .../IngressController/testdata/degraded.yaml | 103 ++++++++++++++++++ .../IngressController/testdata/healthy.yaml | 93 ++++++++++++++++ .../testdata/progressing_initialization.yaml | 36 ++++++ .../testdata/progressing_pod_rollout.yaml | 101 +++++++++++++++++ 6 files changed, 381 insertions(+) create mode 100644 resource_customizations/operator.openshift.io/IngressController/health.lua create mode 100644 resource_customizations/operator.openshift.io/IngressController/health_test.yaml create mode 100644 resource_customizations/operator.openshift.io/IngressController/testdata/degraded.yaml create mode 100644 resource_customizations/operator.openshift.io/IngressController/testdata/healthy.yaml create mode 100644 resource_customizations/operator.openshift.io/IngressController/testdata/progressing_initialization.yaml create mode 100644 resource_customizations/operator.openshift.io/IngressController/testdata/progressing_pod_rollout.yaml diff --git a/resource_customizations/operator.openshift.io/IngressController/health.lua b/resource_customizations/operator.openshift.io/IngressController/health.lua new file mode 100644 index 0000000000000..cd0d9821ee64f --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/health.lua @@ -0,0 +1,31 @@ +-- healthcheck for IngressController resources +hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + -- if the status conditions are present, iterate over them and check their status + for _, condition in pairs(obj.status.conditions) do + if condition.type == "Degraded" and condition.status == "True" then + hs.status = "Degraded" + hs.message = condition.message + return hs + elseif condition.type == "DeploymentReplicasAllAvailable" and condition.status == "False" then + hs.status = "Progressing" + hs.message = condition.message + return hs + elseif condition.type == "Progressing" and condition.status == "True" then + hs.status = "Progressing" + hs.message = condition.reason + return hs + elseif condition.type == "Available" and condition.status == "True" then + hs.status = "Healthy" + hs.message = "IngressController is available" + return hs + end + end + end +end + +-- default status when none of the previous condition matches +hs.status = "Progressing" +hs.message = "Status of IngressController is not known yet" +return hs diff --git a/resource_customizations/operator.openshift.io/IngressController/health_test.yaml b/resource_customizations/operator.openshift.io/IngressController/health_test.yaml new file mode 100644 index 0000000000000..761d0d6e8fac1 --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/health_test.yaml @@ -0,0 +1,17 @@ +tests: +- healthStatus: + status: Progressing + message: "Status of IngressController is not known yet" + inputPath: testdata/progressing_initialization.yaml +- healthStatus: + status: Progressing + message: "0/1 of replicas are available" + inputPath: testdata/progressing_pod_rollout.yaml +- healthStatus: + status: Degraded + message: "One or more other status conditions indicate a degraded state." + inputPath: testdata/degraded.yaml +- healthStatus: + status: Healthy + message: "IngressController is available" + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/operator.openshift.io/IngressController/testdata/degraded.yaml b/resource_customizations/operator.openshift.io/IngressController/testdata/degraded.yaml new file mode 100644 index 0000000000000..73c7c89e370a9 --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/testdata/degraded.yaml @@ -0,0 +1,103 @@ +--- +apiVersion: operator.openshift.io/v1 +kind: IngressController +metadata: + name: default + namespace: openshift-ingress-operator +spec: + domain: openshift.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + statsPort: 1936 + type: HostNetwork + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/worker: "" + replicas: 1 +status: + availableReplicas: 0 + conditions: + - lastTransitionTime: "2023-01-28T10:05:06Z" + reason: Valid + status: "True" + type: Admitted + - lastTransitionTime: "2023-01-28T10:09:15Z" + status: "True" + type: PodsScheduled + - lastTransitionTime: "2023-01-28T10:05:06Z" + message: The configured endpoint publishing strategy does not include a managed + load balancer + reason: EndpointPublishingStrategyExcludesManagedLoadBalancer + status: "False" + type: LoadBalancerManaged + - lastTransitionTime: "2023-01-28T10:05:06Z" + message: No DNS zones are defined in the cluster dns config. + reason: NoDNSZones + status: "False" + type: DNSManaged + - lastTransitionTime: "2023-01-28T10:05:06Z" + status: "False" + type: Progressing + - lastTransitionTime: "2023-01-28T10:13:55Z" + message: "One or more other status conditions indicate a degraded state." + # message: 'One or more other status conditions indicate a degraded state: CanaryChecksSucceeding=False + # (CanaryChecksRepetitiveFailures: Canary route checks for the default ingress + # controller are failing)' + reason: DegradedConditions + status: "True" + type: Degraded + - lastTransitionTime: "2023-01-28T10:05:06Z" + message: IngressController is upgradeable. + reason: Upgradeable + status: "True" + type: Upgradeable + - lastTransitionTime: "2023-01-28T10:12:55Z" + message: Canary route checks for the default ingress controller are failing + reason: CanaryChecksRepetitiveFailures + status: "False" + type: CanaryChecksSucceeding + domain: openshift.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + protocol: TCP + statsPort: 1936 + type: HostNetwork + namespaceSelector: {} + observedGeneration: 2 + routeSelector: {} + selector: ingresscontroller.operator.openshift.io/deployment-ingresscontroller=default + tlsProfile: + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES256-SHA384 + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES128-SHA + - DHE-RSA-AES256-SHA256 + - DHE-RSA-AES256-SHA + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - '!DSS' + minTLSVersion: VersionTLS11 diff --git a/resource_customizations/operator.openshift.io/IngressController/testdata/healthy.yaml b/resource_customizations/operator.openshift.io/IngressController/testdata/healthy.yaml new file mode 100644 index 0000000000000..4c7ad766f1d86 --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/testdata/healthy.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: operator.openshift.io/v1 +kind: IngressController +metadata: + name: apps-shard-2 + namespace: openshift-ingress-operator +spec: + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + statsPort: 1936 + type: HostNetwork + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/worker: "" + replicas: 1 +status: + availableReplicas: 1 + conditions: + - lastTransitionTime: "2023-01-28T09:34:36Z" + reason: Valid + status: "True" + type: Admitted + - lastTransitionTime: "2023-01-28T09:43:42Z" + status: "True" + type: PodsScheduled + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: The deployment has Available status condition set to True + reason: DeploymentAvailable + status: "True" + type: DeploymentAvailable + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: Minimum replicas requirement is met + reason: DeploymentMinimumReplicasMet + status: "True" + type: DeploymentReplicasMinAvailable + - lastTransitionTime: "2023-01-28T09:44:36Z" + message: All replicas are available + reason: DeploymentReplicasAvailable + status: "True" + type: DeploymentReplicasAllAvailable + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: The configured endpoint publishing strategy does not include a managed + load balancer + reason: EndpointPublishingStrategyExcludesManagedLoadBalancer + status: "False" + type: LoadBalancerManaged + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: No DNS zones are defined in the cluster dns config. + reason: NoDNSZones + status: "False" + type: DNSManaged + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "True" + type: Available + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "False" + type: Progressing + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "False" + type: Degraded + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: IngressController is upgradeable. + reason: Upgradeable + status: "True" + type: Upgradeable + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + protocol: TCP + statsPort: 1936 + type: HostNetwork + observedGeneration: 5 + selector: ingresscontroller.operator.openshift.io/deployment-ingresscontroller=apps-shard-2 + tlsProfile: + ciphers: + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + minTLSVersion: VersionTLS12 diff --git a/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_initialization.yaml b/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_initialization.yaml new file mode 100644 index 0000000000000..470216e376e84 --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_initialization.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: operator.openshift.io/v1 +kind: IngressController +metadata: + name: apps-shard-2 + namespace: openshift-ingress-operator +spec: + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + statsPort: 1936 + type: HostNetwork + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/worker: "" + replicas: 1 +status: + availableReplicas: 0 + conditions: + - lastTransitionTime: "2023-01-28T09:34:36Z" + reason: Valid + status: "True" + type: Admitted + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + protocol: TCP + statsPort: 1936 + type: HostNetwork + observedGeneration: 1 + selector: "" diff --git a/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_pod_rollout.yaml b/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_pod_rollout.yaml new file mode 100644 index 0000000000000..73a33ae48613b --- /dev/null +++ b/resource_customizations/operator.openshift.io/IngressController/testdata/progressing_pod_rollout.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: operator.openshift.io/v1 +kind: IngressController +metadata: + name: apps-shard-2 + namespace: openshift-ingress-operator +spec: + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + statsPort: 1936 + type: HostNetwork + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/worker: "" + replicas: 1 +status: + availableReplicas: 0 + conditions: + - lastTransitionTime: "2023-01-28T09:34:36Z" + reason: Valid + status: "True" + type: Admitted + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: 'Some pods are not scheduled: Pod "router-apps-shard-2-7b5cb5f98d-gk4hj" + cannot be scheduled: 0/6 nodes are available: 2 node(s) didn''t have free ports + for the requested pod ports, 3 node(s) had untolerated taint {node-role.kubernetes.io/master: + }, 5 node(s) didn''t match Pod''s node affinity/selector. preemption: 0/6 nodes + are available: 1 node(s) didn''t have free ports for the requested pod ports, + 5 Preemption is not helpful for scheduling. Make sure you have sufficient worker + nodes.' + reason: PodsNotScheduled + status: "False" + type: PodsScheduled + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: The deployment has Available status condition set to True + reason: DeploymentAvailable + status: "True" + type: DeploymentAvailable + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: Minimum replicas requirement is met + reason: DeploymentMinimumReplicasMet + status: "True" + type: DeploymentReplicasMinAvailable + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: 0/1 of replicas are available + reason: DeploymentReplicasNotAvailable + status: "False" + type: DeploymentReplicasAllAvailable + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: The configured endpoint publishing strategy does not include a managed + load balancer + reason: EndpointPublishingStrategyExcludesManagedLoadBalancer + status: "False" + type: LoadBalancerManaged + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: No DNS zones are defined in the cluster dns config. + reason: NoDNSZones + status: "False" + type: DNSManaged + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "True" + type: Available + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "False" + type: Progressing + - lastTransitionTime: "2023-01-28T09:34:36Z" + status: "False" + type: Degraded + - lastTransitionTime: "2023-01-28T09:34:36Z" + message: IngressController is upgradeable. + reason: Upgradeable + status: "True" + type: Upgradeable + domain: openshift-apps-shard-2.example.com + endpointPublishingStrategy: + hostNetwork: + httpPort: 80 + httpsPort: 443 + protocol: TCP + statsPort: 1936 + type: HostNetwork + observedGeneration: 2 + selector: ingresscontroller.operator.openshift.io/deployment-ingresscontroller=apps-shard-2 + tlsProfile: + ciphers: + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + minTLSVersion: VersionTLS12 From 228310d971b23e6a2362122ab746e4d0ba25e529 Mon Sep 17 00:00:00 2001 From: Alexandre Desjardins Date: Mon, 29 May 2023 16:24:58 -0400 Subject: [PATCH 063/252] fix: set readOnlyRootFilesystem to true for redis and ha-proxy (#13316) Signed-off-by: Alexandre Desjardins --- manifests/base/redis/argocd-redis-deployment.yaml | 1 + manifests/core-install.yaml | 1 + .../overlays/deployment-containers-securityContext.yaml | 2 ++ .../overlays/statefulset-containers-securityContext.yaml | 4 ++++ manifests/ha/install.yaml | 6 ++++++ manifests/ha/namespace-install.yaml | 6 ++++++ manifests/install.yaml | 1 + manifests/namespace-install.yaml | 1 + 8 files changed, 22 insertions(+) diff --git a/manifests/base/redis/argocd-redis-deployment.yaml b/manifests/base/redis/argocd-redis-deployment.yaml index f8d3fb206eb8e..8d649e3995ebc 100644 --- a/manifests/base/redis/argocd-redis-deployment.yaml +++ b/manifests/base/redis/argocd-redis-deployment.yaml @@ -33,6 +33,7 @@ spec: ports: - containerPort: 6379 securityContext: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index ec0fb85ace9de..c7d26eb5f86ee 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -16872,6 +16872,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true securityContext: runAsNonRoot: true runAsUser: 999 diff --git a/manifests/ha/base/redis-ha/overlays/deployment-containers-securityContext.yaml b/manifests/ha/base/redis-ha/overlays/deployment-containers-securityContext.yaml index 812e97d8049cf..8ce2b23f876a2 100644 --- a/manifests/ha/base/redis-ha/overlays/deployment-containers-securityContext.yaml +++ b/manifests/ha/base/redis-ha/overlays/deployment-containers-securityContext.yaml @@ -1,6 +1,7 @@ - op: add path: /spec/template/spec/initContainers/0/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -10,6 +11,7 @@ - op: add path: /spec/template/spec/containers/0/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: diff --git a/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml b/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml index 386b219575eb7..53b395e14da12 100644 --- a/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml +++ b/manifests/ha/base/redis-ha/overlays/statefulset-containers-securityContext.yaml @@ -1,6 +1,7 @@ - op: add path: /spec/template/spec/initContainers/0/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -10,6 +11,7 @@ - op: add path: /spec/template/spec/containers/0/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -19,6 +21,7 @@ - op: add path: /spec/template/spec/containers/1/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -28,6 +31,7 @@ - op: add path: /spec/template/spec/containers/2/securityContext value: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index f0e6de508484a..713e6d10b0dbe 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -18292,6 +18292,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -18312,6 +18313,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -19221,6 +19223,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -19269,6 +19272,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -19296,6 +19300,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -19324,6 +19329,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 63ae690617e46..a23472c4901a1 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1905,6 +1905,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -1925,6 +1926,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -2834,6 +2836,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -2882,6 +2885,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -2909,6 +2913,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: @@ -2937,6 +2942,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault volumeMounts: diff --git a/manifests/install.yaml b/manifests/install.yaml index 5b7a23bca27fc..a0af083a8b4fe 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -17385,6 +17385,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true securityContext: runAsNonRoot: true runAsUser: 999 diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 0404924961c95..e06c931218b21 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -998,6 +998,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true securityContext: runAsNonRoot: true runAsUser: 999 From d685f156a7219aac4a315fc90a932e463eb5cfd4 Mon Sep 17 00:00:00 2001 From: Joseph Zhang Date: Mon, 29 May 2023 16:28:14 -0700 Subject: [PATCH 064/252] feat(appset): Support AWS CodeCommit in ApplicationSet controller (Alpha) (#13579) * feat: add aws codecommit support to ApplicationSet controller Signed-off-by: Joseph Zhang * feat: codegen for ApplicationSet controller AWS CodeCommit support Signed-off-by: Joseph Zhang * feat: ApplicationSet controller AWS CodeCommit support - address linter error Signed-off-by: Joseph Zhang * docs: add AWS CodeCommit support Signed-off-by: Joseph Zhang * feat(appset): address PR feedbacks for AWS CodeCommit SCM provider Signed-off-by: Joseph Zhang --------- Signed-off-by: Joseph Zhang --- applicationset/generators/scm_provider.go | 6 + .../services/scm_provider/aws_codecommit.go | 376 ++++ .../mocks/AWSCodeCommitClient.go | 321 +++ .../aws_codecommit/mocks/AWSTaggingClient.go | 110 + .../scm_provider/aws_codecommit_test.go | 483 +++++ assets/swagger.json | 39 + .../applicationset/Generators-SCM-Provider.md | 81 + go.mod | 1 + go.sum | 2 + manifests/core-install.yaml | 60 + manifests/crds/applicationset-crd.yaml | 60 + manifests/ha/install.yaml | 60 + manifests/install.yaml | 60 + pkg/apis/api-rules/violation_exceptions.list | 1 + .../v1alpha1/applicationset_types.go | 22 +- pkg/apis/application/v1alpha1/generated.pb.go | 1833 +++++++++++------ pkg/apis/application/v1alpha1/generated.proto | 25 + .../application/v1alpha1/openapi_generated.go | 84 +- .../v1alpha1/zz_generated.deepcopy.go | 48 + 19 files changed, 3029 insertions(+), 643 deletions(-) create mode 100644 applicationset/services/scm_provider/aws_codecommit.go create mode 100644 applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go create mode 100644 applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go create mode 100644 applicationset/services/scm_provider/aws_codecommit_test.go diff --git a/applicationset/generators/scm_provider.go b/applicationset/generators/scm_provider.go index 9121a7a23e808..84791ca2cdadb 100644 --- a/applicationset/generators/scm_provider.go +++ b/applicationset/generators/scm_provider.go @@ -131,6 +131,12 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if err != nil { return nil, fmt.Errorf("error initializing Bitbucket cloud service: %v", err) } + } else if providerConfig.AWSCodeCommit != nil { + var awsErr error + provider, awsErr = scm_provider.NewAWSCodeCommitProvider(ctx, providerConfig.AWSCodeCommit.TagFilters, providerConfig.AWSCodeCommit.Role, providerConfig.AWSCodeCommit.Region, providerConfig.AWSCodeCommit.AllBranches) + if awsErr != nil { + return nil, fmt.Errorf("error initializing AWS codecommit service: %v", awsErr) + } } else { return nil, fmt.Errorf("no SCM provider implementation configured") } diff --git a/applicationset/services/scm_provider/aws_codecommit.go b/applicationset/services/scm_provider/aws_codecommit.go new file mode 100644 index 0000000000000..280711271cfb0 --- /dev/null +++ b/applicationset/services/scm_provider/aws_codecommit.go @@ -0,0 +1,376 @@ +package scm_provider + +import ( + "context" + "fmt" + "github.com/aws/aws-sdk-go/aws/request" + pathpkg "path" + "path/filepath" + "strings" + + application "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/arn" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/codecommit" + "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" + log "github.com/sirupsen/logrus" + "golang.org/x/exp/maps" + "k8s.io/utils/strings/slices" +) + +const ( + resourceTypeCodeCommitRepository = "codecommit:repository" + prefixGitUrlHttps = "https://git-codecommit." + prefixGitUrlHttpsFIPS = "https://git-codecommit-fips." +) + +// AWSCodeCommitClient is a lean facade to the codecommitiface.CodeCommitAPI +// it helps to reduce the mockery generated code. +type AWSCodeCommitClient interface { + ListRepositoriesWithContext(aws.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error) + GetRepositoryWithContext(aws.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error) + ListBranchesWithContext(aws.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error) + GetFolderWithContext(aws.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error) +} + +// AWSTaggingClient is a lean facade to the resourcegroupstaggingapiiface.ResourceGroupsTaggingAPIAPI +// it helps to reduce the mockery generated code. +type AWSTaggingClient interface { + GetResourcesWithContext(aws.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) +} + +type AWSCodeCommitProvider struct { + codeCommitClient AWSCodeCommitClient + taggingClient AWSTaggingClient + tagFilters []*application.TagFilter + allBranches bool +} + +func NewAWSCodeCommitProvider(ctx context.Context, tagFilters []*application.TagFilter, role string, region string, allBranches bool) (*AWSCodeCommitProvider, error) { + taggingClient, codeCommitClient, err := createAWSDiscoveryClients(ctx, role, region) + if err != nil { + return nil, err + } + return &AWSCodeCommitProvider{ + codeCommitClient: codeCommitClient, + taggingClient: taggingClient, + tagFilters: tagFilters, + allBranches: allBranches, + }, nil +} + +func (p *AWSCodeCommitProvider) ListRepos(ctx context.Context, cloneProtocol string) ([]*Repository, error) { + repos := make([]*Repository, 0) + + repoNames, err := p.listRepoNames(ctx) + if err != nil { + return nil, fmt.Errorf("failed to list codecommit repository: %w", err) + } + + for _, repoName := range repoNames { + repo, err := p.codeCommitClient.GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{ + RepositoryName: aws.String(repoName), + }) + if err != nil { + // we don't want to skip at this point. It's a valid repo, we don't want to have flapping Application on an AWS outage. + return nil, fmt.Errorf("failed to get codecommit repository: %w", err) + } + if repo == nil || repo.RepositoryMetadata == nil { + // unlikely to happen, but just in case to protect nil pointer dereferences. + log.Warnf("codecommit returned invalid response for repository %s, skipped", repoName) + continue + } + if aws.StringValue(repo.RepositoryMetadata.DefaultBranch) == "" { + // if a codecommit repo doesn't have default branch, it's uninitialized. not going to bother with it. + log.Warnf("repository %s does not have default branch, skipped", repoName) + continue + } + var url string + switch cloneProtocol { + // default to SSH if unspecified (i.e. if ""). + case "", "ssh": + url = aws.StringValue(repo.RepositoryMetadata.CloneUrlSsh) + case "https": + url = aws.StringValue(repo.RepositoryMetadata.CloneUrlHttp) + case "https-fips": + url, err = getCodeCommitFIPSEndpoint(aws.StringValue(repo.RepositoryMetadata.CloneUrlHttp)) + if err != nil { + return nil, fmt.Errorf("https-fips is provided but repoUrl can't be transformed to FIPS endpoint: %w", err) + } + default: + return nil, fmt.Errorf("unknown clone protocol for codecommit %v", cloneProtocol) + } + repos = append(repos, &Repository{ + // there's no "organization" level at codecommit. + // we are just using AWS accountId for now. + Organization: aws.StringValue(repo.RepositoryMetadata.AccountId), + Repository: aws.StringValue(repo.RepositoryMetadata.RepositoryName), + URL: url, + Branch: aws.StringValue(repo.RepositoryMetadata.DefaultBranch), + // we could propagate repo tag keys, but without value not sure if it's any useful. + Labels: []string{}, + RepositoryId: aws.StringValue(repo.RepositoryMetadata.RepositoryId), + }) + } + + return repos, nil +} + +func (p *AWSCodeCommitProvider) RepoHasPath(ctx context.Context, repo *Repository, path string) (bool, error) { + // we use GetFolder instead of GetFile here because GetFile always downloads the full blob which has scalability problem. + // GetFolder is slightly less concerning. + + path = toAbsolutePath(path) + // shortcut: if it's root folder ('/'), we always return true. + if path == "/" { + return true, nil + } + // here we are sure it's not root folder, strip the suffix for easier comparison. + path = strings.TrimSuffix(path, "/") + + // we always get the parent folder, so we could support both submodule, file, symlink and folder cases. + parentPath := pathpkg.Dir(path) + basePath := pathpkg.Base(path) + + input := &codecommit.GetFolderInput{ + CommitSpecifier: aws.String(repo.Branch), + FolderPath: aws.String(parentPath), + RepositoryName: aws.String(repo.Repository), + } + output, err := p.codeCommitClient.GetFolderWithContext(ctx, input) + if err != nil { + if hasAwsError(err, + codecommit.ErrCodeRepositoryDoesNotExistException, + codecommit.ErrCodeCommitDoesNotExistException, + codecommit.ErrCodeFolderDoesNotExistException, + ) { + return false, nil + } + // unhandled exception, propagate out + return false, err + } + + // anything that matches. + for _, submodule := range output.SubModules { + if basePath == aws.StringValue(submodule.RelativePath) { + return true, nil + } + } + for _, subpath := range output.SubFolders { + if basePath == aws.StringValue(subpath.RelativePath) { + return true, nil + } + } + for _, subpath := range output.Files { + if basePath == aws.StringValue(subpath.RelativePath) { + return true, nil + } + } + for _, subpath := range output.SymbolicLinks { + if basePath == aws.StringValue(subpath.RelativePath) { + return true, nil + } + } + return false, nil +} + +func (p *AWSCodeCommitProvider) GetBranches(ctx context.Context, repo *Repository) ([]*Repository, error) { + repos := make([]*Repository, 0) + if !p.allBranches { + output, err := p.codeCommitClient.GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{ + RepositoryName: aws.String(repo.Repository), + }) + if err != nil { + return nil, err + } + repos = append(repos, &Repository{ + Organization: repo.Organization, + Repository: repo.Repository, + URL: repo.URL, + Branch: aws.StringValue(output.RepositoryMetadata.DefaultBranch), + RepositoryId: repo.RepositoryId, + Labels: repo.Labels, + // getting SHA of the branch requires a separate GetBranch call. + // too expensive. for now, we just don't support it. + // SHA: "", + }) + } else { + input := &codecommit.ListBranchesInput{ + RepositoryName: aws.String(repo.Repository), + } + for { + output, err := p.codeCommitClient.ListBranchesWithContext(ctx, input) + if err != nil { + return nil, err + } + for _, branch := range output.Branches { + repos = append(repos, &Repository{ + Organization: repo.Organization, + Repository: repo.Repository, + URL: repo.URL, + Branch: aws.StringValue(branch), + RepositoryId: repo.RepositoryId, + Labels: repo.Labels, + // getting SHA of the branch requires a separate GetBranch call. + // too expensive. for now, we just don't support it. + // SHA: "", + }) + } + input.NextToken = output.NextToken + if aws.StringValue(output.NextToken) == "" { + break + } + } + } + + return repos, nil +} + +func (p *AWSCodeCommitProvider) listRepoNames(ctx context.Context) ([]string, error) { + tagFilters := p.getTagFilters() + repoNames := make([]string, 0) + var err error + + if len(tagFilters) < 1 { + log.Debugf("no tag filer, calling codecommit api to list repos") + listReposInput := &codecommit.ListRepositoriesInput{} + var output *codecommit.ListRepositoriesOutput + for { + output, err = p.codeCommitClient.ListRepositoriesWithContext(ctx, listReposInput) + if err != nil { + break + } + for _, repo := range output.Repositories { + repoNames = append(repoNames, aws.StringValue(repo.RepositoryName)) + } + listReposInput.NextToken = output.NextToken + if aws.StringValue(output.NextToken) == "" { + break + } + } + } else { + log.Debugf("tag filer is specified, calling tagging api to list repos") + discoveryInput := &resourcegroupstaggingapi.GetResourcesInput{ + ResourceTypeFilters: aws.StringSlice([]string{resourceTypeCodeCommitRepository}), + TagFilters: tagFilters, + } + var output *resourcegroupstaggingapi.GetResourcesOutput + for { + output, err = p.taggingClient.GetResourcesWithContext(ctx, discoveryInput) + if err != nil { + break + } + for _, resource := range output.ResourceTagMappingList { + repoArn := aws.StringValue(resource.ResourceARN) + log.Debugf("discovered codecommit repo with arn %s", repoArn) + repoName, extractErr := getCodeCommitRepoName(repoArn) + if extractErr != nil { + log.Warnf("discovered codecommit repoArn %s cannot be parsed due to %v", repoArn, err) + continue + } + repoNames = append(repoNames, repoName) + } + discoveryInput.PaginationToken = output.PaginationToken + if aws.StringValue(output.PaginationToken) == "" { + break + } + } + } + return repoNames, err +} + +func (p *AWSCodeCommitProvider) getTagFilters() []*resourcegroupstaggingapi.TagFilter { + filters := make(map[string]*resourcegroupstaggingapi.TagFilter) + for _, tagFilter := range p.tagFilters { + filter, hasKey := filters[tagFilter.Key] + if !hasKey { + filter = &resourcegroupstaggingapi.TagFilter{ + Key: aws.String(tagFilter.Key), + } + filters[tagFilter.Key] = filter + } + if tagFilter.Value != "" { + filter.Values = append(filter.Values, aws.String(tagFilter.Value)) + } + } + return maps.Values(filters) +} + +func getCodeCommitRepoName(repoArn string) (string, error) { + parsedArn, err := arn.Parse(repoArn) + if err != nil { + return "", fmt.Errorf("failed to parse codecommit repository ARN: %w", err) + } + // see: https://docs.aws.amazon.com/codecommit/latest/userguide/auth-and-access-control-permissions-reference.html + // arn:aws:codecommit:region:account-id:repository-name + return parsedArn.Resource, nil +} + +// getCodeCommitFIPSEndpoint transforms provided https:// codecommit URL to a FIPS-compliant endpoint. +// note that the specified region must support FIPS, otherwise the returned URL won't be reachable +// see: https://docs.aws.amazon.com/codecommit/latest/userguide/regions.html#regions-git +func getCodeCommitFIPSEndpoint(repoUrl string) (string, error) { + if strings.HasPrefix(repoUrl, prefixGitUrlHttpsFIPS) { + log.Debugf("provided repoUrl %s is already a fips endpoint", repoUrl) + return repoUrl, nil + } + if !strings.HasPrefix(repoUrl, prefixGitUrlHttps) { + return "", fmt.Errorf("the provided https endpoint isn't recognized, cannot be transformed to FIPS endpoint: %s", repoUrl) + } + // we already have the prefix, so we guarantee to replace exactly the prefix only. + return strings.Replace(repoUrl, prefixGitUrlHttps, prefixGitUrlHttpsFIPS, 1), nil +} + +func hasAwsError(err error, codes ...string) bool { + if awsErr, ok := err.(awserr.Error); ok { + return slices.Contains(codes, awsErr.Code()) + } + return false +} + +// toAbsolutePath transforms a path input to absolute path, as required by AWS CodeCommit +// see https://docs.aws.amazon.com/codecommit/latest/APIReference/API_GetFolder.html +func toAbsolutePath(path string) string { + if filepath.IsAbs(path) { + return path + } + return filepath.ToSlash(filepath.Join("/", path)) +} + +func createAWSDiscoveryClients(_ context.Context, role string, region string) (*resourcegroupstaggingapi.ResourceGroupsTaggingAPI, *codecommit.CodeCommit, error) { + podSession, err := session.NewSession() + if err != nil { + return nil, nil, fmt.Errorf("error creating new AWS pod session: %w", err) + } + discoverySession := podSession + // assume role if provided - this allows cross account CodeCommit repo discovery. + if role != "" { + log.Debugf("role %s is provided for AWS CodeCommit discovery", role) + assumeRoleCreds := stscreds.NewCredentials(podSession, role) + discoverySession, err = session.NewSession(&aws.Config{ + Credentials: assumeRoleCreds, + }) + if err != nil { + return nil, nil, fmt.Errorf("error creating new AWS discovery session: %s", err) + } + } else { + log.Debugf("role is not provided for AWS CodeCommit discovery, using pod role") + } + // use region explicitly if provided - this allows cross region CodeCommit repo discovery. + if region != "" { + log.Debugf("region %s is provided for AWS CodeCommit discovery", region) + discoverySession = discoverySession.Copy(&aws.Config{ + Region: aws.String(region), + }) + } else { + log.Debugf("region is not provided for AWS CodeCommit discovery, using pod region") + } + + taggingClient := resourcegroupstaggingapi.New(discoverySession) + codeCommitClient := codecommit.New(discoverySession) + + return taggingClient, codeCommitClient, nil +} diff --git a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go new file mode 100644 index 0000000000000..b9d6f6a5d5956 --- /dev/null +++ b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go @@ -0,0 +1,321 @@ +// Code generated by mockery v2.26.1. DO NOT EDIT. + +package mocks + +import ( + context "context" + + codecommit "github.com/aws/aws-sdk-go/service/codecommit" + + mock "github.com/stretchr/testify/mock" + + request "github.com/aws/aws-sdk-go/aws/request" +) + +// AWSCodeCommitClient is an autogenerated mock type for the AWSCodeCommitClient type +type AWSCodeCommitClient struct { + mock.Mock +} + +type AWSCodeCommitClient_Expecter struct { + mock *mock.Mock +} + +func (_m *AWSCodeCommitClient) EXPECT() *AWSCodeCommitClient_Expecter { + return &AWSCodeCommitClient_Expecter{mock: &_m.Mock} +} + +// GetFolderWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option) (*codecommit.GetFolderOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *codecommit.GetFolderOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) *codecommit.GetFolderOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetFolderOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AWSCodeCommitClient_GetFolderWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetFolderWithContext' +type AWSCodeCommitClient_GetFolderWithContext_Call struct { + *mock.Call +} + +// GetFolderWithContext is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *codecommit.GetFolderInput +// - _a2 ...request.Option +func (_e *AWSCodeCommitClient_Expecter) GetFolderWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_GetFolderWithContext_Call { + return &AWSCodeCommitClient_GetFolderWithContext_Call{Call: _e.mock.On("GetFolderWithContext", + append([]interface{}{_a0, _a1}, _a2...)...)} +} + +func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option)) *AWSCodeCommitClient_GetFolderWithContext_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]request.Option, len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(request.Option) + } + } + run(args[0].(context.Context), args[1].(*codecommit.GetFolderInput), variadicArgs...) + }) + return _c +} + +func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) Return(_a0 *codecommit.GetFolderOutput, _a1 error) *AWSCodeCommitClient_GetFolderWithContext_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)) *AWSCodeCommitClient_GetFolderWithContext_Call { + _c.Call.Return(run) + return _c +} + +// GetRepositoryWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option) (*codecommit.GetRepositoryOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *codecommit.GetRepositoryOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) *codecommit.GetRepositoryOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetRepositoryOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AWSCodeCommitClient_GetRepositoryWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetRepositoryWithContext' +type AWSCodeCommitClient_GetRepositoryWithContext_Call struct { + *mock.Call +} + +// GetRepositoryWithContext is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *codecommit.GetRepositoryInput +// - _a2 ...request.Option +func (_e *AWSCodeCommitClient_Expecter) GetRepositoryWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_GetRepositoryWithContext_Call { + return &AWSCodeCommitClient_GetRepositoryWithContext_Call{Call: _e.mock.On("GetRepositoryWithContext", + append([]interface{}{_a0, _a1}, _a2...)...)} +} + +func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option)) *AWSCodeCommitClient_GetRepositoryWithContext_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]request.Option, len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(request.Option) + } + } + run(args[0].(context.Context), args[1].(*codecommit.GetRepositoryInput), variadicArgs...) + }) + return _c +} + +func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) Return(_a0 *codecommit.GetRepositoryOutput, _a1 error) *AWSCodeCommitClient_GetRepositoryWithContext_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)) *AWSCodeCommitClient_GetRepositoryWithContext_Call { + _c.Call.Return(run) + return _c +} + +// ListBranchesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option) (*codecommit.ListBranchesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *codecommit.ListBranchesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) *codecommit.ListBranchesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListBranchesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AWSCodeCommitClient_ListBranchesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListBranchesWithContext' +type AWSCodeCommitClient_ListBranchesWithContext_Call struct { + *mock.Call +} + +// ListBranchesWithContext is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *codecommit.ListBranchesInput +// - _a2 ...request.Option +func (_e *AWSCodeCommitClient_Expecter) ListBranchesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_ListBranchesWithContext_Call { + return &AWSCodeCommitClient_ListBranchesWithContext_Call{Call: _e.mock.On("ListBranchesWithContext", + append([]interface{}{_a0, _a1}, _a2...)...)} +} + +func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option)) *AWSCodeCommitClient_ListBranchesWithContext_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]request.Option, len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(request.Option) + } + } + run(args[0].(context.Context), args[1].(*codecommit.ListBranchesInput), variadicArgs...) + }) + return _c +} + +func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) Return(_a0 *codecommit.ListBranchesOutput, _a1 error) *AWSCodeCommitClient_ListBranchesWithContext_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)) *AWSCodeCommitClient_ListBranchesWithContext_Call { + _c.Call.Return(run) + return _c +} + +// ListRepositoriesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option) (*codecommit.ListRepositoriesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *codecommit.ListRepositoriesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) *codecommit.ListRepositoriesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListRepositoriesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AWSCodeCommitClient_ListRepositoriesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListRepositoriesWithContext' +type AWSCodeCommitClient_ListRepositoriesWithContext_Call struct { + *mock.Call +} + +// ListRepositoriesWithContext is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *codecommit.ListRepositoriesInput +// - _a2 ...request.Option +func (_e *AWSCodeCommitClient_Expecter) ListRepositoriesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { + return &AWSCodeCommitClient_ListRepositoriesWithContext_Call{Call: _e.mock.On("ListRepositoriesWithContext", + append([]interface{}{_a0, _a1}, _a2...)...)} +} + +func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option)) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]request.Option, len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(request.Option) + } + } + run(args[0].(context.Context), args[1].(*codecommit.ListRepositoriesInput), variadicArgs...) + }) + return _c +} + +func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) Return(_a0 *codecommit.ListRepositoriesOutput, _a1 error) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { + _c.Call.Return(run) + return _c +} + +type mockConstructorTestingTNewAWSCodeCommitClient interface { + mock.TestingT + Cleanup(func()) +} + +// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +func NewAWSCodeCommitClient(t mockConstructorTestingTNewAWSCodeCommitClient) *AWSCodeCommitClient { + mock := &AWSCodeCommitClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go new file mode 100644 index 0000000000000..9acd8979b7818 --- /dev/null +++ b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go @@ -0,0 +1,110 @@ +// Code generated by mockery v2.26.1. DO NOT EDIT. + +package mocks + +import ( + context "context" + + request "github.com/aws/aws-sdk-go/aws/request" + mock "github.com/stretchr/testify/mock" + + resourcegroupstaggingapi "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" +) + +// AWSTaggingClient is an autogenerated mock type for the AWSTaggingClient type +type AWSTaggingClient struct { + mock.Mock +} + +type AWSTaggingClient_Expecter struct { + mock *mock.Mock +} + +func (_m *AWSTaggingClient) EXPECT() *AWSTaggingClient_Expecter { + return &AWSTaggingClient_Expecter{mock: &_m.Mock} +} + +// GetResourcesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + var r0 *resourcegroupstaggingapi.GetResourcesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) *resourcegroupstaggingapi.GetResourcesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*resourcegroupstaggingapi.GetResourcesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AWSTaggingClient_GetResourcesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetResourcesWithContext' +type AWSTaggingClient_GetResourcesWithContext_Call struct { + *mock.Call +} + +// GetResourcesWithContext is a helper method to define mock.On call +// - _a0 context.Context +// - _a1 *resourcegroupstaggingapi.GetResourcesInput +// - _a2 ...request.Option +func (_e *AWSTaggingClient_Expecter) GetResourcesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSTaggingClient_GetResourcesWithContext_Call { + return &AWSTaggingClient_GetResourcesWithContext_Call{Call: _e.mock.On("GetResourcesWithContext", + append([]interface{}{_a0, _a1}, _a2...)...)} +} + +func (_c *AWSTaggingClient_GetResourcesWithContext_Call) Run(run func(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option)) *AWSTaggingClient_GetResourcesWithContext_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]request.Option, len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(request.Option) + } + } + run(args[0].(context.Context), args[1].(*resourcegroupstaggingapi.GetResourcesInput), variadicArgs...) + }) + return _c +} + +func (_c *AWSTaggingClient_GetResourcesWithContext_Call) Return(_a0 *resourcegroupstaggingapi.GetResourcesOutput, _a1 error) *AWSTaggingClient_GetResourcesWithContext_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *AWSTaggingClient_GetResourcesWithContext_Call) RunAndReturn(run func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)) *AWSTaggingClient_GetResourcesWithContext_Call { + _c.Call.Return(run) + return _c +} + +type mockConstructorTestingTNewAWSTaggingClient interface { + mock.TestingT + Cleanup(func()) +} + +// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +func NewAWSTaggingClient(t mockConstructorTestingTNewAWSTaggingClient) *AWSTaggingClient { + mock := &AWSTaggingClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/services/scm_provider/aws_codecommit_test.go b/applicationset/services/scm_provider/aws_codecommit_test.go new file mode 100644 index 0000000000000..3a4f7c1a9a6a8 --- /dev/null +++ b/applicationset/services/scm_provider/aws_codecommit_test.go @@ -0,0 +1,483 @@ +package scm_provider + +import ( + "context" + "errors" + "sort" + "testing" + + "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/aws_codecommit/mocks" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/codecommit" + "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" + "github.com/google/go-cmp/cmp" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" +) + +type awsCodeCommitTestRepository struct { + name string + id string + arn string + accountId string + defaultBranch string + expectedCloneUrl string + getRepositoryError error + getRepositoryNilMetadata bool + valid bool +} + +func TestAWSCodeCommitListRepos(t *testing.T) { + testCases := []struct { + name string + repositories []*awsCodeCommitTestRepository + cloneProtocol string + tagFilters []*v1alpha1.TagFilter + expectTagFilters []*resourcegroupstaggingapi.TagFilter + listRepositoryError error + expectOverallError bool + expectListAtCodeCommit bool + }{ + { + name: "ListRepos by tag with https", + cloneProtocol: "https", + repositories: []*awsCodeCommitTestRepository{ + { + name: "repo1", + id: "8235624d-d248-4df9-a983-2558b01dbe83", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo1", + defaultBranch: "main", + expectedCloneUrl: "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1", + valid: true, + }, + }, + tagFilters: []*v1alpha1.TagFilter{ + {Key: "key1", Value: "value1"}, + {Key: "key1", Value: "value2"}, + {Key: "key2"}, + }, + expectTagFilters: []*resourcegroupstaggingapi.TagFilter{ + {Key: aws.String("key1"), Values: aws.StringSlice([]string{"value1", "value2"})}, + {Key: aws.String("key2")}, + }, + expectOverallError: false, + expectListAtCodeCommit: false, + }, + { + name: "ListRepos by tag with https-fips", + cloneProtocol: "https-fips", + repositories: []*awsCodeCommitTestRepository{ + { + name: "repo1", + id: "8235624d-d248-4df9-a983-2558b01dbe83", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo1", + defaultBranch: "main", + expectedCloneUrl: "https://git-codecommit-fips.us-east-1.amazonaws.com/v1/repos/repo1", + valid: true, + }, + }, + tagFilters: []*v1alpha1.TagFilter{ + {Key: "key1"}, + }, + expectTagFilters: []*resourcegroupstaggingapi.TagFilter{ + {Key: aws.String("key1")}, + }, + expectOverallError: false, + expectListAtCodeCommit: false, + }, + { + name: "ListRepos without tag with invalid repo", + cloneProtocol: "ssh", + repositories: []*awsCodeCommitTestRepository{ + { + name: "repo1", + id: "8235624d-d248-4df9-a983-2558b01dbe83", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo1", + defaultBranch: "main", + expectedCloneUrl: "ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1", + valid: true, + }, + { + name: "repo2", + id: "640d5859-d265-4e27-a9fa-e0731eb13ed7", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo2", + valid: false, + }, + { + name: "repo3-nil-metadata", + id: "24a6ee96-d3a0-4be6-a595-c5e5b1ab1617", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo3-nil-metadata", + getRepositoryNilMetadata: true, + valid: false, + }, + }, + expectOverallError: false, + expectListAtCodeCommit: true, + }, + { + name: "ListRepos with invalid protocol", + cloneProtocol: "invalid-protocol", + repositories: []*awsCodeCommitTestRepository{ + { + name: "repo1", + id: "8235624d-d248-4df9-a983-2558b01dbe83", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo1", + defaultBranch: "main", + valid: true, + }, + }, + expectOverallError: true, + expectListAtCodeCommit: true, + }, + { + name: "ListRepos error on listRepos", + cloneProtocol: "https", + listRepositoryError: errors.New("list repo error"), + expectOverallError: true, + expectListAtCodeCommit: true, + }, + { + name: "ListRepos error on getRepo", + cloneProtocol: "https", + repositories: []*awsCodeCommitTestRepository{ + { + name: "repo1", + id: "8235624d-d248-4df9-a983-2558b01dbe83", + arn: "arn:aws:codecommit:us-east-1:111111111111:repo1", + defaultBranch: "main", + getRepositoryError: errors.New("get repo error"), + valid: true, + }, + }, + expectOverallError: true, + expectListAtCodeCommit: true, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + codeCommitClient := mocks.NewAWSCodeCommitClient(t) + taggingClient := mocks.NewAWSTaggingClient(t) + ctx := context.Background() + codecommitRepoNameIdPairs := make([]*codecommit.RepositoryNameIdPair, 0) + resourceTaggings := make([]*resourcegroupstaggingapi.ResourceTagMapping, 0) + validRepositories := make([]*awsCodeCommitTestRepository, 0) + + for _, repo := range testCase.repositories { + repoMetadata := &codecommit.RepositoryMetadata{ + AccountId: aws.String(repo.accountId), + Arn: aws.String(repo.arn), + CloneUrlHttp: aws.String("https://git-codecommit.us-east-1.amazonaws.com/v1/repos/" + repo.name), + CloneUrlSsh: aws.String("ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/" + repo.name), + DefaultBranch: aws.String(repo.defaultBranch), + RepositoryId: aws.String(repo.id), + RepositoryName: aws.String(repo.name), + } + if repo.getRepositoryNilMetadata { + repoMetadata = nil + } + codeCommitClient.EXPECT(). + GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(repo.name)}). + Return(&codecommit.GetRepositoryOutput{RepositoryMetadata: repoMetadata}, repo.getRepositoryError) + codecommitRepoNameIdPairs = append(codecommitRepoNameIdPairs, &codecommit.RepositoryNameIdPair{ + RepositoryId: aws.String(repo.id), + RepositoryName: aws.String(repo.name), + }) + resourceTaggings = append(resourceTaggings, &resourcegroupstaggingapi.ResourceTagMapping{ + ResourceARN: aws.String(repo.arn), + }) + if repo.valid { + validRepositories = append(validRepositories, repo) + } + } + + if testCase.expectListAtCodeCommit { + codeCommitClient.EXPECT(). + ListRepositoriesWithContext(ctx, &codecommit.ListRepositoriesInput{}). + Return(&codecommit.ListRepositoriesOutput{ + Repositories: codecommitRepoNameIdPairs, + }, testCase.listRepositoryError) + } else { + taggingClient.EXPECT(). + GetResourcesWithContext(ctx, mock.MatchedBy(equalIgnoringTagFilterOrder(&resourcegroupstaggingapi.GetResourcesInput{ + TagFilters: testCase.expectTagFilters, + ResourceTypeFilters: aws.StringSlice([]string{resourceTypeCodeCommitRepository}), + }))). + Return(&resourcegroupstaggingapi.GetResourcesOutput{ + ResourceTagMappingList: resourceTaggings, + }, testCase.listRepositoryError) + } + + provider := &AWSCodeCommitProvider{ + codeCommitClient: codeCommitClient, + taggingClient: taggingClient, + tagFilters: testCase.tagFilters, + } + repos, err := provider.ListRepos(ctx, testCase.cloneProtocol) + if testCase.expectOverallError { + assert.Error(t, err) + } else { + assert.Len(t, repos, len(validRepositories)) + for i, repo := range repos { + originRepo := validRepositories[i] + assert.Equal(t, originRepo.accountId, repo.Organization) + assert.Equal(t, originRepo.name, repo.Repository) + assert.Equal(t, originRepo.id, repo.RepositoryId) + assert.Equal(t, originRepo.defaultBranch, repo.Branch) + assert.Equal(t, originRepo.expectedCloneUrl, repo.URL) + assert.Empty(t, repo.SHA, "SHA is always empty") + } + } + }) + } +} + +func TestAWSCodeCommitRepoHasPath(t *testing.T) { + organization := "111111111111" + repoName := "repo1" + branch := "main" + + testCases := []struct { + name string + path string + expectedGetFolderPath string + getFolderOutput *codecommit.GetFolderOutput + getFolderError error + expectOverallError bool + expectedResult bool + }{ + { + name: "RepoHasPath on regular file", + path: "lib/config.yaml", + expectedGetFolderPath: "/lib", + getFolderOutput: &codecommit.GetFolderOutput{ + Files: []*codecommit.File{ + {RelativePath: aws.String("config.yaml")}, + }, + }, + expectOverallError: false, + expectedResult: true, + }, + { + name: "RepoHasPath on folder", + path: "lib/config", + expectedGetFolderPath: "/lib", + getFolderOutput: &codecommit.GetFolderOutput{ + SubFolders: []*codecommit.Folder{ + {RelativePath: aws.String("config")}, + }, + }, + expectOverallError: false, + expectedResult: true, + }, + { + name: "RepoHasPath on submodules", + path: "/lib/submodule/", + expectedGetFolderPath: "/lib", + getFolderOutput: &codecommit.GetFolderOutput{ + SubModules: []*codecommit.SubModule{ + {RelativePath: aws.String("submodule")}, + }, + }, + expectOverallError: false, + expectedResult: true, + }, + { + name: "RepoHasPath on symlink", + path: "./lib/service.json", + expectedGetFolderPath: "/lib", + getFolderOutput: &codecommit.GetFolderOutput{ + SymbolicLinks: []*codecommit.SymbolicLink{ + {RelativePath: aws.String("service.json")}, + }, + }, + expectOverallError: false, + expectedResult: true, + }, + { + name: "RepoHasPath when no match", + path: "no-match.json", + expectedGetFolderPath: "/", + getFolderOutput: &codecommit.GetFolderOutput{ + Files: []*codecommit.File{ + {RelativePath: aws.String("config.yaml")}, + }, + SubFolders: []*codecommit.Folder{ + {RelativePath: aws.String("config")}, + }, + SubModules: []*codecommit.SubModule{ + {RelativePath: aws.String("submodule")}, + }, + SymbolicLinks: []*codecommit.SymbolicLink{ + {RelativePath: aws.String("service.json")}, + }, + }, + expectOverallError: false, + expectedResult: false, + }, + { + name: "RepoHasPath when parent folder not found", + path: "lib/submodule", + expectedGetFolderPath: "/lib", + getFolderError: &codecommit.FolderDoesNotExistException{}, + expectOverallError: false, + }, + { + name: "RepoHasPath when unknown error", + path: "lib/submodule", + expectedGetFolderPath: "/lib", + getFolderError: errors.New("unknown error"), + expectOverallError: true, + }, + { + name: "RepoHasPath on root folder - './'", + path: "./", + expectOverallError: false, + expectedResult: true, + }, + { + name: "RepoHasPath on root folder - '/'", + path: "/", + expectOverallError: false, + expectedResult: true, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + codeCommitClient := mocks.NewAWSCodeCommitClient(t) + taggingClient := mocks.NewAWSTaggingClient(t) + ctx := context.Background() + if testCase.expectedGetFolderPath != "" { + codeCommitClient.EXPECT(). + GetFolderWithContext(ctx, &codecommit.GetFolderInput{ + CommitSpecifier: aws.String(branch), + FolderPath: aws.String(testCase.expectedGetFolderPath), + RepositoryName: aws.String(repoName), + }). + Return(testCase.getFolderOutput, testCase.getFolderError) + } + provider := &AWSCodeCommitProvider{ + codeCommitClient: codeCommitClient, + taggingClient: taggingClient, + } + actual, err := provider.RepoHasPath(ctx, &Repository{ + Organization: organization, + Repository: repoName, + Branch: branch, + }, testCase.path) + if testCase.expectOverallError { + assert.Error(t, err) + } else { + assert.Equal(t, testCase.expectedResult, actual) + } + }) + } +} + +func TestAWSCodeCommitGetBranches(t *testing.T) { + name := "repo1" + id := "1a64adc4-2fb5-4abd-afe7-127984ba83c0" + defaultBranch := "main" + organization := "111111111111" + cloneUrl := "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1" + + testCases := []struct { + name string + branches []string + apiError error + expectOverallError bool + allBranches bool + }{ + { + name: "GetBranches all branches", + branches: []string{"main", "feature/codecommit", "chore/go-upgrade"}, + allBranches: true, + }, + { + name: "GetBranches default branch only", + allBranches: false, + }, + { + name: "GetBranches default branch only", + allBranches: false, + }, + { + name: "GetBranches all branches on api error", + apiError: errors.New("api error"), + expectOverallError: true, + allBranches: true, + }, + { + name: "GetBranches default branch on api error", + apiError: errors.New("api error"), + expectOverallError: true, + allBranches: false, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + codeCommitClient := mocks.NewAWSCodeCommitClient(t) + taggingClient := mocks.NewAWSTaggingClient(t) + ctx := context.Background() + if testCase.allBranches { + codeCommitClient.EXPECT(). + ListBranchesWithContext(ctx, &codecommit.ListBranchesInput{ + RepositoryName: aws.String(name), + }). + Return(&codecommit.ListBranchesOutput{Branches: aws.StringSlice(testCase.branches)}, testCase.apiError) + } else { + codeCommitClient.EXPECT(). + GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(name)}). + Return(&codecommit.GetRepositoryOutput{RepositoryMetadata: &codecommit.RepositoryMetadata{ + AccountId: aws.String(organization), + DefaultBranch: aws.String(defaultBranch), + }}, testCase.apiError) + } + provider := &AWSCodeCommitProvider{ + codeCommitClient: codeCommitClient, + taggingClient: taggingClient, + allBranches: testCase.allBranches, + } + actual, err := provider.GetBranches(ctx, &Repository{ + Organization: organization, + Repository: name, + URL: cloneUrl, + RepositoryId: id, + }) + if testCase.expectOverallError { + assert.Error(t, err) + } else { + assertCopiedProperties := func(repo *Repository) { + assert.Equal(t, id, repo.RepositoryId) + assert.Equal(t, name, repo.Repository) + assert.Equal(t, cloneUrl, repo.URL) + assert.Equal(t, organization, repo.Organization) + assert.Empty(t, repo.SHA) + } + actualBranches := make([]string, 0) + for _, repo := range actual { + assertCopiedProperties(repo) + actualBranches = append(actualBranches, repo.Branch) + } + if testCase.allBranches { + assert.ElementsMatch(t, testCase.branches, actualBranches) + } else { + assert.ElementsMatch(t, []string{defaultBranch}, actualBranches) + } + } + }) + } +} + +// equalIgnoringTagFilterOrder provides an argumentMatcher function that can be used to compare equality of GetResourcesInput ignoring the tagFilter ordering. +func equalIgnoringTagFilterOrder(expected *resourcegroupstaggingapi.GetResourcesInput) func(*resourcegroupstaggingapi.GetResourcesInput) bool { + return func(actual *resourcegroupstaggingapi.GetResourcesInput) bool { + sort.Slice(actual.TagFilters, func(i, j int) bool { + return *actual.TagFilters[i].Key < *actual.TagFilters[j].Key + }) + return cmp.Equal(expected, actual) + } +} diff --git a/assets/swagger.json b/assets/swagger.json index 0f101f38241f3..a8cca27e2e2a1 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -8140,6 +8140,9 @@ "description": "SCMProviderGenerator defines a generator that scrapes a SCMaaS API to find candidate repos.", "type": "object", "properties": { + "awsCodeCommit": { + "$ref": "#/definitions/v1alpha1SCMProviderGeneratorAWSCodeCommit" + }, "azureDevOps": { "$ref": "#/definitions/v1alpha1SCMProviderGeneratorAzureDevOps" }, @@ -8186,6 +8189,31 @@ } } }, + "v1alpha1SCMProviderGeneratorAWSCodeCommit": { + "description": "SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit.", + "type": "object", + "properties": { + "allBranches": { + "description": "Scan all branches instead of just the default branch.", + "type": "boolean" + }, + "region": { + "description": "Region provides the AWS region to discover repos.\nif not provided, AppSet controller will infer the current region from environment.", + "type": "string" + }, + "role": { + "description": "Role provides the AWS IAM role to assume, for cross-account repo discovery\nif not provided, AppSet controller will use its pod/node identity to discover.", + "type": "string" + }, + "tagFilters": { + "type": "array", + "title": "TagFilters provides the tag filter(s) for repo discovery", + "items": { + "$ref": "#/definitions/v1alpha1TagFilter" + } + } + } + }, "v1alpha1SCMProviderGeneratorAzureDevOps": { "description": "SCMProviderGeneratorAzureDevOps defines connection info specific to Azure DevOps.", "type": "object", @@ -8667,6 +8695,17 @@ } } }, + "v1alpha1TagFilter": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, "versionVersionMessage": { "type": "object", "title": "VersionMessage represents version of the Argo CD API server", diff --git a/docs/operator-manual/applicationset/Generators-SCM-Provider.md b/docs/operator-manual/applicationset/Generators-SCM-Provider.md index fd7dbe0f15ce8..376401db9fd53 100644 --- a/docs/operator-manual/applicationset/Generators-SCM-Provider.md +++ b/docs/operator-manual/applicationset/Generators-SCM-Provider.md @@ -255,6 +255,87 @@ This SCM provider does not yet support label filtering Available clone protocols are `ssh` and `https`. +## AWS CodeCommit (Alpha) + +Uses AWS ResourceGroupsTagging and AWS CodeCommit APIs to scan repos across AWS accounts and regions. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: myapps +spec: + generators: + - scmProvider: + awsCodeCommit: + # AWS region to scan repos. + # default to the environmental region from ApplicationSet controller. + region: us-east-1 + # AWS role to assume to scan repos. + # default to the environmental role from ApplicationSet controller. + role: arn:aws:iam::111111111111:role/argocd-application-set-discovery + # If true, scan every branch of every repository. If false, scan only the main branch. Defaults to false. + allBranches: true + # AWS resource tags to filter repos with. + # see https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_GetResources.html#resourcegrouptagging-GetResources-request-TagFilters for details + # default to no tagFilters, to include all repos in the region. + tagFilters: + - key: organization + value: platform-engineering + - key: argo-ready + template: + # ... +``` + +* `region`: (Optional) AWS region to scan repos. By default, use ApplicationSet controller's current region. +* `role`: (Optional) AWS role to assume to scan repos. By default, use ApplicationSet controller's current role. +* `allBranches`: (Optional) If `true`, scans every branch of eligible repositories. If `false`, check only the default branch of the eligible repositories. Default `false`. +* `tagFilters`: (Optional) A list of tagFilters to filter AWS CodeCommit repos with. See [AWS ResourceGroupsTagging API](https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_GetResources.html#resourcegrouptagging-GetResources-request-TagFilters) for details. By default, no filter is included. + +This SCM provider does not support the following features + +* label filtering +* `sha`, `short_sha` and `short_sha_7` template parameters + +Available clone protocols are `ssh`, `https` and `https-fips`. + +### AWS IAM Permission Considerations + +In order to call AWS APIs to discover AWS CodeCommit repos, ApplicationSet controller must be configured with valid environmental AWS config, like current AWS region and AWS credentials. +AWS config can be provided via all standard options, like Instance Metadata Service (IMDS), config file, environment variables, or IAM roles for service accounts (IRSA). + +Depending on whether `role` is provided in `awsCodeCommit` property, AWS IAM permission requirement is different. + +#### Discover AWS CodeCommit Repositories in the same AWS Account as ApplicationSet Controller + +Without specifying `role`, ApplicationSet controller will use its own AWS identity to scan AWS CodeCommit repos. +This is suitable when you have a simple setup that all AWS CodeCommit repos reside in the same AWS account as your ArgoCD. + +As the ApplicationSet controller AWS identity is used directly for repo discovery, it must be granted below AWS permissions. + +* `tag:GetResources` +* `codecommit:ListRepositories` +* `codecommit:GetRepository` +* `codecommit:GetFolder` +* `codecommit:ListBranches` + +#### Discover AWS CodeCommit Repositories across AWS Accounts and Regions + +By specifying `role`, ApplicationSet controller will first assume the `role`, and use it for repo discovery. +This enables more complicated use cases to discover repos from different AWS accounts and regions. + +The ApplicationSet controller AWS identity should be granted permission to assume target AWS roles. + +* `sts:AssumeRole` + +All AWS roles must have repo discovery related permissions. + +* `tag:GetResources` +* `codecommit:ListRepositories` +* `codecommit:GetRepository` +* `codecommit:GetFolder` +* `codecommit:ListBranches` + ## Filters Filters allow selecting which repositories to generate for. Each filter can declare one or more conditions, all of which must pass. If multiple filters are present, any can match for a repository to be included. If no filters are specified, all repositories will be processed. diff --git a/go.mod b/go.mod index 4d3bf718af490..7c6589946728c 100644 --- a/go.mod +++ b/go.mod @@ -76,6 +76,7 @@ require ( go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.1 go.opentelemetry.io/otel/sdk v1.11.1 golang.org/x/crypto v0.9.0 + golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/oauth2 v0.7.0 golang.org/x/sync v0.1.0 golang.org/x/term v0.8.0 diff --git a/go.sum b/go.sum index 5dd2b76168db3..7c548963c1c84 100644 --- a/go.sum +++ b/go.sum @@ -1184,6 +1184,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20210220032938-85be41e4509f/go.mod h1:I6l2HNBLBZEcrOoCpyKLdY2lHoRZ8lI4x60KMCQDft4= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index c7d26eb5f86ee..30e07c715c85d 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -9098,6 +9098,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -12924,6 +12944,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -14703,6 +14743,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index 56d83c5b0b72c..bf99459b33f01 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -4734,6 +4734,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -8560,6 +8580,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -10339,6 +10379,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 713e6d10b0dbe..35de87dacca99 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -9098,6 +9098,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -12924,6 +12944,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -14703,6 +14743,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: diff --git a/manifests/install.yaml b/manifests/install.yaml index a0af083a8b4fe..1dcc263fe35ef 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -9098,6 +9098,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -12924,6 +12944,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -14703,6 +14743,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: diff --git a/pkg/apis/api-rules/violation_exceptions.list b/pkg/apis/api-rules/violation_exceptions.list index af464fe16848f..0a48839844bac 100644 --- a/pkg/apis/api-rules/violation_exceptions.list +++ b/pkg/apis/api-rules/violation_exceptions.list @@ -75,6 +75,7 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RevisionHistory,Revisions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RevisionMetadata,Tags API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGenerator,Filters +API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGeneratorAWSCodeCommit,TagFilters API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGeneratorFilter,PathsDoNotExist API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGeneratorFilter,PathsExist API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncOperation,Manifests diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index c24f8e2986839..3a95bfe3f2701 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -353,7 +353,8 @@ type SCMProviderGenerator struct { Template ApplicationSetTemplate `json:"template,omitempty" protobuf:"bytes,10,opt,name=template"` // Values contains key/value pairs which are passed directly as parameters to the template - Values map[string]string `json:"values,omitempty" protobuf:"bytes,11,name=values"` + Values map[string]string `json:"values,omitempty" protobuf:"bytes,11,name=values"` + AWSCodeCommit *SCMProviderGeneratorAWSCodeCommit `json:"awsCodeCommit,omitempty" protobuf:"bytes,12,opt,name=awsCodeCommit"` } // SCMProviderGeneratorGitea defines a connection info specific to Gitea. @@ -436,6 +437,25 @@ type SCMProviderGeneratorAzureDevOps struct { AllBranches bool `json:"allBranches,omitempty" protobuf:"varint,9,opt,name=allBranches"` } +type TagFilter struct { + Key string `json:"key" protobuf:"bytes,1,opt,name=key"` + Value string `json:"value,omitempty" protobuf:"bytes,2,opt,name=value"` +} + +// SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit. +type SCMProviderGeneratorAWSCodeCommit struct { + // TagFilters provides the tag filter(s) for repo discovery + TagFilters []*TagFilter `json:"tagFilters,omitempty" protobuf:"bytes,1,opt,name=tagFilters"` + // Role provides the AWS IAM role to assume, for cross-account repo discovery + // if not provided, AppSet controller will use its pod/node identity to discover. + Role string `json:"role,omitempty" protobuf:"bytes,2,opt,name=role"` + // Region provides the AWS region to discover repos. + // if not provided, AppSet controller will infer the current region from environment. + Region string `json:"region,omitempty" protobuf:"bytes,3,opt,name=region"` + // Scan all branches instead of just the default branch. + AllBranches bool `json:"allBranches,omitempty" protobuf:"varint,4,opt,name=allBranches"` +} + // SCMProviderGeneratorFilter is a single repository filter. // If multiple filter types are set on a single struct, they will be AND'd together. All filters must // pass for a repo to be included. diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index de063ea32c88f..b57d61e2b95a9 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -3342,10 +3342,38 @@ func (m *SCMProviderGenerator) XXX_DiscardUnknown() { var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo +func (m *SCMProviderGeneratorAWSCodeCommit) Reset() { *m = SCMProviderGeneratorAWSCodeCommit{} } +func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {} +func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{118} +} +func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Merge(src proto.Message) { + xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit.Merge(m, src) +} +func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Size() int { + return m.Size() +} +func (m *SCMProviderGeneratorAWSCodeCommit) XXX_DiscardUnknown() { + xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit.DiscardUnknown(m) +} + +var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo + func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3373,7 +3401,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3401,7 +3429,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3429,7 +3457,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3457,7 +3485,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3485,7 +3513,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{124} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3513,7 +3541,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3541,7 +3569,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{125} + return fileDescriptor_030104ce3b95bcac, []int{126} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3569,7 +3597,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{126} + return fileDescriptor_030104ce3b95bcac, []int{127} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3597,7 +3625,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{127} + return fileDescriptor_030104ce3b95bcac, []int{128} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3625,7 +3653,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{128} + return fileDescriptor_030104ce3b95bcac, []int{129} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3653,7 +3681,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{129} + return fileDescriptor_030104ce3b95bcac, []int{130} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3681,7 +3709,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{130} + return fileDescriptor_030104ce3b95bcac, []int{131} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3709,7 +3737,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{131} + return fileDescriptor_030104ce3b95bcac, []int{132} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3737,7 +3765,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{132} + return fileDescriptor_030104ce3b95bcac, []int{133} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3765,7 +3793,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{133} + return fileDescriptor_030104ce3b95bcac, []int{134} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3793,7 +3821,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{134} + return fileDescriptor_030104ce3b95bcac, []int{135} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3821,7 +3849,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{135} + return fileDescriptor_030104ce3b95bcac, []int{136} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3849,7 +3877,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{136} + return fileDescriptor_030104ce3b95bcac, []int{137} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3877,7 +3905,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{137} + return fileDescriptor_030104ce3b95bcac, []int{138} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3902,6 +3930,34 @@ func (m *TLSClientConfig) XXX_DiscardUnknown() { var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo +func (m *TagFilter) Reset() { *m = TagFilter{} } +func (*TagFilter) ProtoMessage() {} +func (*TagFilter) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{139} +} +func (m *TagFilter) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TagFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *TagFilter) XXX_Merge(src proto.Message) { + xxx_messageInfo_TagFilter.Merge(m, src) +} +func (m *TagFilter) XXX_Size() int { + return m.Size() +} +func (m *TagFilter) XXX_DiscardUnknown() { + xxx_messageInfo_TagFilter.DiscardUnknown(m) +} + +var xxx_messageInfo_TagFilter proto.InternalMessageInfo + func init() { proto.RegisterType((*AWSAuthConfig)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.AWSAuthConfig") proto.RegisterType((*AppProject)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.AppProject") @@ -4038,6 +4094,7 @@ func init() { proto.RegisterType((*RevisionMetadata)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RevisionMetadata") proto.RegisterType((*SCMProviderGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGenerator") proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGenerator.ValuesEntry") + proto.RegisterType((*SCMProviderGeneratorAWSCodeCommit)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorAWSCodeCommit") proto.RegisterType((*SCMProviderGeneratorAzureDevOps)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorAzureDevOps") proto.RegisterType((*SCMProviderGeneratorBitbucket)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorBitbucket") proto.RegisterType((*SCMProviderGeneratorBitbucketServer)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorBitbucketServer") @@ -4058,6 +4115,7 @@ func init() { proto.RegisterType((*SyncStrategyHook)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncStrategyHook") proto.RegisterType((*SyncWindow)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncWindow") proto.RegisterType((*TLSClientConfig)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.TLSClientConfig") + proto.RegisterType((*TagFilter)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.TagFilter") } func init() { @@ -4065,632 +4123,640 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 9996 bytes of a gzipped FileDescriptorProto + // 10117 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x1c, 0xc9, - 0x75, 0x98, 0x66, 0x17, 0x0b, 0x2c, 0xde, 0x02, 0x20, 0xd1, 0x24, 0xef, 0x70, 0xbc, 0x3b, 0x82, - 0x99, 0x2b, 0x9f, 0x4e, 0xd1, 0x1d, 0xe0, 0xa3, 0x4e, 0x0a, 0xe3, 0xb3, 0x4f, 0xc6, 0x02, 0x24, - 0x08, 0x12, 0x20, 0x70, 0x0d, 0x90, 0x94, 0xee, 0x7c, 0x3a, 0x0d, 0x66, 0x7b, 0x17, 0x43, 0xcc, - 0xce, 0x2c, 0x67, 0x66, 0x41, 0xe0, 0x2c, 0xcb, 0x92, 0x6d, 0xd9, 0x4a, 0xf4, 0x71, 0xca, 0x29, - 0x55, 0x96, 0xf3, 0xe1, 0x28, 0xb6, 0xca, 0x15, 0x57, 0x72, 0x15, 0xa7, 0xf2, 0x23, 0xce, 0x57, - 0xa5, 0x6c, 0xe7, 0xc7, 0xa5, 0x94, 0x54, 0x54, 0x15, 0x97, 0xe5, 0xc4, 0x0e, 0x2c, 0x21, 0x95, - 0x4a, 0x2a, 0x55, 0x71, 0x55, 0x3e, 0xfe, 0x84, 0xe5, 0xaa, 0xb8, 0xfa, 0xbb, 0x67, 0x76, 0x97, + 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0x90, 0x68, 0x92, 0x77, 0x38, 0xea, 0x8e, 0xa0, + 0xe7, 0xca, 0xa7, 0x53, 0x74, 0x07, 0xf8, 0xa8, 0x3b, 0x85, 0xf1, 0xd9, 0x27, 0x63, 0x01, 0x12, + 0x04, 0x09, 0x10, 0xb8, 0x06, 0x48, 0x4a, 0x77, 0x3e, 0x9d, 0x06, 0xb3, 0xbd, 0x8b, 0x21, 0x66, + 0x67, 0x96, 0x33, 0xb3, 0x20, 0x70, 0x96, 0x65, 0xc9, 0xb6, 0x6c, 0x25, 0xfa, 0x38, 0xe5, 0x94, + 0x2a, 0xcb, 0x49, 0xec, 0x28, 0xb6, 0xcb, 0x15, 0x57, 0x72, 0x15, 0xa7, 0xf2, 0x23, 0xce, 0x57, + 0xb9, 0x6c, 0xe7, 0xc7, 0xa5, 0x94, 0x54, 0x54, 0x15, 0x97, 0xe5, 0xc4, 0x0e, 0x2c, 0x21, 0x95, + 0x4a, 0x2a, 0x55, 0x71, 0x55, 0x3e, 0xfe, 0x84, 0xe5, 0xaa, 0xa4, 0xfa, 0xbb, 0x67, 0x76, 0x97, 0x58, 0x00, 0x03, 0x92, 0x52, 0xdd, 0xbf, 0xdd, 0x7e, 0x6f, 0xde, 0xeb, 0xe9, 0xe9, 0x7e, 0xfd, - 0xde, 0xeb, 0xf7, 0x5e, 0xc3, 0x62, 0xc3, 0x4b, 0x36, 0xda, 0xeb, 0x53, 0x6e, 0xd8, 0x9c, 0x76, - 0xa2, 0x46, 0xd8, 0x8a, 0xc2, 0xdb, 0xec, 0xc7, 0x0b, 0x6e, 0x6d, 0x7a, 0xeb, 0xc2, 0x74, 0x6b, - 0xb3, 0x31, 0xed, 0xb4, 0xbc, 0x78, 0xda, 0x69, 0xb5, 0x7c, 0xcf, 0x75, 0x12, 0x2f, 0x0c, 0xa6, - 0xb7, 0x5e, 0x74, 0xfc, 0xd6, 0x86, 0xf3, 0xe2, 0x74, 0x83, 0x04, 0x24, 0x72, 0x12, 0x52, 0x9b, - 0x6a, 0x45, 0x61, 0x12, 0xa2, 0x1f, 0xd7, 0xd4, 0xa6, 0x24, 0x35, 0xf6, 0xe3, 0x4d, 0xb7, 0x36, - 0xb5, 0x75, 0x61, 0xaa, 0xb5, 0xd9, 0x98, 0xa2, 0xd4, 0xa6, 0x0c, 0x6a, 0x53, 0x92, 0xda, 0xd9, - 0x17, 0x8c, 0xbe, 0x34, 0xc2, 0x46, 0x38, 0xcd, 0x88, 0xae, 0xb7, 0xeb, 0xec, 0x1f, 0xfb, 0xc3, - 0x7e, 0x71, 0x66, 0x67, 0xed, 0xcd, 0x8b, 0xf1, 0x94, 0x17, 0xd2, 0xee, 0x4d, 0xbb, 0x61, 0x44, - 0xa6, 0xb7, 0x3a, 0x3a, 0x74, 0xf6, 0x8a, 0xc6, 0x21, 0xdb, 0x09, 0x09, 0x62, 0x2f, 0x0c, 0xe2, - 0x17, 0x68, 0x17, 0x48, 0xb4, 0x45, 0x22, 0xf3, 0xf5, 0x0c, 0x84, 0x6e, 0x94, 0x5e, 0xd2, 0x94, - 0x9a, 0x8e, 0xbb, 0xe1, 0x05, 0x24, 0xda, 0xd1, 0x8f, 0x37, 0x49, 0xe2, 0x74, 0x7b, 0x6a, 0xba, - 0xd7, 0x53, 0x51, 0x3b, 0x48, 0xbc, 0x26, 0xe9, 0x78, 0xe0, 0x63, 0xfb, 0x3d, 0x10, 0xbb, 0x1b, - 0xa4, 0xe9, 0x74, 0x3c, 0xf7, 0x91, 0x5e, 0xcf, 0xb5, 0x13, 0xcf, 0x9f, 0xf6, 0x82, 0x24, 0x4e, - 0xa2, 0xec, 0x43, 0xf6, 0x1d, 0x18, 0x9d, 0xb9, 0xb5, 0x3a, 0xd3, 0x4e, 0x36, 0x66, 0xc3, 0xa0, - 0xee, 0x35, 0xd0, 0x47, 0xa1, 0xe2, 0xfa, 0xed, 0x38, 0x21, 0xd1, 0x75, 0xa7, 0x49, 0x26, 0xac, - 0xf3, 0xd6, 0x73, 0xc3, 0xd5, 0x53, 0xef, 0xed, 0x4e, 0x7e, 0x60, 0x6f, 0x77, 0xb2, 0x32, 0xab, - 0x41, 0xd8, 0xc4, 0x43, 0x1f, 0x82, 0xa1, 0x28, 0xf4, 0xc9, 0x0c, 0xbe, 0x3e, 0x51, 0x60, 0x8f, - 0x9c, 0x10, 0x8f, 0x0c, 0x61, 0xde, 0x8c, 0x25, 0xdc, 0xfe, 0x83, 0x02, 0xc0, 0x4c, 0xab, 0xb5, - 0x12, 0x85, 0xb7, 0x89, 0x9b, 0xa0, 0x4f, 0x43, 0x99, 0x0e, 0x5d, 0xcd, 0x49, 0x1c, 0xc6, 0xad, - 0x72, 0xe1, 0x47, 0xa7, 0xf8, 0x9b, 0x4c, 0x99, 0x6f, 0xa2, 0x27, 0x0e, 0xc5, 0x9e, 0xda, 0x7a, - 0x71, 0x6a, 0x79, 0x9d, 0x3e, 0xbf, 0x44, 0x12, 0xa7, 0x8a, 0x04, 0x33, 0xd0, 0x6d, 0x58, 0x51, - 0x45, 0x01, 0x0c, 0xc4, 0x2d, 0xe2, 0xb2, 0x8e, 0x55, 0x2e, 0x2c, 0x4e, 0x1d, 0x65, 0x86, 0x4e, - 0xe9, 0x9e, 0xaf, 0xb6, 0x88, 0x5b, 0x1d, 0x11, 0x9c, 0x07, 0xe8, 0x3f, 0xcc, 0xf8, 0xa0, 0x2d, - 0x18, 0x8c, 0x13, 0x27, 0x69, 0xc7, 0x13, 0x45, 0xc6, 0xf1, 0x7a, 0x6e, 0x1c, 0x19, 0xd5, 0xea, - 0x98, 0xe0, 0x39, 0xc8, 0xff, 0x63, 0xc1, 0xcd, 0xfe, 0xcf, 0x16, 0x8c, 0x69, 0xe4, 0x45, 0x2f, - 0x4e, 0xd0, 0x4f, 0x75, 0x0c, 0xee, 0x54, 0x7f, 0x83, 0x4b, 0x9f, 0x66, 0x43, 0x7b, 0x52, 0x30, - 0x2b, 0xcb, 0x16, 0x63, 0x60, 0x9b, 0x50, 0xf2, 0x12, 0xd2, 0x8c, 0x27, 0x0a, 0xe7, 0x8b, 0xcf, - 0x55, 0x2e, 0x5c, 0xc9, 0xeb, 0x3d, 0xab, 0xa3, 0x82, 0x69, 0x69, 0x81, 0x92, 0xc7, 0x9c, 0x8b, - 0xfd, 0x9b, 0x23, 0xe6, 0xfb, 0xd1, 0x01, 0x47, 0x2f, 0x42, 0x25, 0x0e, 0xdb, 0x91, 0x4b, 0x30, - 0x69, 0x85, 0xf1, 0x84, 0x75, 0xbe, 0x48, 0xa7, 0x1e, 0x9d, 0xa9, 0xab, 0xba, 0x19, 0x9b, 0x38, - 0xe8, 0xab, 0x16, 0x8c, 0xd4, 0x48, 0x9c, 0x78, 0x01, 0xe3, 0x2f, 0x3b, 0xbf, 0x76, 0xe4, 0xce, - 0xcb, 0xc6, 0x39, 0x4d, 0xbc, 0x7a, 0x5a, 0xbc, 0xc8, 0x88, 0xd1, 0x18, 0xe3, 0x14, 0x7f, 0xba, - 0xe2, 0x6a, 0x24, 0x76, 0x23, 0xaf, 0x45, 0xff, 0xb3, 0x39, 0x63, 0xac, 0xb8, 0x39, 0x0d, 0xc2, - 0x26, 0x1e, 0x0a, 0xa0, 0x44, 0x57, 0x54, 0x3c, 0x31, 0xc0, 0xfa, 0xbf, 0x70, 0xb4, 0xfe, 0x8b, - 0x41, 0xa5, 0x8b, 0x55, 0x8f, 0x3e, 0xfd, 0x17, 0x63, 0xce, 0x06, 0x7d, 0xc5, 0x82, 0x09, 0xb1, - 0xe2, 0x31, 0xe1, 0x03, 0x7a, 0x6b, 0xc3, 0x4b, 0x88, 0xef, 0xc5, 0xc9, 0x44, 0x89, 0xf5, 0x61, - 0xba, 0xbf, 0xb9, 0x35, 0x1f, 0x85, 0xed, 0xd6, 0x35, 0x2f, 0xa8, 0x55, 0xcf, 0x0b, 0x4e, 0x13, - 0xb3, 0x3d, 0x08, 0xe3, 0x9e, 0x2c, 0xd1, 0xd7, 0x2d, 0x38, 0x1b, 0x38, 0x4d, 0x12, 0xb7, 0x1c, - 0xfa, 0x69, 0x39, 0xb8, 0xea, 0x3b, 0xee, 0x26, 0xeb, 0xd1, 0xe0, 0xe1, 0x7a, 0x64, 0x8b, 0x1e, - 0x9d, 0xbd, 0xde, 0x93, 0x34, 0xbe, 0x0f, 0x5b, 0xf4, 0xeb, 0x16, 0x8c, 0x87, 0x51, 0x6b, 0xc3, - 0x09, 0x48, 0x4d, 0x42, 0xe3, 0x89, 0x21, 0xb6, 0xf4, 0x3e, 0x75, 0xb4, 0x4f, 0xb4, 0x9c, 0x25, - 0xbb, 0x14, 0x06, 0x5e, 0x12, 0x46, 0xab, 0x24, 0x49, 0xbc, 0xa0, 0x11, 0x57, 0xcf, 0xec, 0xed, - 0x4e, 0x8e, 0x77, 0x60, 0xe1, 0xce, 0xfe, 0xa0, 0x9f, 0x86, 0x4a, 0xbc, 0x13, 0xb8, 0xb7, 0xbc, - 0xa0, 0x16, 0xde, 0x8d, 0x27, 0xca, 0x79, 0x2c, 0xdf, 0x55, 0x45, 0x50, 0x2c, 0x40, 0xcd, 0x00, - 0x9b, 0xdc, 0xba, 0x7f, 0x38, 0x3d, 0x95, 0x86, 0xf3, 0xfe, 0x70, 0x7a, 0x32, 0xdd, 0x87, 0x2d, - 0xfa, 0x25, 0x0b, 0x46, 0x63, 0xaf, 0x11, 0x38, 0x49, 0x3b, 0x22, 0xd7, 0xc8, 0x4e, 0x3c, 0x01, - 0xac, 0x23, 0x57, 0x8f, 0x38, 0x2a, 0x06, 0xc9, 0xea, 0x19, 0xd1, 0xc7, 0x51, 0xb3, 0x35, 0xc6, - 0x69, 0xbe, 0xdd, 0x16, 0x9a, 0x9e, 0xd6, 0x95, 0x7c, 0x17, 0x9a, 0x9e, 0xd4, 0x3d, 0x59, 0xa2, - 0x9f, 0x84, 0x93, 0xbc, 0x49, 0x8d, 0x6c, 0x3c, 0x31, 0xc2, 0x04, 0xed, 0xe9, 0xbd, 0xdd, 0xc9, - 0x93, 0xab, 0x19, 0x18, 0xee, 0xc0, 0x46, 0x77, 0x60, 0xb2, 0x45, 0xa2, 0xa6, 0x97, 0x2c, 0x07, - 0xfe, 0x8e, 0x14, 0xdf, 0x6e, 0xd8, 0x22, 0x35, 0xd1, 0x9d, 0x78, 0x62, 0xf4, 0xbc, 0xf5, 0x5c, - 0xb9, 0xfa, 0x41, 0xd1, 0xcd, 0xc9, 0x95, 0xfb, 0xa3, 0xe3, 0xfd, 0xe8, 0xd9, 0xff, 0xa6, 0x00, - 0x27, 0xb3, 0x1b, 0x27, 0xfa, 0x0d, 0x0b, 0x4e, 0xdc, 0xbe, 0x9b, 0xac, 0x85, 0x9b, 0x24, 0x88, - 0xab, 0x3b, 0x54, 0xbc, 0xb1, 0x2d, 0xa3, 0x72, 0xc1, 0xcd, 0x77, 0x8b, 0x9e, 0xba, 0x9a, 0xe6, - 0x72, 0x29, 0x48, 0xa2, 0x9d, 0xea, 0xe3, 0xe2, 0xed, 0x4e, 0x5c, 0xbd, 0xb5, 0x66, 0x42, 0x71, - 0xb6, 0x53, 0x67, 0xbf, 0x64, 0xc1, 0xe9, 0x6e, 0x24, 0xd0, 0x49, 0x28, 0x6e, 0x92, 0x1d, 0xae, - 0x95, 0x61, 0xfa, 0x13, 0xbd, 0x01, 0xa5, 0x2d, 0xc7, 0x6f, 0x13, 0xa1, 0xdd, 0xcc, 0x1f, 0xed, - 0x45, 0x54, 0xcf, 0x30, 0xa7, 0xfa, 0x63, 0x85, 0x8b, 0x96, 0xfd, 0xef, 0x8b, 0x50, 0x31, 0xf6, + 0x5e, 0xbf, 0x8f, 0x86, 0xc5, 0x86, 0x97, 0x6c, 0xb4, 0xd7, 0xa7, 0xdc, 0xb0, 0x39, 0xed, 0x44, + 0x8d, 0xb0, 0x15, 0x85, 0xb7, 0xd9, 0x8f, 0xe7, 0xdd, 0xda, 0xf4, 0xd6, 0x85, 0xe9, 0xd6, 0x66, + 0x63, 0xda, 0x69, 0x79, 0xf1, 0xb4, 0xd3, 0x6a, 0xf9, 0x9e, 0xeb, 0x24, 0x5e, 0x18, 0x4c, 0x6f, + 0xbd, 0xe0, 0xf8, 0xad, 0x0d, 0xe7, 0x85, 0xe9, 0x06, 0x09, 0x48, 0xe4, 0x24, 0xa4, 0x36, 0xd5, + 0x8a, 0xc2, 0x24, 0x44, 0x3f, 0xa6, 0xa9, 0x4d, 0x49, 0x6a, 0xec, 0xc7, 0x9b, 0x6e, 0x6d, 0x6a, + 0xeb, 0xc2, 0x54, 0x6b, 0xb3, 0x31, 0x45, 0xa9, 0x4d, 0x19, 0xd4, 0xa6, 0x24, 0xb5, 0xb3, 0xcf, + 0x1b, 0x7d, 0x69, 0x84, 0x8d, 0x70, 0x9a, 0x11, 0x5d, 0x6f, 0xd7, 0xd9, 0x3f, 0xf6, 0x87, 0xfd, + 0xe2, 0xcc, 0xce, 0xda, 0x9b, 0x17, 0xe3, 0x29, 0x2f, 0xa4, 0xdd, 0x9b, 0x76, 0xc3, 0x88, 0x4c, + 0x6f, 0x75, 0x74, 0xe8, 0xec, 0x15, 0x8d, 0x43, 0xb6, 0x13, 0x12, 0xc4, 0x5e, 0x18, 0xc4, 0xcf, + 0xd3, 0x2e, 0x90, 0x68, 0x8b, 0x44, 0xe6, 0xeb, 0x19, 0x08, 0xdd, 0x28, 0xbd, 0xa8, 0x29, 0x35, + 0x1d, 0x77, 0xc3, 0x0b, 0x48, 0xb4, 0xa3, 0x1f, 0x6f, 0x92, 0xc4, 0xe9, 0xf6, 0xd4, 0x74, 0xaf, + 0xa7, 0xa2, 0x76, 0x90, 0x78, 0x4d, 0xd2, 0xf1, 0xc0, 0xc7, 0xf6, 0x7b, 0x20, 0x76, 0x37, 0x48, + 0xd3, 0xe9, 0x78, 0xee, 0xa3, 0xbd, 0x9e, 0x6b, 0x27, 0x9e, 0x3f, 0xed, 0x05, 0x49, 0x9c, 0x44, + 0xd9, 0x87, 0xec, 0x3b, 0x30, 0x3a, 0x73, 0x6b, 0x75, 0xa6, 0x9d, 0x6c, 0xcc, 0x86, 0x41, 0xdd, + 0x6b, 0xa0, 0x97, 0x60, 0xd8, 0xf5, 0xdb, 0x71, 0x42, 0xa2, 0xeb, 0x4e, 0x93, 0x4c, 0x58, 0xe7, + 0xad, 0x67, 0x2b, 0xd5, 0x53, 0xef, 0xed, 0x4e, 0x7e, 0x60, 0x6f, 0x77, 0x72, 0x78, 0x56, 0x83, + 0xb0, 0x89, 0x87, 0x3e, 0x0c, 0x43, 0x51, 0xe8, 0x93, 0x19, 0x7c, 0x7d, 0xa2, 0xc0, 0x1e, 0x39, + 0x21, 0x1e, 0x19, 0xc2, 0xbc, 0x19, 0x4b, 0xb8, 0xfd, 0x47, 0x05, 0x80, 0x99, 0x56, 0x6b, 0x25, + 0x0a, 0x6f, 0x13, 0x37, 0x41, 0x9f, 0x86, 0x32, 0x1d, 0xba, 0x9a, 0x93, 0x38, 0x8c, 0xdb, 0xf0, + 0x85, 0x1f, 0x99, 0xe2, 0x6f, 0x32, 0x65, 0xbe, 0x89, 0x9e, 0x38, 0x14, 0x7b, 0x6a, 0xeb, 0x85, + 0xa9, 0xe5, 0x75, 0xfa, 0xfc, 0x12, 0x49, 0x9c, 0x2a, 0x12, 0xcc, 0x40, 0xb7, 0x61, 0x45, 0x15, + 0x05, 0x30, 0x10, 0xb7, 0x88, 0xcb, 0x3a, 0x36, 0x7c, 0x61, 0x71, 0xea, 0x28, 0x33, 0x74, 0x4a, + 0xf7, 0x7c, 0xb5, 0x45, 0xdc, 0xea, 0x88, 0xe0, 0x3c, 0x40, 0xff, 0x61, 0xc6, 0x07, 0x6d, 0xc1, + 0x60, 0x9c, 0x38, 0x49, 0x3b, 0x9e, 0x28, 0x32, 0x8e, 0xd7, 0x73, 0xe3, 0xc8, 0xa8, 0x56, 0xc7, + 0x04, 0xcf, 0x41, 0xfe, 0x1f, 0x0b, 0x6e, 0xf6, 0x7f, 0xb2, 0x60, 0x4c, 0x23, 0x2f, 0x7a, 0x71, + 0x82, 0x7e, 0xb2, 0x63, 0x70, 0xa7, 0xfa, 0x1b, 0x5c, 0xfa, 0x34, 0x1b, 0xda, 0x93, 0x82, 0x59, + 0x59, 0xb6, 0x18, 0x03, 0xdb, 0x84, 0x92, 0x97, 0x90, 0x66, 0x3c, 0x51, 0x38, 0x5f, 0x7c, 0x76, + 0xf8, 0xc2, 0x95, 0xbc, 0xde, 0xb3, 0x3a, 0x2a, 0x98, 0x96, 0x16, 0x28, 0x79, 0xcc, 0xb9, 0xd8, + 0xbf, 0x35, 0x62, 0xbe, 0x1f, 0x1d, 0x70, 0xf4, 0x02, 0x0c, 0xc7, 0x61, 0x3b, 0x72, 0x09, 0x26, + 0xad, 0x30, 0x9e, 0xb0, 0xce, 0x17, 0xe9, 0xd4, 0xa3, 0x33, 0x75, 0x55, 0x37, 0x63, 0x13, 0x07, + 0x7d, 0xd5, 0x82, 0x91, 0x1a, 0x89, 0x13, 0x2f, 0x60, 0xfc, 0x65, 0xe7, 0xd7, 0x8e, 0xdc, 0x79, + 0xd9, 0x38, 0xa7, 0x89, 0x57, 0x4f, 0x8b, 0x17, 0x19, 0x31, 0x1a, 0x63, 0x9c, 0xe2, 0x4f, 0x57, + 0x5c, 0x8d, 0xc4, 0x6e, 0xe4, 0xb5, 0xe8, 0x7f, 0x36, 0x67, 0x8c, 0x15, 0x37, 0xa7, 0x41, 0xd8, + 0xc4, 0x43, 0x01, 0x94, 0xe8, 0x8a, 0x8a, 0x27, 0x06, 0x58, 0xff, 0x17, 0x8e, 0xd6, 0x7f, 0x31, + 0xa8, 0x74, 0xb1, 0xea, 0xd1, 0xa7, 0xff, 0x62, 0xcc, 0xd9, 0xa0, 0xaf, 0x58, 0x30, 0x21, 0x56, + 0x3c, 0x26, 0x7c, 0x40, 0x6f, 0x6d, 0x78, 0x09, 0xf1, 0xbd, 0x38, 0x99, 0x28, 0xb1, 0x3e, 0x4c, + 0xf7, 0x37, 0xb7, 0xe6, 0xa3, 0xb0, 0xdd, 0xba, 0xe6, 0x05, 0xb5, 0xea, 0x79, 0xc1, 0x69, 0x62, + 0xb6, 0x07, 0x61, 0xdc, 0x93, 0x25, 0xfa, 0xba, 0x05, 0x67, 0x03, 0xa7, 0x49, 0xe2, 0x96, 0x43, + 0x3f, 0x2d, 0x07, 0x57, 0x7d, 0xc7, 0xdd, 0x64, 0x3d, 0x1a, 0x3c, 0x5c, 0x8f, 0x6c, 0xd1, 0xa3, + 0xb3, 0xd7, 0x7b, 0x92, 0xc6, 0xf7, 0x61, 0x8b, 0x7e, 0xdd, 0x82, 0xf1, 0x30, 0x6a, 0x6d, 0x38, + 0x01, 0xa9, 0x49, 0x68, 0x3c, 0x31, 0xc4, 0x96, 0xde, 0xa7, 0x8e, 0xf6, 0x89, 0x96, 0xb3, 0x64, + 0x97, 0xc2, 0xc0, 0x4b, 0xc2, 0x68, 0x95, 0x24, 0x89, 0x17, 0x34, 0xe2, 0xea, 0x99, 0xbd, 0xdd, + 0xc9, 0xf1, 0x0e, 0x2c, 0xdc, 0xd9, 0x1f, 0xf4, 0x53, 0x30, 0x1c, 0xef, 0x04, 0xee, 0x2d, 0x2f, + 0xa8, 0x85, 0x77, 0xe3, 0x89, 0x72, 0x1e, 0xcb, 0x77, 0x55, 0x11, 0x14, 0x0b, 0x50, 0x33, 0xc0, + 0x26, 0xb7, 0xee, 0x1f, 0x4e, 0x4f, 0xa5, 0x4a, 0xde, 0x1f, 0x4e, 0x4f, 0xa6, 0xfb, 0xb0, 0x45, + 0xbf, 0x68, 0xc1, 0x68, 0xec, 0x35, 0x02, 0x27, 0x69, 0x47, 0xe4, 0x1a, 0xd9, 0x89, 0x27, 0x80, + 0x75, 0xe4, 0xea, 0x11, 0x47, 0xc5, 0x20, 0x59, 0x3d, 0x23, 0xfa, 0x38, 0x6a, 0xb6, 0xc6, 0x38, + 0xcd, 0xb7, 0xdb, 0x42, 0xd3, 0xd3, 0x7a, 0x38, 0xdf, 0x85, 0xa6, 0x27, 0x75, 0x4f, 0x96, 0xe8, + 0x27, 0xe0, 0x24, 0x6f, 0x52, 0x23, 0x1b, 0x4f, 0x8c, 0x30, 0x41, 0x7b, 0x7a, 0x6f, 0x77, 0xf2, + 0xe4, 0x6a, 0x06, 0x86, 0x3b, 0xb0, 0xd1, 0x1d, 0x98, 0x6c, 0x91, 0xa8, 0xe9, 0x25, 0xcb, 0x81, + 0xbf, 0x23, 0xc5, 0xb7, 0x1b, 0xb6, 0x48, 0x4d, 0x74, 0x27, 0x9e, 0x18, 0x3d, 0x6f, 0x3d, 0x5b, + 0xae, 0x7e, 0x48, 0x74, 0x73, 0x72, 0xe5, 0xfe, 0xe8, 0x78, 0x3f, 0x7a, 0xf6, 0xbf, 0x2e, 0xc0, + 0xc9, 0xec, 0xc6, 0x89, 0x7e, 0xd3, 0x82, 0x13, 0xb7, 0xef, 0x26, 0x6b, 0xe1, 0x26, 0x09, 0xe2, + 0xea, 0x0e, 0x15, 0x6f, 0x6c, 0xcb, 0x18, 0xbe, 0xe0, 0xe6, 0xbb, 0x45, 0x4f, 0x5d, 0x4d, 0x73, + 0xb9, 0x14, 0x24, 0xd1, 0x4e, 0xf5, 0x71, 0xf1, 0x76, 0x27, 0xae, 0xde, 0x5a, 0x33, 0xa1, 0x38, + 0xdb, 0xa9, 0xb3, 0x5f, 0xb2, 0xe0, 0x74, 0x37, 0x12, 0xe8, 0x24, 0x14, 0x37, 0xc9, 0x0e, 0xd7, + 0xca, 0x30, 0xfd, 0x89, 0xde, 0x80, 0xd2, 0x96, 0xe3, 0xb7, 0x89, 0xd0, 0x6e, 0xe6, 0x8f, 0xf6, + 0x22, 0xaa, 0x67, 0x98, 0x53, 0xfd, 0xd1, 0xc2, 0x45, 0xcb, 0xfe, 0x77, 0x45, 0x18, 0x36, 0xf6, 0xb7, 0x07, 0xa0, 0xb1, 0x85, 0x29, 0x8d, 0x6d, 0x29, 0xb7, 0xad, 0xb9, 0xa7, 0xca, 0x76, 0x37, - 0xa3, 0xb2, 0x2d, 0xe7, 0xc7, 0xf2, 0xbe, 0x3a, 0x1b, 0x4a, 0x60, 0x38, 0x6c, 0x51, 0x8d, 0x9c, - 0x6e, 0xfd, 0x03, 0x79, 0x7c, 0xc2, 0x65, 0x49, 0xae, 0x3a, 0xba, 0xb7, 0x3b, 0x39, 0xac, 0xfe, - 0x62, 0xcd, 0xc8, 0xfe, 0xae, 0x05, 0xa7, 0x8d, 0x3e, 0xce, 0x86, 0x41, 0xcd, 0x63, 0x9f, 0xf6, - 0x3c, 0x0c, 0x24, 0x3b, 0x2d, 0xa9, 0xf6, 0xab, 0x91, 0x5a, 0xdb, 0x69, 0x11, 0xcc, 0x20, 0x54, - 0xd1, 0x6f, 0x92, 0x38, 0x76, 0x1a, 0x24, 0xab, 0xe8, 0x2f, 0xf1, 0x66, 0x2c, 0xe1, 0x28, 0x02, - 0xe4, 0x3b, 0x71, 0xb2, 0x16, 0x39, 0x41, 0xcc, 0xc8, 0xaf, 0x79, 0x4d, 0x22, 0x06, 0xf8, 0x2f, - 0xf6, 0x37, 0x63, 0xe8, 0x13, 0xd5, 0xc7, 0xf6, 0x76, 0x27, 0xd1, 0x62, 0x07, 0x25, 0xdc, 0x85, - 0xba, 0xfd, 0x75, 0x0b, 0x1e, 0xeb, 0xae, 0x8b, 0xa1, 0x67, 0x61, 0x90, 0x9b, 0x7c, 0xe2, 0xed, - 0xf4, 0x27, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x34, 0x0c, 0xab, 0x7d, 0x42, 0xbc, 0xe3, 0xb8, 0x40, - 0x1d, 0xd6, 0x9b, 0x8b, 0xc6, 0xa1, 0x83, 0x46, 0xff, 0x08, 0xcd, 0x4d, 0x0d, 0x1a, 0x33, 0x92, - 0x18, 0xc4, 0xfe, 0x13, 0x0b, 0x4e, 0x18, 0xbd, 0x7a, 0x00, 0xaa, 0x79, 0x90, 0x56, 0xcd, 0x17, - 0x72, 0x9b, 0xcf, 0x3d, 0x74, 0xf3, 0xaf, 0x58, 0x70, 0xd6, 0xc0, 0x5a, 0x72, 0x12, 0x77, 0xe3, - 0xd2, 0x76, 0x2b, 0x22, 0x31, 0x35, 0xa7, 0xd1, 0xd3, 0x86, 0xdc, 0xaa, 0x56, 0x04, 0x85, 0xe2, - 0x35, 0xb2, 0xc3, 0x85, 0xd8, 0xf3, 0x50, 0xe6, 0x93, 0x33, 0x8c, 0xc4, 0x88, 0xab, 0x77, 0x5b, - 0x16, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0x70, 0xa2, 0x8b, 0x95, 0x6e, 0x43, 0x40, 0x3f, - 0xe2, 0x4d, 0xd6, 0x82, 0x05, 0xc4, 0x5e, 0x4e, 0x75, 0x67, 0x25, 0x22, 0xec, 0xe3, 0xd6, 0x2e, - 0x7b, 0xc4, 0xaf, 0xc5, 0xd4, 0x6c, 0x70, 0x82, 0x20, 0x4c, 0x84, 0x05, 0x60, 0x98, 0x0d, 0x33, - 0xba, 0x19, 0x9b, 0x38, 0xf6, 0x5e, 0x81, 0x19, 0x1f, 0x6a, 0x59, 0x93, 0x07, 0x61, 0xb9, 0x46, - 0x29, 0x39, 0xb8, 0x92, 0x9f, 0x50, 0x22, 0xbd, 0xad, 0xd7, 0xb7, 0x32, 0xa2, 0x10, 0xe7, 0xca, - 0xf5, 0xfe, 0x16, 0xec, 0xef, 0x14, 0x60, 0x32, 0xfd, 0x40, 0x87, 0x24, 0xa5, 0xe6, 0x92, 0xc1, - 0x28, 0xeb, 0xa0, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x18, 0x15, 0x8e, 0x53, 0x18, 0x99, 0xb2, - 0xb2, 0xb8, 0x8f, 0xac, 0x7c, 0x56, 0x8d, 0xfa, 0x40, 0x46, 0x38, 0xa5, 0xf7, 0x8b, 0xf3, 0x30, - 0x10, 0x27, 0xa4, 0x35, 0x51, 0x4a, 0xcb, 0x9a, 0xd5, 0x84, 0xb4, 0x30, 0x83, 0xd8, 0xff, 0xa3, - 0x00, 0x8f, 0xa7, 0xc7, 0x50, 0x8b, 0xf7, 0x8f, 0xa7, 0xc4, 0xfb, 0x87, 0x4d, 0xf1, 0x7e, 0x6f, - 0x77, 0xf2, 0xc9, 0x1e, 0x8f, 0xfd, 0xc0, 0x48, 0x7f, 0x34, 0x9f, 0x19, 0xc5, 0xe9, 0xf4, 0x28, - 0xde, 0xdb, 0x9d, 0x7c, 0xba, 0xc7, 0x3b, 0x66, 0x86, 0xf9, 0x59, 0x18, 0x8c, 0x88, 0x13, 0x87, - 0x81, 0x18, 0x68, 0xf5, 0x39, 0x30, 0x6b, 0xc5, 0x02, 0x6a, 0xff, 0x49, 0x39, 0x3b, 0xd8, 0xf3, - 0xdc, 0xc1, 0x16, 0x46, 0xc8, 0x83, 0x01, 0xa6, 0xb2, 0x73, 0xd1, 0x70, 0xed, 0x68, 0xcb, 0x88, + 0xa3, 0xb2, 0x2d, 0xe7, 0xc7, 0xf2, 0xbe, 0x3a, 0x1b, 0x4a, 0xa0, 0x12, 0xb6, 0xa8, 0x46, 0x4e, + 0xb7, 0xfe, 0x81, 0x3c, 0x3e, 0xe1, 0xb2, 0x24, 0x57, 0x1d, 0xdd, 0xdb, 0x9d, 0xac, 0xa8, 0xbf, + 0x58, 0x33, 0xb2, 0xbf, 0x63, 0xc1, 0x69, 0xa3, 0x8f, 0xb3, 0x61, 0x50, 0xf3, 0xd8, 0xa7, 0x3d, + 0x0f, 0x03, 0xc9, 0x4e, 0x4b, 0xaa, 0xfd, 0x6a, 0xa4, 0xd6, 0x76, 0x5a, 0x04, 0x33, 0x08, 0x55, + 0xf4, 0x9b, 0x24, 0x8e, 0x9d, 0x06, 0xc9, 0x2a, 0xfa, 0x4b, 0xbc, 0x19, 0x4b, 0x38, 0x8a, 0x00, + 0xf9, 0x4e, 0x9c, 0xac, 0x45, 0x4e, 0x10, 0x33, 0xf2, 0x6b, 0x5e, 0x93, 0x88, 0x01, 0xfe, 0x4b, + 0xfd, 0xcd, 0x18, 0xfa, 0x44, 0xf5, 0xb1, 0xbd, 0xdd, 0x49, 0xb4, 0xd8, 0x41, 0x09, 0x77, 0xa1, + 0x6e, 0x7f, 0xdd, 0x82, 0xc7, 0xba, 0xeb, 0x62, 0xe8, 0x19, 0x18, 0xe4, 0x26, 0x9f, 0x78, 0x3b, + 0xfd, 0x49, 0x58, 0x2b, 0x16, 0x50, 0x34, 0x0d, 0x15, 0xb5, 0x4f, 0x88, 0x77, 0x1c, 0x17, 0xa8, + 0x15, 0xbd, 0xb9, 0x68, 0x1c, 0x3a, 0x68, 0xf4, 0x8f, 0xd0, 0xdc, 0xd4, 0xa0, 0x31, 0x23, 0x89, + 0x41, 0xec, 0x3f, 0xb3, 0xe0, 0x84, 0xd1, 0xab, 0x07, 0xa0, 0x9a, 0x07, 0x69, 0xd5, 0x7c, 0x21, + 0xb7, 0xf9, 0xdc, 0x43, 0x37, 0xff, 0x8a, 0x05, 0x67, 0x0d, 0xac, 0x25, 0x27, 0x71, 0x37, 0x2e, + 0x6d, 0xb7, 0x22, 0x12, 0x53, 0x73, 0x1a, 0x3d, 0x65, 0xc8, 0xad, 0xea, 0xb0, 0xa0, 0x50, 0xbc, + 0x46, 0x76, 0xb8, 0x10, 0x7b, 0x0e, 0xca, 0x7c, 0x72, 0x86, 0x91, 0x18, 0x71, 0xf5, 0x6e, 0xcb, + 0xa2, 0x1d, 0x2b, 0x0c, 0x64, 0xc3, 0x20, 0x13, 0x4e, 0x74, 0xb1, 0xd2, 0x6d, 0x08, 0xe8, 0x47, + 0xbc, 0xc9, 0x5a, 0xb0, 0x80, 0xd8, 0xcb, 0xa9, 0xee, 0xac, 0x44, 0x84, 0x7d, 0xdc, 0xda, 0x65, + 0x8f, 0xf8, 0xb5, 0x98, 0x9a, 0x0d, 0x4e, 0x10, 0x84, 0x89, 0xb0, 0x00, 0x0c, 0xb3, 0x61, 0x46, + 0x37, 0x63, 0x13, 0xc7, 0xde, 0x2b, 0x30, 0xe3, 0x43, 0x2d, 0x6b, 0xf2, 0x20, 0x2c, 0xd7, 0x28, + 0x25, 0x07, 0x57, 0xf2, 0x13, 0x4a, 0xa4, 0xb7, 0xf5, 0xfa, 0x56, 0x46, 0x14, 0xe2, 0x5c, 0xb9, + 0xde, 0xdf, 0x82, 0xfd, 0xbd, 0x02, 0x4c, 0xa6, 0x1f, 0xe8, 0x90, 0xa4, 0xd4, 0x5c, 0x32, 0x18, + 0x65, 0x0f, 0x28, 0x0c, 0x7c, 0x6c, 0xe2, 0xf5, 0x10, 0x46, 0x85, 0xe3, 0x14, 0x46, 0xa6, 0xac, + 0x2c, 0xee, 0x23, 0x2b, 0x9f, 0x51, 0xa3, 0x3e, 0x90, 0x11, 0x4e, 0xe9, 0xfd, 0xe2, 0x3c, 0x0c, + 0xc4, 0x09, 0x69, 0x4d, 0x94, 0xd2, 0xb2, 0x66, 0x35, 0x21, 0x2d, 0xcc, 0x20, 0xf6, 0x7f, 0x2f, + 0xc0, 0xe3, 0xe9, 0x31, 0xd4, 0xe2, 0xfd, 0xe3, 0x29, 0xf1, 0xfe, 0x11, 0x53, 0xbc, 0xdf, 0xdb, + 0x9d, 0xfc, 0x60, 0x8f, 0xc7, 0xbe, 0x6f, 0xa4, 0x3f, 0x9a, 0xcf, 0x8c, 0xe2, 0x74, 0x7a, 0x14, + 0xef, 0xed, 0x4e, 0x3e, 0xd5, 0xe3, 0x1d, 0x33, 0xc3, 0xfc, 0x0c, 0x0c, 0x46, 0xc4, 0x89, 0xc3, + 0x40, 0x0c, 0xb4, 0xfa, 0x1c, 0x98, 0xb5, 0x62, 0x01, 0xb5, 0xff, 0xac, 0x9c, 0x1d, 0xec, 0x79, + 0x7e, 0xc0, 0x16, 0x46, 0xc8, 0x83, 0x01, 0xa6, 0xb2, 0x73, 0xd1, 0x70, 0xed, 0x68, 0xcb, 0x88, 0x8a, 0x78, 0x45, 0xba, 0x5a, 0xa6, 0x5f, 0x8d, 0x36, 0x61, 0xc6, 0x02, 0x6d, 0x43, 0xd9, 0x95, - 0x9a, 0x74, 0x21, 0x0f, 0x9f, 0x93, 0xd0, 0xa3, 0x35, 0xc7, 0x11, 0x2a, 0x8b, 0x95, 0xfa, 0xad, - 0xb8, 0x21, 0x02, 0xc5, 0x86, 0x97, 0x88, 0xcf, 0x7a, 0x44, 0x5b, 0x69, 0xde, 0x33, 0x5e, 0x71, - 0x88, 0x6e, 0x10, 0xf3, 0x5e, 0x82, 0x29, 0x7d, 0xf4, 0x05, 0x0b, 0x2a, 0xb1, 0xdb, 0x5c, 0x89, - 0xc2, 0x2d, 0xaf, 0x46, 0x22, 0xa1, 0x29, 0x1d, 0x51, 0x34, 0xad, 0xce, 0x2e, 0x49, 0x82, 0x9a, - 0x2f, 0xb7, 0x5d, 0x35, 0x04, 0x9b, 0x7c, 0xa9, 0x05, 0xf1, 0xb8, 0x78, 0xf7, 0x39, 0xe2, 0x7a, - 0x74, 0x6f, 0x93, 0x06, 0x13, 0x9b, 0x29, 0x47, 0xd6, 0x1c, 0xe7, 0xda, 0xee, 0x26, 0x5d, 0x6f, - 0xba, 0x43, 0x4f, 0xee, 0xed, 0x4e, 0x3e, 0x3e, 0xdb, 0x9d, 0x27, 0xee, 0xd5, 0x19, 0x36, 0x60, - 0xad, 0xb6, 0xef, 0x63, 0x72, 0xa7, 0x4d, 0x98, 0x3b, 0x24, 0x87, 0x01, 0x5b, 0xd1, 0x04, 0x33, - 0x03, 0x66, 0x40, 0xb0, 0xc9, 0x17, 0xdd, 0x81, 0xc1, 0xa6, 0x93, 0x44, 0xde, 0xb6, 0xf0, 0x81, - 0x1c, 0x51, 0x97, 0x5f, 0x62, 0xb4, 0x34, 0x73, 0xb6, 0xf5, 0xf3, 0x46, 0x2c, 0x18, 0xa1, 0x26, - 0x94, 0x9a, 0x24, 0x6a, 0x90, 0x89, 0x72, 0x1e, 0xfe, 0xde, 0x25, 0x4a, 0x4a, 0x33, 0x1c, 0xa6, - 0x9a, 0x0f, 0x6b, 0xc3, 0x9c, 0x0b, 0x7a, 0x03, 0xca, 0x31, 0xf1, 0x89, 0x4b, 0x75, 0x97, 0x61, - 0xc6, 0xf1, 0x23, 0x7d, 0xea, 0x71, 0xce, 0x3a, 0xf1, 0x57, 0xc5, 0xa3, 0x7c, 0x81, 0xc9, 0x7f, - 0x58, 0x91, 0xb4, 0xff, 0xab, 0x05, 0x28, 0x2d, 0x61, 0x1e, 0x80, 0xf6, 0x78, 0x27, 0xad, 0x3d, - 0x2e, 0xe6, 0xa9, 0x02, 0xf4, 0x50, 0x20, 0xdf, 0x2b, 0x43, 0x46, 0x36, 0x5f, 0x27, 0x71, 0x42, - 0x6a, 0xef, 0xcb, 0xd3, 0xf7, 0xe5, 0xe9, 0xfb, 0xf2, 0x54, 0xc9, 0xd3, 0xf5, 0x8c, 0x3c, 0x7d, - 0xc5, 0x58, 0xf5, 0xfa, 0xf4, 0xf2, 0x4d, 0x75, 0xbc, 0x69, 0xf6, 0xc0, 0x40, 0xa0, 0x92, 0xe0, - 0xea, 0xea, 0xf2, 0xf5, 0xae, 0x02, 0xf4, 0xcd, 0xb4, 0x00, 0x3d, 0x2a, 0x8b, 0x07, 0x2e, 0x32, - 0xff, 0x66, 0x01, 0x9e, 0x48, 0x8b, 0x12, 0x1c, 0xfa, 0x7e, 0xd8, 0x4e, 0xa8, 0x96, 0x8c, 0x7e, - 0xd5, 0x82, 0x93, 0xcd, 0xb4, 0x79, 0x1a, 0x0b, 0x2f, 0xe0, 0x27, 0x72, 0x93, 0x73, 0x19, 0xfb, - 0xb7, 0x3a, 0x21, 0x64, 0xde, 0xc9, 0x0c, 0x20, 0xc6, 0x1d, 0x7d, 0x41, 0x6f, 0xc0, 0x70, 0xd3, - 0xd9, 0xbe, 0xd1, 0xaa, 0x39, 0x89, 0x34, 0x50, 0x7a, 0xdb, 0x95, 0xed, 0xc4, 0xf3, 0xa7, 0xf8, - 0xd9, 0xee, 0xd4, 0x42, 0x90, 0x2c, 0x47, 0xab, 0x49, 0xe4, 0x05, 0x0d, 0xee, 0xfb, 0x59, 0x92, - 0x64, 0xb0, 0xa6, 0x68, 0xff, 0x6d, 0x2b, 0x2b, 0x68, 0xd5, 0xe8, 0x44, 0x4e, 0x42, 0x1a, 0x3b, - 0xe8, 0x33, 0x50, 0xa2, 0x96, 0x84, 0x1c, 0x95, 0x5b, 0x79, 0x4a, 0x7f, 0xe3, 0x4b, 0xe8, 0x8d, - 0x80, 0xfe, 0x8b, 0x31, 0x67, 0x6a, 0xff, 0x59, 0x29, 0xbb, 0xe1, 0xb1, 0x93, 0xbe, 0x0b, 0x00, - 0x8d, 0x70, 0x8d, 0x34, 0x5b, 0x3e, 0x1d, 0x16, 0x8b, 0xb9, 0x8b, 0x95, 0xf1, 0x3c, 0xaf, 0x20, - 0xd8, 0xc0, 0x42, 0x7f, 0xc5, 0x02, 0x68, 0xc8, 0x85, 0x25, 0x37, 0xb3, 0x1b, 0x79, 0xbe, 0x8e, - 0x5e, 0xb6, 0xba, 0x2f, 0x8a, 0x21, 0x36, 0x98, 0xa3, 0x9f, 0xb3, 0xa0, 0x9c, 0xc8, 0xee, 0x73, - 0xf1, 0xbe, 0x96, 0x67, 0x4f, 0xe4, 0x4b, 0xeb, 0x7d, 0x5d, 0x0d, 0x89, 0xe2, 0x8b, 0x7e, 0xd1, - 0x02, 0x88, 0x77, 0x02, 0x77, 0x25, 0xf4, 0x3d, 0x77, 0x47, 0x48, 0xfd, 0x9b, 0xb9, 0x1a, 0xf8, - 0x8a, 0x7a, 0x75, 0x8c, 0x8e, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0xb3, 0x50, 0x8e, 0xc5, 0x74, - 0x13, 0x72, 0x7e, 0x2d, 0x5f, 0x37, 0x03, 0xa7, 0x2d, 0x44, 0x84, 0xf8, 0x87, 0x15, 0x4f, 0xf4, - 0xcb, 0x16, 0x9c, 0x68, 0xa5, 0x9d, 0x42, 0x42, 0xa4, 0xe7, 0x27, 0x03, 0x32, 0x4e, 0xa7, 0xea, - 0xa9, 0xbd, 0xdd, 0xc9, 0x13, 0x99, 0x46, 0x9c, 0xed, 0x85, 0xfd, 0xed, 0x42, 0xca, 0x35, 0xab, - 0x7c, 0x26, 0x6c, 0x32, 0xbb, 0xd2, 0x5c, 0x95, 0x6b, 0x33, 0xd7, 0xc9, 0xac, 0x8c, 0x61, 0x3d, - 0x99, 0x55, 0x53, 0x8c, 0x0d, 0xe6, 0x74, 0xdb, 0x1e, 0x77, 0xb2, 0x9e, 0x19, 0xb1, 0xbe, 0xde, - 0xc8, 0xb3, 0x4b, 0x9d, 0x8e, 0xf4, 0x27, 0x44, 0xd7, 0xc6, 0x3b, 0x40, 0xb8, 0xb3, 0x4b, 0xf6, - 0xb7, 0xd3, 0xee, 0x60, 0x63, 0x6a, 0xf4, 0xe1, 0xea, 0xfe, 0xaa, 0x05, 0x95, 0x28, 0xf4, 0x7d, - 0x2f, 0x68, 0xd0, 0x69, 0x2c, 0x64, 0xf1, 0xeb, 0xc7, 0x22, 0x0e, 0xc5, 0x7c, 0x65, 0x9b, 0x3f, - 0xd6, 0x3c, 0xb1, 0xd9, 0x01, 0xfb, 0xf3, 0x16, 0x4c, 0xf4, 0x5a, 0x6e, 0x88, 0xc0, 0x93, 0x72, - 0x2e, 0xa9, 0x83, 0xde, 0xe5, 0x60, 0x8e, 0xf8, 0x44, 0xf9, 0xc9, 0xca, 0xd5, 0x67, 0xc4, 0x6b, - 0x3e, 0xb9, 0xd2, 0x1b, 0x15, 0xdf, 0x8f, 0x8e, 0xfd, 0xad, 0x42, 0x76, 0x44, 0x95, 0xb8, 0xfd, - 0x86, 0xd5, 0x61, 0x94, 0x7c, 0xe2, 0x38, 0x44, 0x1c, 0x33, 0x5f, 0xd4, 0x79, 0x6f, 0x6f, 0x9c, - 0x87, 0x78, 0xa0, 0x64, 0xff, 0xdb, 0x01, 0xb8, 0x4f, 0xcf, 0xd4, 0x91, 0x81, 0xd5, 0xeb, 0xc8, - 0xe0, 0xe0, 0xa7, 0x10, 0x5f, 0xb6, 0x60, 0xd0, 0xa7, 0xfa, 0x11, 0x77, 0x8b, 0x57, 0x2e, 0xd4, - 0x8e, 0x6b, 0xec, 0xb9, 0x1a, 0x16, 0xf3, 0x43, 0x4d, 0xe5, 0x19, 0xe3, 0x8d, 0x58, 0xf4, 0x01, - 0x7d, 0xd3, 0x4a, 0xfb, 0xd8, 0x79, 0x94, 0x8a, 0x77, 0x6c, 0x7d, 0x32, 0x1c, 0xf7, 0xbc, 0x63, - 0xda, 0x25, 0xdc, 0xc3, 0xa5, 0x8f, 0xa6, 0x00, 0xea, 0x5e, 0xe0, 0xf8, 0xde, 0x5b, 0xd4, 0xce, - 0x2b, 0xb1, 0x43, 0x00, 0xb6, 0x69, 0x5d, 0x56, 0xad, 0xd8, 0xc0, 0x38, 0xfb, 0x97, 0xa1, 0x62, - 0xbc, 0x79, 0x97, 0xb3, 0xd8, 0xd3, 0xe6, 0x59, 0xec, 0xb0, 0x71, 0x84, 0x7a, 0xf6, 0x15, 0x38, - 0x99, 0xed, 0xe0, 0x41, 0x9e, 0xb7, 0x7f, 0x63, 0x30, 0xeb, 0x18, 0x5f, 0x23, 0x51, 0x93, 0x76, - 0xed, 0x7d, 0xfb, 0xf8, 0x7d, 0xfb, 0xf8, 0x7d, 0xfb, 0x58, 0xfe, 0xb1, 0xf7, 0x4a, 0x90, 0xd2, - 0x0c, 0x78, 0xef, 0x3e, 0x04, 0x43, 0x11, 0x69, 0x85, 0x37, 0xf0, 0xa2, 0x90, 0xb8, 0x3a, 0x3a, - 0x95, 0x37, 0x63, 0x09, 0xa7, 0x92, 0xb9, 0xe5, 0x24, 0x1b, 0x42, 0xe4, 0x2a, 0xc9, 0xbc, 0xe2, - 0x24, 0x1b, 0x98, 0x41, 0xd0, 0x2b, 0x30, 0x96, 0x38, 0x51, 0x83, 0x24, 0x98, 0x6c, 0xb1, 0x41, - 0x10, 0x87, 0x0d, 0x8f, 0x09, 0xdc, 0xb1, 0xb5, 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x1d, 0x18, 0xd8, - 0x20, 0x7e, 0x53, 0x18, 0xf0, 0xab, 0xf9, 0x49, 0x44, 0xf6, 0xae, 0x57, 0x88, 0xdf, 0xe4, 0xeb, - 0x95, 0xfe, 0xc2, 0x8c, 0x15, 0xfd, 0x3a, 0xc3, 0x9b, 0xed, 0x38, 0x09, 0x9b, 0xde, 0x5b, 0xd2, - 0xac, 0xff, 0x44, 0xce, 0x8c, 0xaf, 0x49, 0xfa, 0xdc, 0xf6, 0x54, 0x7f, 0xb1, 0xe6, 0xcc, 0xfa, - 0x51, 0xf3, 0x22, 0x66, 0xa6, 0xef, 0x4c, 0xc0, 0xb1, 0xf4, 0x63, 0x4e, 0xd2, 0xe7, 0xfd, 0x50, - 0x7f, 0xb1, 0xe6, 0x8c, 0x76, 0x60, 0xb0, 0xe5, 0xb7, 0x1b, 0x5e, 0x30, 0x51, 0x61, 0x7d, 0xb8, - 0x91, 0x73, 0x1f, 0x56, 0x18, 0x71, 0xee, 0x5c, 0xe1, 0xbf, 0xb1, 0x60, 0x88, 0x9e, 0x81, 0x92, - 0xbb, 0xe1, 0x44, 0xc9, 0xc4, 0x08, 0x9b, 0x34, 0xca, 0x06, 0x9e, 0xa5, 0x8d, 0x98, 0xc3, 0xd0, - 0xd3, 0x50, 0x8c, 0x48, 0x9d, 0x05, 0x45, 0x19, 0xc7, 0xe5, 0x98, 0xd4, 0x31, 0x6d, 0xb7, 0xff, - 0x6e, 0x21, 0xad, 0x5c, 0xa4, 0xdf, 0x9b, 0xcf, 0x76, 0xb7, 0x1d, 0xc5, 0xd2, 0x4e, 0x36, 0x66, - 0x3b, 0x6b, 0xc6, 0x12, 0x8e, 0x3e, 0x6f, 0xc1, 0xd0, 0xed, 0x38, 0x0c, 0x02, 0x92, 0x08, 0x41, - 0x7e, 0x33, 0xe7, 0xa1, 0xb8, 0xca, 0xa9, 0xeb, 0x3e, 0x88, 0x06, 0x2c, 0xf9, 0xd2, 0xee, 0x92, - 0x6d, 0xd7, 0x6f, 0xd7, 0x3a, 0x4e, 0x49, 0x2f, 0xf1, 0x66, 0x2c, 0xe1, 0x14, 0xd5, 0x0b, 0x38, - 0xea, 0x40, 0x1a, 0x75, 0x21, 0x10, 0xa8, 0x02, 0x6e, 0xff, 0x56, 0x09, 0xce, 0x74, 0x5d, 0x1c, - 0x74, 0xdb, 0x67, 0x1b, 0xeb, 0x65, 0xcf, 0x27, 0xf2, 0xec, 0x9f, 0x6d, 0xfb, 0x37, 0x55, 0x2b, - 0x36, 0x30, 0xd0, 0xcf, 0x02, 0xb4, 0x9c, 0xc8, 0x69, 0x12, 0xb1, 0xdd, 0x15, 0x8f, 0xbe, 0xbb, - 0xd2, 0x7e, 0xac, 0x48, 0x9a, 0xda, 0xda, 0x52, 0x4d, 0x31, 0x36, 0x58, 0xa2, 0x8f, 0x42, 0x25, - 0x22, 0x3e, 0x71, 0x62, 0x16, 0x53, 0x97, 0x0d, 0x10, 0xc6, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0xac, - 0x0a, 0x93, 0xc8, 0x1c, 0x29, 0xa7, 0x43, 0x25, 0xd0, 0xdb, 0x16, 0x8c, 0xd5, 0x3d, 0x9f, 0x68, - 0xee, 0x22, 0x9c, 0x77, 0xf9, 0xe8, 0x2f, 0x79, 0xd9, 0xa4, 0xab, 0x25, 0x64, 0xaa, 0x39, 0xc6, - 0x19, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x88, 0x89, 0xd6, 0xc1, 0xf4, 0x67, 0xbe, 0xc9, 0x9b, 0xb1, - 0x84, 0xa3, 0x19, 0x38, 0xd1, 0x72, 0xe2, 0x78, 0x36, 0x22, 0x35, 0x12, 0x24, 0x9e, 0xe3, 0xf3, - 0x60, 0xdb, 0xb2, 0x0e, 0xb6, 0x5b, 0x49, 0x83, 0x71, 0x16, 0x1f, 0x7d, 0x12, 0x1e, 0xf7, 0x1a, - 0x41, 0x18, 0x91, 0x25, 0x2f, 0x8e, 0xbd, 0xa0, 0xa1, 0xa7, 0x01, 0x93, 0x94, 0xe5, 0xea, 0xa4, - 0x20, 0xf5, 0xf8, 0x42, 0x77, 0x34, 0xdc, 0xeb, 0x79, 0xf4, 0x3c, 0x94, 0xe3, 0x4d, 0xaf, 0x35, - 0x1b, 0xd5, 0x62, 0xe6, 0xe8, 0x2c, 0x6b, 0xef, 0xcc, 0xaa, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0x95, - 0x42, 0xda, 0xbc, 0x33, 0xd7, 0x0f, 0x8a, 0xe9, 0x2a, 0x49, 0x6e, 0x3a, 0x91, 0x34, 0xfd, 0x8f, - 0x18, 0xae, 0x2b, 0xe8, 0xde, 0x74, 0x22, 0x73, 0xbd, 0x31, 0x06, 0x58, 0x72, 0x42, 0xb7, 0x61, - 0x20, 0xf1, 0x9d, 0x9c, 0xe2, 0xfb, 0x0d, 0x8e, 0xda, 0xda, 0x5e, 0x9c, 0x89, 0x31, 0xe3, 0x81, - 0x9e, 0xa2, 0xea, 0xeb, 0xba, 0x8c, 0xe9, 0x11, 0x1a, 0xe7, 0x7a, 0x8c, 0x59, 0xab, 0xfd, 0xff, - 0xcb, 0x5d, 0x44, 0x9e, 0xda, 0x63, 0xd0, 0x05, 0x00, 0x6a, 0x09, 0xad, 0x44, 0xa4, 0xee, 0x6d, - 0x8b, 0x3d, 0x5e, 0x2d, 0xab, 0xeb, 0x0a, 0x82, 0x0d, 0x2c, 0xf9, 0xcc, 0x6a, 0xbb, 0x4e, 0x9f, - 0x29, 0x74, 0x3e, 0xc3, 0x21, 0xd8, 0xc0, 0x42, 0x2f, 0xc1, 0xa0, 0xd7, 0x74, 0x1a, 0x2a, 0xf4, - 0xe8, 0x29, 0xba, 0x9e, 0x16, 0x58, 0xcb, 0xbd, 0xdd, 0xc9, 0x31, 0xd5, 0x21, 0xd6, 0x84, 0x05, - 0x2e, 0xfa, 0x96, 0x05, 0x23, 0x6e, 0xd8, 0x6c, 0x86, 0x01, 0xb7, 0x1f, 0x84, 0x31, 0x74, 0xfb, - 0xb8, 0x76, 0xe0, 0xa9, 0x59, 0x83, 0x19, 0xb7, 0x86, 0x54, 0x22, 0x82, 0x09, 0xc2, 0xa9, 0x5e, - 0x99, 0xcb, 0xae, 0xb4, 0xcf, 0xb2, 0xfb, 0x6d, 0x0b, 0xc6, 0xf9, 0xb3, 0x86, 0x59, 0x23, 0x62, - 0xee, 0xc3, 0x63, 0x7e, 0xad, 0x0e, 0x4b, 0x4f, 0xb9, 0x84, 0x3a, 0xe0, 0xb8, 0xb3, 0x93, 0x68, - 0x1e, 0xc6, 0xeb, 0x61, 0xe4, 0x12, 0x73, 0x20, 0x84, 0xcc, 0x50, 0x84, 0x2e, 0x67, 0x11, 0x70, - 0xe7, 0x33, 0xe8, 0x26, 0x3c, 0x66, 0x34, 0x9a, 0xe3, 0xc0, 0xc5, 0xc6, 0x39, 0x41, 0xed, 0xb1, - 0xcb, 0x5d, 0xb1, 0x70, 0x8f, 0xa7, 0xd3, 0x96, 0xff, 0x70, 0x1f, 0x96, 0xff, 0x9b, 0xf0, 0x84, - 0xdb, 0x39, 0x32, 0x5b, 0x71, 0x7b, 0x3d, 0x4e, 0x98, 0x92, 0x55, 0xae, 0xfe, 0x05, 0x41, 0xe0, - 0x89, 0xd9, 0x5e, 0x88, 0xb8, 0x37, 0x0d, 0xf4, 0x19, 0x28, 0x47, 0x84, 0x7d, 0x95, 0x58, 0x04, - 0xa0, 0x1f, 0xd1, 0xdc, 0xd3, 0xca, 0x21, 0x27, 0xab, 0xc5, 0xa2, 0x68, 0x88, 0xb1, 0xe2, 0x78, - 0xf6, 0xe3, 0x30, 0xde, 0x31, 0x9f, 0x0f, 0x64, 0x7c, 0xcf, 0xc1, 0x63, 0xdd, 0x67, 0xce, 0x81, - 0x4c, 0xf0, 0x7f, 0x9c, 0x89, 0xab, 0x32, 0x14, 0xbd, 0x3e, 0xdc, 0x39, 0x0e, 0x14, 0x49, 0xb0, - 0x25, 0x04, 0xe9, 0xe5, 0xa3, 0x8d, 0xde, 0xa5, 0x60, 0x8b, 0x4f, 0x7c, 0x66, 0xb3, 0x5e, 0x0a, - 0xb6, 0x30, 0xa5, 0x8d, 0xde, 0xb1, 0x52, 0x8a, 0x0a, 0x77, 0x02, 0x7d, 0xea, 0x58, 0x34, 0xdb, - 0xbe, 0x75, 0x17, 0xfb, 0xdf, 0x15, 0xe0, 0xfc, 0x7e, 0x44, 0xfa, 0x18, 0xbe, 0x67, 0x60, 0x30, - 0x66, 0x07, 0x5b, 0x42, 0x32, 0x55, 0xa8, 0x54, 0xe2, 0x47, 0x5d, 0x6f, 0x62, 0x01, 0x42, 0x3e, - 0x14, 0x9b, 0x4e, 0x4b, 0xf8, 0x06, 0x16, 0x8e, 0x1a, 0x45, 0x4d, 0xff, 0x3b, 0xfe, 0x92, 0xd3, - 0xe2, 0x16, 0xa7, 0xd1, 0x80, 0x29, 0x1b, 0x94, 0x40, 0xc9, 0x89, 0x22, 0x47, 0x9e, 0xa2, 0x5c, - 0xcb, 0x87, 0xdf, 0x0c, 0x25, 0x59, 0x1d, 0xdf, 0xdb, 0x9d, 0x1c, 0x4d, 0x35, 0x61, 0xce, 0xcc, - 0xfe, 0xf2, 0x50, 0x2a, 0x92, 0x98, 0x1d, 0x8d, 0xc5, 0x30, 0x28, 0x5c, 0x02, 0x56, 0xde, 0xc1, - 0xeb, 0x3c, 0x15, 0x84, 0xd9, 0x31, 0x22, 0xa1, 0x4e, 0xb0, 0x42, 0x5f, 0xb2, 0x58, 0xda, 0x9a, - 0x8c, 0xae, 0x16, 0xd6, 0xc3, 0xf1, 0x64, 0xd1, 0x99, 0xc9, 0x70, 0xb2, 0x11, 0x9b, 0xdc, 0xe9, - 0xd6, 0xd5, 0xe2, 0x09, 0x18, 0x59, 0x1b, 0x42, 0x26, 0xb6, 0x49, 0x38, 0xda, 0xee, 0x72, 0x04, - 0x96, 0x43, 0xea, 0x53, 0x1f, 0x87, 0x5e, 0xdf, 0xb4, 0x60, 0x9c, 0x6b, 0x8a, 0x73, 0x5e, 0xbd, - 0x4e, 0x22, 0x12, 0xb8, 0x44, 0xea, 0xda, 0x47, 0x3c, 0x64, 0x95, 0x7e, 0x98, 0x85, 0x2c, 0x79, - 0xbd, 0xa7, 0x75, 0x80, 0x70, 0x67, 0x67, 0x50, 0x0d, 0x06, 0xbc, 0xa0, 0x1e, 0x8a, 0x9d, 0xbc, - 0x7a, 0xb4, 0x4e, 0x2d, 0x04, 0xf5, 0x50, 0xaf, 0x66, 0xfa, 0x0f, 0x33, 0xea, 0x68, 0x11, 0x4e, - 0x47, 0xc2, 0x1b, 0x72, 0xc5, 0x8b, 0xa9, 0xcd, 0xba, 0xe8, 0x35, 0xbd, 0x84, 0xed, 0xc2, 0xc5, - 0xea, 0xc4, 0xde, 0xee, 0xe4, 0x69, 0xdc, 0x05, 0x8e, 0xbb, 0x3e, 0x85, 0xde, 0x82, 0x21, 0x99, - 0x67, 0x57, 0xce, 0xc3, 0x6e, 0xe9, 0x9c, 0xff, 0x6a, 0x32, 0xad, 0x8a, 0x94, 0x3a, 0xc9, 0xd0, - 0x7e, 0xbb, 0x02, 0x9d, 0x07, 0x51, 0xe8, 0x67, 0x60, 0x38, 0x52, 0xb9, 0x7f, 0x56, 0x1e, 0x21, - 0x54, 0xf2, 0xfb, 0x8a, 0x43, 0x30, 0xa5, 0x0f, 0xe8, 0x2c, 0x3f, 0xcd, 0x91, 0x6a, 0xed, 0xb1, - 0x3e, 0xaf, 0xca, 0x61, 0x6e, 0x0b, 0xae, 0xfa, 0x9c, 0x63, 0x27, 0x70, 0x31, 0xe3, 0x81, 0x22, - 0x18, 0xdc, 0x20, 0x8e, 0x9f, 0x6c, 0xe4, 0xe3, 0x92, 0xbd, 0xc2, 0x68, 0x65, 0xa3, 0xc4, 0x79, - 0x2b, 0x16, 0x9c, 0xd0, 0x36, 0x0c, 0x6d, 0xf0, 0x09, 0x20, 0x14, 0xe9, 0xa5, 0xa3, 0x0e, 0x6e, - 0x6a, 0x56, 0xe9, 0xcf, 0x2d, 0x1a, 0xb0, 0x64, 0xc7, 0xce, 0xcf, 0x8d, 0x33, 0x58, 0xbe, 0x74, - 0xf3, 0x0b, 0x90, 0xef, 0xff, 0x00, 0xf6, 0xd3, 0x30, 0x12, 0x11, 0x37, 0x0c, 0x5c, 0xcf, 0x27, - 0xb5, 0x19, 0xe9, 0x6e, 0x3d, 0x48, 0x58, 0xf5, 0x49, 0x6a, 0x0c, 0x60, 0x83, 0x06, 0x4e, 0x51, - 0x44, 0x5f, 0xb4, 0x60, 0x4c, 0x25, 0x0c, 0xd1, 0x0f, 0x42, 0x84, 0xc3, 0x72, 0x31, 0xa7, 0xf4, - 0x24, 0x46, 0xb3, 0x8a, 0xf6, 0x76, 0x27, 0xc7, 0xd2, 0x6d, 0x38, 0xc3, 0x17, 0xbd, 0x06, 0x10, - 0xae, 0xf3, 0x43, 0xf2, 0x99, 0x44, 0x78, 0x2f, 0x0f, 0xf2, 0xaa, 0x63, 0x3c, 0xbf, 0x42, 0x52, - 0xc0, 0x06, 0x35, 0x74, 0x0d, 0x80, 0x2f, 0x9b, 0xb5, 0x9d, 0x96, 0xd4, 0xb6, 0x65, 0x5c, 0x3c, - 0xac, 0x2a, 0xc8, 0xbd, 0xdd, 0xc9, 0x4e, 0x6f, 0x12, 0x3b, 0x2a, 0x36, 0x1e, 0x47, 0x3f, 0x0d, - 0x43, 0x71, 0xbb, 0xd9, 0x74, 0x94, 0x6f, 0x33, 0xc7, 0x8c, 0x0d, 0x4e, 0xd7, 0x10, 0x45, 0xbc, - 0x01, 0x4b, 0x8e, 0xe8, 0x36, 0x15, 0xaa, 0xb1, 0x70, 0x73, 0xb1, 0x55, 0xc4, 0x75, 0x82, 0x0a, - 0x7b, 0xa7, 0x8f, 0x89, 0xe7, 0x4e, 0xe3, 0x2e, 0x38, 0xf7, 0x76, 0x27, 0x1f, 0x4b, 0xb7, 0x2f, - 0x86, 0x22, 0x87, 0xa2, 0x2b, 0x4d, 0x74, 0x55, 0xa6, 0xdd, 0xd3, 0xd7, 0x96, 0xd9, 0xa0, 0xcf, - 0xe9, 0xb4, 0x7b, 0xd6, 0xdc, 0x7b, 0xcc, 0xcc, 0x87, 0xd1, 0x12, 0x9c, 0x72, 0xc3, 0x20, 0x89, - 0x42, 0xdf, 0xe7, 0xb5, 0x24, 0xb8, 0xe1, 0xc3, 0x7d, 0x9f, 0x4f, 0x8a, 0x6e, 0x9f, 0x9a, 0xed, - 0x44, 0xc1, 0xdd, 0x9e, 0xb3, 0x83, 0x74, 0xf4, 0x90, 0x18, 0x9c, 0x97, 0x60, 0x84, 0x6c, 0x27, - 0x24, 0x0a, 0x1c, 0xff, 0x06, 0x5e, 0x94, 0x5e, 0x3f, 0xb6, 0x06, 0x2e, 0x19, 0xed, 0x38, 0x85, - 0x85, 0x6c, 0x65, 0xed, 0x17, 0x74, 0xa2, 0x11, 0xb7, 0xf6, 0xa5, 0x6d, 0x6f, 0xff, 0xbf, 0x42, - 0x4a, 0x21, 0x5b, 0x8b, 0x08, 0x41, 0x21, 0x94, 0x82, 0xb0, 0xa6, 0x64, 0xff, 0xd5, 0x7c, 0x64, - 0xff, 0xf5, 0xb0, 0x66, 0xe4, 0xe6, 0xd3, 0x7f, 0x31, 0xe6, 0x7c, 0x58, 0xf2, 0xb2, 0xcc, 0xf2, - 0x66, 0x00, 0x61, 0x68, 0xe4, 0xc9, 0x59, 0x25, 0x2f, 0x2f, 0x9b, 0x8c, 0x70, 0x9a, 0x2f, 0xda, - 0x84, 0xd2, 0x46, 0x18, 0x27, 0xd2, 0xfc, 0x38, 0xa2, 0xa5, 0x73, 0x25, 0x8c, 0x13, 0xa6, 0x45, - 0xa8, 0xd7, 0xa6, 0x2d, 0x31, 0xe6, 0x3c, 0xec, 0xff, 0x66, 0xa5, 0x7c, 0xbc, 0xb7, 0x58, 0x24, - 0xdd, 0x16, 0x09, 0xe8, 0xb2, 0x36, 0x83, 0x3b, 0xfe, 0x52, 0x26, 0xd1, 0xe5, 0x83, 0xbd, 0x2a, - 0xa5, 0xdc, 0xa5, 0x14, 0xa6, 0x18, 0x09, 0x23, 0x0e, 0xe4, 0x73, 0x56, 0x3a, 0xe5, 0xa8, 0x90, - 0x87, 0x81, 0x61, 0xa6, 0xd4, 0xed, 0x9b, 0xbd, 0x64, 0xbf, 0x63, 0xc1, 0x50, 0xd5, 0x71, 0x37, - 0xc3, 0x7a, 0x1d, 0x3d, 0x0f, 0xe5, 0x5a, 0x3b, 0x32, 0xb3, 0x9f, 0x94, 0xf5, 0x3c, 0x27, 0xda, - 0xb1, 0xc2, 0xa0, 0x73, 0xb8, 0xee, 0xb8, 0x32, 0xb1, 0xae, 0xc8, 0xe7, 0xf0, 0x65, 0xd6, 0x82, - 0x05, 0x04, 0x7d, 0x14, 0x2a, 0x4d, 0x67, 0x5b, 0x3e, 0x9c, 0x75, 0x30, 0x2f, 0x69, 0x10, 0x36, - 0xf1, 0xec, 0x7f, 0x6d, 0xc1, 0x44, 0xd5, 0x89, 0x3d, 0x77, 0xa6, 0x9d, 0x6c, 0x54, 0xbd, 0x64, - 0xbd, 0xed, 0x6e, 0x92, 0x84, 0x67, 0x53, 0xd2, 0x5e, 0xb6, 0x63, 0xba, 0x94, 0x94, 0x5d, 0xa7, - 0x7a, 0x79, 0x43, 0xb4, 0x63, 0x85, 0x81, 0xde, 0x82, 0x4a, 0xcb, 0x89, 0xe3, 0xbb, 0x61, 0x54, - 0xc3, 0xa4, 0x9e, 0x4f, 0x2e, 0xf3, 0x2a, 0x71, 0x23, 0x92, 0x60, 0x52, 0x17, 0x47, 0x86, 0x9a, - 0x3e, 0x36, 0x99, 0xd9, 0x7f, 0xc3, 0x82, 0x11, 0x76, 0xfa, 0x32, 0x47, 0x12, 0xc7, 0xf3, 0x3b, - 0x0a, 0x72, 0x58, 0x7d, 0x16, 0xe4, 0x38, 0x0f, 0x03, 0x1b, 0x61, 0x93, 0x64, 0x4f, 0x0e, 0xaf, - 0x84, 0xd4, 0x8a, 0xa5, 0x10, 0xf4, 0x22, 0x1d, 0x67, 0x2f, 0x48, 0x1c, 0x3a, 0xe3, 0xa4, 0x0b, - 0xf1, 0x04, 0x1f, 0x63, 0xd5, 0x8c, 0x4d, 0x1c, 0xfb, 0x77, 0x86, 0x61, 0x48, 0x1c, 0xc6, 0xf6, - 0x9d, 0xc0, 0x2a, 0xcd, 0xe9, 0x42, 0x4f, 0x73, 0x3a, 0x86, 0x41, 0x97, 0x95, 0xfb, 0x11, 0x5a, - 0xdb, 0xb5, 0x5c, 0x4e, 0xef, 0x79, 0x05, 0x21, 0xdd, 0x2d, 0xfe, 0x1f, 0x0b, 0x56, 0xe8, 0x6b, - 0x16, 0x9c, 0x70, 0xc3, 0x20, 0x20, 0xae, 0x56, 0x29, 0x06, 0xf2, 0x88, 0xc7, 0x99, 0x4d, 0x13, - 0xd5, 0xae, 0xff, 0x0c, 0x00, 0x67, 0xd9, 0xa3, 0x97, 0x61, 0x94, 0x8f, 0xd9, 0xcd, 0x94, 0xdf, - 0x53, 0xd7, 0x69, 0x30, 0x81, 0x38, 0x8d, 0x8b, 0xa6, 0xb8, 0xff, 0x58, 0x54, 0x44, 0x18, 0xd4, - 0xe7, 0x48, 0x46, 0x2d, 0x04, 0x03, 0x03, 0x45, 0x80, 0x22, 0x52, 0x8f, 0x48, 0xbc, 0x21, 0x0e, - 0xab, 0x99, 0x3a, 0x33, 0x74, 0xb8, 0x84, 0x38, 0xdc, 0x41, 0x09, 0x77, 0xa1, 0x8e, 0x36, 0x85, - 0x3d, 0x57, 0xce, 0x43, 0x64, 0x89, 0xcf, 0xdc, 0xd3, 0xac, 0x9b, 0x84, 0x52, 0xbc, 0xe1, 0x44, - 0x35, 0xa6, 0x46, 0x15, 0x79, 0xdc, 0xf7, 0x2a, 0x6d, 0xc0, 0xbc, 0x1d, 0xcd, 0xc1, 0xc9, 0x4c, - 0x95, 0x89, 0x58, 0xf8, 0x27, 0x55, 0x7c, 0x74, 0xa6, 0x3e, 0x45, 0x8c, 0x3b, 0x9e, 0x30, 0x6d, - 0xfd, 0xca, 0x3e, 0xb6, 0xfe, 0x8e, 0x0a, 0x89, 0x1a, 0x61, 0xdb, 0xd1, 0xab, 0xb9, 0x0c, 0x40, - 0x5f, 0xf1, 0x4f, 0x5f, 0xc9, 0xc4, 0x3f, 0x8d, 0xb2, 0x0e, 0xdc, 0xcc, 0xa7, 0x03, 0x07, 0x0f, - 0x76, 0x7a, 0x98, 0xc1, 0x4b, 0xff, 0xd7, 0x02, 0xf9, 0x5d, 0x67, 0x1d, 0x77, 0x83, 0xd0, 0x29, - 0x83, 0x5e, 0x81, 0x31, 0x65, 0xb1, 0xce, 0x86, 0xed, 0x80, 0xc7, 0x2d, 0x15, 0xf5, 0x19, 0x21, - 0x4e, 0x41, 0x71, 0x06, 0x1b, 0x4d, 0xc3, 0x30, 0x1d, 0x27, 0xfe, 0x28, 0xdf, 0xda, 0x94, 0x55, - 0x3c, 0xb3, 0xb2, 0x20, 0x9e, 0xd2, 0x38, 0x28, 0x84, 0x71, 0xdf, 0x89, 0x13, 0xd6, 0x03, 0x6a, - 0xc0, 0x1e, 0x32, 0x1d, 0x95, 0x15, 0xd9, 0x59, 0xcc, 0x12, 0xc2, 0x9d, 0xb4, 0xed, 0xef, 0x0e, - 0xc0, 0x68, 0x4a, 0x32, 0x1e, 0x70, 0x4f, 0x7c, 0x1e, 0xca, 0x72, 0x9b, 0xca, 0x26, 0xc5, 0xab, - 0xbd, 0x4c, 0x61, 0xd0, 0x4d, 0x6b, 0x9d, 0x38, 0x11, 0x89, 0x58, 0xfd, 0x8e, 0xec, 0x1e, 0x5e, - 0xd5, 0x20, 0x6c, 0xe2, 0x31, 0xa1, 0x9c, 0xf8, 0xf1, 0xac, 0xef, 0x91, 0x20, 0xe1, 0xdd, 0xcc, - 0x47, 0x28, 0xaf, 0x2d, 0xae, 0x9a, 0x44, 0xb5, 0x50, 0xce, 0x00, 0x70, 0x96, 0x3d, 0xfa, 0x05, - 0x0b, 0x46, 0x9d, 0xbb, 0xb1, 0xae, 0x49, 0x27, 0x22, 0x9d, 0x8e, 0xb8, 0x49, 0xa5, 0xca, 0xdc, - 0x71, 0x0f, 0x6b, 0xaa, 0x09, 0xa7, 0x99, 0xa2, 0x6f, 0x58, 0x80, 0xc8, 0x36, 0x71, 0x65, 0x2c, - 0x96, 0xe8, 0xcb, 0x60, 0x1e, 0x86, 0xdd, 0xa5, 0x0e, 0xba, 0x5c, 0xaa, 0x77, 0xb6, 0xe3, 0x2e, - 0x7d, 0xb0, 0xff, 0x59, 0x51, 0x2d, 0x28, 0x1d, 0xfe, 0xe7, 0x18, 0x49, 0x35, 0xd6, 0xe1, 0x93, - 0x6a, 0xf4, 0x01, 0x75, 0x47, 0x62, 0x4d, 0x3a, 0x87, 0xa1, 0xf0, 0x90, 0x72, 0x18, 0x7e, 0xce, - 0x4a, 0x95, 0x7f, 0xa8, 0x5c, 0x78, 0x2d, 0xdf, 0xd0, 0xc3, 0x29, 0x1e, 0x1e, 0x91, 0x91, 0xee, - 0xe9, 0x98, 0x09, 0x2a, 0x4d, 0x0d, 0xb4, 0x03, 0x49, 0xc3, 0xff, 0x54, 0x84, 0x8a, 0xb1, 0x93, - 0x76, 0x55, 0x8b, 0xac, 0x47, 0x4c, 0x2d, 0x2a, 0x1c, 0x40, 0x2d, 0xfa, 0x59, 0x18, 0x76, 0xa5, - 0x94, 0xcf, 0xa7, 0x00, 0x62, 0x76, 0xef, 0xd0, 0x82, 0x5e, 0x35, 0x61, 0xcd, 0x13, 0xcd, 0xa7, - 0x72, 0x13, 0xc4, 0x0e, 0x31, 0xc0, 0x76, 0x88, 0x6e, 0xc9, 0x03, 0x62, 0xa7, 0xe8, 0x7c, 0x86, - 0x55, 0x09, 0x69, 0x79, 0xe2, 0xbd, 0x64, 0x80, 0x30, 0xaf, 0x12, 0xb2, 0xb2, 0x20, 0x9b, 0xb1, - 0x89, 0x63, 0x7f, 0xd7, 0x52, 0x1f, 0xf7, 0x01, 0xa4, 0xe9, 0xde, 0x4e, 0xa7, 0xe9, 0x5e, 0xca, - 0x65, 0x98, 0x7b, 0xe4, 0xe7, 0x5e, 0x87, 0xa1, 0xd9, 0xb0, 0xd9, 0x74, 0x82, 0x1a, 0xfa, 0x11, - 0x18, 0x72, 0xf9, 0x4f, 0xe1, 0x47, 0x61, 0xa7, 0x71, 0x02, 0x8a, 0x25, 0x0c, 0x3d, 0x05, 0x03, - 0x4e, 0xd4, 0x90, 0xbe, 0x13, 0x16, 0xd0, 0x31, 0x13, 0x35, 0x62, 0xcc, 0x5a, 0xed, 0xb7, 0x8b, - 0x00, 0xb3, 0x61, 0xb3, 0xe5, 0x44, 0xa4, 0xb6, 0x16, 0xb2, 0x02, 0x4c, 0xc7, 0x7a, 0x86, 0xa5, - 0x8d, 0xa5, 0x47, 0xf9, 0x1c, 0xcb, 0x38, 0xcb, 0x28, 0x3e, 0xe8, 0xb3, 0x8c, 0x2f, 0x5b, 0x80, - 0xe8, 0x17, 0x09, 0x03, 0x12, 0x24, 0xfa, 0x70, 0x76, 0x1a, 0x86, 0x5d, 0xd9, 0x2a, 0xb4, 0x16, - 0xbd, 0xfe, 0x24, 0x00, 0x6b, 0x9c, 0x3e, 0xcc, 0xcf, 0x67, 0xa4, 0x70, 0x2c, 0xa6, 0x63, 0x20, - 0x99, 0x48, 0x15, 0xb2, 0xd2, 0xfe, 0xdd, 0x02, 0x3c, 0xc6, 0xf7, 0xbb, 0x25, 0x27, 0x70, 0x1a, - 0xa4, 0x49, 0x7b, 0xd5, 0xef, 0x71, 0xbb, 0x4b, 0xed, 0x1e, 0x4f, 0xc6, 0x34, 0x1e, 0x75, 0x61, - 0xf0, 0x09, 0xcd, 0xa7, 0xf0, 0x42, 0xe0, 0x25, 0x98, 0x11, 0x47, 0x31, 0x94, 0x65, 0x39, 0x5d, - 0x21, 0xe8, 0x72, 0x62, 0xa4, 0xd6, 0xbc, 0xd8, 0x94, 0x08, 0x56, 0x8c, 0xa8, 0x56, 0xe8, 0x87, - 0xee, 0x26, 0x26, 0xad, 0x90, 0x09, 0x35, 0x23, 0xa4, 0x6c, 0x51, 0xb4, 0x63, 0x85, 0x61, 0xff, - 0xae, 0x05, 0x59, 0x71, 0x6f, 0x94, 0x9a, 0xb1, 0xee, 0x5b, 0x6a, 0xe6, 0x00, 0xb5, 0x5e, 0x7e, - 0x0a, 0x2a, 0x4e, 0x42, 0x77, 0x68, 0x6e, 0xd3, 0x16, 0x0f, 0xe7, 0xa2, 0x5f, 0x0a, 0x6b, 0x5e, - 0xdd, 0x63, 0xb6, 0xac, 0x49, 0xce, 0xfe, 0xdf, 0x03, 0x30, 0xde, 0x11, 0xa7, 0x8e, 0x2e, 0xc2, - 0x88, 0x2b, 0xa6, 0x47, 0x0b, 0x93, 0xba, 0x78, 0x19, 0x23, 0xce, 0x49, 0xc3, 0x70, 0x0a, 0xb3, - 0x8f, 0x09, 0xba, 0x00, 0xa7, 0x22, 0x6a, 0x45, 0xb7, 0xc9, 0x4c, 0x3d, 0x21, 0xd1, 0x2a, 0x71, - 0xc3, 0xa0, 0xc6, 0x0b, 0x22, 0x15, 0xab, 0x8f, 0xef, 0xed, 0x4e, 0x9e, 0xc2, 0x9d, 0x60, 0xdc, - 0xed, 0x19, 0xd4, 0x82, 0x51, 0xdf, 0x54, 0xb0, 0x84, 0x76, 0x7d, 0x28, 0xdd, 0x4c, 0x6d, 0xc0, - 0xa9, 0x66, 0x9c, 0x66, 0x90, 0xd6, 0xd2, 0x4a, 0x0f, 0x49, 0x4b, 0xfb, 0x79, 0xad, 0xa5, 0xf1, - 0xb3, 0xe4, 0xd7, 0x73, 0xce, 0x53, 0x38, 0x6e, 0x35, 0xed, 0x55, 0x28, 0xcb, 0x38, 0x9b, 0xbe, - 0xe2, 0x53, 0x4c, 0x3a, 0x3d, 0x24, 0xda, 0xbd, 0x02, 0x74, 0xd1, 0xf0, 0xe9, 0x3a, 0xd3, 0xdb, - 0x69, 0x6a, 0x9d, 0x1d, 0x6c, 0x4b, 0x45, 0xdb, 0x3c, 0xc6, 0x88, 0x6f, 0x1c, 0x9f, 0xcc, 0xdb, - 0x42, 0xd1, 0x61, 0x47, 0x2a, 0x20, 0x5d, 0x85, 0x1e, 0x5d, 0x00, 0xd0, 0x5a, 0x90, 0x08, 0x37, - 0x56, 0x47, 0x98, 0x5a, 0x59, 0xc2, 0x06, 0x16, 0x35, 0x58, 0xbd, 0x20, 0x4e, 0x1c, 0xdf, 0xbf, - 0xe2, 0x05, 0x89, 0xf0, 0xbc, 0xa9, 0x1d, 0x72, 0x41, 0x83, 0xb0, 0x89, 0x77, 0xf6, 0x63, 0xc6, - 0x77, 0x39, 0xc8, 0xf7, 0xdc, 0x80, 0x27, 0xe6, 0xbd, 0x44, 0x05, 0xc9, 0xab, 0x79, 0x44, 0x95, - 0x1c, 0x95, 0xf4, 0x61, 0xf5, 0x4c, 0xfa, 0x30, 0x82, 0xd4, 0x0b, 0xe9, 0x98, 0xfa, 0x6c, 0x90, - 0xba, 0x7d, 0x11, 0x4e, 0xcf, 0x7b, 0xc9, 0x65, 0xcf, 0x27, 0x07, 0x64, 0x62, 0xff, 0xab, 0x41, - 0x18, 0x31, 0x93, 0x92, 0x0e, 0x92, 0xb7, 0xf2, 0x55, 0xaa, 0xc7, 0x88, 0xb7, 0xf3, 0xd4, 0x01, - 0xd0, 0xad, 0x23, 0x67, 0x48, 0x75, 0x1f, 0x31, 0x43, 0x95, 0xd1, 0x3c, 0xb1, 0xd9, 0x01, 0x74, - 0x17, 0x4a, 0x75, 0x16, 0x44, 0x5d, 0xcc, 0xe3, 0x94, 0xbc, 0xdb, 0x88, 0xea, 0x65, 0xc6, 0xc3, - 0xb0, 0x39, 0x3f, 0xba, 0x43, 0x46, 0xe9, 0xcc, 0x1c, 0x23, 0xba, 0x50, 0xe4, 0xe4, 0x28, 0x8c, - 0x5e, 0xa2, 0xbe, 0x74, 0x08, 0x51, 0x9f, 0x12, 0xbc, 0x83, 0x0f, 0x49, 0xf0, 0xb2, 0x80, 0xf8, - 0x64, 0x83, 0xe9, 0x6f, 0x22, 0x1c, 0x7a, 0x88, 0x0d, 0x82, 0x11, 0x10, 0x9f, 0x02, 0xe3, 0x2c, - 0x3e, 0xfa, 0xac, 0x12, 0xdd, 0xe5, 0x3c, 0x9c, 0x96, 0xe6, 0x8c, 0x3e, 0x6e, 0xa9, 0xfd, 0xe5, - 0x02, 0x8c, 0xcd, 0x07, 0xed, 0x95, 0xf9, 0x95, 0xf6, 0xba, 0xef, 0xb9, 0xd7, 0xc8, 0x0e, 0x15, - 0xcd, 0x9b, 0x64, 0x67, 0x61, 0x4e, 0xac, 0x20, 0x35, 0x67, 0xae, 0xd1, 0x46, 0xcc, 0x61, 0x54, - 0x18, 0xd5, 0xbd, 0xa0, 0x41, 0xa2, 0x56, 0xe4, 0x09, 0x7f, 0xa2, 0x21, 0x8c, 0x2e, 0x6b, 0x10, - 0x36, 0xf1, 0x28, 0xed, 0xf0, 0x6e, 0x40, 0xa2, 0xac, 0x22, 0xbb, 0x4c, 0x1b, 0x31, 0x87, 0x51, - 0xa4, 0x24, 0x6a, 0xc7, 0x89, 0x98, 0x8c, 0x0a, 0x69, 0x8d, 0x36, 0x62, 0x0e, 0xa3, 0x2b, 0x3d, - 0x6e, 0xaf, 0xb3, 0x20, 0x84, 0x4c, 0xec, 0xf5, 0x2a, 0x6f, 0xc6, 0x12, 0x4e, 0x51, 0x37, 0xc9, - 0xce, 0x1c, 0x35, 0x29, 0x33, 0xd9, 0x11, 0xd7, 0x78, 0x33, 0x96, 0x70, 0x56, 0x3c, 0x2a, 0x3d, - 0x1c, 0x3f, 0x70, 0xc5, 0xa3, 0xd2, 0xdd, 0xef, 0x61, 0x9c, 0xfe, 0x9a, 0x05, 0x23, 0x66, 0xe8, - 0x10, 0x6a, 0x64, 0x74, 0xdc, 0xe5, 0x8e, 0x42, 0x80, 0x3f, 0xd1, 0xed, 0xd6, 0x93, 0x86, 0x97, - 0x84, 0xad, 0xf8, 0x05, 0x12, 0x34, 0xbc, 0x80, 0xb0, 0x13, 0x61, 0x1e, 0x72, 0x94, 0x8a, 0x4b, - 0x9a, 0x0d, 0x6b, 0xe4, 0x10, 0x4a, 0xb2, 0x7d, 0x0b, 0xc6, 0x3b, 0x52, 0x62, 0xfa, 0x50, 0x2d, - 0xf6, 0x4d, 0x48, 0xb4, 0x31, 0x54, 0x28, 0x61, 0x1e, 0x2f, 0x1a, 0xa3, 0x59, 0x18, 0xe7, 0x0b, - 0x89, 0x72, 0x5a, 0x75, 0x37, 0x48, 0x53, 0xa5, 0x39, 0x31, 0xe7, 0xf5, 0xcd, 0x2c, 0x10, 0x77, - 0xe2, 0xdb, 0x5f, 0xb1, 0x60, 0x34, 0x95, 0xa5, 0x94, 0x93, 0x12, 0xc4, 0x56, 0x5a, 0xc8, 0x22, - 0xd9, 0x58, 0x38, 0x6f, 0x91, 0x6d, 0xa6, 0x7a, 0xa5, 0x69, 0x10, 0x36, 0xf1, 0xec, 0x77, 0x0a, - 0x50, 0x96, 0xd1, 0x00, 0x7d, 0x74, 0xe5, 0x4b, 0x16, 0x8c, 0xaa, 0x03, 0x03, 0xe6, 0x89, 0x2a, - 0xe4, 0x11, 0xb7, 0x4e, 0x7b, 0xa0, 0x42, 0x2d, 0x83, 0x7a, 0xa8, 0x35, 0x72, 0x6c, 0x32, 0xc3, - 0x69, 0xde, 0xe8, 0x26, 0x40, 0xbc, 0x13, 0x27, 0xa4, 0x69, 0xf8, 0xc4, 0x6c, 0x63, 0xc5, 0x4d, - 0xb9, 0x61, 0x44, 0xe8, 0xfa, 0xba, 0x1e, 0xd6, 0xc8, 0xaa, 0xc2, 0xd4, 0x2a, 0x94, 0x6e, 0xc3, - 0x06, 0x25, 0xfb, 0x1f, 0x16, 0xe0, 0x64, 0xb6, 0x4b, 0xe8, 0x75, 0x18, 0x91, 0xdc, 0x8d, 0x1b, - 0x5c, 0x64, 0x08, 0xc4, 0x08, 0x36, 0x60, 0xf7, 0x76, 0x27, 0x27, 0x3b, 0x6f, 0xd0, 0x99, 0x32, - 0x51, 0x70, 0x8a, 0x18, 0x3f, 0xb5, 0x11, 0xc7, 0x8b, 0xd5, 0x9d, 0x99, 0x56, 0x4b, 0x1c, 0xbd, - 0x18, 0xa7, 0x36, 0x26, 0x14, 0x67, 0xb0, 0xd1, 0x0a, 0x9c, 0x36, 0x5a, 0xae, 0x13, 0xaf, 0xb1, - 0xb1, 0x1e, 0x46, 0xd2, 0xb2, 0x7a, 0x4a, 0x07, 0x29, 0x75, 0xe2, 0xe0, 0xae, 0x4f, 0xd2, 0xdd, - 0xde, 0x75, 0x5a, 0x8e, 0xeb, 0x25, 0x3b, 0xc2, 0xc9, 0xa7, 0x64, 0xd3, 0xac, 0x68, 0xc7, 0x0a, - 0xc3, 0x5e, 0x82, 0x81, 0x3e, 0x67, 0x50, 0x5f, 0x1a, 0xfd, 0xab, 0x50, 0xa6, 0xe4, 0xa4, 0x7a, - 0x97, 0x07, 0xc9, 0x10, 0xca, 0xb2, 0x08, 0x3b, 0xb2, 0xa1, 0xe8, 0x39, 0xf2, 0x60, 0x4c, 0xbd, - 0xd6, 0x42, 0x1c, 0xb7, 0x99, 0x91, 0x4c, 0x81, 0xe8, 0x19, 0x28, 0x92, 0xed, 0x56, 0xf6, 0x04, - 0xec, 0xd2, 0x76, 0xcb, 0x8b, 0x48, 0x4c, 0x91, 0xc8, 0x76, 0x0b, 0x9d, 0x85, 0x82, 0x57, 0x13, - 0x9b, 0x14, 0x08, 0x9c, 0xc2, 0xc2, 0x1c, 0x2e, 0x78, 0x35, 0x7b, 0x1b, 0x86, 0x55, 0xd5, 0x77, - 0xb4, 0x29, 0x65, 0xb7, 0x95, 0x47, 0xf8, 0x8e, 0xa4, 0xdb, 0x43, 0x6a, 0xb7, 0x01, 0x74, 0x4e, - 0x58, 0x5e, 0xf2, 0xe5, 0x3c, 0x0c, 0xb8, 0xa1, 0x48, 0x25, 0x2d, 0x6b, 0x32, 0x4c, 0x68, 0x33, - 0x88, 0x7d, 0x0b, 0xc6, 0xae, 0x05, 0xe1, 0x5d, 0x56, 0xd6, 0x96, 0x15, 0xdd, 0xa1, 0x84, 0xeb, - 0xf4, 0x47, 0x56, 0x45, 0x60, 0x50, 0xcc, 0x61, 0xaa, 0x5e, 0x4c, 0xa1, 0x57, 0xbd, 0x18, 0xfb, - 0x73, 0x16, 0x9c, 0x54, 0x99, 0x2d, 0x52, 0x1a, 0x5f, 0x84, 0x91, 0xf5, 0xb6, 0xe7, 0xd7, 0xc4, - 0xff, 0xac, 0x9b, 0xa2, 0x6a, 0xc0, 0x70, 0x0a, 0x93, 0x1a, 0x55, 0xeb, 0x5e, 0xe0, 0x44, 0x3b, - 0x2b, 0x5a, 0xfc, 0x2b, 0x89, 0x50, 0x55, 0x10, 0x6c, 0x60, 0xd9, 0x5f, 0x32, 0xbb, 0x20, 0x72, - 0x69, 0xfa, 0x18, 0xd9, 0x1b, 0x50, 0x72, 0xd5, 0x41, 0xea, 0xa1, 0xca, 0x8d, 0xa9, 0x34, 0x66, - 0xe6, 0x4c, 0xe7, 0xd4, 0xec, 0x7f, 0x51, 0x80, 0xd1, 0x54, 0x21, 0x09, 0xe4, 0x43, 0x99, 0xf8, - 0xcc, 0x95, 0x27, 0xa7, 0xd8, 0x51, 0xab, 0xcb, 0xa9, 0x65, 0x71, 0x49, 0xd0, 0xc5, 0x8a, 0xc3, - 0xa3, 0x71, 0x5e, 0x75, 0x11, 0x46, 0x64, 0x87, 0x3e, 0xe9, 0x34, 0x7d, 0xb1, 0x0a, 0xd5, 0x04, - 0xb8, 0x64, 0xc0, 0x70, 0x0a, 0xd3, 0xfe, 0xbd, 0x22, 0x4c, 0x70, 0xdf, 0x67, 0x4d, 0x85, 0x94, - 0x2c, 0x49, 0x2d, 0xeb, 0xaf, 0xea, 0x72, 0x2f, 0x7c, 0x20, 0xd7, 0x8f, 0x5a, 0x59, 0xb5, 0x3b, - 0xa3, 0xbe, 0x82, 0x1d, 0x7e, 0x35, 0x13, 0xec, 0xc0, 0x37, 0xdb, 0xc6, 0x31, 0xf5, 0xe8, 0x07, - 0x2b, 0xfa, 0xe1, 0xef, 0x15, 0xe0, 0x44, 0xa6, 0x6c, 0x2d, 0x7a, 0x3b, 0x5d, 0x98, 0xce, 0xca, - 0xc3, 0x43, 0x76, 0xdf, 0xe2, 0xa9, 0x07, 0x2b, 0x4f, 0xf7, 0x90, 0x96, 0x8a, 0xfd, 0xfb, 0x05, - 0x18, 0x4b, 0xd7, 0xdb, 0x7d, 0x04, 0x47, 0xea, 0xc3, 0x30, 0xcc, 0xaa, 0x58, 0xb2, 0x3b, 0x82, - 0xb8, 0x23, 0x8e, 0x17, 0x5b, 0x94, 0x8d, 0x58, 0xc3, 0x1f, 0x89, 0xaa, 0x7f, 0xf6, 0xdf, 0xb7, - 0xe0, 0x0c, 0x7f, 0xcb, 0xec, 0x3c, 0xfc, 0x6b, 0xdd, 0x46, 0xf7, 0x8d, 0x7c, 0x3b, 0x98, 0x29, - 0x53, 0xb4, 0xdf, 0xf8, 0xb2, 0xbb, 0x49, 0x44, 0x6f, 0xd3, 0x53, 0xe1, 0x11, 0xec, 0xec, 0x81, - 0x26, 0x83, 0xfd, 0xfb, 0x45, 0xd0, 0xd7, 0xb1, 0x20, 0x4f, 0x64, 0xe9, 0xe4, 0x52, 0xae, 0x69, - 0x75, 0x27, 0x70, 0xf5, 0xc5, 0x2f, 0xe5, 0x4c, 0x92, 0xce, 0x2f, 0x59, 0x50, 0xf1, 0x02, 0x2f, - 0xf1, 0x1c, 0xa6, 0x3c, 0xe7, 0x73, 0x9d, 0x84, 0x62, 0xb7, 0xc0, 0x29, 0x87, 0x91, 0xe9, 0xbd, - 0x55, 0xcc, 0xb0, 0xc9, 0x19, 0x7d, 0x5a, 0xc4, 0x23, 0x16, 0x73, 0xcb, 0x2f, 0x2b, 0x67, 0x82, - 0x10, 0x5b, 0x50, 0x8a, 0x48, 0x12, 0xe5, 0x94, 0x96, 0x89, 0x29, 0x29, 0x55, 0x9d, 0x4f, 0x5f, - 0x8c, 0x47, 0x9b, 0x31, 0x67, 0x64, 0xc7, 0x80, 0x3a, 0xc7, 0xe2, 0x80, 0xb1, 0x5e, 0xd3, 0x30, - 0xec, 0xb4, 0x93, 0xb0, 0x49, 0x87, 0x49, 0x38, 0x98, 0x75, 0x34, 0x9b, 0x04, 0x60, 0x8d, 0x63, - 0xbf, 0x5d, 0x82, 0x4c, 0xda, 0x0c, 0xda, 0x36, 0xaf, 0x12, 0xb2, 0xf2, 0xbd, 0x4a, 0x48, 0x75, - 0xa6, 0xdb, 0x75, 0x42, 0xa8, 0x01, 0xa5, 0xd6, 0x86, 0x13, 0x4b, 0xdd, 0xf8, 0x55, 0x39, 0x4c, - 0x2b, 0xb4, 0xf1, 0xde, 0xee, 0xe4, 0x4f, 0xf6, 0xe7, 0x6b, 0xa1, 0x73, 0x75, 0x9a, 0x67, 0xa1, - 0x6b, 0xd6, 0x8c, 0x06, 0xe6, 0xf4, 0x0f, 0x72, 0xa1, 0xc6, 0xe7, 0x45, 0xa9, 0x53, 0x4c, 0xe2, - 0xb6, 0x9f, 0x88, 0xd9, 0xf0, 0x6a, 0x8e, 0xab, 0x8c, 0x13, 0xd6, 0x09, 0x9f, 0xfc, 0x3f, 0x36, - 0x98, 0xa2, 0xd7, 0x61, 0x38, 0x4e, 0x9c, 0x28, 0x39, 0x64, 0x8a, 0x96, 0x1a, 0xf4, 0x55, 0x49, - 0x04, 0x6b, 0x7a, 0xe8, 0x35, 0x56, 0xbd, 0xce, 0x8b, 0x37, 0x0e, 0x19, 0x46, 0x2c, 0x2b, 0xdd, - 0x09, 0x0a, 0xd8, 0xa0, 0x46, 0x4d, 0x0f, 0x36, 0xb7, 0x79, 0xec, 0x4c, 0x99, 0xd9, 0x96, 0x4a, - 0x14, 0x62, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0xa3, 0x90, 0xce, 0x58, 0x46, 0x93, 0x32, 0x41, 0x9a, - 0xfb, 0x9e, 0x58, 0x38, 0x70, 0x2a, 0x97, 0xf9, 0xb7, 0x2d, 0x30, 0xd3, 0xaa, 0xd1, 0x1d, 0x9e, - 0xbf, 0x6d, 0xe5, 0x71, 0x5e, 0x60, 0xd0, 0x9d, 0x5a, 0x72, 0x5a, 0x99, 0x83, 0x2b, 0x99, 0xc4, - 0x7d, 0xf6, 0x63, 0x50, 0x96, 0xd0, 0x03, 0x29, 0x75, 0x9f, 0x85, 0x53, 0xd9, 0x8b, 0x16, 0x85, - 0xaf, 0xb9, 0x11, 0x85, 0xed, 0x56, 0xd6, 0x90, 0x64, 0x17, 0xf1, 0x61, 0x0e, 0xa3, 0xe6, 0xd8, - 0xa6, 0x17, 0xd4, 0xb2, 0x86, 0xe4, 0x35, 0x2f, 0xa8, 0x61, 0x06, 0xe9, 0xe3, 0x42, 0xa9, 0x7f, - 0x6e, 0xc1, 0xf9, 0xfd, 0xee, 0x83, 0x44, 0x4f, 0xc1, 0xc0, 0x5d, 0x27, 0x92, 0xa5, 0x3f, 0x99, - 0xa0, 0xbc, 0xe5, 0x44, 0x01, 0x66, 0xad, 0x68, 0x07, 0x06, 0x79, 0xfe, 0xaf, 0xd0, 0xd6, 0x5f, - 0xcd, 0xf7, 0x76, 0xca, 0x6b, 0xc4, 0x30, 0x17, 0x78, 0xee, 0x31, 0x16, 0x0c, 0xed, 0xef, 0x59, - 0x80, 0x96, 0xb7, 0x48, 0x14, 0x79, 0x35, 0x23, 0x63, 0x19, 0xbd, 0x04, 0x23, 0xb7, 0x57, 0x97, - 0xaf, 0xaf, 0x84, 0x5e, 0xc0, 0x2a, 0x18, 0x18, 0x49, 0x5a, 0x57, 0x8d, 0x76, 0x9c, 0xc2, 0x42, - 0xb3, 0x30, 0x7e, 0xfb, 0x0e, 0x35, 0x7e, 0xcd, 0x7a, 0xde, 0x05, 0xed, 0xee, 0xbc, 0xfa, 0x6a, - 0x06, 0x88, 0x3b, 0xf1, 0xd1, 0x32, 0x9c, 0x69, 0x72, 0x73, 0x83, 0x97, 0xe1, 0xe5, 0xb6, 0x87, - 0xca, 0xd1, 0x78, 0x62, 0x6f, 0x77, 0xf2, 0xcc, 0x52, 0x37, 0x04, 0xdc, 0xfd, 0x39, 0xfb, 0xdd, - 0x02, 0x54, 0x8c, 0x3b, 0x55, 0xfb, 0xb0, 0xc1, 0x33, 0x59, 0x27, 0x85, 0x3e, 0xb3, 0x4e, 0x9e, - 0x83, 0x72, 0x2b, 0xf4, 0x3d, 0xd7, 0x53, 0x35, 0x69, 0x58, 0xe9, 0xc4, 0x15, 0xd1, 0x86, 0x15, - 0x14, 0xdd, 0x85, 0x61, 0x75, 0xcf, 0xa0, 0x48, 0x9c, 0xcd, 0xcb, 0xbf, 0xa3, 0x24, 0x95, 0xbe, - 0x3f, 0x50, 0xf3, 0x42, 0x36, 0x0c, 0xb2, 0x99, 0x2f, 0x43, 0xe8, 0x58, 0x0a, 0x12, 0x5b, 0x12, - 0x31, 0x16, 0x10, 0xfb, 0x0b, 0x43, 0x70, 0xba, 0x5b, 0xb9, 0x3f, 0xf4, 0x19, 0x18, 0xe4, 0x7d, - 0xcc, 0xa7, 0xa2, 0x6c, 0x37, 0x1e, 0xf3, 0x8c, 0xa0, 0xe8, 0x16, 0xfb, 0x8d, 0x05, 0x4f, 0xc1, - 0xdd, 0x77, 0xd6, 0x85, 0xce, 0x74, 0x3c, 0xdc, 0x17, 0x1d, 0xcd, 0x7d, 0xd1, 0xe1, 0xdc, 0x7d, - 0x67, 0x1d, 0x6d, 0x43, 0xa9, 0xe1, 0x25, 0xc4, 0x11, 0x96, 0xc3, 0xad, 0x63, 0x61, 0x4e, 0x1c, - 0x2e, 0x9a, 0xd9, 0x4f, 0xcc, 0x19, 0xa2, 0x6f, 0x5a, 0x70, 0x62, 0x3d, 0x9d, 0xd1, 0x25, 0xb6, - 0x50, 0xe7, 0x18, 0x4a, 0x3a, 0xa6, 0x19, 0xf1, 0x42, 0xd9, 0x99, 0x46, 0x9c, 0xed, 0x0e, 0xfa, - 0x79, 0x0b, 0x86, 0xea, 0x9e, 0x6f, 0xd4, 0x2b, 0x3b, 0x86, 0x8f, 0x73, 0x99, 0x31, 0xd0, 0x6a, - 0x06, 0xff, 0x1f, 0x63, 0xc9, 0xb9, 0xd7, 0xf1, 0xf1, 0xe0, 0x51, 0x8f, 0x8f, 0x87, 0x1e, 0x92, - 0xad, 0xf8, 0xcb, 0x05, 0x78, 0xa6, 0x8f, 0x6f, 0x64, 0x26, 0xe1, 0x58, 0xfb, 0x24, 0xe1, 0x9c, - 0x87, 0x81, 0x88, 0xb4, 0xc2, 0xec, 0x7e, 0xc7, 0x22, 0xd5, 0x18, 0x04, 0x3d, 0x0d, 0x45, 0xa7, - 0xe5, 0x89, 0xed, 0x4e, 0x6d, 0xd2, 0x33, 0x2b, 0x0b, 0x98, 0xb6, 0xd3, 0x2f, 0x3d, 0xbc, 0x2e, - 0xf3, 0x0c, 0xf3, 0x29, 0x5a, 0xdf, 0x2b, 0x6d, 0x91, 0x5b, 0x6f, 0x0a, 0x8a, 0x35, 0x5f, 0xfb, - 0xaf, 0x5b, 0x70, 0xb6, 0xf7, 0x14, 0x41, 0x2f, 0x42, 0x65, 0x3d, 0x72, 0x02, 0x77, 0x83, 0xdd, - 0xf0, 0x20, 0x07, 0x85, 0xe5, 0x5e, 0xe8, 0x66, 0x6c, 0xe2, 0xd0, 0x9d, 0x8b, 0x97, 0x06, 0x35, - 0x30, 0x64, 0xa8, 0x35, 0xdd, 0xb9, 0xd6, 0xb2, 0x40, 0xdc, 0x89, 0x6f, 0xff, 0x5e, 0xa1, 0x7b, - 0xb7, 0xb8, 0x28, 0x39, 0xc8, 0x77, 0x12, 0x5f, 0xa1, 0xd0, 0xe3, 0x2b, 0xdc, 0x81, 0x72, 0xc2, - 0xf2, 0x47, 0x48, 0x5d, 0xc8, 0xa3, 0xdc, 0xf2, 0x33, 0xd9, 0x8e, 0xb5, 0x26, 0x88, 0x63, 0xc5, - 0x86, 0x6e, 0x1c, 0xbe, 0x2e, 0x98, 0x26, 0x36, 0x8e, 0x8c, 0xeb, 0x71, 0x0e, 0x4e, 0x1a, 0xf5, - 0x5f, 0x79, 0xf8, 0x3c, 0x3f, 0x41, 0x57, 0x39, 0x65, 0x2b, 0x19, 0x38, 0xee, 0x78, 0xc2, 0xfe, - 0xb5, 0x02, 0x3c, 0xd1, 0x53, 0x3e, 0xea, 0x63, 0x7e, 0xeb, 0x3e, 0xc7, 0xfc, 0x47, 0x9e, 0xe6, - 0xe6, 0x00, 0x0f, 0x3c, 0x98, 0x01, 0x7e, 0x1e, 0xca, 0x5e, 0x10, 0x13, 0xb7, 0x1d, 0xf1, 0x41, - 0x33, 0x82, 0x49, 0x17, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x1f, 0xf4, 0x9e, 0x6a, 0x74, 0xaf, 0xfc, - 0xa1, 0x1d, 0xa5, 0x97, 0x61, 0xd4, 0x69, 0xb5, 0x38, 0x1e, 0x3b, 0x52, 0xcd, 0x64, 0x89, 0xce, - 0x98, 0x40, 0x9c, 0xc6, 0x35, 0xe6, 0xf0, 0x60, 0xaf, 0x39, 0x6c, 0xff, 0xb1, 0x05, 0xc3, 0x98, - 0xd4, 0xf9, 0x7a, 0x47, 0xb7, 0xc5, 0x10, 0x59, 0x79, 0x94, 0x6f, 0xa1, 0x03, 0x1b, 0x7b, 0xac, - 0xac, 0x49, 0xb7, 0xc1, 0xee, 0xac, 0x65, 0x5c, 0x38, 0x50, 0x2d, 0x63, 0x55, 0xcd, 0xb6, 0xd8, - 0xbb, 0x9a, 0xad, 0xfd, 0xee, 0x10, 0x7d, 0xbd, 0x56, 0x38, 0x1b, 0x91, 0x5a, 0x4c, 0xbf, 0x6f, - 0x3b, 0xf2, 0xb3, 0x57, 0xc1, 0xde, 0xc0, 0x8b, 0x98, 0xb6, 0xa7, 0xfc, 0x26, 0x85, 0x03, 0xe5, - 0xc8, 0x15, 0xf7, 0xcd, 0x91, 0x7b, 0x19, 0x46, 0xe3, 0x78, 0x63, 0x25, 0xf2, 0xb6, 0x9c, 0x84, - 0x1a, 0x28, 0x22, 0x22, 0x47, 0xe7, 0xb5, 0xac, 0x5e, 0xd1, 0x40, 0x9c, 0xc6, 0x45, 0xf3, 0x30, - 0xae, 0x33, 0xd5, 0x48, 0x94, 0xb0, 0x00, 0x1c, 0x3e, 0x13, 0x54, 0x5a, 0x89, 0xce, 0x6d, 0x13, - 0x08, 0xb8, 0xf3, 0x19, 0x2a, 0xb1, 0x52, 0x8d, 0xb4, 0x23, 0x83, 0x69, 0x89, 0x95, 0xa2, 0x43, - 0xfb, 0xd2, 0xf1, 0x04, 0x5a, 0x82, 0x53, 0x7c, 0x62, 0xb0, 0xbb, 0xc7, 0xd5, 0x1b, 0x0d, 0xa5, - 0xcb, 0x66, 0xcc, 0x77, 0xa2, 0xe0, 0x6e, 0xcf, 0x51, 0xeb, 0x43, 0x35, 0x2f, 0xcc, 0x09, 0x93, - 0x5f, 0x59, 0x1f, 0x8a, 0xcc, 0x42, 0x0d, 0x9b, 0x78, 0xe8, 0x93, 0xf0, 0xb8, 0xfe, 0xcb, 0xa3, - 0x34, 0xb9, 0x1f, 0x6c, 0x4e, 0x24, 0x01, 0xab, 0xda, 0xa9, 0xf3, 0x5d, 0xd1, 0x6a, 0xb8, 0xd7, - 0xf3, 0x68, 0x1d, 0xce, 0x2a, 0xd0, 0x25, 0x6a, 0xea, 0xb5, 0x22, 0x2f, 0x26, 0x55, 0x27, 0x26, - 0x37, 0x22, 0x9f, 0xa5, 0x0d, 0x0f, 0xeb, 0x4b, 0x20, 0xe6, 0xbd, 0xe4, 0x4a, 0x37, 0x4c, 0xbc, - 0x88, 0xef, 0x43, 0x05, 0x4d, 0xc3, 0x30, 0x09, 0x9c, 0x75, 0x9f, 0x2c, 0xcf, 0x2e, 0xb0, 0x64, - 0x62, 0xc3, 0xed, 0x76, 0x49, 0x02, 0xb0, 0xc6, 0x51, 0x87, 0xc0, 0x23, 0x3d, 0x2f, 0x0d, 0x59, - 0x81, 0xd3, 0x0d, 0xb7, 0x45, 0xb5, 0x09, 0xcf, 0x25, 0x33, 0x2e, 0x3b, 0x08, 0xa5, 0x1f, 0x86, - 0xd7, 0x33, 0x51, 0x11, 0x0e, 0xf3, 0xb3, 0x2b, 0x1d, 0x38, 0xb8, 0xeb, 0x93, 0x74, 0x8d, 0xb5, - 0xa2, 0x70, 0x7b, 0x67, 0xe2, 0x54, 0x7a, 0x8d, 0xad, 0xd0, 0x46, 0xcc, 0x61, 0xe8, 0x2a, 0x20, - 0x16, 0x2e, 0x73, 0x25, 0x49, 0x5a, 0x4a, 0x7d, 0x99, 0x38, 0xcd, 0x5e, 0xe9, 0xac, 0x78, 0x02, - 0x5d, 0xee, 0xc0, 0xc0, 0x5d, 0x9e, 0xb2, 0xff, 0xc8, 0x82, 0x51, 0xb5, 0x5e, 0x1f, 0x40, 0xc0, - 0x98, 0x9f, 0x0e, 0x18, 0x9b, 0x3f, 0xba, 0xc4, 0x63, 0x3d, 0xef, 0x11, 0x75, 0xf0, 0x85, 0x0a, - 0x80, 0x96, 0x8a, 0x6a, 0x43, 0xb2, 0x7a, 0x6e, 0x48, 0x8f, 0xac, 0x44, 0xea, 0x96, 0x39, 0x58, - 0x7a, 0xb8, 0x99, 0x83, 0xab, 0x70, 0x46, 0xaa, 0x0b, 0xdc, 0xb1, 0x73, 0x25, 0x8c, 0x95, 0x80, - 0x2b, 0x57, 0x9f, 0x16, 0x84, 0xce, 0x2c, 0x74, 0x43, 0xc2, 0xdd, 0x9f, 0x4d, 0x69, 0x29, 0x43, - 0xfb, 0x69, 0x29, 0x7a, 0x4d, 0x2f, 0xd6, 0x65, 0x25, 0xd6, 0xcc, 0x9a, 0x5e, 0xbc, 0xbc, 0x8a, - 0x35, 0x4e, 0x77, 0xc1, 0x3e, 0x9c, 0x93, 0x60, 0x87, 0x03, 0x0b, 0x76, 0x29, 0x62, 0x2a, 0x3d, - 0x45, 0x8c, 0xf4, 0x25, 0x8d, 0xf4, 0xf4, 0x25, 0xbd, 0x02, 0x63, 0x5e, 0xb0, 0x41, 0x22, 0x2f, - 0x21, 0x35, 0xb6, 0x16, 0x98, 0xf8, 0x29, 0xeb, 0x6d, 0x7d, 0x21, 0x05, 0xc5, 0x19, 0xec, 0xb4, - 0x5c, 0x1c, 0xeb, 0x43, 0x2e, 0xf6, 0xd8, 0x8d, 0x4e, 0xe4, 0xb3, 0x1b, 0x9d, 0x3c, 0xfa, 0x6e, - 0x34, 0x7e, 0xac, 0xbb, 0x11, 0xca, 0x65, 0x37, 0xea, 0x4b, 0xd0, 0x1b, 0x06, 0xdd, 0xe9, 0x7d, - 0x0c, 0xba, 0x5e, 0x5b, 0xd1, 0x99, 0x43, 0x6f, 0x45, 0xdd, 0x77, 0x99, 0xc7, 0x0e, 0xb5, 0xcb, - 0x7c, 0xb1, 0x00, 0x67, 0xb4, 0x1c, 0xa6, 0xb3, 0xdf, 0xab, 0x53, 0x49, 0xc4, 0x8a, 0x79, 0xf3, - 0xd8, 0x1f, 0x23, 0x7e, 0x51, 0x87, 0x42, 0x2a, 0x08, 0x36, 0xb0, 0x58, 0x18, 0x20, 0x89, 0x58, - 0xd5, 0xa6, 0xac, 0x90, 0x9e, 0x15, 0xed, 0x58, 0x61, 0xd0, 0xf9, 0x45, 0x7f, 0x8b, 0xd0, 0xea, - 0x6c, 0xb1, 0x84, 0x59, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x8e, 0x33, 0x61, 0x02, 0x82, 0x0a, 0xea, - 0x11, 0x71, 0x4d, 0x8d, 0x94, 0x09, 0x0a, 0x2a, 0xbb, 0xc3, 0xe2, 0x3d, 0x4b, 0x9d, 0xdd, 0x61, - 0xe7, 0x95, 0x0a, 0xc3, 0xfe, 0x3f, 0x16, 0x3c, 0xd1, 0x75, 0x28, 0x1e, 0xc0, 0xe6, 0xbb, 0x9d, - 0xde, 0x7c, 0x57, 0xf3, 0x32, 0x37, 0x8c, 0xb7, 0xe8, 0xb1, 0x11, 0xff, 0x47, 0x0b, 0xc6, 0x34, - 0xfe, 0x03, 0x78, 0x55, 0x2f, 0xfd, 0xaa, 0xf9, 0x59, 0x56, 0xc3, 0x1d, 0xef, 0xf6, 0x47, 0xec, - 0xdd, 0xf8, 0x49, 0xc8, 0x8c, 0x2b, 0xcb, 0x43, 0xed, 0x73, 0x02, 0xb0, 0x03, 0x83, 0xac, 0x72, - 0x72, 0x9c, 0xcf, 0x89, 0x4c, 0x9a, 0x3f, 0x0b, 0xe4, 0xd6, 0x27, 0x32, 0xec, 0x6f, 0x8c, 0x05, + 0x9a, 0x74, 0x21, 0x8f, 0x33, 0x27, 0xa1, 0x47, 0x6b, 0x8e, 0x23, 0x54, 0x16, 0x2b, 0xf5, 0x5b, + 0x71, 0x43, 0x04, 0x8a, 0x0d, 0x2f, 0x11, 0x9f, 0xf5, 0x88, 0xb6, 0xd2, 0xbc, 0x67, 0xbc, 0xe2, + 0x10, 0xdd, 0x20, 0xe6, 0xbd, 0x04, 0x53, 0xfa, 0xe8, 0x0b, 0x16, 0x0c, 0xc7, 0x6e, 0x73, 0x25, + 0x0a, 0xb7, 0xbc, 0x1a, 0x89, 0x84, 0xa6, 0x74, 0x44, 0xd1, 0xb4, 0x3a, 0xbb, 0x24, 0x09, 0x6a, + 0xbe, 0xdc, 0x76, 0xd5, 0x10, 0x6c, 0xf2, 0xa5, 0x16, 0xc4, 0xe3, 0xe2, 0xdd, 0xe7, 0x88, 0xeb, + 0xd1, 0xbd, 0x4d, 0x1a, 0x4c, 0x6c, 0xa6, 0x1c, 0x59, 0x73, 0x9c, 0x6b, 0xbb, 0x9b, 0x74, 0xbd, + 0xe9, 0x0e, 0x7d, 0x70, 0x6f, 0x77, 0xf2, 0xf1, 0xd9, 0xee, 0x3c, 0x71, 0xaf, 0xce, 0xb0, 0x01, + 0x6b, 0xb5, 0x7d, 0x1f, 0x93, 0x3b, 0x6d, 0xc2, 0x8e, 0x43, 0x72, 0x18, 0xb0, 0x15, 0x4d, 0x30, + 0x33, 0x60, 0x06, 0x04, 0x9b, 0x7c, 0xd1, 0x1d, 0x18, 0x6c, 0x3a, 0x49, 0xe4, 0x6d, 0x8b, 0x33, + 0x90, 0x23, 0xea, 0xf2, 0x4b, 0x8c, 0x96, 0x66, 0xce, 0xb6, 0x7e, 0xde, 0x88, 0x05, 0x23, 0xd4, + 0x84, 0x52, 0x93, 0x44, 0x0d, 0x32, 0x51, 0xce, 0xe3, 0xbc, 0x77, 0x89, 0x92, 0xd2, 0x0c, 0x2b, + 0x54, 0xf3, 0x61, 0x6d, 0x98, 0x73, 0x41, 0x6f, 0x40, 0x39, 0x26, 0x3e, 0x71, 0xa9, 0xee, 0x52, + 0x61, 0x1c, 0x3f, 0xda, 0xa7, 0x1e, 0xe7, 0xac, 0x13, 0x7f, 0x55, 0x3c, 0xca, 0x17, 0x98, 0xfc, + 0x87, 0x15, 0x49, 0xfb, 0xbf, 0x58, 0x80, 0xd2, 0x12, 0xe6, 0x01, 0x68, 0x8f, 0x77, 0xd2, 0xda, + 0xe3, 0x62, 0x9e, 0x2a, 0x40, 0x0f, 0x05, 0xf2, 0xbd, 0x32, 0x64, 0x64, 0xf3, 0x75, 0x12, 0x27, + 0xa4, 0xf6, 0xbe, 0x3c, 0x7d, 0x5f, 0x9e, 0xbe, 0x2f, 0x4f, 0x95, 0x3c, 0x5d, 0xcf, 0xc8, 0xd3, + 0x57, 0x8c, 0x55, 0xaf, 0xbd, 0x97, 0x6f, 0x2a, 0xf7, 0xa6, 0xd9, 0x03, 0x03, 0x81, 0x4a, 0x82, + 0xab, 0xab, 0xcb, 0xd7, 0xbb, 0x0a, 0xd0, 0x37, 0xd3, 0x02, 0xf4, 0xa8, 0x2c, 0x1e, 0xb8, 0xc8, + 0xfc, 0x5b, 0x05, 0x78, 0x22, 0x2d, 0x4a, 0x70, 0xe8, 0xfb, 0x61, 0x3b, 0xa1, 0x5a, 0x32, 0xfa, + 0x55, 0x0b, 0x4e, 0x36, 0xd3, 0xe6, 0x69, 0x2c, 0x4e, 0x01, 0x3f, 0x91, 0x9b, 0x9c, 0xcb, 0xd8, + 0xbf, 0xd5, 0x09, 0x21, 0xf3, 0x4e, 0x66, 0x00, 0x31, 0xee, 0xe8, 0x0b, 0x7a, 0x03, 0x2a, 0x4d, + 0x67, 0xfb, 0x46, 0xab, 0xe6, 0x24, 0xd2, 0x40, 0xe9, 0x6d, 0x57, 0xb6, 0x13, 0xcf, 0x9f, 0xe2, + 0xbe, 0xdd, 0xa9, 0x85, 0x20, 0x59, 0x8e, 0x56, 0x93, 0xc8, 0x0b, 0x1a, 0xfc, 0xec, 0x67, 0x49, + 0x92, 0xc1, 0x9a, 0xa2, 0xfd, 0x2b, 0x56, 0x56, 0xd0, 0xaa, 0xd1, 0x89, 0x9c, 0x84, 0x34, 0x76, + 0xd0, 0x67, 0xa0, 0x44, 0x2d, 0x09, 0x39, 0x2a, 0xb7, 0xf2, 0x94, 0xfe, 0xc6, 0x97, 0xd0, 0x1b, + 0x01, 0xfd, 0x17, 0x63, 0xce, 0xd4, 0xfe, 0x8b, 0x52, 0x76, 0xc3, 0x63, 0x9e, 0xbe, 0x0b, 0x00, + 0x8d, 0x70, 0x8d, 0x34, 0x5b, 0x3e, 0x1d, 0x16, 0x8b, 0x1d, 0x17, 0x2b, 0xe3, 0x79, 0x5e, 0x41, + 0xb0, 0x81, 0x85, 0xfe, 0xaa, 0x05, 0xd0, 0x90, 0x0b, 0x4b, 0x6e, 0x66, 0x37, 0xf2, 0x7c, 0x1d, + 0xbd, 0x6c, 0x75, 0x5f, 0x14, 0x43, 0x6c, 0x30, 0x47, 0x3f, 0x6b, 0x41, 0x39, 0x91, 0xdd, 0xe7, + 0xe2, 0x7d, 0x2d, 0xcf, 0x9e, 0xc8, 0x97, 0xd6, 0xfb, 0xba, 0x1a, 0x12, 0xc5, 0x17, 0xfd, 0x82, + 0x05, 0x10, 0xef, 0x04, 0xee, 0x4a, 0xe8, 0x7b, 0xee, 0x8e, 0x90, 0xfa, 0x37, 0x73, 0x35, 0xf0, + 0x15, 0xf5, 0xea, 0x18, 0x1d, 0x0d, 0xfd, 0x1f, 0x1b, 0x9c, 0xd1, 0x67, 0xa1, 0x1c, 0x8b, 0xe9, + 0x26, 0xe4, 0xfc, 0x5a, 0xbe, 0xc7, 0x0c, 0x9c, 0xb6, 0x10, 0x11, 0xe2, 0x1f, 0x56, 0x3c, 0xd1, + 0x2f, 0x59, 0x70, 0xa2, 0x95, 0x3e, 0x14, 0x12, 0x22, 0x3d, 0x3f, 0x19, 0x90, 0x39, 0x74, 0xaa, + 0x9e, 0xda, 0xdb, 0x9d, 0x3c, 0x91, 0x69, 0xc4, 0xd9, 0x5e, 0xd8, 0xdf, 0x2a, 0xa4, 0x8e, 0x66, + 0xd5, 0x99, 0x09, 0x9b, 0xcc, 0xae, 0x34, 0x57, 0xe5, 0xda, 0xcc, 0x75, 0x32, 0x2b, 0x63, 0x58, + 0x4f, 0x66, 0xd5, 0x14, 0x63, 0x83, 0x39, 0xdd, 0xb6, 0xc7, 0x9d, 0xec, 0xc9, 0x8c, 0x58, 0x5f, + 0x6f, 0xe4, 0xd9, 0xa5, 0xce, 0x83, 0xf4, 0x27, 0x44, 0xd7, 0xc6, 0x3b, 0x40, 0xb8, 0xb3, 0x4b, + 0xf6, 0xb7, 0xd2, 0xc7, 0xc1, 0xc6, 0xd4, 0xe8, 0xe3, 0xa8, 0xfb, 0xab, 0x16, 0x0c, 0x47, 0xa1, + 0xef, 0x7b, 0x41, 0x83, 0x4e, 0x63, 0x21, 0x8b, 0x5f, 0x3f, 0x16, 0x71, 0x28, 0xe6, 0x2b, 0xdb, + 0xfc, 0xb1, 0xe6, 0x89, 0xcd, 0x0e, 0xd8, 0x9f, 0xb7, 0x60, 0xa2, 0xd7, 0x72, 0x43, 0x04, 0x3e, + 0x28, 0xe7, 0x92, 0x72, 0xf4, 0x2e, 0x07, 0x73, 0xc4, 0x27, 0xea, 0x9c, 0xac, 0x5c, 0x7d, 0x5a, + 0xbc, 0xe6, 0x07, 0x57, 0x7a, 0xa3, 0xe2, 0xfb, 0xd1, 0xb1, 0x7f, 0xa3, 0x90, 0x1d, 0x51, 0x25, + 0x6e, 0xbf, 0x61, 0x75, 0x18, 0x25, 0x9f, 0x38, 0x0e, 0x11, 0xc7, 0xcc, 0x17, 0xe5, 0xef, 0xed, + 0x8d, 0xf3, 0x10, 0x1d, 0x4a, 0xf6, 0xbf, 0x19, 0x80, 0xfb, 0xf4, 0x4c, 0xb9, 0x0c, 0xac, 0x5e, + 0x2e, 0x83, 0x83, 0x7b, 0x21, 0xbe, 0x6c, 0xc1, 0xa0, 0x4f, 0xf5, 0x23, 0x7e, 0x2c, 0x3e, 0x7c, + 0xa1, 0x76, 0x5c, 0x63, 0xcf, 0xd5, 0xb0, 0x98, 0x3b, 0x35, 0xd5, 0xc9, 0x18, 0x6f, 0xc4, 0xa2, + 0x0f, 0xe8, 0x9b, 0x56, 0xfa, 0x8c, 0x9d, 0x47, 0xa9, 0x78, 0xc7, 0xd6, 0x27, 0xe3, 0xe0, 0x9e, + 0x77, 0x4c, 0x1f, 0x09, 0xf7, 0x38, 0xd2, 0x47, 0x53, 0x00, 0x75, 0x2f, 0x70, 0x7c, 0xef, 0x2d, + 0x6a, 0xe7, 0x95, 0x98, 0x13, 0x80, 0x6d, 0x5a, 0x97, 0x55, 0x2b, 0x36, 0x30, 0xce, 0xfe, 0x15, + 0x18, 0x36, 0xde, 0xbc, 0x8b, 0x2f, 0xf6, 0xb4, 0xe9, 0x8b, 0xad, 0x18, 0x2e, 0xd4, 0xb3, 0xaf, + 0xc0, 0xc9, 0x6c, 0x07, 0x0f, 0xf2, 0xbc, 0xfd, 0x9b, 0x83, 0xd9, 0x83, 0xf1, 0x35, 0x12, 0x35, + 0x69, 0xd7, 0xde, 0xb7, 0x8f, 0xdf, 0xb7, 0x8f, 0xdf, 0xb7, 0x8f, 0xe5, 0x1f, 0x7b, 0xaf, 0x04, + 0x29, 0xcd, 0x80, 0xf7, 0xee, 0xc3, 0x30, 0x14, 0x91, 0x56, 0x78, 0x03, 0x2f, 0x0a, 0x89, 0xab, + 0xa3, 0x53, 0x79, 0x33, 0x96, 0x70, 0x2a, 0x99, 0x5b, 0x4e, 0xb2, 0x21, 0x44, 0xae, 0x92, 0xcc, + 0x2b, 0x4e, 0xb2, 0x81, 0x19, 0x04, 0xbd, 0x02, 0x63, 0x89, 0x13, 0x35, 0x48, 0x82, 0xc9, 0x16, + 0x1b, 0x04, 0xe1, 0x6c, 0x78, 0x4c, 0xe0, 0x8e, 0xad, 0xa5, 0xa0, 0x38, 0x83, 0x8d, 0xee, 0xc0, + 0xc0, 0x06, 0xf1, 0x9b, 0xc2, 0x80, 0x5f, 0xcd, 0x4f, 0x22, 0xb2, 0x77, 0xbd, 0x42, 0xfc, 0x26, + 0x5f, 0xaf, 0xf4, 0x17, 0x66, 0xac, 0xe8, 0xd7, 0xa9, 0x6c, 0xb6, 0xe3, 0x24, 0x6c, 0x7a, 0x6f, + 0x49, 0xb3, 0xfe, 0x13, 0x39, 0x33, 0xbe, 0x26, 0xe9, 0x73, 0xdb, 0x53, 0xfd, 0xc5, 0x9a, 0x33, + 0xeb, 0x47, 0xcd, 0x8b, 0x98, 0x99, 0xbe, 0x33, 0x01, 0xc7, 0xd2, 0x8f, 0x39, 0x49, 0x9f, 0xf7, + 0x43, 0xfd, 0xc5, 0x9a, 0x33, 0xda, 0x81, 0xc1, 0x96, 0xdf, 0x6e, 0x78, 0xc1, 0xc4, 0x30, 0xeb, + 0xc3, 0x8d, 0x9c, 0xfb, 0xb0, 0xc2, 0x88, 0xf3, 0xc3, 0x15, 0xfe, 0x1b, 0x0b, 0x86, 0xe8, 0x69, + 0x28, 0xb9, 0x1b, 0x4e, 0x94, 0x4c, 0x8c, 0xb0, 0x49, 0xa3, 0x6c, 0xe0, 0x59, 0xda, 0x88, 0x39, + 0x0c, 0x3d, 0x05, 0xc5, 0x88, 0xd4, 0x59, 0x50, 0x94, 0xe1, 0x2e, 0xc7, 0xa4, 0x8e, 0x69, 0xbb, + 0xfd, 0x77, 0x0b, 0x69, 0xe5, 0x22, 0xfd, 0xde, 0x7c, 0xb6, 0xbb, 0xed, 0x28, 0x96, 0x76, 0xb2, + 0x31, 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x79, 0x0b, 0x86, 0x6e, 0xc7, 0x61, 0x10, 0x90, 0x44, + 0x08, 0xf2, 0x9b, 0x39, 0x0f, 0xc5, 0x55, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, 0x97, 0x76, + 0x97, 0x6c, 0xbb, 0x7e, 0xbb, 0xd6, 0xe1, 0x25, 0xbd, 0xc4, 0x9b, 0xb1, 0x84, 0x53, 0x54, 0x2f, + 0xe0, 0xa8, 0x03, 0x69, 0xd4, 0x85, 0x40, 0xa0, 0x0a, 0xb8, 0xfd, 0xdb, 0x25, 0x38, 0xd3, 0x75, + 0x71, 0xd0, 0x6d, 0x9f, 0x6d, 0xac, 0x97, 0x3d, 0x9f, 0x48, 0xdf, 0x3f, 0xdb, 0xf6, 0x6f, 0xaa, + 0x56, 0x6c, 0x60, 0xa0, 0x9f, 0x01, 0x68, 0x39, 0x91, 0xd3, 0x24, 0x62, 0xbb, 0x2b, 0x1e, 0x7d, + 0x77, 0xa5, 0xfd, 0x58, 0x91, 0x34, 0xb5, 0xb5, 0xa5, 0x9a, 0x62, 0x6c, 0xb0, 0x44, 0x2f, 0xc1, + 0x70, 0x44, 0x7c, 0xe2, 0xc4, 0x2c, 0xa6, 0x2e, 0x1b, 0x20, 0x8c, 0x35, 0x08, 0x9b, 0x78, 0xe8, + 0x19, 0x15, 0x26, 0x91, 0x71, 0x29, 0xa7, 0x43, 0x25, 0xd0, 0xdb, 0x16, 0x8c, 0xd5, 0x3d, 0x9f, + 0x68, 0xee, 0x22, 0x9c, 0x77, 0xf9, 0xe8, 0x2f, 0x79, 0xd9, 0xa4, 0xab, 0x25, 0x64, 0xaa, 0x39, + 0xc6, 0x19, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x88, 0x89, 0xd6, 0xc1, 0xf4, 0x67, 0xbe, 0xc9, 0x9b, + 0xb1, 0x84, 0xa3, 0x19, 0x38, 0xd1, 0x72, 0xe2, 0x78, 0x36, 0x22, 0x35, 0x12, 0x24, 0x9e, 0xe3, + 0xf3, 0x60, 0xdb, 0xb2, 0x0e, 0xb6, 0x5b, 0x49, 0x83, 0x71, 0x16, 0x1f, 0x7d, 0x12, 0x1e, 0xf7, + 0x1a, 0x41, 0x18, 0x91, 0x25, 0x2f, 0x8e, 0xbd, 0xa0, 0xa1, 0xa7, 0x01, 0x93, 0x94, 0xe5, 0xea, + 0xa4, 0x20, 0xf5, 0xf8, 0x42, 0x77, 0x34, 0xdc, 0xeb, 0x79, 0xf4, 0x1c, 0x94, 0xe3, 0x4d, 0xaf, + 0x35, 0x1b, 0xd5, 0x62, 0x76, 0xd0, 0x59, 0xd6, 0xa7, 0x33, 0xab, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, + 0x97, 0x0b, 0x69, 0xf3, 0xce, 0x5c, 0x3f, 0x28, 0xa6, 0xab, 0x24, 0xb9, 0xe9, 0x44, 0xd2, 0xf4, + 0x3f, 0x62, 0xb8, 0xae, 0xa0, 0x7b, 0xd3, 0x89, 0xcc, 0xf5, 0xc6, 0x18, 0x60, 0xc9, 0x09, 0xdd, + 0x86, 0x81, 0xc4, 0x77, 0x72, 0x8a, 0xef, 0x37, 0x38, 0x6a, 0x6b, 0x7b, 0x71, 0x26, 0xc6, 0x8c, + 0x07, 0x7a, 0x92, 0xaa, 0xaf, 0xeb, 0x32, 0xa6, 0x47, 0x68, 0x9c, 0xeb, 0x31, 0x66, 0xad, 0xf6, + 0xff, 0x2b, 0x77, 0x11, 0x79, 0x6a, 0x8f, 0x41, 0x17, 0x00, 0xa8, 0x25, 0xb4, 0x12, 0x91, 0xba, + 0xb7, 0x2d, 0xf6, 0x78, 0xb5, 0xac, 0xae, 0x2b, 0x08, 0x36, 0xb0, 0xe4, 0x33, 0xab, 0xed, 0x3a, + 0x7d, 0xa6, 0xd0, 0xf9, 0x0c, 0x87, 0x60, 0x03, 0x0b, 0xbd, 0x08, 0x83, 0x5e, 0xd3, 0x69, 0xa8, + 0xd0, 0xa3, 0x27, 0xe9, 0x7a, 0x5a, 0x60, 0x2d, 0xf7, 0x76, 0x27, 0xc7, 0x54, 0x87, 0x58, 0x13, + 0x16, 0xb8, 0xe8, 0x37, 0x2c, 0x18, 0x71, 0xc3, 0x66, 0x33, 0x0c, 0xb8, 0xfd, 0x20, 0x8c, 0xa1, + 0xdb, 0xc7, 0xb5, 0x03, 0x4f, 0xcd, 0x1a, 0xcc, 0xb8, 0x35, 0xa4, 0x12, 0x11, 0x4c, 0x10, 0x4e, + 0xf5, 0xca, 0x5c, 0x76, 0xa5, 0x7d, 0x96, 0xdd, 0xef, 0x58, 0x30, 0xce, 0x9f, 0x35, 0xcc, 0x1a, + 0x11, 0x73, 0x1f, 0x1e, 0xf3, 0x6b, 0x75, 0x58, 0x7a, 0xea, 0x48, 0xa8, 0x03, 0x8e, 0x3b, 0x3b, + 0x89, 0xe6, 0x61, 0xbc, 0x1e, 0x46, 0x2e, 0x31, 0x07, 0x42, 0xc8, 0x0c, 0x45, 0xe8, 0x72, 0x16, + 0x01, 0x77, 0x3e, 0x83, 0x6e, 0xc2, 0x63, 0x46, 0xa3, 0x39, 0x0e, 0x5c, 0x6c, 0x9c, 0x13, 0xd4, + 0x1e, 0xbb, 0xdc, 0x15, 0x0b, 0xf7, 0x78, 0x3a, 0x6d, 0xf9, 0x57, 0xfa, 0xb0, 0xfc, 0xdf, 0x84, + 0x27, 0xdc, 0xce, 0x91, 0xd9, 0x8a, 0xdb, 0xeb, 0x71, 0xc2, 0x94, 0xac, 0x72, 0xf5, 0x87, 0x04, + 0x81, 0x27, 0x66, 0x7b, 0x21, 0xe2, 0xde, 0x34, 0xd0, 0x67, 0xa0, 0x1c, 0x11, 0xf6, 0x55, 0x62, + 0x11, 0x80, 0x7e, 0x44, 0x73, 0x4f, 0x2b, 0x87, 0x9c, 0xac, 0x16, 0x8b, 0xa2, 0x21, 0xc6, 0x8a, + 0xe3, 0xd9, 0x8f, 0xc3, 0x78, 0xc7, 0x7c, 0x3e, 0x90, 0xf1, 0x3d, 0x07, 0x8f, 0x75, 0x9f, 0x39, + 0x07, 0x32, 0xc1, 0xff, 0x71, 0x26, 0xae, 0xca, 0x50, 0xf4, 0xfa, 0x38, 0xce, 0x71, 0xa0, 0x48, + 0x82, 0x2d, 0x21, 0x48, 0x2f, 0x1f, 0x6d, 0xf4, 0x2e, 0x05, 0x5b, 0x7c, 0xe2, 0x33, 0x9b, 0xf5, + 0x52, 0xb0, 0x85, 0x29, 0x6d, 0xf4, 0x8e, 0x95, 0x52, 0x54, 0xf8, 0x21, 0xd0, 0xa7, 0x8e, 0x45, + 0xb3, 0xed, 0x5b, 0x77, 0xb1, 0xff, 0x6d, 0x01, 0xce, 0xef, 0x47, 0xa4, 0x8f, 0xe1, 0x7b, 0x1a, + 0x06, 0x63, 0xe6, 0xd8, 0x12, 0x92, 0x69, 0x98, 0x4a, 0x25, 0xee, 0xea, 0x7a, 0x13, 0x0b, 0x10, + 0xf2, 0xa1, 0xd8, 0x74, 0x5a, 0xe2, 0x6c, 0x60, 0xe1, 0xa8, 0x51, 0xd4, 0xf4, 0xbf, 0xe3, 0x2f, + 0x39, 0x2d, 0x6e, 0x71, 0x1a, 0x0d, 0x98, 0xb2, 0x41, 0x09, 0x94, 0x9c, 0x28, 0x72, 0xa4, 0x17, + 0xe5, 0x5a, 0x3e, 0xfc, 0x66, 0x28, 0xc9, 0xea, 0xf8, 0xde, 0xee, 0xe4, 0x68, 0xaa, 0x09, 0x73, + 0x66, 0xf6, 0x97, 0x87, 0x52, 0x91, 0xc4, 0xcc, 0x35, 0x16, 0xc3, 0xa0, 0x38, 0x12, 0xb0, 0xf2, + 0x0e, 0x5e, 0xe7, 0xa9, 0x20, 0xcc, 0x8e, 0x11, 0x09, 0x75, 0x82, 0x15, 0xfa, 0x92, 0xc5, 0xd2, + 0xd6, 0x64, 0x74, 0xb5, 0xb0, 0x1e, 0x8e, 0x27, 0x8b, 0xce, 0x4c, 0x86, 0x93, 0x8d, 0xd8, 0xe4, + 0x4e, 0xb7, 0xae, 0x16, 0x4f, 0xc0, 0xc8, 0xda, 0x10, 0x32, 0xb1, 0x4d, 0xc2, 0xd1, 0x76, 0x17, + 0x17, 0x58, 0x0e, 0xa9, 0x4f, 0x7d, 0x38, 0xbd, 0xbe, 0x69, 0xc1, 0x38, 0xd7, 0x14, 0xe7, 0xbc, + 0x7a, 0x9d, 0x44, 0x24, 0x70, 0x89, 0xd4, 0xb5, 0x8f, 0xe8, 0x64, 0x95, 0xe7, 0x30, 0x0b, 0x59, + 0xf2, 0x7a, 0x4f, 0xeb, 0x00, 0xe1, 0xce, 0xce, 0xa0, 0x1a, 0x0c, 0x78, 0x41, 0x3d, 0x14, 0x3b, + 0x79, 0xf5, 0x68, 0x9d, 0x5a, 0x08, 0xea, 0xa1, 0x5e, 0xcd, 0xf4, 0x1f, 0x66, 0xd4, 0xd1, 0x22, + 0x9c, 0x8e, 0xc4, 0x69, 0xc8, 0x15, 0x2f, 0xa6, 0x36, 0xeb, 0xa2, 0xd7, 0xf4, 0x12, 0xb6, 0x0b, + 0x17, 0xab, 0x13, 0x7b, 0xbb, 0x93, 0xa7, 0x71, 0x17, 0x38, 0xee, 0xfa, 0x14, 0x7a, 0x0b, 0x86, + 0x64, 0x9e, 0x5d, 0x39, 0x0f, 0xbb, 0xa5, 0x73, 0xfe, 0xab, 0xc9, 0xb4, 0x2a, 0x52, 0xea, 0x24, + 0x43, 0xfb, 0xed, 0x61, 0xe8, 0x74, 0x44, 0xa1, 0x9f, 0x86, 0x4a, 0xa4, 0x72, 0xff, 0xac, 0x3c, + 0x42, 0xa8, 0xe4, 0xf7, 0x15, 0x4e, 0x30, 0xa5, 0x0f, 0xe8, 0x2c, 0x3f, 0xcd, 0x91, 0x6a, 0xed, + 0xb1, 0xf6, 0x57, 0xe5, 0x30, 0xb7, 0x05, 0x57, 0xed, 0xe7, 0xd8, 0x09, 0x5c, 0xcc, 0x78, 0xa0, + 0x08, 0x06, 0x37, 0x88, 0xe3, 0x27, 0x1b, 0xf9, 0x1c, 0xc9, 0x5e, 0x61, 0xb4, 0xb2, 0x51, 0xe2, + 0xbc, 0x15, 0x0b, 0x4e, 0x68, 0x1b, 0x86, 0x36, 0xf8, 0x04, 0x10, 0x8a, 0xf4, 0xd2, 0x51, 0x07, + 0x37, 0x35, 0xab, 0xf4, 0xe7, 0x16, 0x0d, 0x58, 0xb2, 0x63, 0xfe, 0x73, 0xc3, 0x07, 0xcb, 0x97, + 0x6e, 0x7e, 0x01, 0xf2, 0xfd, 0x3b, 0x60, 0x3f, 0x0d, 0x23, 0x11, 0x71, 0xc3, 0xc0, 0xf5, 0x7c, + 0x52, 0x9b, 0x91, 0xc7, 0xad, 0x07, 0x09, 0xab, 0x3e, 0x49, 0x8d, 0x01, 0x6c, 0xd0, 0xc0, 0x29, + 0x8a, 0xe8, 0x8b, 0x16, 0x8c, 0xa9, 0x84, 0x21, 0xfa, 0x41, 0x88, 0x38, 0xb0, 0x5c, 0xcc, 0x29, + 0x3d, 0x89, 0xd1, 0xac, 0xa2, 0xbd, 0xdd, 0xc9, 0xb1, 0x74, 0x1b, 0xce, 0xf0, 0x45, 0xaf, 0x01, + 0x84, 0xeb, 0xdc, 0x49, 0x3e, 0x93, 0x88, 0xd3, 0xcb, 0x83, 0xbc, 0xea, 0x18, 0xcf, 0xaf, 0x90, + 0x14, 0xb0, 0x41, 0x0d, 0x5d, 0x03, 0xe0, 0xcb, 0x66, 0x6d, 0xa7, 0x25, 0xb5, 0x6d, 0x19, 0x17, + 0x0f, 0xab, 0x0a, 0x72, 0x6f, 0x77, 0xb2, 0xf3, 0x34, 0x89, 0xb9, 0x8a, 0x8d, 0xc7, 0xd1, 0x4f, + 0xc1, 0x50, 0xdc, 0x6e, 0x36, 0x1d, 0x75, 0xb6, 0x99, 0x63, 0xc6, 0x06, 0xa7, 0x6b, 0x88, 0x22, + 0xde, 0x80, 0x25, 0x47, 0x74, 0x9b, 0x0a, 0xd5, 0x58, 0x1c, 0x73, 0xb1, 0x55, 0xc4, 0x75, 0x82, + 0x61, 0xf6, 0x4e, 0x1f, 0x13, 0xcf, 0x9d, 0xc6, 0x5d, 0x70, 0xee, 0xed, 0x4e, 0x3e, 0x96, 0x6e, + 0x5f, 0x0c, 0x45, 0x0e, 0x45, 0x57, 0x9a, 0xe8, 0xaa, 0x4c, 0xbb, 0xa7, 0xaf, 0x2d, 0xb3, 0x41, + 0x9f, 0xd5, 0x69, 0xf7, 0xac, 0xb9, 0xf7, 0x98, 0x99, 0x0f, 0xa3, 0x25, 0x38, 0xe5, 0x86, 0x41, + 0x12, 0x85, 0xbe, 0xcf, 0x6b, 0x49, 0x70, 0xc3, 0x87, 0x9f, 0x7d, 0x7e, 0x50, 0x74, 0xfb, 0xd4, + 0x6c, 0x27, 0x0a, 0xee, 0xf6, 0x9c, 0x1d, 0xa4, 0xa3, 0x87, 0xc4, 0xe0, 0xbc, 0x08, 0x23, 0x64, + 0x3b, 0x21, 0x51, 0xe0, 0xf8, 0x37, 0xf0, 0xa2, 0x3c, 0xf5, 0x63, 0x6b, 0xe0, 0x92, 0xd1, 0x8e, + 0x53, 0x58, 0xc8, 0x56, 0xd6, 0x7e, 0x41, 0x27, 0x1a, 0x71, 0x6b, 0x5f, 0xda, 0xf6, 0xf6, 0xff, + 0x2d, 0xa4, 0x14, 0xb2, 0xb5, 0x88, 0x10, 0x14, 0x42, 0x29, 0x08, 0x6b, 0x4a, 0xf6, 0x5f, 0xcd, + 0x47, 0xf6, 0x5f, 0x0f, 0x6b, 0x46, 0x6e, 0x3e, 0xfd, 0x17, 0x63, 0xce, 0x87, 0x25, 0x2f, 0xcb, + 0x2c, 0x6f, 0x06, 0x10, 0x86, 0x46, 0x9e, 0x9c, 0x55, 0xf2, 0xf2, 0xb2, 0xc9, 0x08, 0xa7, 0xf9, + 0xa2, 0x4d, 0x28, 0x6d, 0x84, 0x71, 0x22, 0xcd, 0x8f, 0x23, 0x5a, 0x3a, 0x57, 0xc2, 0x38, 0x61, + 0x5a, 0x84, 0x7a, 0x6d, 0xda, 0x12, 0x63, 0xce, 0xc3, 0xfe, 0xaf, 0x56, 0xea, 0x8c, 0xf7, 0x16, + 0x8b, 0xa4, 0xdb, 0x22, 0x01, 0x5d, 0xd6, 0x66, 0x70, 0xc7, 0x5f, 0xce, 0x24, 0xba, 0x7c, 0xa8, + 0x57, 0xa5, 0x94, 0xbb, 0x94, 0xc2, 0x14, 0x23, 0x61, 0xc4, 0x81, 0x7c, 0xce, 0x4a, 0xa7, 0x1c, + 0x15, 0xf2, 0x30, 0x30, 0xcc, 0x94, 0xba, 0x7d, 0xb3, 0x97, 0xec, 0x77, 0x2c, 0x18, 0xaa, 0x3a, + 0xee, 0x66, 0x58, 0xaf, 0xa3, 0xe7, 0xa0, 0x5c, 0x6b, 0x47, 0x66, 0xf6, 0x93, 0xb2, 0x9e, 0xe7, + 0x44, 0x3b, 0x56, 0x18, 0x74, 0x0e, 0xd7, 0x1d, 0x57, 0x26, 0xd6, 0x15, 0xf9, 0x1c, 0xbe, 0xcc, + 0x5a, 0xb0, 0x80, 0xa0, 0x97, 0x60, 0xb8, 0xe9, 0x6c, 0xcb, 0x87, 0xb3, 0x07, 0xcc, 0x4b, 0x1a, + 0x84, 0x4d, 0x3c, 0xfb, 0x5f, 0x59, 0x30, 0x51, 0x75, 0x62, 0xcf, 0x9d, 0x69, 0x27, 0x1b, 0x55, + 0x2f, 0x59, 0x6f, 0xbb, 0x9b, 0x24, 0xe1, 0xd9, 0x94, 0xb4, 0x97, 0xed, 0x98, 0x2e, 0x25, 0x65, + 0xd7, 0xa9, 0x5e, 0xde, 0x10, 0xed, 0x58, 0x61, 0xa0, 0xb7, 0x60, 0xb8, 0xe5, 0xc4, 0xf1, 0xdd, + 0x30, 0xaa, 0x61, 0x52, 0xcf, 0x27, 0x97, 0x79, 0x95, 0xb8, 0x11, 0x49, 0x30, 0xa9, 0x0b, 0x97, + 0xa1, 0xa6, 0x8f, 0x4d, 0x66, 0xf6, 0xdf, 0xb4, 0x60, 0x84, 0x79, 0x5f, 0xe6, 0x48, 0xe2, 0x78, + 0x7e, 0x47, 0x41, 0x0e, 0xab, 0xcf, 0x82, 0x1c, 0xe7, 0x61, 0x60, 0x23, 0x6c, 0x92, 0xac, 0xe7, + 0xf0, 0x4a, 0x48, 0xad, 0x58, 0x0a, 0x41, 0x2f, 0xd0, 0x71, 0xf6, 0x82, 0xc4, 0xa1, 0x33, 0x4e, + 0x1e, 0x21, 0x9e, 0xe0, 0x63, 0xac, 0x9a, 0xb1, 0x89, 0x63, 0xff, 0x5e, 0x05, 0x86, 0x84, 0x33, + 0xb6, 0xef, 0x04, 0x56, 0x69, 0x4e, 0x17, 0x7a, 0x9a, 0xd3, 0x31, 0x0c, 0xba, 0xac, 0xdc, 0x8f, + 0xd0, 0xda, 0xae, 0xe5, 0xe2, 0xbd, 0xe7, 0x15, 0x84, 0x74, 0xb7, 0xf8, 0x7f, 0x2c, 0x58, 0xa1, + 0xaf, 0x59, 0x70, 0xc2, 0x0d, 0x83, 0x80, 0xb8, 0x5a, 0xa5, 0x18, 0xc8, 0x23, 0x1e, 0x67, 0x36, + 0x4d, 0x54, 0x1f, 0xfd, 0x67, 0x00, 0x38, 0xcb, 0x1e, 0xbd, 0x0c, 0xa3, 0x7c, 0xcc, 0x6e, 0xa6, + 0xce, 0x3d, 0x75, 0x9d, 0x06, 0x13, 0x88, 0xd3, 0xb8, 0x68, 0x8a, 0x9f, 0x1f, 0x8b, 0x8a, 0x08, + 0x83, 0xda, 0x8f, 0x64, 0xd4, 0x42, 0x30, 0x30, 0x50, 0x04, 0x28, 0x22, 0xf5, 0x88, 0xc4, 0x1b, + 0xc2, 0x59, 0xcd, 0xd4, 0x99, 0xa1, 0xc3, 0x25, 0xc4, 0xe1, 0x0e, 0x4a, 0xb8, 0x0b, 0x75, 0xb4, + 0x29, 0xec, 0xb9, 0x72, 0x1e, 0x22, 0x4b, 0x7c, 0xe6, 0x9e, 0x66, 0xdd, 0x24, 0x94, 0xe2, 0x0d, + 0x27, 0xaa, 0x31, 0x35, 0xaa, 0xc8, 0xe3, 0xbe, 0x57, 0x69, 0x03, 0xe6, 0xed, 0x68, 0x0e, 0x4e, + 0x66, 0xaa, 0x4c, 0xc4, 0xe2, 0x7c, 0x52, 0xc5, 0x47, 0x67, 0xea, 0x53, 0xc4, 0xb8, 0xe3, 0x09, + 0xd3, 0xd6, 0x1f, 0xde, 0xc7, 0xd6, 0xdf, 0x51, 0x21, 0x51, 0x23, 0x6c, 0x3b, 0x7a, 0x35, 0x97, + 0x01, 0xe8, 0x2b, 0xfe, 0xe9, 0x2b, 0x99, 0xf8, 0xa7, 0x51, 0xd6, 0x81, 0x9b, 0xf9, 0x74, 0xe0, + 0xe0, 0xc1, 0x4e, 0x0f, 0x33, 0x78, 0xe9, 0xff, 0x58, 0x20, 0xbf, 0xeb, 0xac, 0xe3, 0x6e, 0x10, + 0x3a, 0x65, 0xd0, 0x2b, 0x30, 0xa6, 0x2c, 0xd6, 0xd9, 0xb0, 0x1d, 0xf0, 0xb8, 0xa5, 0xa2, 0xf6, + 0x11, 0xe2, 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x34, 0x54, 0xe8, 0x38, 0xf1, 0x47, 0xf9, 0xd6, 0xa6, + 0xac, 0xe2, 0x99, 0x95, 0x05, 0xf1, 0x94, 0xc6, 0x41, 0x21, 0x8c, 0xfb, 0x4e, 0x9c, 0xb0, 0x1e, + 0x50, 0x03, 0xf6, 0x90, 0xe9, 0xa8, 0xac, 0xc8, 0xce, 0x62, 0x96, 0x10, 0xee, 0xa4, 0x6d, 0x7f, + 0x67, 0x00, 0x46, 0x53, 0x92, 0xf1, 0x80, 0x7b, 0xe2, 0x73, 0x50, 0x96, 0xdb, 0x54, 0x36, 0x29, + 0x5e, 0xed, 0x65, 0x0a, 0x83, 0x6e, 0x5a, 0xeb, 0xc4, 0x89, 0x48, 0xc4, 0xea, 0x77, 0x64, 0xf7, + 0xf0, 0xaa, 0x06, 0x61, 0x13, 0x8f, 0x09, 0xe5, 0xc4, 0x8f, 0x67, 0x7d, 0x8f, 0x04, 0x09, 0xef, + 0x66, 0x3e, 0x42, 0x79, 0x6d, 0x71, 0xd5, 0x24, 0xaa, 0x85, 0x72, 0x06, 0x80, 0xb3, 0xec, 0xd1, + 0xcf, 0x5b, 0x30, 0xea, 0xdc, 0x8d, 0x75, 0x4d, 0x3a, 0x11, 0xe9, 0x74, 0xc4, 0x4d, 0x2a, 0x55, + 0xe6, 0x8e, 0x9f, 0xb0, 0xa6, 0x9a, 0x70, 0x9a, 0x29, 0xfa, 0x86, 0x05, 0x88, 0x6c, 0x13, 0x57, + 0xc6, 0x62, 0x89, 0xbe, 0x0c, 0xe6, 0x61, 0xd8, 0x5d, 0xea, 0xa0, 0xcb, 0xa5, 0x7a, 0x67, 0x3b, + 0xee, 0xd2, 0x07, 0xfb, 0x9f, 0x15, 0xd5, 0x82, 0xd2, 0xe1, 0x7f, 0x8e, 0x91, 0x54, 0x63, 0x1d, + 0x3e, 0xa9, 0x46, 0x3b, 0xa8, 0x3b, 0x12, 0x6b, 0xd2, 0x39, 0x0c, 0x85, 0x87, 0x94, 0xc3, 0xf0, + 0xb3, 0x56, 0xaa, 0xfc, 0xc3, 0xf0, 0x85, 0xd7, 0xf2, 0x0d, 0x3d, 0x9c, 0xe2, 0xe1, 0x11, 0x19, + 0xe9, 0x9e, 0x8e, 0x99, 0xa0, 0xd2, 0xd4, 0x40, 0x3b, 0x90, 0x34, 0xfc, 0x8f, 0x45, 0x18, 0x36, + 0x76, 0xd2, 0xae, 0x6a, 0x91, 0xf5, 0x88, 0xa9, 0x45, 0x85, 0x03, 0xa8, 0x45, 0x3f, 0x03, 0x15, + 0x57, 0x4a, 0xf9, 0x7c, 0x0a, 0x20, 0x66, 0xf7, 0x0e, 0x2d, 0xe8, 0x55, 0x13, 0xd6, 0x3c, 0xd1, + 0x7c, 0x2a, 0x37, 0x41, 0xec, 0x10, 0x03, 0x6c, 0x87, 0xe8, 0x96, 0x3c, 0x20, 0x76, 0x8a, 0xce, + 0x67, 0x58, 0x95, 0x90, 0x96, 0x27, 0xde, 0x4b, 0x06, 0x08, 0xf3, 0x2a, 0x21, 0x2b, 0x0b, 0xb2, + 0x19, 0x9b, 0x38, 0xf6, 0x77, 0x2c, 0xf5, 0x71, 0x1f, 0x40, 0x9a, 0xee, 0xed, 0x74, 0x9a, 0xee, + 0xa5, 0x5c, 0x86, 0xb9, 0x47, 0x7e, 0xee, 0x75, 0x18, 0x9a, 0x0d, 0x9b, 0x4d, 0x27, 0xa8, 0xa1, + 0x1f, 0x86, 0x21, 0x97, 0xff, 0x14, 0xe7, 0x28, 0xcc, 0x1b, 0x27, 0xa0, 0x58, 0xc2, 0xd0, 0x93, + 0x30, 0xe0, 0x44, 0x0d, 0x79, 0x76, 0xc2, 0x02, 0x3a, 0x66, 0xa2, 0x46, 0x8c, 0x59, 0xab, 0xfd, + 0x76, 0x11, 0x60, 0x36, 0x6c, 0xb6, 0x9c, 0x88, 0xd4, 0xd6, 0x42, 0x56, 0x80, 0xe9, 0x58, 0x7d, + 0x58, 0xda, 0x58, 0x7a, 0x94, 0xfd, 0x58, 0x86, 0x2f, 0xa3, 0xf8, 0xa0, 0x7d, 0x19, 0x5f, 0xb6, + 0x00, 0xd1, 0x2f, 0x12, 0x06, 0x24, 0x48, 0xb4, 0x73, 0x76, 0x1a, 0x2a, 0xae, 0x6c, 0x15, 0x5a, + 0x8b, 0x5e, 0x7f, 0x12, 0x80, 0x35, 0x4e, 0x1f, 0xe6, 0xe7, 0xd3, 0x52, 0x38, 0x16, 0xd3, 0x31, + 0x90, 0x4c, 0xa4, 0x0a, 0x59, 0x69, 0xff, 0x7e, 0x01, 0x1e, 0xe3, 0xfb, 0xdd, 0x92, 0x13, 0x38, + 0x0d, 0xd2, 0xa4, 0xbd, 0xea, 0xd7, 0xdd, 0xee, 0x52, 0xbb, 0xc7, 0x93, 0x31, 0x8d, 0x47, 0x5d, + 0x18, 0x7c, 0x42, 0xf3, 0x29, 0xbc, 0x10, 0x78, 0x09, 0x66, 0xc4, 0x51, 0x0c, 0x65, 0x59, 0x4e, + 0x57, 0x08, 0xba, 0x9c, 0x18, 0xa9, 0x35, 0x2f, 0x36, 0x25, 0x82, 0x15, 0x23, 0xaa, 0x15, 0xfa, + 0xa1, 0xbb, 0x89, 0x49, 0x2b, 0x64, 0x42, 0xcd, 0x08, 0x29, 0x5b, 0x14, 0xed, 0x58, 0x61, 0xd8, + 0xbf, 0x6f, 0x41, 0x56, 0xdc, 0x1b, 0xa5, 0x66, 0xac, 0xfb, 0x96, 0x9a, 0x39, 0x40, 0xad, 0x97, + 0x9f, 0x84, 0x61, 0x27, 0xa1, 0x3b, 0x34, 0xb7, 0x69, 0x8b, 0x87, 0x3b, 0xa2, 0x5f, 0x0a, 0x6b, + 0x5e, 0xdd, 0x63, 0xb6, 0xac, 0x49, 0xce, 0xfe, 0x5f, 0x03, 0x30, 0xde, 0x11, 0xa7, 0x8e, 0x2e, + 0xc2, 0x88, 0x2b, 0xa6, 0x47, 0x0b, 0x93, 0xba, 0x78, 0x19, 0x23, 0xce, 0x49, 0xc3, 0x70, 0x0a, + 0xb3, 0x8f, 0x09, 0xba, 0x00, 0xa7, 0x22, 0x6a, 0x45, 0xb7, 0xc9, 0x4c, 0x3d, 0x21, 0xd1, 0x2a, + 0x71, 0xc3, 0xa0, 0xc6, 0x0b, 0x22, 0x15, 0xab, 0x8f, 0xef, 0xed, 0x4e, 0x9e, 0xc2, 0x9d, 0x60, + 0xdc, 0xed, 0x19, 0xd4, 0x82, 0x51, 0xdf, 0x54, 0xb0, 0x84, 0x76, 0x7d, 0x28, 0xdd, 0x4c, 0x6d, + 0xc0, 0xa9, 0x66, 0x9c, 0x66, 0x90, 0xd6, 0xd2, 0x4a, 0x0f, 0x49, 0x4b, 0xfb, 0x39, 0xad, 0xa5, + 0x71, 0x5f, 0xf2, 0xeb, 0x39, 0xe7, 0x29, 0x1c, 0xb7, 0x9a, 0xf6, 0x2a, 0x94, 0x65, 0x9c, 0x4d, + 0x5f, 0xf1, 0x29, 0x26, 0x9d, 0x1e, 0x12, 0xed, 0x5e, 0x01, 0xba, 0x68, 0xf8, 0x74, 0x9d, 0xe9, + 0xed, 0x34, 0xb5, 0xce, 0x0e, 0xb6, 0xa5, 0xa2, 0x6d, 0x1e, 0x63, 0xc4, 0x37, 0x8e, 0x4f, 0xe6, + 0x6d, 0xa1, 0xe8, 0xb0, 0x23, 0x15, 0x90, 0xae, 0x42, 0x8f, 0x2e, 0x00, 0x68, 0x2d, 0x48, 0x84, + 0x1b, 0x2b, 0x17, 0xa6, 0x56, 0x96, 0xb0, 0x81, 0x45, 0x0d, 0x56, 0x2f, 0x88, 0x13, 0xc7, 0xf7, + 0xaf, 0x78, 0x41, 0x22, 0x4e, 0xde, 0xd4, 0x0e, 0xb9, 0xa0, 0x41, 0xd8, 0xc4, 0x3b, 0xfb, 0x31, + 0xe3, 0xbb, 0x1c, 0xe4, 0x7b, 0x6e, 0xc0, 0x13, 0xf3, 0x5e, 0xa2, 0x82, 0xe4, 0xd5, 0x3c, 0xa2, + 0x4a, 0x8e, 0x4a, 0xfa, 0xb0, 0x7a, 0x26, 0x7d, 0x18, 0x41, 0xea, 0x85, 0x74, 0x4c, 0x7d, 0x36, + 0x48, 0xdd, 0xbe, 0x08, 0xa7, 0xe7, 0xbd, 0xe4, 0xb2, 0xe7, 0x93, 0x03, 0x32, 0xb1, 0x7f, 0x77, + 0x10, 0x46, 0xcc, 0xa4, 0xa4, 0x83, 0xe4, 0xad, 0x7c, 0x95, 0xea, 0x31, 0xe2, 0xed, 0x3c, 0xe5, + 0x00, 0xba, 0x75, 0xe4, 0x0c, 0xa9, 0xee, 0x23, 0x66, 0xa8, 0x32, 0x9a, 0x27, 0x36, 0x3b, 0x80, + 0xee, 0x42, 0xa9, 0xce, 0x82, 0xa8, 0x8b, 0x79, 0x78, 0xc9, 0xbb, 0x8d, 0xa8, 0x5e, 0x66, 0x3c, + 0x0c, 0x9b, 0xf3, 0xa3, 0x3b, 0x64, 0x94, 0xce, 0xcc, 0x31, 0xa2, 0x0b, 0x45, 0x4e, 0x8e, 0xc2, + 0xe8, 0x25, 0xea, 0x4b, 0x87, 0x10, 0xf5, 0x29, 0xc1, 0x3b, 0xf8, 0x90, 0x04, 0x2f, 0x0b, 0x88, + 0x4f, 0x36, 0x98, 0xfe, 0x26, 0xc2, 0xa1, 0x87, 0xd8, 0x20, 0x18, 0x01, 0xf1, 0x29, 0x30, 0xce, + 0xe2, 0xa3, 0xcf, 0x2a, 0xd1, 0x5d, 0xce, 0xe3, 0xd0, 0xd2, 0x9c, 0xd1, 0xc7, 0x2d, 0xb5, 0xbf, + 0x5c, 0x80, 0xb1, 0xf9, 0xa0, 0xbd, 0x32, 0xbf, 0xd2, 0x5e, 0xf7, 0x3d, 0xf7, 0x1a, 0xd9, 0xa1, + 0xa2, 0x79, 0x93, 0xec, 0x2c, 0xcc, 0x89, 0x15, 0xa4, 0xe6, 0xcc, 0x35, 0xda, 0x88, 0x39, 0x8c, + 0x0a, 0xa3, 0xba, 0x17, 0x34, 0x48, 0xd4, 0x8a, 0x3c, 0x71, 0x9e, 0x68, 0x08, 0xa3, 0xcb, 0x1a, + 0x84, 0x4d, 0x3c, 0x4a, 0x3b, 0xbc, 0x1b, 0x90, 0x28, 0xab, 0xc8, 0x2e, 0xd3, 0x46, 0xcc, 0x61, + 0x14, 0x29, 0x89, 0xda, 0x71, 0x22, 0x26, 0xa3, 0x42, 0x5a, 0xa3, 0x8d, 0x98, 0xc3, 0xe8, 0x4a, + 0x8f, 0xdb, 0xeb, 0x2c, 0x08, 0x21, 0x13, 0x7b, 0xbd, 0xca, 0x9b, 0xb1, 0x84, 0x53, 0xd4, 0x4d, + 0xb2, 0x33, 0x47, 0x4d, 0xca, 0x4c, 0x76, 0xc4, 0x35, 0xde, 0x8c, 0x25, 0x9c, 0x15, 0x8f, 0x4a, + 0x0f, 0xc7, 0xf7, 0x5d, 0xf1, 0xa8, 0x74, 0xf7, 0x7b, 0x18, 0xa7, 0xbf, 0x66, 0xc1, 0x88, 0x19, + 0x3a, 0x84, 0x1a, 0x19, 0x1d, 0x77, 0xb9, 0xa3, 0x10, 0xe0, 0x8f, 0x77, 0xbb, 0xf5, 0xa4, 0xe1, + 0x25, 0x61, 0x2b, 0x7e, 0x9e, 0x04, 0x0d, 0x2f, 0x20, 0xcc, 0x23, 0xcc, 0x43, 0x8e, 0x52, 0x71, + 0x49, 0xb3, 0x61, 0x8d, 0x1c, 0x42, 0x49, 0xb6, 0x6f, 0xc1, 0x78, 0x47, 0x4a, 0x4c, 0x1f, 0xaa, + 0xc5, 0xbe, 0x09, 0x89, 0x36, 0x86, 0x61, 0x4a, 0x98, 0xc7, 0x8b, 0xc6, 0x68, 0x16, 0xc6, 0xf9, + 0x42, 0xa2, 0x9c, 0x56, 0xdd, 0x0d, 0xd2, 0x54, 0x69, 0x4e, 0xec, 0xf0, 0xfa, 0x66, 0x16, 0x88, + 0x3b, 0xf1, 0xed, 0xaf, 0x58, 0x30, 0x9a, 0xca, 0x52, 0xca, 0x49, 0x09, 0x62, 0x2b, 0x2d, 0x64, + 0x91, 0x6c, 0x2c, 0x9c, 0xb7, 0xc8, 0x36, 0x53, 0xbd, 0xd2, 0x34, 0x08, 0x9b, 0x78, 0xf6, 0x3b, + 0x05, 0x28, 0xcb, 0x68, 0x80, 0x3e, 0xba, 0xf2, 0x25, 0x0b, 0x46, 0x95, 0xc3, 0x80, 0x9d, 0x44, + 0x15, 0xf2, 0x88, 0x5b, 0xa7, 0x3d, 0x50, 0xa1, 0x96, 0x41, 0x3d, 0xd4, 0x1a, 0x39, 0x36, 0x99, + 0xe1, 0x34, 0x6f, 0x74, 0x13, 0x20, 0xde, 0x89, 0x13, 0xd2, 0x34, 0xce, 0xc4, 0x6c, 0x63, 0xc5, + 0x4d, 0xb9, 0x61, 0x44, 0xe8, 0xfa, 0xba, 0x1e, 0xd6, 0xc8, 0xaa, 0xc2, 0xd4, 0x2a, 0x94, 0x6e, + 0xc3, 0x06, 0x25, 0xfb, 0x1f, 0x16, 0xe0, 0x64, 0xb6, 0x4b, 0xe8, 0x75, 0x18, 0x91, 0xdc, 0x8d, + 0x1b, 0x5c, 0x64, 0x08, 0xc4, 0x08, 0x36, 0x60, 0xf7, 0x76, 0x27, 0x27, 0x3b, 0x6f, 0xd0, 0x99, + 0x32, 0x51, 0x70, 0x8a, 0x18, 0xf7, 0xda, 0x08, 0xf7, 0x62, 0x75, 0x67, 0xa6, 0xd5, 0x12, 0xae, + 0x17, 0xc3, 0x6b, 0x63, 0x42, 0x71, 0x06, 0x1b, 0xad, 0xc0, 0x69, 0xa3, 0xe5, 0x3a, 0xf1, 0x1a, + 0x1b, 0xeb, 0x61, 0x24, 0x2d, 0xab, 0x27, 0x75, 0x90, 0x52, 0x27, 0x0e, 0xee, 0xfa, 0x24, 0xdd, + 0xed, 0x5d, 0xa7, 0xe5, 0xb8, 0x5e, 0xb2, 0x23, 0x0e, 0xf9, 0x94, 0x6c, 0x9a, 0x15, 0xed, 0x58, + 0x61, 0xd8, 0x4b, 0x30, 0xd0, 0xe7, 0x0c, 0xea, 0x4b, 0xa3, 0x7f, 0x15, 0xca, 0x94, 0x9c, 0x54, + 0xef, 0xf2, 0x20, 0x19, 0x42, 0x59, 0x16, 0x61, 0x47, 0x36, 0x14, 0x3d, 0x47, 0x3a, 0xc6, 0xd4, + 0x6b, 0x2d, 0xc4, 0x71, 0x9b, 0x19, 0xc9, 0x14, 0x88, 0x9e, 0x86, 0x22, 0xd9, 0x6e, 0x65, 0x3d, + 0x60, 0x97, 0xb6, 0x5b, 0x5e, 0x44, 0x62, 0x8a, 0x44, 0xb6, 0x5b, 0xe8, 0x2c, 0x14, 0xbc, 0x9a, + 0xd8, 0xa4, 0x40, 0xe0, 0x14, 0x16, 0xe6, 0x70, 0xc1, 0xab, 0xd9, 0xdb, 0x50, 0x51, 0x55, 0xdf, + 0xd1, 0xa6, 0x94, 0xdd, 0x56, 0x1e, 0xe1, 0x3b, 0x92, 0x6e, 0x0f, 0xa9, 0xdd, 0x06, 0xd0, 0x39, + 0x61, 0x79, 0xc9, 0x97, 0xf3, 0x30, 0xe0, 0x86, 0x22, 0x95, 0xb4, 0xac, 0xc9, 0x30, 0xa1, 0xcd, + 0x20, 0xf6, 0x2d, 0x18, 0xbb, 0x16, 0x84, 0x77, 0x59, 0x59, 0x5b, 0x56, 0x74, 0x87, 0x12, 0xae, + 0xd3, 0x1f, 0x59, 0x15, 0x81, 0x41, 0x31, 0x87, 0xa9, 0x7a, 0x31, 0x85, 0x5e, 0xf5, 0x62, 0xec, + 0xcf, 0x59, 0x70, 0x52, 0x65, 0xb6, 0x48, 0x69, 0x7c, 0x11, 0x46, 0xd6, 0xdb, 0x9e, 0x5f, 0x13, + 0xff, 0xb3, 0xc7, 0x14, 0x55, 0x03, 0x86, 0x53, 0x98, 0xd4, 0xa8, 0x5a, 0xf7, 0x02, 0x27, 0xda, + 0x59, 0xd1, 0xe2, 0x5f, 0x49, 0x84, 0xaa, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x92, 0xd9, 0x05, 0x91, + 0x4b, 0xd3, 0xc7, 0xc8, 0xde, 0x80, 0x92, 0xab, 0x1c, 0xa9, 0x87, 0x2a, 0x37, 0xa6, 0xd2, 0x98, + 0xd9, 0x61, 0x3a, 0xa7, 0x66, 0xff, 0x8b, 0x02, 0x8c, 0xa6, 0x0a, 0x49, 0x20, 0x1f, 0xca, 0xc4, + 0x67, 0x47, 0x79, 0x72, 0x8a, 0x1d, 0xb5, 0xba, 0x9c, 0x5a, 0x16, 0x97, 0x04, 0x5d, 0xac, 0x38, + 0x3c, 0x1a, 0xfe, 0xaa, 0x8b, 0x30, 0x22, 0x3b, 0xf4, 0x49, 0xa7, 0xe9, 0x8b, 0x55, 0xa8, 0x26, + 0xc0, 0x25, 0x03, 0x86, 0x53, 0x98, 0xf6, 0x1f, 0x14, 0x61, 0x82, 0x9f, 0x7d, 0xd6, 0x54, 0x48, + 0xc9, 0x92, 0xd4, 0xb2, 0xfe, 0x9a, 0x2e, 0xf7, 0xc2, 0x07, 0x72, 0xfd, 0xa8, 0x95, 0x55, 0xbb, + 0x33, 0xea, 0x2b, 0xd8, 0xe1, 0x57, 0x33, 0xc1, 0x0e, 0x7c, 0xb3, 0x6d, 0x1c, 0x53, 0x8f, 0xbe, + 0xbf, 0xa2, 0x1f, 0xfe, 0x5e, 0x01, 0x4e, 0x64, 0xca, 0xd6, 0xa2, 0xb7, 0xd3, 0x85, 0xe9, 0xac, + 0x3c, 0x4e, 0xc8, 0xee, 0x5b, 0x3c, 0xf5, 0x60, 0xe5, 0xe9, 0x1e, 0xd2, 0x52, 0xb1, 0xff, 0xb0, + 0x00, 0x63, 0xe9, 0x7a, 0xbb, 0x8f, 0xe0, 0x48, 0x7d, 0x04, 0x2a, 0xac, 0x8a, 0x25, 0xbb, 0x23, + 0x88, 0x1f, 0xc4, 0xf1, 0x62, 0x8b, 0xb2, 0x11, 0x6b, 0xf8, 0x23, 0x51, 0xf5, 0xcf, 0xfe, 0xfb, + 0x16, 0x9c, 0xe1, 0x6f, 0x99, 0x9d, 0x87, 0x7f, 0xbd, 0xdb, 0xe8, 0xbe, 0x91, 0x6f, 0x07, 0x33, + 0x65, 0x8a, 0xf6, 0x1b, 0x5f, 0x76, 0x37, 0x89, 0xe8, 0x6d, 0x7a, 0x2a, 0x3c, 0x82, 0x9d, 0x3d, + 0xd0, 0x64, 0xb0, 0xff, 0xb0, 0x08, 0xfa, 0x3a, 0x16, 0xe4, 0x89, 0x2c, 0x9d, 0x5c, 0xca, 0x35, + 0xad, 0xee, 0x04, 0xae, 0xbe, 0xf8, 0xa5, 0x9c, 0x49, 0xd2, 0xf9, 0x45, 0x0b, 0x86, 0xbd, 0xc0, + 0x4b, 0x3c, 0x87, 0x29, 0xcf, 0xf9, 0x5c, 0x27, 0xa1, 0xd8, 0x2d, 0x70, 0xca, 0x61, 0x64, 0x9e, + 0xde, 0x2a, 0x66, 0xd8, 0xe4, 0x8c, 0x3e, 0x2d, 0xe2, 0x11, 0x8b, 0xb9, 0xe5, 0x97, 0x95, 0x33, + 0x41, 0x88, 0x2d, 0x28, 0x45, 0x24, 0x89, 0x72, 0x4a, 0xcb, 0xc4, 0x94, 0x94, 0xaa, 0xce, 0xa7, + 0x2f, 0xc6, 0xa3, 0xcd, 0x98, 0x33, 0xb2, 0x63, 0x40, 0x9d, 0x63, 0x71, 0xc0, 0x58, 0xaf, 0x69, + 0xa8, 0x38, 0xed, 0x24, 0x6c, 0xd2, 0x61, 0x12, 0x07, 0xcc, 0x3a, 0x9a, 0x4d, 0x02, 0xb0, 0xc6, + 0xb1, 0xdf, 0x2e, 0x41, 0x26, 0x6d, 0x06, 0x6d, 0x9b, 0x57, 0x09, 0x59, 0xf9, 0x5e, 0x25, 0xa4, + 0x3a, 0xd3, 0xed, 0x3a, 0x21, 0xd4, 0x80, 0x52, 0x6b, 0xc3, 0x89, 0xa5, 0x6e, 0xfc, 0xaa, 0x1c, + 0xa6, 0x15, 0xda, 0x78, 0x6f, 0x77, 0xf2, 0x27, 0xfa, 0x3b, 0x6b, 0xa1, 0x73, 0x75, 0x9a, 0x67, + 0xa1, 0x6b, 0xd6, 0x8c, 0x06, 0xe6, 0xf4, 0x0f, 0x72, 0xa1, 0xc6, 0xe7, 0x45, 0xa9, 0x53, 0x4c, + 0xe2, 0xb6, 0x9f, 0x88, 0xd9, 0xf0, 0x6a, 0x8e, 0xab, 0x8c, 0x13, 0xd6, 0x09, 0x9f, 0xfc, 0x3f, + 0x36, 0x98, 0xa2, 0xd7, 0xa1, 0x12, 0x27, 0x4e, 0x94, 0x1c, 0x32, 0x45, 0x4b, 0x0d, 0xfa, 0xaa, + 0x24, 0x82, 0x35, 0x3d, 0xf4, 0x1a, 0xab, 0x5e, 0xe7, 0xc5, 0x1b, 0x87, 0x0c, 0x23, 0x96, 0x95, + 0xee, 0x04, 0x05, 0x6c, 0x50, 0xa3, 0xa6, 0x07, 0x9b, 0xdb, 0x3c, 0x76, 0xa6, 0xcc, 0x6c, 0x4b, + 0x25, 0x0a, 0xb1, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x11, 0x48, 0x67, 0x2c, 0xa3, 0x49, 0x99, 0x20, + 0xcd, 0xcf, 0x9e, 0x58, 0x38, 0x70, 0x2a, 0x97, 0xf9, 0x77, 0x2c, 0x30, 0xd3, 0xaa, 0xd1, 0x1d, + 0x9e, 0xbf, 0x6d, 0xe5, 0xe1, 0x2f, 0x30, 0xe8, 0x4e, 0x2d, 0x39, 0xad, 0x8c, 0xe3, 0x4a, 0x26, + 0x71, 0x9f, 0xfd, 0x18, 0x94, 0x25, 0xf4, 0x40, 0x4a, 0xdd, 0x67, 0xe1, 0x54, 0xf6, 0xa2, 0x45, + 0x71, 0xd6, 0xdc, 0x88, 0xc2, 0x76, 0x2b, 0x6b, 0x48, 0xb2, 0x8b, 0xf8, 0x30, 0x87, 0x51, 0x73, + 0x6c, 0xd3, 0x0b, 0x6a, 0x59, 0x43, 0xf2, 0x9a, 0x17, 0xd4, 0x30, 0x83, 0xf4, 0x71, 0xa1, 0xd4, + 0x3f, 0xb7, 0xe0, 0xfc, 0x7e, 0xf7, 0x41, 0xa2, 0x27, 0x61, 0xe0, 0xae, 0x13, 0xc9, 0xd2, 0x9f, + 0x4c, 0x50, 0xde, 0x72, 0xa2, 0x00, 0xb3, 0x56, 0xb4, 0x03, 0x83, 0x3c, 0xff, 0x57, 0x68, 0xeb, + 0xaf, 0xe6, 0x7b, 0x3b, 0xe5, 0x35, 0x62, 0x98, 0x0b, 0x3c, 0xf7, 0x18, 0x0b, 0x86, 0xf6, 0x77, + 0x2d, 0x40, 0xcb, 0x5b, 0x24, 0x8a, 0xbc, 0x9a, 0x91, 0xb1, 0x8c, 0x5e, 0x84, 0x91, 0xdb, 0xab, + 0xcb, 0xd7, 0x57, 0x42, 0x2f, 0x60, 0x15, 0x0c, 0x8c, 0x24, 0xad, 0xab, 0x46, 0x3b, 0x4e, 0x61, + 0xa1, 0x59, 0x18, 0xbf, 0x7d, 0x87, 0x1a, 0xbf, 0x66, 0x3d, 0xef, 0x82, 0x3e, 0xee, 0xbc, 0xfa, + 0x6a, 0x06, 0x88, 0x3b, 0xf1, 0xd1, 0x32, 0x9c, 0x69, 0x72, 0x73, 0x83, 0x97, 0xe1, 0xe5, 0xb6, + 0x87, 0xca, 0xd1, 0x78, 0x62, 0x6f, 0x77, 0xf2, 0xcc, 0x52, 0x37, 0x04, 0xdc, 0xfd, 0x39, 0xfb, + 0xdd, 0x02, 0x0c, 0x1b, 0x77, 0xaa, 0xf6, 0x61, 0x83, 0x67, 0xb2, 0x4e, 0x0a, 0x7d, 0x66, 0x9d, + 0x3c, 0x0b, 0xe5, 0x56, 0xe8, 0x7b, 0xae, 0xa7, 0x6a, 0xd2, 0xb0, 0xd2, 0x89, 0x2b, 0xa2, 0x0d, + 0x2b, 0x28, 0xba, 0x0b, 0x15, 0x75, 0xcf, 0xa0, 0x48, 0x9c, 0xcd, 0xeb, 0x7c, 0x47, 0x49, 0x2a, + 0x7d, 0x7f, 0xa0, 0xe6, 0x85, 0x6c, 0x18, 0x64, 0x33, 0x5f, 0x86, 0xd0, 0xb1, 0x14, 0x24, 0xb6, + 0x24, 0x62, 0x2c, 0x20, 0xf6, 0x17, 0x86, 0xe0, 0x74, 0xb7, 0x72, 0x7f, 0xe8, 0x33, 0x30, 0xc8, + 0xfb, 0x98, 0x4f, 0x45, 0xd9, 0x6e, 0x3c, 0xe6, 0x19, 0x41, 0xd1, 0x2d, 0xf6, 0x1b, 0x0b, 0x9e, + 0x82, 0xbb, 0xef, 0xac, 0x0b, 0x9d, 0xe9, 0x78, 0xb8, 0x2f, 0x3a, 0x9a, 0xfb, 0xa2, 0xc3, 0xb9, + 0xfb, 0xce, 0x3a, 0xda, 0x86, 0x52, 0xc3, 0x4b, 0x88, 0x23, 0x2c, 0x87, 0x5b, 0xc7, 0xc2, 0x9c, + 0x38, 0x5c, 0x34, 0xb3, 0x9f, 0x98, 0x33, 0x44, 0xdf, 0xb4, 0xe0, 0xc4, 0x7a, 0x3a, 0xa3, 0x4b, + 0x6c, 0xa1, 0xce, 0x31, 0x94, 0x74, 0x4c, 0x33, 0xe2, 0x85, 0xb2, 0x33, 0x8d, 0x38, 0xdb, 0x1d, + 0xf4, 0x73, 0x16, 0x0c, 0xd5, 0x3d, 0xdf, 0xa8, 0x57, 0x76, 0x0c, 0x1f, 0xe7, 0x32, 0x63, 0xa0, + 0xd5, 0x0c, 0xfe, 0x3f, 0xc6, 0x92, 0x73, 0x2f, 0xf7, 0xf1, 0xe0, 0x51, 0xdd, 0xc7, 0x43, 0x0f, + 0xc9, 0x56, 0xfc, 0xa5, 0x02, 0x3c, 0xdd, 0xc7, 0x37, 0x32, 0x93, 0x70, 0xac, 0x7d, 0x92, 0x70, + 0xce, 0xc3, 0x40, 0x44, 0x5a, 0x61, 0x76, 0xbf, 0x63, 0x91, 0x6a, 0x0c, 0x82, 0x9e, 0x82, 0xa2, + 0xd3, 0xf2, 0xc4, 0x76, 0xa7, 0x36, 0xe9, 0x99, 0x95, 0x05, 0x4c, 0xdb, 0xe9, 0x97, 0xae, 0xac, + 0xcb, 0x3c, 0xc3, 0x7c, 0x8a, 0xd6, 0xf7, 0x4a, 0x5b, 0xe4, 0xd6, 0x9b, 0x82, 0x62, 0xcd, 0xd7, + 0xfe, 0x1b, 0x16, 0x9c, 0xed, 0x3d, 0x45, 0xd0, 0x0b, 0x30, 0xbc, 0x1e, 0x39, 0x81, 0xbb, 0xc1, + 0x6e, 0x78, 0x90, 0x83, 0xc2, 0x72, 0x2f, 0x74, 0x33, 0x36, 0x71, 0xe8, 0xce, 0xc5, 0x4b, 0x83, + 0x1a, 0x18, 0x32, 0xd4, 0x9a, 0xee, 0x5c, 0x6b, 0x59, 0x20, 0xee, 0xc4, 0xb7, 0xff, 0xa0, 0xd0, + 0xbd, 0x5b, 0x5c, 0x94, 0x1c, 0xe4, 0x3b, 0x89, 0xaf, 0x50, 0xe8, 0xf1, 0x15, 0xee, 0x40, 0x39, + 0x61, 0xf9, 0x23, 0xa4, 0x2e, 0xe4, 0x51, 0x6e, 0xf9, 0x99, 0x6c, 0xc7, 0x5a, 0x13, 0xc4, 0xb1, + 0x62, 0x43, 0x37, 0x0e, 0x5f, 0x17, 0x4c, 0x13, 0x1b, 0x47, 0xe6, 0xe8, 0x71, 0x0e, 0x4e, 0x1a, + 0xf5, 0x5f, 0x79, 0xf8, 0x3c, 0xf7, 0xa0, 0xab, 0x9c, 0xb2, 0x95, 0x0c, 0x1c, 0x77, 0x3c, 0x61, + 0xff, 0x5a, 0x01, 0x9e, 0xe8, 0x29, 0x1f, 0xb5, 0x9b, 0xdf, 0xba, 0x8f, 0x9b, 0xff, 0xc8, 0xd3, + 0xdc, 0x1c, 0xe0, 0x81, 0x07, 0x33, 0xc0, 0xcf, 0x41, 0xd9, 0x0b, 0x62, 0xe2, 0xb6, 0x23, 0x3e, + 0x68, 0x46, 0x30, 0xe9, 0x82, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0xa3, 0xde, 0x53, 0x8d, 0xee, 0x95, + 0x3f, 0xb0, 0xa3, 0xf4, 0x32, 0x8c, 0x3a, 0xad, 0x16, 0xc7, 0x63, 0x2e, 0xd5, 0x4c, 0x96, 0xe8, + 0x8c, 0x09, 0xc4, 0x69, 0x5c, 0x63, 0x0e, 0x0f, 0xf6, 0x9a, 0xc3, 0xf6, 0x9f, 0x5a, 0x50, 0xc1, + 0xa4, 0xce, 0xd7, 0x3b, 0xba, 0x2d, 0x86, 0xc8, 0xca, 0xa3, 0x7c, 0x0b, 0x1d, 0xd8, 0xd8, 0x63, + 0x65, 0x4d, 0xba, 0x0d, 0x76, 0x67, 0x2d, 0xe3, 0xc2, 0x81, 0x6a, 0x19, 0xab, 0x6a, 0xb6, 0xc5, + 0xde, 0xd5, 0x6c, 0xed, 0x77, 0x87, 0xe8, 0xeb, 0xb5, 0xc2, 0xd9, 0x88, 0xd4, 0x62, 0xfa, 0x7d, + 0xdb, 0x91, 0x9f, 0xbd, 0x0a, 0xf6, 0x06, 0x5e, 0xc4, 0xb4, 0x3d, 0x75, 0x6e, 0x52, 0x38, 0x50, + 0x8e, 0x5c, 0x71, 0xdf, 0x1c, 0xb9, 0x97, 0x61, 0x34, 0x8e, 0x37, 0x56, 0x22, 0x6f, 0xcb, 0x49, + 0xa8, 0x81, 0x22, 0x22, 0x72, 0x74, 0x5e, 0xcb, 0xea, 0x15, 0x0d, 0xc4, 0x69, 0x5c, 0x34, 0x0f, + 0xe3, 0x3a, 0x53, 0x8d, 0x44, 0x09, 0x0b, 0xc0, 0xe1, 0x33, 0x41, 0xa5, 0x95, 0xe8, 0xdc, 0x36, + 0x81, 0x80, 0x3b, 0x9f, 0xa1, 0x12, 0x2b, 0xd5, 0x48, 0x3b, 0x32, 0x98, 0x96, 0x58, 0x29, 0x3a, + 0xb4, 0x2f, 0x1d, 0x4f, 0xa0, 0x25, 0x38, 0xc5, 0x27, 0x06, 0xbb, 0x7b, 0x5c, 0xbd, 0xd1, 0x50, + 0xba, 0x6c, 0xc6, 0x7c, 0x27, 0x0a, 0xee, 0xf6, 0x1c, 0xb5, 0x3e, 0x54, 0xf3, 0xc2, 0x9c, 0x30, + 0xf9, 0x95, 0xf5, 0xa1, 0xc8, 0x2c, 0xd4, 0xb0, 0x89, 0x87, 0x3e, 0x09, 0x8f, 0xeb, 0xbf, 0x3c, + 0x4a, 0x93, 0x9f, 0x83, 0xcd, 0x89, 0x24, 0x60, 0x55, 0x3b, 0x75, 0xbe, 0x2b, 0x5a, 0x0d, 0xf7, + 0x7a, 0x1e, 0xad, 0xc3, 0x59, 0x05, 0xba, 0x44, 0x4d, 0xbd, 0x56, 0xe4, 0xc5, 0xa4, 0xea, 0xc4, + 0xe4, 0x46, 0xe4, 0xb3, 0xb4, 0xe1, 0x8a, 0xbe, 0x04, 0x62, 0xde, 0x4b, 0xae, 0x74, 0xc3, 0xc4, + 0x8b, 0xf8, 0x3e, 0x54, 0xd0, 0x34, 0x54, 0x48, 0xe0, 0xac, 0xfb, 0x64, 0x79, 0x76, 0x81, 0x25, + 0x13, 0x1b, 0xc7, 0x6e, 0x97, 0x24, 0x00, 0x6b, 0x1c, 0xe5, 0x04, 0x1e, 0xe9, 0x79, 0x69, 0xc8, + 0x0a, 0x9c, 0x6e, 0xb8, 0x2d, 0xaa, 0x4d, 0x78, 0x2e, 0x99, 0x71, 0x99, 0x23, 0x94, 0x7e, 0x18, + 0x5e, 0xcf, 0x44, 0x45, 0x38, 0xcc, 0xcf, 0xae, 0x74, 0xe0, 0xe0, 0xae, 0x4f, 0xd2, 0x35, 0xd6, + 0x8a, 0xc2, 0xed, 0x9d, 0x89, 0x53, 0xe9, 0x35, 0xb6, 0x42, 0x1b, 0x31, 0x87, 0xa1, 0xab, 0x80, + 0x58, 0xb8, 0xcc, 0x95, 0x24, 0x69, 0x29, 0xf5, 0x65, 0xe2, 0x34, 0x7b, 0xa5, 0xb3, 0xe2, 0x09, + 0x74, 0xb9, 0x03, 0x03, 0x77, 0x79, 0xca, 0xfe, 0x13, 0x0b, 0x46, 0xd5, 0x7a, 0x7d, 0x00, 0x01, + 0x63, 0x7e, 0x3a, 0x60, 0x6c, 0xfe, 0xe8, 0x12, 0x8f, 0xf5, 0xbc, 0x47, 0xd4, 0xc1, 0x17, 0x86, + 0x01, 0xb4, 0x54, 0x54, 0x1b, 0x92, 0xd5, 0x73, 0x43, 0x7a, 0x64, 0x25, 0x52, 0xb7, 0xcc, 0xc1, + 0xd2, 0xc3, 0xcd, 0x1c, 0x5c, 0x85, 0x33, 0x52, 0x5d, 0xe0, 0x07, 0x3b, 0x57, 0xc2, 0x58, 0x09, + 0xb8, 0x72, 0xf5, 0x29, 0x41, 0xe8, 0xcc, 0x42, 0x37, 0x24, 0xdc, 0xfd, 0xd9, 0x94, 0x96, 0x32, + 0xb4, 0x9f, 0x96, 0xa2, 0xd7, 0xf4, 0x62, 0x5d, 0x56, 0x62, 0xcd, 0xac, 0xe9, 0xc5, 0xcb, 0xab, + 0x58, 0xe3, 0x74, 0x17, 0xec, 0x95, 0x9c, 0x04, 0x3b, 0x1c, 0x58, 0xb0, 0x4b, 0x11, 0x33, 0xdc, + 0x53, 0xc4, 0xc8, 0xb3, 0xa4, 0x91, 0x9e, 0x67, 0x49, 0xaf, 0xc0, 0x98, 0x17, 0x6c, 0x90, 0xc8, + 0x4b, 0x48, 0x8d, 0xad, 0x05, 0x26, 0x7e, 0xca, 0x7a, 0x5b, 0x5f, 0x48, 0x41, 0x71, 0x06, 0x3b, + 0x2d, 0x17, 0xc7, 0xfa, 0x90, 0x8b, 0x3d, 0x76, 0xa3, 0x13, 0xf9, 0xec, 0x46, 0x27, 0x8f, 0xbe, + 0x1b, 0x8d, 0x1f, 0xeb, 0x6e, 0x84, 0x72, 0xd9, 0x8d, 0xfa, 0x12, 0xf4, 0x86, 0x41, 0x77, 0x7a, + 0x1f, 0x83, 0xae, 0xd7, 0x56, 0x74, 0xe6, 0xd0, 0x5b, 0x51, 0xf7, 0x5d, 0xe6, 0xb1, 0x43, 0xed, + 0x32, 0x5f, 0x2c, 0xc0, 0x19, 0x2d, 0x87, 0xe9, 0xec, 0xf7, 0xea, 0x54, 0x12, 0xb1, 0x62, 0xde, + 0x3c, 0xf6, 0xc7, 0x88, 0x5f, 0xd4, 0xa1, 0x90, 0x0a, 0x82, 0x0d, 0x2c, 0x16, 0x06, 0x48, 0x22, + 0x56, 0xb5, 0x29, 0x2b, 0xa4, 0x67, 0x45, 0x3b, 0x56, 0x18, 0x74, 0x7e, 0xd1, 0xdf, 0x22, 0xb4, + 0x3a, 0x5b, 0x2c, 0x61, 0x56, 0x83, 0xb0, 0x89, 0x87, 0x9e, 0xe5, 0x4c, 0x98, 0x80, 0xa0, 0x82, + 0x7a, 0x44, 0x5c, 0x53, 0x23, 0x65, 0x82, 0x82, 0xca, 0xee, 0xb0, 0x78, 0xcf, 0x52, 0x67, 0x77, + 0x98, 0xbf, 0x52, 0x61, 0xd8, 0xff, 0xdb, 0x82, 0x27, 0xba, 0x0e, 0xc5, 0x03, 0xd8, 0x7c, 0xb7, + 0xd3, 0x9b, 0xef, 0x6a, 0x5e, 0xe6, 0x86, 0xf1, 0x16, 0x3d, 0x36, 0xe2, 0xff, 0x60, 0xc1, 0x98, + 0xc6, 0x7f, 0x00, 0xaf, 0xea, 0xa5, 0x5f, 0x35, 0x3f, 0xcb, 0xaa, 0xd2, 0xf1, 0x6e, 0x7f, 0xc2, + 0xde, 0x8d, 0x7b, 0x42, 0x66, 0x5c, 0x59, 0x1e, 0x6a, 0x1f, 0x0f, 0xc0, 0x0e, 0x0c, 0xb2, 0xca, + 0xc9, 0x71, 0x3e, 0x1e, 0x99, 0x34, 0x7f, 0x16, 0xc8, 0xad, 0x3d, 0x32, 0xec, 0x6f, 0x8c, 0x05, 0x43, 0x56, 0x53, 0xcc, 0x8b, 0xa9, 0x34, 0xaf, 0x89, 0xc8, 0x49, 0x5d, 0x53, 0x4c, 0xb4, 0x63, - 0x85, 0x61, 0x37, 0x61, 0x22, 0x4d, 0x7c, 0x8e, 0xd4, 0xd9, 0x29, 0x7f, 0x5f, 0xaf, 0x39, 0x0d, - 0xc3, 0x0e, 0x7b, 0x6a, 0xb1, 0xed, 0x64, 0x6f, 0x36, 0x9b, 0x91, 0x00, 0xac, 0x71, 0xec, 0xdf, - 0xb4, 0xe0, 0x54, 0x97, 0x97, 0xc9, 0x31, 0x62, 0x34, 0xd1, 0x52, 0xa0, 0xdb, 0x86, 0xfb, 0x21, - 0x18, 0xaa, 0x91, 0xba, 0x23, 0xcf, 0x91, 0x0d, 0x99, 0x3b, 0xc7, 0x9b, 0xb1, 0x84, 0xdb, 0xff, - 0xd3, 0x82, 0x13, 0xe9, 0xbe, 0xc6, 0x54, 0x6a, 0xf2, 0x97, 0x99, 0xf3, 0x62, 0x37, 0xdc, 0x22, - 0xd1, 0x0e, 0x7d, 0x73, 0xde, 0x6b, 0x25, 0x35, 0x67, 0x3a, 0x30, 0x70, 0x97, 0xa7, 0x58, 0x59, - 0xa1, 0x9a, 0x1a, 0x6d, 0x39, 0x53, 0x6e, 0xe6, 0x39, 0x53, 0xf4, 0xc7, 0x34, 0x8f, 0x9f, 0x14, - 0x4b, 0x6c, 0xf2, 0xb7, 0xbf, 0x37, 0x00, 0x2a, 0xa4, 0x9c, 0x1d, 0xe2, 0xe5, 0x74, 0x04, 0x9a, - 0x2a, 0x82, 0x5f, 0xec, 0xa3, 0x08, 0xbe, 0x9c, 0x0c, 0x03, 0xf7, 0x3b, 0x60, 0xe3, 0xde, 0x0b, - 0xd3, 0x49, 0xa8, 0xde, 0x70, 0x4d, 0x83, 0xb0, 0x89, 0x47, 0x7b, 0xe2, 0x7b, 0x5b, 0x84, 0x3f, - 0x34, 0x98, 0xee, 0xc9, 0xa2, 0x04, 0x60, 0x8d, 0x43, 0x7b, 0x52, 0xf3, 0xea, 0x75, 0x61, 0x8a, - 0xab, 0x9e, 0xd0, 0xd1, 0xc1, 0x0c, 0xc2, 0x2b, 0xc5, 0x85, 0x9b, 0x42, 0x3b, 0x35, 0x2a, 0xc5, - 0x85, 0x9b, 0x98, 0x41, 0xa8, 0x3e, 0x15, 0x84, 0x51, 0x93, 0xdd, 0x3c, 0x57, 0x53, 0x5c, 0x84, - 0x56, 0xaa, 0xf4, 0xa9, 0xeb, 0x9d, 0x28, 0xb8, 0xdb, 0x73, 0x74, 0x06, 0xb6, 0x22, 0x52, 0xf3, - 0xdc, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xd2, 0x81, 0x81, 0xbb, 0x3c, 0x85, 0x66, 0xe0, 0x84, - 0x4c, 0x09, 0x90, 0x09, 0x9f, 0x95, 0x74, 0x82, 0x19, 0x4e, 0x83, 0x71, 0x16, 0x9f, 0x4a, 0x9b, - 0xa6, 0xc8, 0xf5, 0x66, 0x4a, 0xac, 0x21, 0x6d, 0x64, 0x0e, 0x38, 0x56, 0x18, 0xf6, 0xe7, 0x8b, - 0x74, 0x77, 0xec, 0x51, 0xdf, 0xfa, 0x81, 0x1d, 0xb9, 0xa7, 0x67, 0xe4, 0x40, 0x1f, 0x33, 0xf2, - 0x25, 0x18, 0xb9, 0x1d, 0x87, 0x81, 0x3a, 0xce, 0x2e, 0xf5, 0x3c, 0xce, 0x36, 0xb0, 0xba, 0x1f, - 0x67, 0x0f, 0xe6, 0x75, 0x9c, 0x3d, 0x74, 0xc8, 0xe3, 0xec, 0x6f, 0x97, 0x40, 0x55, 0x88, 0xbd, - 0x4e, 0x92, 0xbb, 0x61, 0xb4, 0xe9, 0x05, 0x0d, 0x96, 0x4a, 0xf1, 0x4d, 0x0b, 0x46, 0xf8, 0x7a, - 0x59, 0x34, 0xc3, 0x91, 0xeb, 0x39, 0x95, 0x1e, 0x4d, 0x31, 0x9b, 0x5a, 0x33, 0x18, 0x65, 0x2e, - 0x36, 0x31, 0x41, 0x38, 0xd5, 0x23, 0xf4, 0x33, 0x00, 0xd2, 0x6f, 0x59, 0x97, 0x22, 0x73, 0x21, - 0x9f, 0xfe, 0x61, 0x52, 0xd7, 0xba, 0xe9, 0x9a, 0x62, 0x82, 0x0d, 0x86, 0xe8, 0x8b, 0xd9, 0x9b, - 0x39, 0x3f, 0x7d, 0x2c, 0x63, 0xd3, 0x4f, 0xa0, 0x36, 0x86, 0x21, 0x2f, 0x68, 0xd0, 0x79, 0x22, - 0x22, 0x00, 0x3e, 0xd8, 0x2d, 0x0d, 0x69, 0x31, 0x74, 0x6a, 0x55, 0xc7, 0x77, 0x02, 0x97, 0x44, - 0x0b, 0x1c, 0xdd, 0xbc, 0x69, 0x8b, 0x35, 0x60, 0x49, 0xa8, 0xa3, 0xb6, 0x6e, 0xa9, 0x9f, 0xda, - 0xba, 0x67, 0x3f, 0x0e, 0xe3, 0x1d, 0x1f, 0xf3, 0x40, 0x71, 0xd9, 0x87, 0x0f, 0xe9, 0xb6, 0xff, - 0xe5, 0xa0, 0xde, 0xb4, 0xae, 0x87, 0x35, 0x5e, 0xe1, 0x35, 0xd2, 0x5f, 0x54, 0xe8, 0x9e, 0x39, - 0x4e, 0x11, 0xe3, 0xb6, 0x2e, 0xd5, 0x88, 0x4d, 0x96, 0x74, 0x8e, 0xb6, 0x9c, 0x88, 0x04, 0xc7, - 0x3d, 0x47, 0x57, 0x14, 0x13, 0x6c, 0x30, 0x44, 0x1b, 0xa9, 0xc0, 0xcc, 0xcb, 0x47, 0x0f, 0xcc, - 0x64, 0x09, 0xda, 0xdd, 0xaa, 0x44, 0x7e, 0xcd, 0x82, 0xb1, 0x20, 0x35, 0x73, 0xc5, 0x39, 0xce, - 0xda, 0x71, 0xac, 0x0a, 0x5e, 0x60, 0x3c, 0xdd, 0x86, 0x33, 0xfc, 0xbb, 0x6d, 0x69, 0xa5, 0x03, - 0x6e, 0x69, 0xba, 0x54, 0xf4, 0x60, 0xaf, 0x52, 0xd1, 0x28, 0x50, 0xb5, 0xf2, 0x87, 0x72, 0xaf, - 0x95, 0x0f, 0x5d, 0xea, 0xe4, 0xdf, 0x82, 0x61, 0x37, 0x22, 0x4e, 0x72, 0xc8, 0xb2, 0xe9, 0xec, - 0x28, 0x7c, 0x56, 0x12, 0xc0, 0x9a, 0x96, 0xfd, 0x1f, 0x8a, 0x70, 0x52, 0x8e, 0x88, 0x8c, 0xe3, - 0xa2, 0xfb, 0x23, 0xe7, 0xab, 0x95, 0x5b, 0xb5, 0x3f, 0x5e, 0x91, 0x00, 0xac, 0x71, 0xa8, 0x3e, - 0xd6, 0x8e, 0xc9, 0x72, 0x8b, 0x04, 0x8b, 0xde, 0x7a, 0x2c, 0xce, 0x1f, 0xd5, 0x42, 0xb9, 0xa1, - 0x41, 0xd8, 0xc4, 0xa3, 0xca, 0x38, 0xd7, 0x8b, 0xe3, 0x6c, 0x0c, 0xa8, 0xd0, 0xb7, 0xb1, 0x84, - 0xa3, 0x5f, 0xe9, 0x7a, 0xe1, 0x46, 0x3e, 0xd1, 0xcf, 0x1d, 0xe1, 0x6b, 0x07, 0xbc, 0x69, 0xe3, - 0x6d, 0x0b, 0x4e, 0x6c, 0xa6, 0xd2, 0xd0, 0xa4, 0x48, 0x3e, 0x62, 0xc2, 0x74, 0x3a, 0xb7, 0x4d, - 0x4f, 0xe1, 0x74, 0x7b, 0x8c, 0xb3, 0xdc, 0xed, 0xff, 0x65, 0x81, 0x29, 0x9e, 0xfa, 0xd3, 0xac, - 0x8c, 0x3b, 0xc3, 0x0a, 0xfb, 0xdc, 0x19, 0x26, 0x95, 0xb0, 0x62, 0x7f, 0x4a, 0xff, 0xc0, 0x01, - 0x94, 0xfe, 0x52, 0x4f, 0xad, 0xed, 0x69, 0x28, 0xb6, 0xbd, 0x9a, 0xd0, 0xdb, 0xf5, 0x69, 0xe3, - 0xc2, 0x1c, 0xa6, 0xed, 0xf6, 0x3f, 0x2d, 0x69, 0x3b, 0x5d, 0x04, 0xed, 0xfe, 0x50, 0xbc, 0x76, - 0x5d, 0xe5, 0xbf, 0xf3, 0x37, 0xbf, 0xde, 0x91, 0xff, 0xfe, 0xe3, 0x07, 0x8f, 0xc9, 0xe6, 0x03, - 0xd4, 0x2b, 0xfd, 0x7d, 0x68, 0x9f, 0x80, 0xec, 0xdb, 0x50, 0xa6, 0xa6, 0x0d, 0x73, 0xb8, 0x95, - 0x53, 0x9d, 0x2a, 0x5f, 0x11, 0xed, 0xf7, 0x76, 0x27, 0x7f, 0xec, 0xe0, 0xdd, 0x92, 0x4f, 0x63, - 0x45, 0x1f, 0xc5, 0x30, 0x4c, 0x7f, 0xb3, 0xd8, 0x71, 0x61, 0x34, 0xdd, 0x50, 0xb2, 0x48, 0x02, - 0x72, 0x09, 0x4c, 0xd7, 0x7c, 0x50, 0x00, 0xc3, 0xec, 0xb2, 0x1f, 0xc6, 0x94, 0xdb, 0x56, 0x2b, - 0x2a, 0x82, 0x5b, 0x02, 0xee, 0xed, 0x4e, 0xbe, 0x7c, 0x70, 0xa6, 0xea, 0x71, 0xac, 0x59, 0xd8, - 0xef, 0x0c, 0xe8, 0xb9, 0x2b, 0xca, 0x1e, 0xfc, 0x50, 0xcc, 0xdd, 0x8b, 0x99, 0xb9, 0x7b, 0xbe, - 0x63, 0xee, 0x8e, 0xe9, 0x4b, 0x69, 0x52, 0xb3, 0xf1, 0x41, 0x6f, 0xb0, 0xfb, 0xdb, 0xf1, 0x4c, - 0xb3, 0xb8, 0xd3, 0xf6, 0x22, 0x12, 0xaf, 0x44, 0xed, 0xc0, 0x0b, 0x1a, 0xe2, 0x1e, 0x50, 0x43, - 0xb3, 0x48, 0x81, 0x71, 0x16, 0x9f, 0xdd, 0x21, 0xba, 0x13, 0xb8, 0xb7, 0x9c, 0x2d, 0x3e, 0xab, - 0x8c, 0x4c, 0xf0, 0x55, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0x2e, 0x3b, 0xbb, 0x35, 0x92, 0x56, 0xe8, - 0x9c, 0xf0, 0xd9, 0xed, 0x4a, 0x3c, 0x8d, 0x5c, 0xcd, 0x09, 0x7e, 0xa5, 0x12, 0x87, 0xa1, 0xbb, - 0x30, 0xb4, 0xce, 0xaf, 0x17, 0xc8, 0xa7, 0x64, 0x9e, 0xb8, 0xab, 0x80, 0x55, 0xb5, 0x95, 0x17, - 0x17, 0xdc, 0xd3, 0x3f, 0xb1, 0xe4, 0x66, 0xbf, 0x37, 0x00, 0x27, 0x32, 0xf7, 0xef, 0xa4, 0x0a, - 0xf8, 0x14, 0xf6, 0x2d, 0xe0, 0xf3, 0x29, 0x80, 0x1a, 0x69, 0xf9, 0xe1, 0x0e, 0x53, 0x73, 0x06, - 0x0e, 0xac, 0xe6, 0x28, 0xcd, 0x78, 0x4e, 0x51, 0xc1, 0x06, 0x45, 0x91, 0x3b, 0xcf, 0xeb, 0x01, - 0x65, 0x72, 0xe7, 0x8d, 0xaa, 0x95, 0x83, 0x0f, 0xb6, 0x6a, 0xa5, 0x07, 0x27, 0x78, 0x17, 0x55, - 0x6a, 0xc8, 0x21, 0x32, 0x40, 0x58, 0x9c, 0xed, 0x5c, 0x9a, 0x0c, 0xce, 0xd2, 0x7d, 0x98, 0xd7, - 0x6b, 0xa1, 0x0f, 0xc3, 0xb0, 0xfc, 0xce, 0xf1, 0xc4, 0xb0, 0x4e, 0xaf, 0x93, 0xd3, 0x80, 0x5d, - 0x7b, 0x25, 0x7e, 0xda, 0x5f, 0x2d, 0x50, 0xad, 0x94, 0xff, 0x53, 0x69, 0xd2, 0xcf, 0xc2, 0xa0, - 0xd3, 0x4e, 0x36, 0xc2, 0x8e, 0x3b, 0x13, 0x66, 0x58, 0x2b, 0x16, 0x50, 0xb4, 0x08, 0x03, 0x35, - 0x9d, 0xfa, 0x7a, 0x90, 0x51, 0xd4, 0x0e, 0x3e, 0x27, 0x21, 0x98, 0x51, 0x41, 0x4f, 0xc1, 0x40, - 0xe2, 0x34, 0x52, 0x77, 0xd9, 0xae, 0x39, 0x8d, 0x18, 0xb3, 0x56, 0x73, 0xd3, 0x1c, 0xd8, 0x67, - 0xd3, 0x7c, 0x19, 0x46, 0x63, 0xaf, 0x11, 0x38, 0x49, 0x3b, 0x22, 0xc6, 0x61, 0x92, 0x8e, 0x0f, - 0x30, 0x81, 0x38, 0x8d, 0x6b, 0x7f, 0xab, 0x02, 0xa7, 0x57, 0x67, 0x97, 0x64, 0x19, 0xb7, 0x63, - 0x8b, 0xa9, 0xef, 0xc6, 0xe3, 0xc1, 0xc5, 0xd4, 0xf7, 0xe0, 0xee, 0x1b, 0x31, 0xf5, 0xbe, 0x11, - 0x53, 0xff, 0x45, 0x0b, 0x86, 0x55, 0x28, 0xb9, 0x08, 0x64, 0x7d, 0x3d, 0xff, 0x1e, 0xa8, 0xb8, - 0x62, 0x11, 0x51, 0x2c, 0xff, 0x62, 0xcd, 0xfc, 0xf8, 0x82, 0xec, 0xef, 0xdb, 0xa1, 0x03, 0x05, - 0xd9, 0xab, 0x0c, 0x84, 0x52, 0x1e, 0x19, 0x08, 0x3d, 0x3e, 0x55, 0xd7, 0x0c, 0x84, 0xaf, 0x59, - 0x50, 0x71, 0xde, 0x6a, 0x47, 0x64, 0x8e, 0x6c, 0x2d, 0xb7, 0x62, 0x21, 0x60, 0xdf, 0xc8, 0xbf, - 0x03, 0x33, 0x9a, 0x89, 0x28, 0xee, 0xac, 0x1b, 0xb0, 0xd9, 0x85, 0x54, 0xc6, 0xc1, 0x50, 0x1e, - 0x19, 0x07, 0xdd, 0xba, 0xb3, 0x6f, 0xc6, 0xc1, 0xcb, 0x30, 0xea, 0xfa, 0x61, 0x40, 0x56, 0xa2, - 0x30, 0x09, 0xdd, 0xd0, 0x17, 0xca, 0xb4, 0x12, 0x09, 0xb3, 0x26, 0x10, 0xa7, 0x71, 0x7b, 0xa5, - 0x2b, 0x0c, 0x1f, 0x35, 0x5d, 0x01, 0x1e, 0x52, 0x71, 0x8d, 0x5f, 0xd4, 0x65, 0x46, 0x2b, 0x79, - 0xdc, 0x77, 0xdb, 0xed, 0x8b, 0x1c, 0x77, 0xcd, 0xba, 0x3f, 0x2d, 0xc0, 0xe4, 0x3e, 0x13, 0x13, - 0x5d, 0x84, 0x91, 0x30, 0x6a, 0x38, 0x81, 0xf7, 0x16, 0x4f, 0xef, 0x2d, 0xa5, 0x8b, 0x88, 0x2c, - 0x1b, 0x30, 0x9c, 0xc2, 0x94, 0xe1, 0xd4, 0x83, 0x3d, 0xc2, 0xa9, 0x3f, 0x0a, 0x95, 0x84, 0x38, - 0x4d, 0x11, 0x3b, 0x22, 0x8c, 0x38, 0x7d, 0x28, 0xa6, 0x41, 0xd8, 0xc4, 0xa3, 0x4b, 0x61, 0xcc, - 0x71, 0x5d, 0x12, 0xc7, 0x32, 0x5e, 0x5a, 0x38, 0x98, 0x72, 0x0b, 0xc6, 0x66, 0x7e, 0xbb, 0x99, - 0x14, 0x0b, 0x9c, 0x61, 0x49, 0x3b, 0xef, 0xf8, 0x3e, 0xcf, 0x86, 0x20, 0xf2, 0x86, 0x7d, 0x5d, - 0x0c, 0x44, 0x83, 0xb0, 0x89, 0x67, 0xff, 0x7a, 0x01, 0x9e, 0xbe, 0xaf, 0x88, 0xec, 0x3b, 0x94, - 0xbd, 0x1d, 0x93, 0x28, 0x7b, 0xa8, 0x74, 0x23, 0x26, 0x11, 0x66, 0x10, 0x3e, 0x4a, 0xad, 0x96, - 0x71, 0xf3, 0x54, 0xde, 0x99, 0x13, 0x7c, 0x94, 0x52, 0x2c, 0x70, 0x86, 0x65, 0x76, 0x94, 0x06, - 0xfa, 0x1c, 0xa5, 0x7f, 0x50, 0x80, 0x67, 0xfa, 0xd8, 0x48, 0x72, 0xcc, 0x30, 0x49, 0xe7, 0xf9, - 0x14, 0x1f, 0x4e, 0x9e, 0xcf, 0x61, 0x87, 0xeb, 0xdd, 0x02, 0x9c, 0xed, 0x2d, 0xcf, 0xd1, 0x4f, - 0x50, 0x43, 0x50, 0x06, 0x8c, 0x98, 0x29, 0x42, 0xa7, 0xb8, 0x11, 0x98, 0x02, 0xe1, 0x2c, 0x2e, - 0x9a, 0x02, 0x68, 0x39, 0xc9, 0x46, 0x7c, 0x69, 0xdb, 0x8b, 0x13, 0x91, 0xdd, 0x3a, 0xc6, 0xdd, - 0xf9, 0xb2, 0x15, 0x1b, 0x18, 0x94, 0x1d, 0xfb, 0x37, 0x17, 0x5e, 0x0f, 0x13, 0xfe, 0x10, 0xd7, - 0x45, 0x4f, 0xc9, 0x0a, 0xa0, 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0x76, 0x60, 0xc4, 0x3b, 0xca, - 0x95, 0x54, 0xc6, 0x6e, 0x51, 0xb5, 0x62, 0x03, 0x23, 0x9b, 0xfc, 0x54, 0xda, 0x3f, 0xf9, 0xc9, - 0xfe, 0x27, 0x05, 0x78, 0xa2, 0xa7, 0x3e, 0xd0, 0xdf, 0x02, 0x7c, 0xf4, 0x12, 0x96, 0x0e, 0x37, - 0x77, 0x0e, 0x98, 0x86, 0xf3, 0xc7, 0x3d, 0x66, 0x9a, 0x48, 0xc3, 0xc9, 0x6e, 0x15, 0xd6, 0x41, - 0xb7, 0x8a, 0x47, 0x68, 0x3c, 0x3b, 0x32, 0x6f, 0x06, 0x0e, 0x90, 0x79, 0x93, 0xf9, 0x18, 0xa5, - 0x3e, 0x17, 0xf2, 0x77, 0x7a, 0x0f, 0x2f, 0xb5, 0x1f, 0xfa, 0x72, 0xb1, 0xcd, 0xc1, 0x49, 0x2f, - 0x60, 0xd5, 0xa0, 0x57, 0xdb, 0xeb, 0x22, 0xf7, 0xb9, 0x90, 0xbe, 0xe8, 0x6c, 0x21, 0x03, 0xc7, - 0x1d, 0x4f, 0x3c, 0x82, 0x99, 0x50, 0x87, 0x1c, 0xd2, 0x4f, 0xc1, 0xb0, 0xa2, 0xcd, 0xa3, 0x3b, - 0xd5, 0x07, 0xed, 0x88, 0xee, 0x54, 0x5f, 0xd3, 0xc0, 0xa2, 0x23, 0x41, 0xd5, 0xa9, 0xcc, 0xcc, - 0xbc, 0x46, 0x76, 0x98, 0x6e, 0x65, 0x7f, 0x04, 0x46, 0x94, 0x21, 0xdc, 0x6f, 0xc9, 0x5f, 0xfb, - 0x9d, 0x41, 0x18, 0x4d, 0x15, 0xf4, 0x48, 0xf9, 0x9d, 0xac, 0x7d, 0xfd, 0x4e, 0x2c, 0x5a, 0xb7, - 0x1d, 0xc8, 0x7a, 0xe0, 0x46, 0xb4, 0x6e, 0x3b, 0x20, 0x98, 0xc3, 0xd0, 0xb3, 0x30, 0x58, 0x8b, - 0x76, 0x70, 0x3b, 0x10, 0x51, 0x75, 0x4a, 0x7d, 0x9c, 0x63, 0xad, 0x58, 0x40, 0xd1, 0xe7, 0x2c, - 0x18, 0x89, 0x99, 0x53, 0x93, 0x7b, 0xed, 0xc4, 0x07, 0xbd, 0x9a, 0xc7, 0xdd, 0xdd, 0xa2, 0x78, - 0x0d, 0x3b, 0x90, 0x37, 0x5b, 0x70, 0x8a, 0x23, 0xfa, 0x05, 0xcb, 0xbc, 0xb5, 0x7c, 0x30, 0x8f, - 0x68, 0xd0, 0x6c, 0xbd, 0x14, 0xee, 0xee, 0xb9, 0xff, 0xe5, 0xe5, 0xb1, 0x72, 0xa9, 0x0d, 0x1d, - 0x8f, 0x4b, 0x0d, 0xba, 0xb8, 0xd3, 0x3e, 0x0c, 0xc3, 0x4d, 0x27, 0xf0, 0xea, 0x24, 0x4e, 0xb8, - 0x97, 0x4b, 0x96, 0x71, 0x92, 0x8d, 0x58, 0xc3, 0xe9, 0x66, 0x17, 0xb3, 0x17, 0x4b, 0x0c, 0xb7, - 0x14, 0xdb, 0xec, 0x56, 0x75, 0x33, 0x36, 0x71, 0x4c, 0x1f, 0x1a, 0x3c, 0x54, 0x1f, 0x5a, 0x65, - 0x1f, 0x1f, 0xda, 0x3f, 0xb2, 0xe0, 0x4c, 0xd7, 0xaf, 0xf6, 0xe8, 0xc6, 0x59, 0xd9, 0x5f, 0x2f, - 0xc1, 0xa9, 0x2e, 0x95, 0x79, 0xd0, 0xce, 0xb1, 0xdd, 0xc2, 0x2f, 0x4a, 0xff, 0x8c, 0xf6, 0x9c, - 0xc4, 0x07, 0xf3, 0x60, 0x6b, 0x2f, 0x72, 0xf1, 0xc1, 0x7a, 0x91, 0x8d, 0x69, 0x39, 0xf0, 0x50, - 0xa7, 0x65, 0xe9, 0xfe, 0xd3, 0x12, 0xfd, 0x96, 0x05, 0x13, 0xcd, 0x1e, 0xe5, 0x20, 0x85, 0x67, - 0xe8, 0xe6, 0xf1, 0x14, 0x9b, 0xac, 0x3e, 0xb5, 0xb7, 0x3b, 0xd9, 0xb3, 0x0a, 0x27, 0xee, 0xd9, - 0x2b, 0xfb, 0x7b, 0x45, 0x60, 0x65, 0xa1, 0x58, 0x21, 0x96, 0x1d, 0xf4, 0x59, 0xb3, 0xc0, 0x97, - 0x95, 0x57, 0x31, 0x2a, 0x4e, 0x5c, 0x15, 0x08, 0xe3, 0x23, 0xd8, 0xad, 0x5e, 0x58, 0x56, 0x68, - 0x15, 0xfa, 0x10, 0x5a, 0xbe, 0xac, 0xa4, 0x56, 0xcc, 0xbf, 0x92, 0xda, 0x70, 0xb6, 0x8a, 0xda, - 0xfd, 0x3f, 0xf1, 0xc0, 0x23, 0xf9, 0x89, 0xff, 0x96, 0xc5, 0x05, 0x4f, 0xe6, 0x2b, 0x68, 0xcd, - 0xc0, 0xba, 0x8f, 0x66, 0xf0, 0x3c, 0xbb, 0xae, 0xb1, 0x7e, 0x85, 0x38, 0xbe, 0xd0, 0x20, 0xcc, - 0x9b, 0x17, 0x59, 0x3b, 0x56, 0x18, 0xec, 0x82, 0x15, 0xdf, 0x0f, 0xef, 0x5e, 0x6a, 0xb6, 0x92, - 0x1d, 0xa1, 0x4b, 0xe8, 0x0b, 0x56, 0x14, 0x04, 0x1b, 0x58, 0xf6, 0xdf, 0x29, 0xf0, 0x19, 0x28, - 0xce, 0x86, 0x2f, 0x66, 0x4a, 0xe2, 0xf7, 0x7f, 0xac, 0xfa, 0x19, 0x00, 0x57, 0xdd, 0xd4, 0x26, - 0x9c, 0xf6, 0x57, 0x8e, 0x7c, 0xd3, 0x95, 0xa0, 0xa7, 0x5f, 0x43, 0xb7, 0x61, 0x83, 0x5f, 0x4a, - 0x96, 0x16, 0xf7, 0x95, 0xa5, 0x29, 0xb1, 0x32, 0xb0, 0xcf, 0x6e, 0xf7, 0xa7, 0x16, 0xa4, 0x34, - 0x22, 0xd4, 0x82, 0x12, 0xed, 0xee, 0x4e, 0x3e, 0x97, 0xd0, 0x99, 0xa4, 0xa9, 0x68, 0x14, 0xd3, - 0x9e, 0xfd, 0xc4, 0x9c, 0x11, 0xf2, 0xc5, 0x11, 0x72, 0x21, 0x8f, 0x8b, 0x12, 0x4d, 0x86, 0x57, - 0xc2, 0x70, 0x93, 0x9f, 0x3c, 0xe9, 0xe3, 0x68, 0xfb, 0x22, 0x8c, 0x77, 0x74, 0x8a, 0x55, 0xbf, - 0x0e, 0xe5, 0xcd, 0x7b, 0xc6, 0x74, 0x65, 0x79, 0x5c, 0x98, 0xc3, 0xec, 0x77, 0x2d, 0x38, 0x99, - 0x25, 0x8f, 0xbe, 0x61, 0xc1, 0x78, 0x9c, 0xa5, 0x77, 0x5c, 0x63, 0xa7, 0xc2, 0xab, 0x3a, 0x40, - 0xb8, 0xb3, 0x13, 0xf6, 0x9f, 0x89, 0xc9, 0x7f, 0xcb, 0x0b, 0x6a, 0xe1, 0x5d, 0xa5, 0x98, 0x58, - 0x3d, 0x15, 0x13, 0xba, 0x1e, 0xdd, 0x0d, 0x52, 0x6b, 0xfb, 0x1d, 0x09, 0x64, 0xab, 0xa2, 0x1d, - 0x2b, 0x8c, 0xd4, 0x1d, 0xfc, 0xc5, 0x7d, 0xef, 0xe0, 0x7f, 0x09, 0x46, 0xcc, 0xdb, 0x25, 0xc5, - 0xbc, 0x64, 0x0a, 0xb9, 0x79, 0x11, 0x25, 0x4e, 0x61, 0x65, 0xee, 0x17, 0x2f, 0xed, 0x7b, 0xbf, - 0xf8, 0x73, 0x50, 0x16, 0x77, 0x65, 0xcb, 0x20, 0x44, 0x9e, 0x9d, 0x26, 0xda, 0xb0, 0x82, 0x52, - 0x69, 0xd2, 0x74, 0x82, 0xb6, 0xe3, 0xd3, 0x11, 0x12, 0x29, 0xb5, 0x6a, 0x19, 0x2e, 0x29, 0x08, - 0x36, 0xb0, 0xe8, 0x1b, 0x27, 0x5e, 0x93, 0xbc, 0x16, 0x06, 0x32, 0x7c, 0x47, 0xfb, 0xe5, 0x45, - 0x3b, 0x56, 0x18, 0xf6, 0x7f, 0xb7, 0x20, 0x7b, 0xd1, 0x6f, 0xca, 0xcb, 0x61, 0xed, 0x9b, 0xc6, - 0x9b, 0x4e, 0x02, 0x2c, 0xf4, 0x95, 0x04, 0x68, 0xe6, 0xe7, 0x15, 0xef, 0x9b, 0x9f, 0xf7, 0x23, - 0xfa, 0x0e, 0x15, 0x9e, 0xc8, 0x57, 0xe9, 0x76, 0x7f, 0x0a, 0xb2, 0x61, 0xd0, 0x75, 0x54, 0xa1, - 0x87, 0x11, 0x6e, 0x3b, 0xcc, 0xce, 0x30, 0x24, 0x01, 0xa9, 0xae, 0xbf, 0xf7, 0xfd, 0x73, 0x1f, - 0xf8, 0xce, 0xf7, 0xcf, 0x7d, 0xe0, 0x0f, 0xbf, 0x7f, 0xee, 0x03, 0x9f, 0xdb, 0x3b, 0x67, 0xbd, - 0xb7, 0x77, 0xce, 0xfa, 0xce, 0xde, 0x39, 0xeb, 0x0f, 0xf7, 0xce, 0x59, 0xdf, 0xdb, 0x3b, 0x67, - 0x7d, 0xed, 0xbf, 0x9c, 0xfb, 0xc0, 0x6b, 0x5d, 0xc3, 0xad, 0xe8, 0x8f, 0x17, 0xdc, 0xda, 0xf4, - 0xd6, 0x05, 0x16, 0xf1, 0x43, 0x57, 0xc3, 0xb4, 0x31, 0x05, 0xa6, 0xe5, 0x6a, 0xf8, 0xf3, 0x00, - 0x00, 0x00, 0xff, 0xff, 0x02, 0x1f, 0x2b, 0x6f, 0xa3, 0xc9, 0x00, 0x00, + 0x85, 0x61, 0x37, 0x61, 0x22, 0x4d, 0x7c, 0x8e, 0xd4, 0x99, 0x97, 0xbf, 0xaf, 0xd7, 0x9c, 0x86, + 0x8a, 0xc3, 0x9e, 0x5a, 0x6c, 0x3b, 0xd9, 0x9b, 0xcd, 0x66, 0x24, 0x00, 0x6b, 0x1c, 0xfb, 0xb7, + 0x2c, 0x38, 0xd5, 0xe5, 0x65, 0x72, 0x8c, 0x18, 0x4d, 0xb4, 0x14, 0xe8, 0xb6, 0xe1, 0x7e, 0x18, + 0x86, 0x6a, 0xa4, 0xee, 0x48, 0x3f, 0xb2, 0x21, 0x73, 0xe7, 0x78, 0x33, 0x96, 0x70, 0xfb, 0x7f, + 0x58, 0x70, 0x22, 0xdd, 0xd7, 0x98, 0x4a, 0x4d, 0xfe, 0x32, 0x73, 0x5e, 0xec, 0x86, 0x5b, 0x24, + 0xda, 0xa1, 0x6f, 0xce, 0x7b, 0xad, 0xa4, 0xe6, 0x4c, 0x07, 0x06, 0xee, 0xf2, 0x14, 0x2b, 0x2b, + 0x54, 0x53, 0xa3, 0x2d, 0x67, 0xca, 0xcd, 0x3c, 0x67, 0x8a, 0xfe, 0x98, 0xa6, 0xfb, 0x49, 0xb1, + 0xc4, 0x26, 0x7f, 0xfb, 0xbb, 0x03, 0xa0, 0x42, 0xca, 0x99, 0x13, 0x2f, 0x27, 0x17, 0x68, 0xaa, + 0x08, 0x7e, 0xb1, 0x8f, 0x22, 0xf8, 0x72, 0x32, 0x0c, 0xdc, 0xcf, 0xc1, 0xc6, 0x4f, 0x2f, 0xcc, + 0x43, 0x42, 0xf5, 0x86, 0x6b, 0x1a, 0x84, 0x4d, 0x3c, 0xda, 0x13, 0xdf, 0xdb, 0x22, 0xfc, 0xa1, + 0xc1, 0x74, 0x4f, 0x16, 0x25, 0x00, 0x6b, 0x1c, 0xda, 0x93, 0x9a, 0x57, 0xaf, 0x0b, 0x53, 0x5c, + 0xf5, 0x84, 0x8e, 0x0e, 0x66, 0x10, 0x5e, 0x29, 0x2e, 0xdc, 0x14, 0xda, 0xa9, 0x51, 0x29, 0x2e, + 0xdc, 0xc4, 0x0c, 0x42, 0xf5, 0xa9, 0x20, 0x8c, 0x9a, 0xec, 0xe6, 0xb9, 0x9a, 0xe2, 0x22, 0xb4, + 0x52, 0xa5, 0x4f, 0x5d, 0xef, 0x44, 0xc1, 0xdd, 0x9e, 0xa3, 0x33, 0xb0, 0x15, 0x91, 0x9a, 0xe7, + 0x26, 0x26, 0x35, 0x48, 0xcf, 0xc0, 0x95, 0x0e, 0x0c, 0xdc, 0xe5, 0x29, 0x34, 0x03, 0x27, 0x64, + 0x4a, 0x80, 0x4c, 0xf8, 0x1c, 0x4e, 0x27, 0x98, 0xe1, 0x34, 0x18, 0x67, 0xf1, 0xa9, 0xb4, 0x69, + 0x8a, 0x5c, 0x6f, 0xa6, 0xc4, 0x1a, 0xd2, 0x46, 0xe6, 0x80, 0x63, 0x85, 0x61, 0x7f, 0xbe, 0x48, + 0x77, 0xc7, 0x1e, 0xf5, 0xad, 0x1f, 0x98, 0xcb, 0x3d, 0x3d, 0x23, 0x07, 0xfa, 0x98, 0x91, 0x2f, + 0xc2, 0xc8, 0xed, 0x38, 0x0c, 0x94, 0x3b, 0xbb, 0xd4, 0xd3, 0x9d, 0x6d, 0x60, 0x75, 0x77, 0x67, + 0x0f, 0xe6, 0xe5, 0xce, 0x1e, 0x3a, 0xa4, 0x3b, 0xfb, 0x5b, 0x25, 0x50, 0x15, 0x62, 0xaf, 0x93, + 0xe4, 0x6e, 0x18, 0x6d, 0x7a, 0x41, 0x83, 0xa5, 0x52, 0x7c, 0xd3, 0x82, 0x11, 0xbe, 0x5e, 0x16, + 0xcd, 0x70, 0xe4, 0x7a, 0x4e, 0xa5, 0x47, 0x53, 0xcc, 0xa6, 0xd6, 0x0c, 0x46, 0x99, 0x8b, 0x4d, + 0x4c, 0x10, 0x4e, 0xf5, 0x08, 0xfd, 0x34, 0x80, 0x3c, 0xb7, 0xac, 0x4b, 0x91, 0xb9, 0x90, 0x4f, + 0xff, 0x30, 0xa9, 0x6b, 0xdd, 0x74, 0x4d, 0x31, 0xc1, 0x06, 0x43, 0xf4, 0xc5, 0xec, 0xcd, 0x9c, + 0x9f, 0x3e, 0x96, 0xb1, 0xe9, 0x27, 0x50, 0x1b, 0xc3, 0x90, 0x17, 0x34, 0xe8, 0x3c, 0x11, 0x11, + 0x00, 0x1f, 0xea, 0x96, 0x86, 0xb4, 0x18, 0x3a, 0xb5, 0xaa, 0xe3, 0x3b, 0x81, 0x4b, 0xa2, 0x05, + 0x8e, 0x6e, 0xde, 0xb4, 0xc5, 0x1a, 0xb0, 0x24, 0xd4, 0x51, 0x5b, 0xb7, 0xd4, 0x4f, 0x6d, 0xdd, + 0xb3, 0x1f, 0x87, 0xf1, 0x8e, 0x8f, 0x79, 0xa0, 0xb8, 0xec, 0xc3, 0x87, 0x74, 0xdb, 0xff, 0x72, + 0x50, 0x6f, 0x5a, 0xd7, 0xc3, 0x1a, 0xaf, 0xf0, 0x1a, 0xe9, 0x2f, 0x2a, 0x74, 0xcf, 0x1c, 0xa7, + 0x88, 0x71, 0x5b, 0x97, 0x6a, 0xc4, 0x26, 0x4b, 0x3a, 0x47, 0x5b, 0x4e, 0x44, 0x82, 0xe3, 0x9e, + 0xa3, 0x2b, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0x8d, 0x54, 0x60, 0xe6, 0xe5, 0xa3, 0x07, 0x66, 0xb2, + 0x04, 0xed, 0x6e, 0x55, 0x22, 0xbf, 0x66, 0xc1, 0x58, 0x90, 0x9a, 0xb9, 0xc2, 0x8f, 0xb3, 0x76, + 0x1c, 0xab, 0x82, 0x17, 0x18, 0x4f, 0xb7, 0xe1, 0x0c, 0xff, 0x6e, 0x5b, 0x5a, 0xe9, 0x80, 0x5b, + 0x9a, 0x2e, 0x15, 0x3d, 0xd8, 0xab, 0x54, 0x34, 0x0a, 0x54, 0xad, 0xfc, 0xa1, 0xdc, 0x6b, 0xe5, + 0x43, 0x97, 0x3a, 0xf9, 0xb7, 0xa0, 0xe2, 0x46, 0xc4, 0x49, 0x0e, 0x59, 0x36, 0x9d, 0xb9, 0xc2, + 0x67, 0x25, 0x01, 0xac, 0x69, 0xd9, 0xff, 0xbe, 0x08, 0x27, 0xe5, 0x88, 0xc8, 0x38, 0x2e, 0xba, + 0x3f, 0x72, 0xbe, 0x5a, 0xb9, 0x55, 0xfb, 0xe3, 0x15, 0x09, 0xc0, 0x1a, 0x87, 0xea, 0x63, 0xed, + 0x98, 0x2c, 0xb7, 0x48, 0xb0, 0xe8, 0xad, 0xc7, 0xc2, 0xff, 0xa8, 0x16, 0xca, 0x0d, 0x0d, 0xc2, + 0x26, 0x1e, 0x55, 0xc6, 0xb9, 0x5e, 0x1c, 0x67, 0x63, 0x40, 0x85, 0xbe, 0x8d, 0x25, 0x1c, 0xfd, + 0x72, 0xd7, 0x0b, 0x37, 0xf2, 0x89, 0x7e, 0xee, 0x08, 0x5f, 0x3b, 0xe0, 0x4d, 0x1b, 0x6f, 0x5b, + 0x70, 0x62, 0x33, 0x95, 0x86, 0x26, 0x45, 0xf2, 0x11, 0x13, 0xa6, 0xd3, 0xb9, 0x6d, 0x7a, 0x0a, + 0xa7, 0xdb, 0x63, 0x9c, 0xe5, 0x6e, 0xff, 0x4f, 0x0b, 0x4c, 0xf1, 0xd4, 0x9f, 0x66, 0x65, 0xdc, + 0x19, 0x56, 0xd8, 0xe7, 0xce, 0x30, 0xa9, 0x84, 0x15, 0xfb, 0x53, 0xfa, 0x07, 0x0e, 0xa0, 0xf4, + 0x97, 0x7a, 0x6a, 0x6d, 0x4f, 0x41, 0xb1, 0xed, 0xd5, 0x84, 0xde, 0xae, 0xbd, 0x8d, 0x0b, 0x73, + 0x98, 0xb6, 0xdb, 0xff, 0xb4, 0xa4, 0xed, 0x74, 0x11, 0xb4, 0xfb, 0x03, 0xf1, 0xda, 0x75, 0x95, + 0xff, 0xce, 0xdf, 0xfc, 0x7a, 0x47, 0xfe, 0xfb, 0x8f, 0x1d, 0x3c, 0x26, 0x9b, 0x0f, 0x50, 0xaf, + 0xf4, 0xf7, 0xa1, 0x7d, 0x02, 0xb2, 0x6f, 0x43, 0x99, 0x9a, 0x36, 0xec, 0xc0, 0xad, 0x9c, 0xea, + 0x54, 0xf9, 0x8a, 0x68, 0xbf, 0xb7, 0x3b, 0xf9, 0xa3, 0x07, 0xef, 0x96, 0x7c, 0x1a, 0x2b, 0xfa, + 0x28, 0x86, 0x0a, 0xfd, 0xcd, 0x62, 0xc7, 0x85, 0xd1, 0x74, 0x43, 0xc9, 0x22, 0x09, 0xc8, 0x25, + 0x30, 0x5d, 0xf3, 0x41, 0x01, 0x54, 0xd8, 0x65, 0x3f, 0x8c, 0x29, 0xb7, 0xad, 0x56, 0x54, 0x04, + 0xb7, 0x04, 0xdc, 0xdb, 0x9d, 0x7c, 0xf9, 0xe0, 0x4c, 0xd5, 0xe3, 0x58, 0xb3, 0xb0, 0xdf, 0x19, + 0xd0, 0x73, 0x57, 0x94, 0x3d, 0xf8, 0x81, 0x98, 0xbb, 0x17, 0x33, 0x73, 0xf7, 0x7c, 0xc7, 0xdc, + 0x1d, 0xd3, 0x97, 0xd2, 0xa4, 0x66, 0xe3, 0x83, 0xde, 0x60, 0xf7, 0xb7, 0xe3, 0x99, 0x66, 0x71, + 0xa7, 0xed, 0x45, 0x24, 0x5e, 0x89, 0xda, 0x81, 0x17, 0x34, 0xc4, 0x3d, 0xa0, 0x86, 0x66, 0x91, + 0x02, 0xe3, 0x2c, 0x3e, 0xbb, 0x43, 0x74, 0x27, 0x70, 0x6f, 0x39, 0x5b, 0x7c, 0x56, 0x19, 0x99, + 0xe0, 0xab, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x5d, 0xe6, 0xbb, 0x35, 0x92, 0x56, 0xe8, 0x9c, 0xf0, + 0xd9, 0xed, 0x4a, 0x3c, 0x8d, 0x5c, 0xcd, 0x09, 0x7e, 0xa5, 0x12, 0x87, 0xa1, 0xbb, 0x30, 0xb4, + 0xce, 0xaf, 0x17, 0xc8, 0xa7, 0x64, 0x9e, 0xb8, 0xab, 0x80, 0x55, 0xb5, 0x95, 0x17, 0x17, 0xdc, + 0xd3, 0x3f, 0xb1, 0xe4, 0x66, 0xbf, 0x37, 0x00, 0x27, 0x32, 0xf7, 0xef, 0xa4, 0x0a, 0xf8, 0x14, + 0xf6, 0x2d, 0xe0, 0xf3, 0x29, 0x80, 0x1a, 0x69, 0xf9, 0xe1, 0x0e, 0x53, 0x73, 0x06, 0x0e, 0xac, + 0xe6, 0x28, 0xcd, 0x78, 0x4e, 0x51, 0xc1, 0x06, 0x45, 0x91, 0x3b, 0xcf, 0xeb, 0x01, 0x65, 0x72, + 0xe7, 0x8d, 0xaa, 0x95, 0x83, 0x0f, 0xb6, 0x6a, 0xa5, 0x07, 0x27, 0x78, 0x17, 0x55, 0x6a, 0xc8, + 0x21, 0x32, 0x40, 0x58, 0x9c, 0xed, 0x5c, 0x9a, 0x0c, 0xce, 0xd2, 0x7d, 0x98, 0xd7, 0x6b, 0xa1, + 0x8f, 0x40, 0x45, 0x7e, 0xe7, 0x78, 0xa2, 0xa2, 0xd3, 0xeb, 0xe4, 0x34, 0x60, 0xd7, 0x5e, 0x89, + 0x9f, 0xf6, 0x57, 0x0b, 0x54, 0x2b, 0xe5, 0xff, 0x54, 0x9a, 0xf4, 0x33, 0x30, 0xe8, 0xb4, 0x93, + 0x8d, 0xb0, 0xe3, 0xce, 0x84, 0x19, 0xd6, 0x8a, 0x05, 0x14, 0x2d, 0xc2, 0x40, 0x4d, 0xa7, 0xbe, + 0x1e, 0x64, 0x14, 0xf5, 0x01, 0x9f, 0x93, 0x10, 0xcc, 0xa8, 0xa0, 0x27, 0x61, 0x20, 0x71, 0x1a, + 0xa9, 0xbb, 0x6c, 0xd7, 0x9c, 0x46, 0x8c, 0x59, 0xab, 0xb9, 0x69, 0x0e, 0xec, 0xb3, 0x69, 0xbe, + 0x0c, 0xa3, 0xb1, 0xd7, 0x08, 0x9c, 0xa4, 0x1d, 0x11, 0xc3, 0x99, 0xa4, 0xe3, 0x03, 0x4c, 0x20, + 0x4e, 0xe3, 0xda, 0xbf, 0x3b, 0x02, 0xa7, 0x57, 0x67, 0x97, 0x64, 0x19, 0xb7, 0x63, 0x8b, 0xa9, + 0xef, 0xc6, 0xe3, 0xc1, 0xc5, 0xd4, 0xf7, 0xe0, 0xee, 0x1b, 0x31, 0xf5, 0xbe, 0x11, 0x53, 0xff, + 0x45, 0x0b, 0x2a, 0x2a, 0x94, 0x5c, 0x04, 0xb2, 0xbe, 0x9e, 0x7f, 0x0f, 0x54, 0x5c, 0xb1, 0x88, + 0x28, 0x96, 0x7f, 0xb1, 0x66, 0x7e, 0x7c, 0x41, 0xf6, 0xf7, 0xed, 0xd0, 0x81, 0x82, 0xec, 0x55, + 0x06, 0x42, 0x29, 0x8f, 0x0c, 0x84, 0x1e, 0x9f, 0xaa, 0x6b, 0x06, 0xc2, 0xd7, 0x2c, 0x18, 0x76, + 0xde, 0x6a, 0x47, 0x64, 0x8e, 0x6c, 0x2d, 0xb7, 0x62, 0x21, 0x60, 0xdf, 0xc8, 0xbf, 0x03, 0x33, + 0x9a, 0x89, 0x28, 0xee, 0xac, 0x1b, 0xb0, 0xd9, 0x85, 0x54, 0xc6, 0xc1, 0x50, 0x1e, 0x19, 0x07, + 0xdd, 0xba, 0xb3, 0x6f, 0xc6, 0xc1, 0xcb, 0x30, 0xea, 0xfa, 0x61, 0x40, 0x56, 0xa2, 0x30, 0x09, + 0xdd, 0xd0, 0x17, 0xca, 0xb4, 0x12, 0x09, 0xb3, 0x26, 0x10, 0xa7, 0x71, 0x7b, 0xa5, 0x2b, 0x54, + 0x8e, 0x9a, 0xae, 0x00, 0x0f, 0xa9, 0xb8, 0xc6, 0x2f, 0xe8, 0x32, 0xa3, 0xc3, 0x79, 0xdc, 0x77, + 0xdb, 0xed, 0x8b, 0xf4, 0x53, 0xb3, 0x0e, 0x7d, 0x83, 0x5f, 0x5a, 0x40, 0xd5, 0xd1, 0xd9, 0xb0, + 0x49, 0xd5, 0xad, 0x11, 0x36, 0x24, 0x6f, 0x1e, 0xc3, 0x84, 0xbd, 0xb5, 0xaa, 0xd9, 0xa8, 0x8b, + 0x0c, 0x74, 0x13, 0x4e, 0x77, 0xe4, 0x28, 0xe5, 0xf4, 0x7e, 0xa5, 0x00, 0x3f, 0xb4, 0x6f, 0x17, + 0xd0, 0x5d, 0x80, 0xc4, 0x69, 0x88, 0x89, 0x2a, 0x8e, 0xff, 0x8f, 0x18, 0xc4, 0xb7, 0x26, 0xe9, + 0xf1, 0x34, 0x55, 0xf5, 0x97, 0x1d, 0xac, 0xcb, 0xdf, 0x2c, 0x76, 0x2f, 0xf4, 0x3b, 0x4a, 0xf2, + 0xe0, 0xd0, 0x27, 0x98, 0x41, 0xe8, 0xf6, 0x1f, 0x91, 0x86, 0xbe, 0xd4, 0x4a, 0x7d, 0x3e, 0xcc, + 0x5a, 0xb1, 0x80, 0xa2, 0x97, 0x60, 0xd8, 0xf1, 0x7d, 0x9e, 0x57, 0x41, 0x62, 0x51, 0x58, 0x59, + 0x97, 0x15, 0xd1, 0x20, 0x6c, 0xe2, 0xd9, 0x7f, 0x5e, 0x80, 0xc9, 0x7d, 0x64, 0x0a, 0xba, 0x08, + 0x23, 0x61, 0xd4, 0x70, 0x02, 0xef, 0x2d, 0x9e, 0x99, 0x5d, 0x4a, 0xd7, 0x7f, 0x59, 0x36, 0x60, + 0x38, 0x85, 0x29, 0x23, 0xe1, 0x07, 0x7b, 0x44, 0xc2, 0xbf, 0x04, 0xc3, 0x09, 0x71, 0x9a, 0x22, + 0xec, 0x47, 0xd8, 0xdf, 0xda, 0x9f, 0xa9, 0x41, 0xd8, 0xc4, 0xa3, 0x52, 0x6c, 0xcc, 0x71, 0x5d, + 0x12, 0xc7, 0x32, 0xd4, 0x5d, 0x9c, 0x0d, 0xe6, 0x16, 0x47, 0xcf, 0x8e, 0x5c, 0x67, 0x52, 0x2c, + 0x70, 0x86, 0x65, 0x76, 0xc0, 0x2b, 0x7d, 0x0e, 0xf8, 0xaf, 0x17, 0xe0, 0xa9, 0xfb, 0xee, 0x6e, + 0x7d, 0x67, 0x21, 0xb4, 0x63, 0x12, 0x65, 0x27, 0xce, 0x8d, 0x98, 0x44, 0x98, 0x41, 0xf8, 0x28, + 0xb5, 0x5a, 0xc6, 0xa5, 0x61, 0x79, 0x27, 0xbd, 0xf0, 0x51, 0x4a, 0xb1, 0xc0, 0x19, 0x96, 0x87, + 0x9d, 0x96, 0xff, 0xa0, 0x00, 0x4f, 0xf7, 0xa1, 0x03, 0xe4, 0x98, 0x1c, 0x94, 0x4e, 0xd1, 0x2a, + 0x3e, 0x9c, 0x14, 0xad, 0xc3, 0x0e, 0xd7, 0xbb, 0x05, 0x38, 0xdb, 0x7b, 0x2b, 0x46, 0x3f, 0x4e, + 0x6d, 0x78, 0x19, 0xeb, 0x63, 0x66, 0x77, 0x9d, 0xe2, 0xf6, 0x7b, 0x0a, 0x84, 0xb3, 0xb8, 0x68, + 0x0a, 0xa0, 0xe5, 0x24, 0x1b, 0xf1, 0xa5, 0x6d, 0x2f, 0x4e, 0x44, 0x62, 0xf2, 0x18, 0xf7, 0xc4, + 0xc8, 0x56, 0x6c, 0x60, 0x50, 0x76, 0xec, 0xdf, 0x5c, 0x78, 0x3d, 0x4c, 0xf8, 0x43, 0xdc, 0x8c, + 0x38, 0x25, 0x8b, 0xb7, 0x1a, 0x20, 0x9c, 0xc5, 0xa5, 0xec, 0x98, 0xaf, 0x8f, 0x77, 0x94, 0xdb, + 0x17, 0x8c, 0xdd, 0xa2, 0x6a, 0xc5, 0x06, 0x46, 0x36, 0x6f, 0xad, 0xb4, 0x7f, 0xde, 0x9a, 0xfd, + 0x4f, 0x0a, 0xf0, 0x44, 0x4f, 0x55, 0xae, 0xbf, 0x05, 0xf8, 0xe8, 0xe5, 0x9a, 0x1d, 0x6e, 0xee, + 0x1c, 0x30, 0x83, 0xea, 0x4f, 0x7b, 0xcc, 0x34, 0x91, 0x41, 0x95, 0xdd, 0x2a, 0xac, 0x83, 0x6e, + 0x15, 0x8f, 0xd0, 0x78, 0x76, 0x24, 0x4d, 0x0d, 0x1c, 0x20, 0x69, 0x2a, 0xf3, 0x31, 0x4a, 0x7d, + 0x2e, 0xe4, 0x6f, 0xf7, 0x1e, 0x5e, 0x6a, 0xfa, 0xf5, 0x75, 0x3a, 0x3a, 0x07, 0x27, 0xbd, 0x80, + 0x15, 0xf2, 0x5e, 0x6d, 0xaf, 0x8b, 0xb4, 0xf5, 0x42, 0xfa, 0x8e, 0xba, 0x85, 0x0c, 0x1c, 0x77, + 0x3c, 0xf1, 0x08, 0x26, 0xb1, 0x1d, 0x72, 0x48, 0x3f, 0x05, 0x15, 0x45, 0x9b, 0x07, 0xe6, 0xaa, + 0x0f, 0xda, 0x11, 0x98, 0xab, 0xbe, 0xa6, 0x81, 0x45, 0x47, 0x82, 0xaa, 0x9b, 0x99, 0x99, 0x79, + 0x8d, 0xec, 0x30, 0xdd, 0xd3, 0xfe, 0x28, 0x8c, 0xa8, 0x33, 0x8c, 0x7e, 0xab, 0x35, 0xdb, 0xef, + 0x0c, 0xc2, 0x68, 0xaa, 0x16, 0x4b, 0xea, 0xc8, 0xd0, 0xda, 0xf7, 0xc8, 0x90, 0x05, 0x5a, 0xb7, + 0x03, 0x59, 0xca, 0xdd, 0x08, 0xb4, 0x6e, 0x07, 0x04, 0x73, 0x18, 0x55, 0x1d, 0x6b, 0xd1, 0x0e, + 0x6e, 0x07, 0x22, 0x20, 0x52, 0xa9, 0x8e, 0x73, 0xac, 0x15, 0x0b, 0x28, 0xfa, 0x9c, 0x05, 0x23, + 0x31, 0x3b, 0x8f, 0xe6, 0x07, 0xae, 0xe2, 0x83, 0x5e, 0xcd, 0xe3, 0xda, 0x75, 0x51, 0x77, 0x88, + 0xc5, 0x52, 0x98, 0x2d, 0x38, 0xc5, 0x11, 0xfd, 0xbc, 0x65, 0x5e, 0x38, 0x3f, 0x98, 0x47, 0x20, + 0x6f, 0xb6, 0xd4, 0x0d, 0x3f, 0xa9, 0xbb, 0xff, 0xbd, 0xf3, 0xb1, 0x3a, 0x0d, 0x1d, 0x3a, 0x9e, + 0xd3, 0x50, 0xe8, 0x72, 0x12, 0xfa, 0x11, 0xa8, 0x34, 0x9d, 0xc0, 0xab, 0x93, 0x38, 0xe1, 0x07, + 0x94, 0xb2, 0x02, 0x97, 0x6c, 0xc4, 0x1a, 0x4e, 0x37, 0xbb, 0x98, 0xbd, 0x58, 0x62, 0x9c, 0x28, + 0xb2, 0xcd, 0x6e, 0x55, 0x37, 0x63, 0x13, 0xc7, 0x3c, 0xfe, 0x84, 0x87, 0x7a, 0xfc, 0x39, 0xbc, + 0xcf, 0xf1, 0xe7, 0x3f, 0xb2, 0xe0, 0x4c, 0xd7, 0xaf, 0xf6, 0xe8, 0x86, 0xc8, 0xd9, 0x5f, 0x2f, + 0xc1, 0xa9, 0x2e, 0x45, 0x95, 0xd0, 0x8e, 0x39, 0x9f, 0xad, 0x3c, 0xbc, 0xe2, 0x69, 0x27, 0xaf, + 0x1c, 0xc6, 0x2e, 0x93, 0xf8, 0x60, 0xce, 0x07, 0xed, 0x00, 0x28, 0x3e, 0x58, 0x07, 0x80, 0x31, + 0x2d, 0x07, 0x1e, 0xea, 0xb4, 0x2c, 0xdd, 0x7f, 0x5a, 0xa2, 0xdf, 0xb6, 0x60, 0xa2, 0xd9, 0xa3, + 0x92, 0xa7, 0x38, 0xd4, 0xbb, 0x79, 0x3c, 0x75, 0x42, 0xab, 0x4f, 0xee, 0xed, 0x4e, 0xf6, 0x2c, + 0xa0, 0x8a, 0x7b, 0xf6, 0xca, 0xfe, 0x6e, 0x11, 0x58, 0x45, 0x2f, 0x56, 0x43, 0x67, 0x07, 0x7d, + 0xd6, 0xac, 0xcd, 0x66, 0xe5, 0x55, 0x47, 0x8c, 0x13, 0x57, 0xb5, 0xdd, 0xf8, 0x08, 0x76, 0x2b, + 0xf5, 0x96, 0x15, 0x5a, 0x85, 0x3e, 0x84, 0x96, 0x2f, 0x8b, 0xe0, 0x15, 0xf3, 0x2f, 0x82, 0x57, + 0xc9, 0x16, 0xc0, 0xbb, 0xff, 0x27, 0x1e, 0x78, 0x24, 0x3f, 0xf1, 0xdf, 0xb6, 0xb8, 0xe0, 0xc9, + 0x7c, 0x05, 0xad, 0x19, 0x58, 0xf7, 0xd1, 0x0c, 0x9e, 0x63, 0x37, 0x6d, 0xd6, 0xaf, 0x10, 0xc7, + 0x17, 0x1a, 0x84, 0x79, 0x69, 0x26, 0x6b, 0xc7, 0x0a, 0x83, 0xdd, 0x8d, 0xe3, 0xfb, 0xe1, 0xdd, + 0x4b, 0xcd, 0x56, 0xb2, 0x23, 0x74, 0x09, 0x7d, 0x37, 0x8e, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x3b, + 0x05, 0x3e, 0x03, 0x85, 0x5b, 0xff, 0x62, 0xe6, 0x36, 0x83, 0xfe, 0x3d, 0xe2, 0x9f, 0x01, 0x70, + 0xd5, 0x25, 0x7b, 0xc2, 0xdf, 0x72, 0xe5, 0xc8, 0x97, 0x94, 0x09, 0x7a, 0xfa, 0x35, 0x74, 0x1b, + 0x36, 0xf8, 0xa5, 0x64, 0x69, 0x71, 0x5f, 0x59, 0x9a, 0x12, 0x2b, 0x03, 0xfb, 0xec, 0x76, 0x7f, + 0x6e, 0x41, 0x4a, 0x23, 0x42, 0x2d, 0x28, 0xd1, 0xee, 0xee, 0xe4, 0x73, 0x7f, 0xa0, 0x49, 0x9a, + 0x8a, 0x46, 0x31, 0xed, 0xd9, 0x4f, 0xcc, 0x19, 0x21, 0x5f, 0x78, 0xff, 0x0b, 0x79, 0xdc, 0x71, + 0x69, 0x32, 0xbc, 0x12, 0x86, 0x9b, 0xdc, 0x69, 0xa8, 0x23, 0x09, 0xec, 0x8b, 0x30, 0xde, 0xd1, + 0x29, 0x56, 0xb8, 0x3c, 0x94, 0x97, 0x26, 0x1a, 0xd3, 0x95, 0xa5, 0xe0, 0x61, 0x0e, 0xb3, 0xdf, + 0xb5, 0xe0, 0x64, 0x96, 0x3c, 0xfa, 0x86, 0x05, 0xe3, 0x71, 0x96, 0xde, 0x71, 0x8d, 0x9d, 0x8a, + 0x8c, 0xeb, 0x00, 0xe1, 0xce, 0x4e, 0xd8, 0x7f, 0x21, 0x26, 0xff, 0x2d, 0x2f, 0xa8, 0x85, 0x77, + 0x95, 0x62, 0x62, 0xf5, 0x54, 0x4c, 0xe8, 0x7a, 0x74, 0x37, 0x48, 0xad, 0xed, 0x77, 0xe4, 0xfe, + 0xad, 0x8a, 0x76, 0xac, 0x30, 0x58, 0xaa, 0x53, 0x5b, 0x54, 0xc9, 0xcc, 0x4c, 0xca, 0x39, 0xd1, + 0x8e, 0x15, 0x06, 0x7a, 0x11, 0x46, 0xcc, 0x8b, 0x41, 0xc5, 0xbc, 0x64, 0x0a, 0xb9, 0x79, 0x87, + 0x28, 0x4e, 0x61, 0x65, 0xae, 0x86, 0x2f, 0xed, 0x7b, 0x35, 0xfc, 0xb3, 0x50, 0x16, 0xd7, 0x9c, + 0xcb, 0xf8, 0x51, 0x9e, 0x58, 0x28, 0xda, 0xb0, 0x82, 0x52, 0x69, 0xd2, 0x74, 0x82, 0xb6, 0xe3, + 0xd3, 0x11, 0x12, 0xd9, 0xd0, 0x6a, 0x19, 0x2e, 0x29, 0x08, 0x36, 0xb0, 0xe8, 0x1b, 0x27, 0x5e, + 0x93, 0xbc, 0x16, 0x06, 0x32, 0xf2, 0x4a, 0xbb, 0x54, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x7f, 0xb3, + 0x20, 0x7b, 0x47, 0x73, 0xea, 0x94, 0xc3, 0xda, 0x37, 0x03, 0x3b, 0x9d, 0xbf, 0x59, 0xe8, 0x2b, + 0x7f, 0xd3, 0x4c, 0xad, 0x2c, 0xde, 0x37, 0xb5, 0xf2, 0x87, 0xf5, 0xf5, 0x37, 0x3c, 0x07, 0x73, + 0xb8, 0xdb, 0xd5, 0x37, 0xc8, 0x86, 0x41, 0xd7, 0x51, 0x35, 0x3a, 0x46, 0xb8, 0xed, 0x30, 0x3b, + 0xc3, 0x90, 0x04, 0xc4, 0x5e, 0x86, 0x8a, 0xf2, 0x2c, 0x48, 0x43, 0xd5, 0xea, 0x6e, 0xa8, 0xf6, + 0x95, 0x4a, 0x56, 0x5d, 0x7f, 0xef, 0x7b, 0xe7, 0x3e, 0xf0, 0xed, 0xef, 0x9d, 0xfb, 0xc0, 0x1f, + 0x7f, 0xef, 0xdc, 0x07, 0x3e, 0xb7, 0x77, 0xce, 0x7a, 0x6f, 0xef, 0x9c, 0xf5, 0xed, 0xbd, 0x73, + 0xd6, 0x1f, 0xef, 0x9d, 0xb3, 0xbe, 0xbb, 0x77, 0xce, 0xfa, 0xda, 0x7f, 0x3e, 0xf7, 0x81, 0xd7, + 0xba, 0x86, 0xde, 0xd1, 0x1f, 0xcf, 0xbb, 0xb5, 0xe9, 0xad, 0x0b, 0x2c, 0xfa, 0x8b, 0x2e, 0xaf, + 0x69, 0x63, 0x4e, 0x4d, 0xcb, 0xe5, 0xf5, 0xff, 0x03, 0x00, 0x00, 0xff, 0xff, 0xb4, 0x21, 0xda, + 0x10, 0xaf, 0xcb, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -11724,6 +11790,18 @@ func (m *SCMProviderGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.AWSCodeCommit != nil { + { + size, err := m.AWSCodeCommit.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x62 + } if len(m.Values) > 0 { keysForValues := make([]string, 0, len(m.Values)) for k := range m.Values { @@ -11857,6 +11935,61 @@ func (m *SCMProviderGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *SCMProviderGeneratorAWSCodeCommit) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SCMProviderGeneratorAWSCodeCommit) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *SCMProviderGeneratorAWSCodeCommit) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i-- + if m.AllBranches { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x20 + i -= len(m.Region) + copy(dAtA[i:], m.Region) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Region))) + i-- + dAtA[i] = 0x1a + i -= len(m.Role) + copy(dAtA[i:], m.Role) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Role))) + i-- + dAtA[i] = 0x12 + if len(m.TagFilters) > 0 { + for iNdEx := len(m.TagFilters) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.TagFilters[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func (m *SCMProviderGeneratorAzureDevOps) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -12990,6 +13123,39 @@ func (m *TLSClientConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *TagFilter) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TagFilter) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TagFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Value) + copy(dAtA[i:], m.Value) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Value))) + i-- + dAtA[i] = 0x12 + i -= len(m.Key) + copy(dAtA[i:], m.Key) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Key))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { offset -= sovGenerated(v) base := offset @@ -15676,6 +15842,30 @@ func (m *SCMProviderGenerator) Size() (n int) { n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) } } + if m.AWSCodeCommit != nil { + l = m.AWSCodeCommit.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + +func (m *SCMProviderGeneratorAWSCodeCommit) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.TagFilters) > 0 { + for _, e := range m.TagFilters { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + l = len(m.Role) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Region) + n += 1 + l + sovGenerated(uint64(l)) + n += 2 return n } @@ -16111,6 +16301,19 @@ func (m *TLSClientConfig) Size() (n int) { return n } +func (m *TagFilter) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Key) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Value) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func sovGenerated(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -18152,6 +18355,25 @@ func (this *SCMProviderGenerator) String() string { `RequeueAfterSeconds:` + valueToStringGenerated(this.RequeueAfterSeconds) + `,`, `Template:` + strings.Replace(strings.Replace(this.Template.String(), "ApplicationSetTemplate", "ApplicationSetTemplate", 1), `&`, ``, 1) + `,`, `Values:` + mapStringForValues + `,`, + `AWSCodeCommit:` + strings.Replace(this.AWSCodeCommit.String(), "SCMProviderGeneratorAWSCodeCommit", "SCMProviderGeneratorAWSCodeCommit", 1) + `,`, + `}`, + }, "") + return s +} +func (this *SCMProviderGeneratorAWSCodeCommit) String() string { + if this == nil { + return "nil" + } + repeatedStringForTagFilters := "[]*TagFilter{" + for _, f := range this.TagFilters { + repeatedStringForTagFilters += strings.Replace(f.String(), "TagFilter", "TagFilter", 1) + "," + } + repeatedStringForTagFilters += "}" + s := strings.Join([]string{`&SCMProviderGeneratorAWSCodeCommit{`, + `TagFilters:` + repeatedStringForTagFilters + `,`, + `Role:` + fmt.Sprintf("%v", this.Role) + `,`, + `Region:` + fmt.Sprintf("%v", this.Region) + `,`, + `AllBranches:` + fmt.Sprintf("%v", this.AllBranches) + `,`, `}`, }, "") return s @@ -18440,6 +18662,17 @@ func (this *TLSClientConfig) String() string { }, "") return s } +func (this *TagFilter) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&TagFilter{`, + `Key:` + fmt.Sprintf("%v", this.Key) + `,`, + `Value:` + fmt.Sprintf("%v", this.Value) + `,`, + `}`, + }, "") + return s +} func valueToStringGenerated(v interface{}) string { rv := reflect.ValueOf(v) if rv.IsNil() { @@ -41976,6 +42209,210 @@ func (m *SCMProviderGenerator) Unmarshal(dAtA []byte) error { } m.Values[mapkey] = mapvalue iNdEx = postIndex + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AWSCodeCommit", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.AWSCodeCommit == nil { + m.AWSCodeCommit = &SCMProviderGeneratorAWSCodeCommit{} + } + if err := m.AWSCodeCommit.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SCMProviderGeneratorAWSCodeCommit) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SCMProviderGeneratorAWSCodeCommit: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SCMProviderGeneratorAWSCodeCommit: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TagFilters", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TagFilters = append(m.TagFilters, &TagFilter{}) + if err := m.TagFilters[len(m.TagFilters)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Role = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Region", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Region = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field AllBranches", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.AllBranches = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -45569,6 +46006,120 @@ func (m *TLSClientConfig) Unmarshal(dAtA []byte) error { } return nil } +func (m *TagFilter) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TagFilter: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: TagFilter: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Key = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Value = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func skipGenerated(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 9fafae1be5fb5..8ee9dd1ddfc73 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -1775,6 +1775,25 @@ message SCMProviderGenerator { // Values contains key/value pairs which are passed directly as parameters to the template map values = 11; + + optional SCMProviderGeneratorAWSCodeCommit awsCodeCommit = 12; +} + +// SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit. +message SCMProviderGeneratorAWSCodeCommit { + // TagFilters provides the tag filter(s) for repo discovery + repeated TagFilter tagFilters = 1; + + // Role provides the AWS IAM role to assume, for cross-account repo discovery + // if not provided, AppSet controller will use its pod/node identity to discover. + optional string role = 2; + + // Region provides the AWS region to discover repos. + // if not provided, AppSet controller will infer the current region from environment. + optional string region = 3; + + // Scan all branches instead of just the default branch. + optional bool allBranches = 4; } // SCMProviderGeneratorAzureDevOps defines connection info specific to Azure DevOps. @@ -2098,3 +2117,9 @@ message TLSClientConfig { optional bytes caData = 5; } +message TagFilter { + optional string key = 1; + + optional string value = 2; +} + diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index e487692452d7d..a9f6f13869d49 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -132,6 +132,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RevisionHistory": schema_pkg_apis_application_v1alpha1_RevisionHistory(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RevisionMetadata": schema_pkg_apis_application_v1alpha1_RevisionMetadata(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator": schema_pkg_apis_application_v1alpha1_SCMProviderGenerator(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAWSCodeCommit": schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorAWSCodeCommit(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAzureDevOps": schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorAzureDevOps(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucket": schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorBitbucket(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucketServer": schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorBitbucketServer(ref), @@ -152,6 +153,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStrategyHook": schema_pkg_apis_application_v1alpha1_SyncStrategyHook(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncWindow": schema_pkg_apis_application_v1alpha1_SyncWindow(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.TLSClientConfig": schema_pkg_apis_application_v1alpha1_TLSClientConfig(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.TagFilter": schema_pkg_apis_application_v1alpha1_TagFilter(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.objectMeta": schema_pkg_apis_application_v1alpha1_objectMeta(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.rawResourceOverride": schema_pkg_apis_application_v1alpha1_rawResourceOverride(ref), } @@ -6163,11 +6165,65 @@ func schema_pkg_apis_application_v1alpha1_SCMProviderGenerator(ref common.Refere }, }, }, + "awsCodeCommit": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAWSCodeCommit"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAWSCodeCommit", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAzureDevOps", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucket", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucketServer", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorFilter", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGitea", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGithub", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGitlab"}, + } +} + +func schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorAWSCodeCommit(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "tagFilters": { + SchemaProps: spec.SchemaProps{ + Description: "TagFilters provides the tag filter(s) for repo discovery", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.TagFilter"), + }, + }, + }, + }, + }, + "role": { + SchemaProps: spec.SchemaProps{ + Description: "Role provides the AWS IAM role to assume, for cross-account repo discovery if not provided, AppSet controller will use its pod/node identity to discover.", + Type: []string{"string"}, + Format: "", + }, + }, + "region": { + SchemaProps: spec.SchemaProps{ + Description: "Region provides the AWS region to discover repos. if not provided, AppSet controller will infer the current region from environment.", + Type: []string{"string"}, + Format: "", + }, + }, + "allBranches": { + SchemaProps: spec.SchemaProps{ + Description: "Scan all branches instead of just the default branch.", + Type: []string{"boolean"}, + Format: "", + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorAzureDevOps", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucket", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorBitbucketServer", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorFilter", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGitea", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGithub", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGitlab"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.TagFilter"}, } } @@ -7166,6 +7222,32 @@ func schema_pkg_apis_application_v1alpha1_TLSClientConfig(ref common.ReferenceCa } } +func schema_pkg_apis_application_v1alpha1_TagFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "key": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"key"}, + }, + }, + } +} + func schema_pkg_apis_application_v1alpha1_objectMeta(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index b9a7340d0655e..dedd5a3b2d5d3 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -3360,6 +3360,11 @@ func (in *SCMProviderGenerator) DeepCopyInto(out *SCMProviderGenerator) { (*out)[key] = val } } + if in.AWSCodeCommit != nil { + in, out := &in.AWSCodeCommit, &out.AWSCodeCommit + *out = new(SCMProviderGeneratorAWSCodeCommit) + (*in).DeepCopyInto(*out) + } return } @@ -3373,6 +3378,33 @@ func (in *SCMProviderGenerator) DeepCopy() *SCMProviderGenerator { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SCMProviderGeneratorAWSCodeCommit) DeepCopyInto(out *SCMProviderGeneratorAWSCodeCommit) { + *out = *in + if in.TagFilters != nil { + in, out := &in.TagFilters, &out.TagFilters + *out = make([]*TagFilter, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(TagFilter) + **out = **in + } + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SCMProviderGeneratorAWSCodeCommit. +func (in *SCMProviderGeneratorAWSCodeCommit) DeepCopy() *SCMProviderGeneratorAWSCodeCommit { + if in == nil { + return nil + } + out := new(SCMProviderGeneratorAWSCodeCommit) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SCMProviderGeneratorAzureDevOps) DeepCopyInto(out *SCMProviderGeneratorAzureDevOps) { *out = *in @@ -3926,3 +3958,19 @@ func (in *TLSClientConfig) DeepCopy() *TLSClientConfig { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TagFilter) DeepCopyInto(out *TagFilter) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TagFilter. +func (in *TagFilter) DeepCopy() *TagFilter { + if in == nil { + return nil + } + out := new(TagFilter) + in.DeepCopyInto(out) + return out +} From 0b289da7fe751fad47113ba5df491379c152601b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 23:56:53 +0000 Subject: [PATCH 065/252] chore(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.5 (#13639) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.1 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/c3667d99424e7e6047999fb6246c0da843953c65...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-build.yaml | 1 + .github/workflows/image-reuse.yaml | 2 +- .github/workflows/release.yaml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index d5c003f8b3223..d2df226d17c07 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -397,6 +397,7 @@ jobs: sudo mkdir -p $HOME/.kube && sudo chown -R runner $HOME/.kube sudo k3s kubectl config view --raw > $HOME/.kube/config sudo chown runner $HOME/.kube/config + sudo chmod go-r $HOME/.kube/config kubectl version - name: Restore go build cache uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 7d452ca362015..d36e0170ee3d3 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -74,7 +74,7 @@ jobs: go-version: ${{ inputs.go-version }} - name: Install cosign - uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1 + uses: sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 # v3.0.5 with: cosign-release: 'v2.0.0' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ce1087cb7a419..275fe9064bcb3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -149,7 +149,7 @@ jobs: go-version: ${{ env.GOLANG_VERSION }} - name: Install cosign - uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1 + uses: sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 # v3.0.5 with: cosign-release: 'v2.0.0' From d25bbab019f9cf8fa811d5555b874cad43043db7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 23:58:31 +0000 Subject: [PATCH 066/252] chore(deps): bump codecov/codecov-action from 3.1.1 to 3.1.4 (#13602) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.1 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index d2df226d17c07..3f95d398bcef9 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -325,7 +325,7 @@ jobs: name: test-results path: test-results - name: Upload code coverage information to codecov.io - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3.1.1 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 with: file: coverage.out - name: Perform static code analysis using SonarCloud From 32be59c8bef06a56f5f4a1816f2186a4dfe35881 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 00:10:50 +0000 Subject: [PATCH 067/252] chore(deps): bump github.com/xanzy/go-gitlab from 0.60.0 to 0.83.0 (#13269) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): bump github.com/xanzy/go-gitlab from 0.60.0 to 0.83.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.60.0 to 0.83.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.60.0...v0.83.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * 🙄 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- applicationset/services/scm_provider/gitlab.go | 6 +++--- go.mod | 10 +++++----- go.sum | 15 ++++++++------- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/applicationset/services/scm_provider/gitlab.go b/applicationset/services/scm_provider/gitlab.go index 26f8060f2b669..b08b21895bda9 100644 --- a/applicationset/services/scm_provider/gitlab.go +++ b/applicationset/services/scm_provider/gitlab.go @@ -3,11 +3,11 @@ package scm_provider import ( "context" "fmt" - "os" "net/http" + "os" pathpkg "path" - gitlab "github.com/xanzy/go-gitlab" + "github.com/xanzy/go-gitlab" ) type GitlabProvider struct { @@ -65,7 +65,7 @@ func (g *GitlabProvider) GetBranches(ctx context.Context, repo *Repository) ([]* func (g *GitlabProvider) ListRepos(ctx context.Context, cloneProtocol string) ([]*Repository, error) { opt := &gitlab.ListGroupProjectsOptions{ ListOptions: gitlab.ListOptions{PerPage: 100}, - IncludeSubgroups: &g.includeSubgroups, + IncludeSubGroups: &g.includeSubgroups, } repos := []*Repository{} for { diff --git a/go.mod b/go.mod index 7c6589946728c..737a00b4a376d 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( github.com/gogits/go-gogs-client v0.0.0-20190616193657-5a05380e4bc2 github.com/gogo/protobuf v1.3.2 github.com/golang-jwt/jwt/v4 v4.5.0 - github.com/golang/protobuf v1.5.2 + github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 github.com/google/go-github/v35 v35.3.0 github.com/google/go-jsonnet v0.19.1 @@ -45,7 +45,7 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/grpc-ecosystem/grpc-gateway v1.16.0 - github.com/hashicorp/go-retryablehttp v0.7.0 + github.com/hashicorp/go-retryablehttp v0.7.2 github.com/imdario/mergo v0.3.13 github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a github.com/itchyny/gojq v0.12.10 @@ -69,7 +69,7 @@ require ( github.com/stretchr/testify v1.8.1 github.com/valyala/fasttemplate v1.2.2 github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0 - github.com/xanzy/go-gitlab v0.60.0 + github.com/xanzy/go-gitlab v0.83.0 github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.31.0 go.opentelemetry.io/otel v1.11.1 @@ -82,7 +82,7 @@ require ( golang.org/x/term v0.8.0 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 google.golang.org/grpc v1.51.0 - google.golang.org/protobuf v1.28.1 + google.golang.org/protobuf v1.29.1 gopkg.in/go-playground/webhooks.v5 v5.17.0 gopkg.in/square/go-jose.v2 v2.6.0 gopkg.in/yaml.v2 v2.4.0 @@ -227,7 +227,7 @@ require ( golang.org/x/net v0.10.0 // indirect golang.org/x/sys v0.8.0 // indirect golang.org/x/text v0.9.0 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect + golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.6.0 // indirect gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect diff --git a/go.sum b/go.sum index 7c548963c1c84..81ee867e64c12 100644 --- a/go.sum +++ b/go.sum @@ -600,8 +600,8 @@ github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjh github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.5.1/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.7.0 h1:eu1EI/mbirUgP5C8hVsTNaGZreBDlYiwC1FZWkvQPQ4= -github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0= +github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= @@ -1050,8 +1050,8 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0 h1:qqllXPzXh+So+mmANlX/gCJrgo+1kQyshMoQ+NASzm0= github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0/go.mod h1:2rx5KE5FLD0HRfkkpyn8JwbVLBdhgeiOb2D2D9LLKM4= -github.com/xanzy/go-gitlab v0.60.0 h1:HaIlc14k4t9eJjAhY0Gmq2fBHgKd1MthBn3+vzDtsbA= -github.com/xanzy/go-gitlab v0.60.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM= +github.com/xanzy/go-gitlab v0.83.0 h1:37p0MpTPNbsTMKX/JnmJtY8Ch1sFiJzVF342+RvZEGw= +github.com/xanzy/go-gitlab v0.83.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= @@ -1495,8 +1495,9 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1773,8 +1774,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.29.1 h1:7QBf+IK2gx70Ap/hDsOmam3GE0v9HicjfEdAxE62UoM= +google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk= From 50b2f03657026a0987e4910eca4778e8950e6d87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 01:50:17 +0000 Subject: [PATCH 068/252] chore(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (#12109) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/0ad9a0988b3973e851ab0a07adf248ec2e100376...08e2f20817b15149a52b5b3ebe7de50aff2ba8c5) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 3f95d398bcef9..8894cf28d749b 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -76,7 +76,7 @@ jobs: with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint - uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # v3.3.1 + uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0 with: version: v1.51.0 args: --timeout 10m --exclude SA5011 --verbose From ddb2743701a87ed1d6c0ca338780a121bfd75e06 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 09:29:44 -0400 Subject: [PATCH 069/252] chore(deps): bump github.com/mattn/go-isatty from 0.0.16 to 0.0.19 (#13818) Bumps [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) from 0.0.16 to 0.0.19. - [Commits](https://github.com/mattn/go-isatty/compare/v0.0.16...v0.0.19) --- updated-dependencies: - dependency-name: github.com/mattn/go-isatty dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 737a00b4a376d..0881bd4f2ae93 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/ktrysmt/go-bitbucket v0.9.55 - github.com/mattn/go-isatty v0.0.16 + github.com/mattn/go-isatty v0.0.19 github.com/mattn/go-zglob v0.0.4 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 github.com/olekukonko/tablewriter v0.0.5 diff --git a/go.sum b/go.sum index 81ee867e64c12..9a10345ba7002 100644 --- a/go.sum +++ b/go.sum @@ -737,8 +737,8 @@ github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.8/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= @@ -1451,7 +1451,6 @@ golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From cf7421e0b3c192add40de9fccf7f1e60a0fadd79 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 09:30:56 -0400 Subject: [PATCH 070/252] chore(deps): bump github.com/whilp/git-urls (#13814) Bumps [github.com/whilp/git-urls](https://github.com/whilp/git-urls) from 0.0.0-20191001220047-6db9661140c0 to 1.0.0. - [Release notes](https://github.com/whilp/git-urls/releases) - [Commits](https://github.com/whilp/git-urls/commits/v1.0.0) --- updated-dependencies: - dependency-name: github.com/whilp/git-urls dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0881bd4f2ae93..026114092def6 100644 --- a/go.mod +++ b/go.mod @@ -68,7 +68,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.1 github.com/valyala/fasttemplate v1.2.2 - github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0 + github.com/whilp/git-urls v1.0.0 github.com/xanzy/go-gitlab v0.83.0 github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.31.0 diff --git a/go.sum b/go.sum index 9a10345ba7002..2d593bddf5368 100644 --- a/go.sum +++ b/go.sum @@ -1048,8 +1048,8 @@ github.com/vmihailenco/msgpack/v5 v5.3.4/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= -github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0 h1:qqllXPzXh+So+mmANlX/gCJrgo+1kQyshMoQ+NASzm0= -github.com/whilp/git-urls v0.0.0-20191001220047-6db9661140c0/go.mod h1:2rx5KE5FLD0HRfkkpyn8JwbVLBdhgeiOb2D2D9LLKM4= +github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= +github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= github.com/xanzy/go-gitlab v0.83.0 h1:37p0MpTPNbsTMKX/JnmJtY8Ch1sFiJzVF342+RvZEGw= github.com/xanzy/go-gitlab v0.83.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= From e7e0700e7ebdc0051b3473f6c50c34648370a7a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 09:33:15 -0400 Subject: [PATCH 071/252] chore(deps): bump github.com/gorilla/websocket from 1.4.2 to 1.5.0 (#13817) Bumps [github.com/gorilla/websocket](https://github.com/gorilla/websocket) from 1.4.2 to 1.5.0. - [Release notes](https://github.com/gorilla/websocket/releases) - [Commits](https://github.com/gorilla/websocket/compare/v1.4.2...v1.5.0) --- updated-dependencies: - dependency-name: github.com/gorilla/websocket dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 026114092def6..2a14770ee04bd 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,7 @@ require ( github.com/google/uuid v1.3.0 github.com/gorilla/handlers v1.5.1 github.com/gorilla/mux v1.8.0 - github.com/gorilla/websocket v1.4.2 + github.com/gorilla/websocket v1.5.0 github.com/gosimple/slug v1.13.1 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 diff --git a/go.sum b/go.sum index 2d593bddf5368..3c2e8fe347a0c 100644 --- a/go.sum +++ b/go.sum @@ -567,8 +567,9 @@ github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB7 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gosimple/slug v1.13.1 h1:bQ+kpX9Qa6tHRaK+fZR0A0M2Kd7Pa5eHPPsb1JpHD+Q= github.com/gosimple/slug v1.13.1/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ= github.com/gosimple/unidecode v1.0.1 h1:hZzFTMMqSswvf0LBJZCZgThIZrpDHFXux9KeGmn6T/o= From 40fc133d7db578ec0c73b5433655fc6578903d77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 14:48:26 +0000 Subject: [PATCH 072/252] chore(deps): bump github.com/itchyny/gojq from 0.12.10 to 0.12.12 (#13816) Bumps [github.com/itchyny/gojq](https://github.com/itchyny/gojq) from 0.12.10 to 0.12.12. - [Release notes](https://github.com/itchyny/gojq/releases) - [Changelog](https://github.com/itchyny/gojq/blob/main/CHANGELOG.md) - [Commits](https://github.com/itchyny/gojq/compare/v0.12.10...v0.12.12) --- updated-dependencies: - dependency-name: github.com/itchyny/gojq dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 2a14770ee04bd..027981ef2908d 100644 --- a/go.mod +++ b/go.mod @@ -48,7 +48,7 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.2 github.com/imdario/mergo v0.3.13 github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a - github.com/itchyny/gojq v0.12.10 + github.com/itchyny/gojq v0.12.12 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/ktrysmt/go-bitbucket v0.9.55 @@ -201,7 +201,7 @@ require ( github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.37.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect - github.com/rivo/uniseg v0.2.0 // indirect + github.com/rivo/uniseg v0.4.4 // indirect github.com/rs/cors v1.8.0 // indirect github.com/russross/blackfriday v1.6.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect diff --git a/go.sum b/go.sum index 3c2e8fe347a0c..7248a784c9ca0 100644 --- a/go.sum +++ b/go.sum @@ -636,8 +636,8 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/ishidawataru/sctp v0.0.0-20190723014705-7c296d48a2b5/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= -github.com/itchyny/gojq v0.12.10 h1:6TcS0VYWS6wgntpF/4tnrzwdCMjiTxRAxIqZWfDsDQU= -github.com/itchyny/gojq v0.12.10/go.mod h1:o3FT8Gkbg/geT4pLI0tF3hvip5F3Y/uskjRz9OYa38g= +github.com/itchyny/gojq v0.12.12 h1:x+xGI9BXqKoJQZkr95ibpe3cdrTbY8D9lonrK433rcA= +github.com/itchyny/gojq v0.12.12/go.mod h1:j+3sVkjxwd7A7Z5jrbKibgOLn0ZfLWkV+Awxr/pyzJE= github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk= @@ -926,8 +926,9 @@ github.com/redis/go-redis/v9 v9.0.2/go.mod h1:/xDTe9EF1LM61hek62Poq2nzQSGj0xSrEt github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/rivo/tview v0.0.0-20200219210816-cd38d7432498/go.mod h1:6lkG1x+13OShEf0EaOCaTQYyB7d5nSbb181KtjlS+84= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= +github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= From fab1580aea1f94b855daccfd667aecb73fd86f71 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 14:53:08 +0000 Subject: [PATCH 073/252] chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.4 (#13829) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.4. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.4) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 027981ef2908d..cc99ffe279337 100644 --- a/go.mod +++ b/go.mod @@ -66,7 +66,7 @@ require ( github.com/soheilhy/cmux v0.1.5 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.1 + github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 github.com/whilp/git-urls v1.0.0 github.com/xanzy/go-gitlab v0.83.0 diff --git a/go.sum b/go.sum index 7248a784c9ca0..453e3f99e72b0 100644 --- a/go.sum +++ b/go.sum @@ -1022,8 +1022,9 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= From 944eaddd8d4acc839ac9c2dae2754706f62c1823 Mon Sep 17 00:00:00 2001 From: Radon Rosborough <69264599+raxod502-plaid@users.noreply.github.com> Date: Tue, 30 May 2023 08:41:29 -0700 Subject: [PATCH 074/252] feat(appset): add support for missingkey=error in ApplicationSets (#13731) (#13733) * Add support for missingkey=error in ApplicationSets Signed-off-by: Radon Rosborough * options for cluster generator too Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Radon Rosborough Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .../controllers/applicationset_controller.go | 2 +- .../applicationset_controller_test.go | 10 +- .../examples/cluster/cluster-example.yaml | 1 + .../ducktype-example.yaml | 1 + .../examples/design-doc/applicationset.yaml | 1 + .../design-doc/git-directory-discovery.yaml | 1 + .../design-doc/git-files-discovery.yaml | 1 + .../design-doc/git-files-literal.yaml | 1 + applicationset/examples/design-doc/list.yaml | 1 + .../design-doc/template-override.yaml | 1 + .../git-directories-exclude-example.yaml | 1 + .../git-directories-example.yaml | 1 + .../git-generator-files.yaml | 1 + .../examples/list-generator/list-example.yaml | 1 + .../examples/matrix/cluster-and-git.yaml | 1 + .../examples/matrix/list-and-git.yaml | 1 + .../examples/matrix/list-and-list.yaml | 1 + .../matrix/matrix-and-union-in-matrix.yaml | 1 + .../merge/merge-clusters-and-list.yaml | 1 + .../examples/merge/merge-two-matrixes.yaml | 1 + .../pull-request-example.yaml | 1 + .../scm-provider-example.yaml | 1 + .../template-overrides-example.yaml | 1 + applicationset/generators/cluster.go | 4 +- .../generators/generator_spec_processor.go | 6 +- .../generator_spec_processor_test.go | 8 +- applicationset/generators/git.go | 20 +- applicationset/generators/git_test.go | 12 +- applicationset/generators/scm_provider.go | 2 +- .../generators/value_interpolation.go | 8 +- .../generators/value_interpolation_test.go | 4 +- applicationset/utils/utils.go | 33 +- applicationset/utils/utils_test.go | 41 +- applicationset/webhook/webhook.go | 2 +- assets/swagger.json | 6 + docs/operator-manual/applicationset.yaml | 3 + .../applicationset/Generators-Git.md | 42 +- .../applicationset/Generators-List.md | 3 +- .../applicationset/GoTemplate.md | 20 +- .../applicationset/Progressive-Syncs.md | 1 + manifests/core-install.yaml | 4 + manifests/crds/applicationset-crd.yaml | 4 + manifests/ha/install.yaml | 4 + manifests/install.yaml | 4 + pkg/apis/api-rules/violation_exceptions.list | 1 + .../v1alpha1/applicationset_types.go | 13 +- pkg/apis/application/v1alpha1/generated.pb.go | 1317 +++++++++-------- pkg/apis/application/v1alpha1/generated.proto | 2 + .../application/v1alpha1/openapi_generated.go | 14 + .../v1alpha1/zz_generated.deepcopy.go | 5 + 50 files changed, 893 insertions(+), 723 deletions(-) diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 5bf591bdc1a63..509d3dbd2f111 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -514,7 +514,7 @@ func (r *ApplicationSetReconciler) generateApplications(applicationSetInfo argov tmplApplication.Labels[LabelKeyAppSetInstance] = applicationSetInfo.Name for _, p := range a.Params { - app, err := r.Renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate) + app, err := r.Renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) if err != nil { log.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator). Error("error generating application from params") diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index 7084ed847827a..0134322bc5309 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -65,8 +65,8 @@ func (g *generatorMock) GetRequeueAfter(appSetGenerator *v1alpha1.ApplicationSet return args.Get(0).(time.Duration) } -func (r *rendererMock) RenderTemplateParams(tmpl *v1alpha1.Application, syncPolicy *v1alpha1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool) (*v1alpha1.Application, error) { - args := r.Called(tmpl, params, useGoTemplate) +func (r *rendererMock) RenderTemplateParams(tmpl *v1alpha1.Application, syncPolicy *v1alpha1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*v1alpha1.Application, error) { + args := r.Called(tmpl, params, useGoTemplate, goTemplateOptions) if args.Error(1) != nil { return nil, args.Error(1) @@ -168,10 +168,10 @@ func TestExtractApplications(t *testing.T) { tmpApplication.Labels[LabelKeyAppSetInstance] = appSet.Name if cc.rendererError != nil { - rendererMock.On("RenderTemplateParams", tmpApplication, p, false). + rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false, []string(nil)). Return(nil, cc.rendererError) } else { - rendererMock.On("RenderTemplateParams", tmpApplication, p, false). + rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false, []string(nil)). Return(&app, nil) expectedApps = append(expectedApps, app) } @@ -302,7 +302,7 @@ func TestMergeTemplateApplications(t *testing.T) { tmpApplication := getTempApplication(cc.expectedMerged) tmpApplication.Labels[LabelKeyAppSetInstance] = appSet.Name - rendererMock.On("RenderTemplateParams", tmpApplication, cc.params[0], false). + rendererMock.On("RenderTemplateParams", tmpApplication, cc.params[0], false, []string(nil)). Return(&cc.expectedApps[0], nil) r := ApplicationSetReconciler{ diff --git a/applicationset/examples/cluster/cluster-example.yaml b/applicationset/examples/cluster/cluster-example.yaml index 9714ce1952e9c..a8e54212595e8 100644 --- a/applicationset/examples/cluster/cluster-example.yaml +++ b/applicationset/examples/cluster/cluster-example.yaml @@ -4,6 +4,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - clusters: {} template: diff --git a/applicationset/examples/clusterDecisionResource/ducktype-example.yaml b/applicationset/examples/clusterDecisionResource/ducktype-example.yaml index c6058e870bbf6..cf633483a8f68 100644 --- a/applicationset/examples/clusterDecisionResource/ducktype-example.yaml +++ b/applicationset/examples/clusterDecisionResource/ducktype-example.yaml @@ -4,6 +4,7 @@ metadata: name: book-import spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - clusterDecisionResource: configMapRef: ocm-placement diff --git a/applicationset/examples/design-doc/applicationset.yaml b/applicationset/examples/design-doc/applicationset.yaml index b1e49bd814d15..7ab4e824596a3 100644 --- a/applicationset/examples/design-doc/applicationset.yaml +++ b/applicationset/examples/design-doc/applicationset.yaml @@ -8,6 +8,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - clusters: {} template: diff --git a/applicationset/examples/design-doc/git-directory-discovery.yaml b/applicationset/examples/design-doc/git-directory-discovery.yaml index 2f62e33cd6ca6..a158d034d9043 100644 --- a/applicationset/examples/design-doc/git-directory-discovery.yaml +++ b/applicationset/examples/design-doc/git-directory-discovery.yaml @@ -27,6 +27,7 @@ metadata: name: cluster-addons spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/infra-team/cluster-deployments.git diff --git a/applicationset/examples/design-doc/git-files-discovery.yaml b/applicationset/examples/design-doc/git-files-discovery.yaml index 3a4167886de69..367e318ac2d5a 100644 --- a/applicationset/examples/design-doc/git-files-discovery.yaml +++ b/applicationset/examples/design-doc/git-files-discovery.yaml @@ -38,6 +38,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/infra-team/cluster-deployments.git diff --git a/applicationset/examples/design-doc/git-files-literal.yaml b/applicationset/examples/design-doc/git-files-literal.yaml index 5cb9bd9553446..9dbace36e4c56 100644 --- a/applicationset/examples/design-doc/git-files-literal.yaml +++ b/applicationset/examples/design-doc/git-files-literal.yaml @@ -51,6 +51,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/infra-team/cluster-deployments.git diff --git a/applicationset/examples/design-doc/list.yaml b/applicationset/examples/design-doc/list.yaml index 3f76526b17df5..b1bcd593eac7f 100644 --- a/applicationset/examples/design-doc/list.yaml +++ b/applicationset/examples/design-doc/list.yaml @@ -5,6 +5,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: diff --git a/applicationset/examples/design-doc/template-override.yaml b/applicationset/examples/design-doc/template-override.yaml index be55e739e15a2..970c7c395a820 100644 --- a/applicationset/examples/design-doc/template-override.yaml +++ b/applicationset/examples/design-doc/template-override.yaml @@ -8,6 +8,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: diff --git a/applicationset/examples/git-generator-directory/excludes/git-directories-exclude-example.yaml b/applicationset/examples/git-generator-directory/excludes/git-directories-exclude-example.yaml index 786d30a536419..a021a3d0c66d3 100644 --- a/applicationset/examples/git-generator-directory/excludes/git-directories-exclude-example.yaml +++ b/applicationset/examples/git-generator-directory/excludes/git-directories-exclude-example.yaml @@ -5,6 +5,7 @@ metadata: namespace: argocd spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git diff --git a/applicationset/examples/git-generator-directory/git-directories-example.yaml b/applicationset/examples/git-generator-directory/git-directories-example.yaml index 4ac79a34dd43c..6fc16b4d39384 100644 --- a/applicationset/examples/git-generator-directory/git-directories-example.yaml +++ b/applicationset/examples/git-generator-directory/git-directories-example.yaml @@ -5,6 +5,7 @@ metadata: namespace: argocd spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git diff --git a/applicationset/examples/git-generator-files-discovery/git-generator-files.yaml b/applicationset/examples/git-generator-files-discovery/git-generator-files.yaml index 7ccd68f6c6b88..78a0136655498 100644 --- a/applicationset/examples/git-generator-files-discovery/git-generator-files.yaml +++ b/applicationset/examples/git-generator-files-discovery/git-generator-files.yaml @@ -4,6 +4,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git diff --git a/applicationset/examples/list-generator/list-example.yaml b/applicationset/examples/list-generator/list-example.yaml index a54fa0cfd92e1..03e33130bad84 100644 --- a/applicationset/examples/list-generator/list-example.yaml +++ b/applicationset/examples/list-generator/list-example.yaml @@ -4,6 +4,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: diff --git a/applicationset/examples/matrix/cluster-and-git.yaml b/applicationset/examples/matrix/cluster-and-git.yaml index a42568db821f3..d58d2fa5f83f6 100644 --- a/applicationset/examples/matrix/cluster-and-git.yaml +++ b/applicationset/examples/matrix/cluster-and-git.yaml @@ -8,6 +8,7 @@ metadata: name: cluster-git spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - matrix: generators: diff --git a/applicationset/examples/matrix/list-and-git.yaml b/applicationset/examples/matrix/list-and-git.yaml index d1a2979daedfe..9ba04345476b4 100644 --- a/applicationset/examples/matrix/list-and-git.yaml +++ b/applicationset/examples/matrix/list-and-git.yaml @@ -8,6 +8,7 @@ metadata: name: list-git spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - matrix: generators: diff --git a/applicationset/examples/matrix/list-and-list.yaml b/applicationset/examples/matrix/list-and-list.yaml index fe5606a4b4b53..f88189ba5ec01 100644 --- a/applicationset/examples/matrix/list-and-list.yaml +++ b/applicationset/examples/matrix/list-and-list.yaml @@ -5,6 +5,7 @@ metadata: namespace: argocd spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - matrix: generators: diff --git a/applicationset/examples/matrix/matrix-and-union-in-matrix.yaml b/applicationset/examples/matrix/matrix-and-union-in-matrix.yaml index 783b4c94b5c3a..e4fed589764a8 100644 --- a/applicationset/examples/matrix/matrix-and-union-in-matrix.yaml +++ b/applicationset/examples/matrix/matrix-and-union-in-matrix.yaml @@ -13,6 +13,7 @@ metadata: name: matrix-and-union-in-matrix spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - matrix: generators: diff --git a/applicationset/examples/merge/merge-clusters-and-list.yaml b/applicationset/examples/merge/merge-clusters-and-list.yaml index 48b35b0251ed4..c91f4fea47d7b 100644 --- a/applicationset/examples/merge/merge-clusters-and-list.yaml +++ b/applicationset/examples/merge/merge-clusters-and-list.yaml @@ -4,6 +4,7 @@ metadata: name: merge-clusters-and-list spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - merge: mergeKeys: diff --git a/applicationset/examples/merge/merge-two-matrixes.yaml b/applicationset/examples/merge/merge-two-matrixes.yaml index f7590fb685d9f..f864ac6948b2d 100644 --- a/applicationset/examples/merge/merge-two-matrixes.yaml +++ b/applicationset/examples/merge/merge-two-matrixes.yaml @@ -4,6 +4,7 @@ metadata: name: merge-two-matrixes spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - merge: mergeKeys: diff --git a/applicationset/examples/pull-request-generator/pull-request-example.yaml b/applicationset/examples/pull-request-generator/pull-request-example.yaml index 98f66ae095e6d..d8ad8502b9b13 100644 --- a/applicationset/examples/pull-request-generator/pull-request-example.yaml +++ b/applicationset/examples/pull-request-generator/pull-request-example.yaml @@ -4,6 +4,7 @@ metadata: name: myapp spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - pullRequest: github: diff --git a/applicationset/examples/scm-provider-generator/scm-provider-example.yaml b/applicationset/examples/scm-provider-generator/scm-provider-example.yaml index 8e310d45ccda5..c3ca2e5b3e5a9 100644 --- a/applicationset/examples/scm-provider-generator/scm-provider-example.yaml +++ b/applicationset/examples/scm-provider-generator/scm-provider-example.yaml @@ -4,6 +4,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - scmProvider: github: diff --git a/applicationset/examples/template-override/template-overrides-example.yaml b/applicationset/examples/template-override/template-overrides-example.yaml index dbc19418b4716..48cbf703fcd70 100644 --- a/applicationset/examples/template-override/template-overrides-example.yaml +++ b/applicationset/examples/template-override/template-overrides-example.yaml @@ -8,6 +8,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: diff --git a/applicationset/generators/cluster.go b/applicationset/generators/cluster.go index 589f42d02de84..9486d0e5e4475 100644 --- a/applicationset/generators/cluster.go +++ b/applicationset/generators/cluster.go @@ -109,7 +109,7 @@ func (g *ClusterGenerator) GenerateParams( params["nameNormalized"] = cluster.Name params["server"] = cluster.Server - err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate) + err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) if err != nil { return nil, err } @@ -149,7 +149,7 @@ func (g *ClusterGenerator) GenerateParams( } } - err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate) + err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) if err != nil { return nil, err } diff --git a/applicationset/generators/generator_spec_processor.go b/applicationset/generators/generator_spec_processor.go index 990fb0f8eb81e..4778188baf841 100644 --- a/applicationset/generators/generator_spec_processor.go +++ b/applicationset/generators/generator_spec_processor.go @@ -52,7 +52,7 @@ func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, al } var params []map[string]interface{} if len(genParams) != 0 { - tempInterpolatedGenerator, err := InterpolateGenerator(&requestedGenerator, genParams, appSet.Spec.GoTemplate) + tempInterpolatedGenerator, err := InterpolateGenerator(&requestedGenerator, genParams, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) interpolatedGenerator = &tempInterpolatedGenerator if err != nil { log.WithError(err).WithField("genParams", genParams). @@ -147,9 +147,9 @@ func mergeGeneratorTemplate(g Generator, requestedGenerator *argoprojiov1alpha1. // InterpolateGenerator allows interpolating the matrix's 2nd child generator with values from the 1st child generator // "params" parameter is an array, where each index corresponds to a generator. Each index contains a map w/ that generator's parameters. -func InterpolateGenerator(requestedGenerator *argoprojiov1alpha1.ApplicationSetGenerator, params map[string]interface{}, useGoTemplate bool) (argoprojiov1alpha1.ApplicationSetGenerator, error) { +func InterpolateGenerator(requestedGenerator *argoprojiov1alpha1.ApplicationSetGenerator, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (argoprojiov1alpha1.ApplicationSetGenerator, error) { render := utils.Render{} - interpolatedGenerator, err := render.RenderGeneratorParams(requestedGenerator, params, useGoTemplate) + interpolatedGenerator, err := render.RenderGeneratorParams(requestedGenerator, params, useGoTemplate, goTemplateOptions) if err != nil { log.WithError(err).WithField("interpolatedGenerator", interpolatedGenerator).Error("error interpolating generator with other generator's parameter") return *interpolatedGenerator, err diff --git a/applicationset/generators/generator_spec_processor_test.go b/applicationset/generators/generator_spec_processor_test.go index 141fcc4cf90ce..b9756ee7fc6d4 100644 --- a/applicationset/generators/generator_spec_processor_test.go +++ b/applicationset/generators/generator_spec_processor_test.go @@ -413,7 +413,7 @@ func TestInterpolateGenerator(t *testing.T) { "path[1]": "p2", "path.basenameNormalized": "app3", } - interpolatedGenerator, err := InterpolateGenerator(requestedGenerator, gitGeneratorParams, false) + interpolatedGenerator, err := InterpolateGenerator(requestedGenerator, gitGeneratorParams, false, nil) if err != nil { log.WithError(err).WithField("requestedGenerator", requestedGenerator).Error("error interpolating Generator") return @@ -438,7 +438,7 @@ func TestInterpolateGenerator(t *testing.T) { clusterGeneratorParams := map[string]interface{}{ "name": "production_01/west", "server": "https://production-01.example.com", } - interpolatedGenerator, err = InterpolateGenerator(requestedGenerator, clusterGeneratorParams, false) + interpolatedGenerator, err = InterpolateGenerator(requestedGenerator, clusterGeneratorParams, false, nil) if err != nil { log.WithError(err).WithField("requestedGenerator", requestedGenerator).Error("error interpolating Generator") return @@ -466,7 +466,7 @@ func TestInterpolateGenerator_go(t *testing.T) { "segments": []string{"p1", "p2", "app3"}, }, } - interpolatedGenerator, err := InterpolateGenerator(requestedGenerator, gitGeneratorParams, true) + interpolatedGenerator, err := InterpolateGenerator(requestedGenerator, gitGeneratorParams, true, nil) require.NoError(t, err) if err != nil { log.WithError(err).WithField("requestedGenerator", requestedGenerator).Error("error interpolating Generator") @@ -492,7 +492,7 @@ func TestInterpolateGenerator_go(t *testing.T) { clusterGeneratorParams := map[string]interface{}{ "name": "production_01/west", "server": "https://production-01.example.com", } - interpolatedGenerator, err = InterpolateGenerator(requestedGenerator, clusterGeneratorParams, true) + interpolatedGenerator, err = InterpolateGenerator(requestedGenerator, clusterGeneratorParams, true, nil) if err != nil { log.WithError(err).WithField("requestedGenerator", requestedGenerator).Error("error interpolating Generator") return diff --git a/applicationset/generators/git.go b/applicationset/generators/git.go index 3936411117fc1..9b2825618d80a 100644 --- a/applicationset/generators/git.go +++ b/applicationset/generators/git.go @@ -59,9 +59,9 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic var err error var res []map[string]interface{} if len(appSetGenerator.Git.Directories) != 0 { - res, err = g.generateParamsForGitDirectories(appSetGenerator, appSet.Spec.GoTemplate) + res, err = g.generateParamsForGitDirectories(appSetGenerator, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) } else if len(appSetGenerator.Git.Files) != 0 { - res, err = g.generateParamsForGitFiles(appSetGenerator, appSet.Spec.GoTemplate) + res, err = g.generateParamsForGitFiles(appSetGenerator, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) } else { return nil, EmptyAppSetGeneratorError } @@ -72,7 +72,7 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic return res, nil } -func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool) ([]map[string]interface{}, error) { +func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { // Directories, not files allPaths, err := g.repos.GetDirectories(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision) @@ -90,7 +90,7 @@ func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoproj requestedApps := g.filterApps(appSetGenerator.Git.Directories, allPaths) - res, err := g.generateParamsFromApps(requestedApps, appSetGenerator, useGoTemplate) + res, err := g.generateParamsFromApps(requestedApps, appSetGenerator, useGoTemplate, goTemplateOptions) if err != nil { return nil, fmt.Errorf("failed to generate params from apps: %w", err) } @@ -98,7 +98,7 @@ func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoproj return res, nil } -func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool) ([]map[string]interface{}, error) { +func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { // Get all files that match the requested path string, removing duplicates allFiles := make(map[string][]byte) @@ -125,7 +125,7 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al for _, path := range allPaths { // A JSON / YAML file path can contain multiple sets of parameters (ie it is an array) - paramsArray, err := g.generateParamsFromGitFile(path, allFiles[path], appSetGenerator.Git.Values, useGoTemplate, appSetGenerator.Git.PathParamPrefix) + paramsArray, err := g.generateParamsFromGitFile(path, allFiles[path], appSetGenerator.Git.Values, useGoTemplate, goTemplateOptions, appSetGenerator.Git.PathParamPrefix) if err != nil { return nil, fmt.Errorf("unable to process file '%s': %v", path, err) } @@ -135,7 +135,7 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al return res, nil } -func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []byte, values map[string]string, useGoTemplate bool, pathParamPrefix string) ([]map[string]interface{}, error) { +func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []byte, values map[string]string, useGoTemplate bool, goTemplateOptions []string, pathParamPrefix string) ([]map[string]interface{}, error) { objectsFound := []map[string]interface{}{} // First, we attempt to parse as an array @@ -198,7 +198,7 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent [] } } - err := appendTemplatedValues(values, params, useGoTemplate) + err := appendTemplatedValues(values, params, useGoTemplate, goTemplateOptions) if err != nil { return nil, fmt.Errorf("failed to append templated values: %w", err) } @@ -237,7 +237,7 @@ func (g *GitGenerator) filterApps(Directories []argoprojiov1alpha1.GitDirectoryG return res } -func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool) ([]map[string]interface{}, error) { +func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { res := make([]map[string]interface{}, len(requestedApps)) for i, a := range requestedApps { @@ -269,7 +269,7 @@ func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGene } } - err := appendTemplatedValues(appSetGenerator.Git.Values, params, useGoTemplate) + err := appendTemplatedValues(appSetGenerator.Git.Values, params, useGoTemplate, goTemplateOptions) if err != nil { return nil, fmt.Errorf("failed to append templated values: %w", err) } diff --git a/applicationset/generators/git_test.go b/applicationset/generators/git_test.go index e1d8d1ee31527..a236b00bca7bb 100644 --- a/applicationset/generators/git_test.go +++ b/applicationset/generators/git_test.go @@ -4,21 +4,21 @@ import ( "fmt" "testing" - "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" + argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) - func Test_generateParamsFromGitFile(t *testing.T) { values := map[string]string{} params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), values, false, "") +`), values, false, nil, "") if err != nil { t.Fatal(err) } @@ -41,7 +41,7 @@ func Test_generatePrefixedParamsFromGitFile(t *testing.T) { params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), values, false, "myRepo") +`), values, false, nil, "myRepo") if err != nil { t.Fatal(err) } @@ -64,7 +64,7 @@ func Test_generateParamsFromGitFileGoTemplate(t *testing.T) { params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), values, true, "") +`), values, true, nil, "") if err != nil { t.Fatal(err) } @@ -93,7 +93,7 @@ func Test_generatePrefixedParamsFromGitFileGoTemplate(t *testing.T) { params, err := (*GitGenerator)(nil).generateParamsFromGitFile("path/dir/file_name.yaml", []byte(` foo: bar: baz -`), values, true, "myRepo") +`), values, true, nil, "myRepo") if err != nil { t.Fatal(err) } diff --git a/applicationset/generators/scm_provider.go b/applicationset/generators/scm_provider.go index 84791ca2cdadb..9d0b386c30e4f 100644 --- a/applicationset/generators/scm_provider.go +++ b/applicationset/generators/scm_provider.go @@ -172,7 +172,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha "branchNormalized": utils.SanitizeName(repo.Branch), } - err := appendTemplatedValues(appSetGenerator.SCMProvider.Values, params, applicationSetInfo.Spec.GoTemplate) + err := appendTemplatedValues(appSetGenerator.SCMProvider.Values, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) if err != nil { return nil, fmt.Errorf("failed to append templated values: %w", err) } diff --git a/applicationset/generators/value_interpolation.go b/applicationset/generators/value_interpolation.go index f78999c029ed2..05a078d42f782 100644 --- a/applicationset/generators/value_interpolation.go +++ b/applicationset/generators/value_interpolation.go @@ -4,14 +4,14 @@ import ( "fmt" ) -func appendTemplatedValues(values map[string]string, params map[string]interface{}, useGoTemplate bool) error { +func appendTemplatedValues(values map[string]string, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) error { // We create a local map to ensure that we do not fall victim to a billion-laughs attack. We iterate through the // cluster values map and only replace values in said map if it has already been allowlisted in the params map. // Once we iterate through all the cluster values we can then safely merge the `tmp` map into the main params map. tmp := map[string]interface{}{} for key, value := range values { - result, err := replaceTemplatedString(value, params, useGoTemplate) + result, err := replaceTemplatedString(value, params, useGoTemplate, goTemplateOptions) if err != nil { return fmt.Errorf("failed to replace templated string: %w", err) @@ -34,8 +34,8 @@ func appendTemplatedValues(values map[string]string, params map[string]interface return nil } -func replaceTemplatedString(value string, params map[string]interface{}, useGoTemplate bool) (string, error) { - replacedTmplStr, err := render.Replace(value, params, useGoTemplate) +func replaceTemplatedString(value string, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) { + replacedTmplStr, err := render.Replace(value, params, useGoTemplate, goTemplateOptions) if err != nil { return "", fmt.Errorf("failed to replace templated string with rendered values: %w", err) } diff --git a/applicationset/generators/value_interpolation_test.go b/applicationset/generators/value_interpolation_test.go index c575042549c68..8aa57dc0c0e65 100644 --- a/applicationset/generators/value_interpolation_test.go +++ b/applicationset/generators/value_interpolation_test.go @@ -55,7 +55,7 @@ func TestValueInterpolation(t *testing.T) { for _, testCase := range testCases { t.Run(testCase.name, func(t *testing.T) { - err := appendTemplatedValues(testCase.values, testCase.params, false) + err := appendTemplatedValues(testCase.values, testCase.params, false, nil) assert.NoError(t, err) assert.EqualValues(t, testCase.expected, testCase.params) }) @@ -117,7 +117,7 @@ func TestValueInterpolationWithGoTemplating(t *testing.T) { for _, testCase := range testCases { t.Run(testCase.name, func(t *testing.T) { - err := appendTemplatedValues(testCase.values, testCase.params, true) + err := appendTemplatedValues(testCase.values, testCase.params, true, nil) assert.NoError(t, err) assert.EqualValues(t, testCase.expected, testCase.params) }) diff --git a/applicationset/utils/utils.go b/applicationset/utils/utils.go index 7a68b334f3ee2..f7ef2e89760ec 100644 --- a/applicationset/utils/utils.go +++ b/applicationset/utils/utils.go @@ -31,7 +31,7 @@ func init() { } type Renderer interface { - RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy *argoappsv1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool) (*argoappsv1.Application, error) + RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy *argoappsv1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*argoappsv1.Application, error) } type Render struct { @@ -50,7 +50,7 @@ func copyUnexported(copy, original reflect.Value) { // This function is in charge of searching all String fields of the object recursively and apply templating // thanks to https://gist.github.com/randallmlough/1fd78ec8a1034916ca52281e3b886dc7 -func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[string]interface{}, useGoTemplate bool) error { +func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) error { switch original.Kind() { // The first cases handle nested structures and translate them recursively // If it is a pointer we need to unwrap and call once again @@ -70,7 +70,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri copyUnexported(copy, original) } // Unwrap the newly created pointer - if err := r.deeplyReplace(copy.Elem(), originalValue, replaceMap, useGoTemplate); err != nil { + if err := r.deeplyReplace(copy.Elem(), originalValue, replaceMap, useGoTemplate, goTemplateOptions); err != nil { return err } @@ -84,7 +84,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri // Create a new object. Now new gives us a pointer, but we want the value it // points to, so we have to call Elem() to unwrap it copyValue := reflect.New(originalValue.Type()).Elem() - if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate); err != nil { + if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate, goTemplateOptions); err != nil { return err } copy.Set(copyValue) @@ -105,7 +105,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri } jsonOriginal := reflect.ValueOf(&unmarshaled) jsonCopy := reflect.New(jsonOriginal.Type()).Elem() - err = r.deeplyReplace(jsonCopy, jsonOriginal, replaceMap, useGoTemplate) + err = r.deeplyReplace(jsonCopy, jsonOriginal, replaceMap, useGoTemplate, goTemplateOptions) if err != nil { return fmt.Errorf("failed to deeply replace JSON field contents: %w", err) } @@ -115,7 +115,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri return fmt.Errorf("failed to marshal templated JSON field: %w", err) } copy.Field(i).Set(reflect.ValueOf(data)) - } else if err := r.deeplyReplace(copy.Field(i), original.Field(i), replaceMap, useGoTemplate); err != nil { + } else if err := r.deeplyReplace(copy.Field(i), original.Field(i), replaceMap, useGoTemplate, goTemplateOptions); err != nil { return err } } @@ -129,7 +129,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri } for i := 0; i < original.Len(); i += 1 { - if err := r.deeplyReplace(copy.Index(i), original.Index(i), replaceMap, useGoTemplate); err != nil { + if err := r.deeplyReplace(copy.Index(i), original.Index(i), replaceMap, useGoTemplate, goTemplateOptions); err != nil { return err } } @@ -149,13 +149,13 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri // New gives us a pointer, but again we want the value copyValue := reflect.New(originalValue.Type()).Elem() - if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate); err != nil { + if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate, goTemplateOptions); err != nil { return err } // Keys can be templated as well as values (e.g. to template something into an annotation). if key.Kind() == reflect.String { - templatedKey, err := r.Replace(key.String(), replaceMap, useGoTemplate) + templatedKey, err := r.Replace(key.String(), replaceMap, useGoTemplate, goTemplateOptions) if err != nil { return err } @@ -169,7 +169,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri // If it is a string translate it (yay finally we're doing what we came for) case reflect.String: strToTemplate := original.String() - templated, err := r.Replace(strToTemplate, replaceMap, useGoTemplate) + templated, err := r.Replace(strToTemplate, replaceMap, useGoTemplate, goTemplateOptions) if err != nil { return err } @@ -191,7 +191,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri return nil } -func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy *argoappsv1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool) (*argoappsv1.Application, error) { +func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy *argoappsv1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*argoappsv1.Application, error) { if tmpl == nil { return nil, fmt.Errorf("application template is empty") } @@ -203,7 +203,7 @@ func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy * original := reflect.ValueOf(tmpl) copy := reflect.New(original.Type()).Elem() - if err := r.deeplyReplace(copy, original, params, useGoTemplate); err != nil { + if err := r.deeplyReplace(copy, original, params, useGoTemplate, goTemplateOptions); err != nil { return nil, err } @@ -223,7 +223,7 @@ func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy * return replacedTmpl, nil } -func (r *Render) RenderGeneratorParams(gen *argoappsv1.ApplicationSetGenerator, params map[string]interface{}, useGoTemplate bool) (*argoappsv1.ApplicationSetGenerator, error) { +func (r *Render) RenderGeneratorParams(gen *argoappsv1.ApplicationSetGenerator, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*argoappsv1.ApplicationSetGenerator, error) { if gen == nil { return nil, fmt.Errorf("generator is empty") } @@ -235,7 +235,7 @@ func (r *Render) RenderGeneratorParams(gen *argoappsv1.ApplicationSetGenerator, original := reflect.ValueOf(gen) copy := reflect.New(original.Type()).Elem() - if err := r.deeplyReplace(copy, original, params, useGoTemplate); err != nil { + if err := r.deeplyReplace(copy, original, params, useGoTemplate, goTemplateOptions); err != nil { return nil, fmt.Errorf("failed to replace parameters in generator: %w", err) } @@ -248,12 +248,15 @@ var isTemplatedRegex = regexp.MustCompile(".*{{.*}}.*") // Replace executes basic string substitution of a template with replacement values. // remaining in the substituted template. -func (r *Render) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool) (string, error) { +func (r *Render) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) { if useGoTemplate { template, err := template.New("").Funcs(sprigFuncMap).Parse(tmpl) if err != nil { return "", fmt.Errorf("failed to parse template %s: %w", tmpl, err) } + for _, option := range goTemplateOptions { + template = template.Option(option) + } var replacedTmplBuffer bytes.Buffer if err = template.Execute(&replacedTmplBuffer, replaceMap); err != nil { diff --git a/applicationset/utils/utils_test.go b/applicationset/utils/utils_test.go index 97e4a69c50908..eca1b44198e49 100644 --- a/applicationset/utils/utils_test.go +++ b/applicationset/utils/utils_test.go @@ -173,7 +173,7 @@ func TestRenderTemplateParams(t *testing.T) { // Render the cloned application, into a new application render := Render{} - newApplication, err := render.RenderTemplateParams(application, nil, test.params, false) + newApplication, err := render.RenderTemplateParams(application, nil, test.params, false, nil) // Retrieve the value of the target field from the newApplication, then verify that // the target field has been templated into the expected value @@ -235,11 +235,12 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { } tests := []struct { - name string - fieldVal string - params map[string]interface{} - expectedVal string - errorMessage string + name string + fieldVal string + params map[string]interface{} + expectedVal string + errorMessage string + templateOptions []string }{ { name: "simple substitution", @@ -422,6 +423,26 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { }, errorMessage: `failed to execute go template {{.data.test}}: template: :1:7: executing "" at <.data.test>: can't evaluate field test in type interface {}`, }, + { + name: "lookup missing value with missingkey=default", + fieldVal: `--> {{.doesnotexist}} <--`, + expectedVal: `--> <--`, + params: map[string]interface{}{ + // if no params are passed then for some reason templating is skipped + "unused": "this is not used", + }, + }, + { + name: "lookup missing value with missingkey=error", + fieldVal: `--> {{.doesnotexist}} <--`, + expectedVal: "", + params: map[string]interface{}{ + // if no params are passed then for some reason templating is skipped + "unused": "this is not used", + }, + templateOptions: []string{"missingkey=error"}, + errorMessage: `failed to execute go template --> {{.doesnotexist}} <--: template: :1:6: executing "" at <.doesnotexist>: map has no entry for key "doesnotexist"`, + }, } for _, test := range tests { @@ -438,7 +459,7 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { // Render the cloned application, into a new application render := Render{} - newApplication, err := render.RenderTemplateParams(application, nil, test.params, true) + newApplication, err := render.RenderTemplateParams(application, nil, test.params, true, test.templateOptions) // Retrieve the value of the target field from the newApplication, then verify that // the target field has been templated into the expected value @@ -479,7 +500,7 @@ func TestRenderTemplateKeys(t *testing.T) { } render := Render{} - newApplication, err := render.RenderTemplateParams(application, nil, params, false) + newApplication, err := render.RenderTemplateParams(application, nil, params, false, nil) require.NoError(t, err) require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key") assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value") @@ -499,7 +520,7 @@ func TestRenderTemplateKeys(t *testing.T) { } render := Render{} - newApplication, err := render.RenderTemplateParams(application, nil, params, true) + newApplication, err := render.RenderTemplateParams(application, nil, params, true, nil) require.NoError(t, err) require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key") assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value") @@ -600,7 +621,7 @@ func TestRenderTemplateParamsFinalizers(t *testing.T) { // Render the cloned application, into a new application render := Render{} - res, err := render.RenderTemplateParams(application, c.syncPolicy, params, true) + res, err := render.RenderTemplateParams(application, c.syncPolicy, params, true, nil) assert.Nil(t, err) assert.ElementsMatch(t, res.Finalizers, c.expectedFinalizers) diff --git a/applicationset/webhook/webhook.go b/applicationset/webhook/webhook.go index 72f6dde38b069..17e782386f061 100644 --- a/applicationset/webhook/webhook.go +++ b/applicationset/webhook/webhook.go @@ -478,7 +478,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera // Interpolate second child generator with params from first child generator, if there are any params if len(params) != 0 { for _, p := range params { - tempInterpolatedGenerator, err := generators.InterpolateGenerator(requestedGenerator1, p, appSet.Spec.GoTemplate) + tempInterpolatedGenerator, err := generators.InterpolateGenerator(requestedGenerator1, p, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) interpolatedGenerator := &tempInterpolatedGenerator if err != nil { log.Error(err) diff --git a/assets/swagger.json b/assets/swagger.json index a8cca27e2e2a1..1383eb156cc5e 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -5945,6 +5945,12 @@ "goTemplate": { "type": "boolean" }, + "goTemplateOptions": { + "type": "array", + "items": { + "type": "string" + } + }, "preservedFields": { "$ref": "#/definitions/v1alpha1ApplicationPreservedFields" }, diff --git a/docs/operator-manual/applicationset.yaml b/docs/operator-manual/applicationset.yaml index 2267343a7c489..7e5a5b80d3583 100644 --- a/docs/operator-manual/applicationset.yaml +++ b/docs/operator-manual/applicationset.yaml @@ -11,6 +11,9 @@ spec: - cluster: https://kubernetes.default.svc # Determines whether go templating will be used in the `template` field below. goTemplate: false + # Optional list of go templating options, see https://pkg.go.dev/text/template#Template.Option + # This is only relevant if `goTemplate` is true + goTemplateOptions: ["missingkey="] # These fields are identical to the Application spec. template: metadata: diff --git a/docs/operator-manual/applicationset/Generators-Git.md b/docs/operator-manual/applicationset/Generators-Git.md index cc8bb9167a643..690495dccfee5 100644 --- a/docs/operator-manual/applicationset/Generators-Git.md +++ b/docs/operator-manual/applicationset/Generators-Git.md @@ -37,6 +37,8 @@ metadata: name: cluster-addons namespace: argocd spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git @@ -45,16 +47,16 @@ spec: - path: applicationset/examples/git-generator-directory/cluster-addons/* template: metadata: - name: '{{path.basename}}' + name: '{{.path.basename}}' spec: project: "my-project" source: repoURL: https://github.com/argoproj/argo-cd.git targetRevision: HEAD - path: '{{path}}' + path: '{{.path.path}}' destination: server: https://kubernetes.default.svc - namespace: '{{path.basename}}' + namespace: '{{.path.basename}}' syncPolicy: syncOptions: - CreateNamespace=true @@ -63,14 +65,14 @@ spec: The generator parameters are: -- `{{path}}`: The directory paths within the Git repository that match the `path` wildcard. -- `{{path[n]}}`: The directory paths within the Git repository that match the `path` wildcard, split into array elements (`n` - array index) -- `{{path.basename}}`: For any directory path within the Git repository that matches the `path` wildcard, the right-most path name is extracted (e.g. `/directory/directory2` would produce `directory2`). -- `{{path.basenameNormalized}}`: This field is the same as `path.basename` with unsupported characters replaced with `-` (e.g. a `path` of `/directory/directory_2`, and `path.basename` of `directory_2` would produce `directory-2` here). +- `{{.path.path}}`: The directory paths within the Git repository that match the `path` wildcard. +- `{{index .path.segments n}}`: The directory paths within the Git repository that match the `path` wildcard, split into array elements (`n` - array index) +- `{{.path.basename}}`: For any directory path within the Git repository that matches the `path` wildcard, the right-most path name is extracted (e.g. `/directory/directory2` would produce `directory2`). +- `{{.path.basenameNormalized}}`: This field is the same as `path.basename` with unsupported characters replaced with `-` (e.g. a `path` of `/directory/directory_2`, and `path.basename` of `directory_2` would produce `directory-2` here). -**Note**: The right-most path name always becomes `{{path.basename}}`. For example, for `- path: /one/two/three/four`, `{{path.basename}}` is `four`. +**Note**: The right-most path name always becomes `{{.path.basename}}`. For example, for `- path: /one/two/three/four`, `{{.path.basename}}` is `four`. -**Note**: If the `pathParamPrefix` option is specified, all `path`-related parameter names above will be prefixed with the specified value and a dot separator. E.g., if `pathParamPrefix` is `myRepo`, then the generated parameter name would be `myRepo.path` instead of `path`. Using this option is necessary in a Matrix generator where both child generators are Git generators (to avoid conflicts when merging the child generators’ items). +**Note**: If the `pathParamPrefix` option is specified, all `path`-related parameter names above will be prefixed with the specified value and a dot separator. E.g., if `pathParamPrefix` is `myRepo`, then the generated parameter name would be `.myRepo.path` instead of `.path`. Using this option is necessary in a Matrix generator where both child generators are Git generators (to avoid conflicts when merging the child generators’ items). Whenever a new Helm chart/Kustomize YAML/Application/plain subdirectory is added to the Git repository, the ApplicationSet controller will detect this change and automatically deploy the resulting manifests within new `Application` resources. @@ -89,6 +91,8 @@ metadata: name: cluster-addons namespace: argocd spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git @@ -99,16 +103,16 @@ spec: exclude: true template: metadata: - name: '{{path.basename}}' + name: '{{.path.basename}}' spec: project: "my-project" source: repoURL: https://github.com/argoproj/argo-cd.git targetRevision: HEAD - path: '{{path}}' + path: '{{.path.path}}' destination: server: https://kubernetes.default.svc - namespace: '{{path.basename}}' + namespace: '{{.path.basename}}' ``` (*The full example can be found [here](https://github.com/argoproj/argo-cd/tree/master/applicationset/examples/git-generator-directory/excludes).*) @@ -170,6 +174,8 @@ metadata: name: cluster-addons namespace: argocd spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/example/example-repo.git @@ -180,16 +186,16 @@ spec: exclude: true template: metadata: - name: '{{path.basename}}' + name: '{{.path.basename}}' spec: project: "my-project" source: repoURL: https://github.com/example/example-repo.git targetRevision: HEAD - path: '{{path}}' + path: '{{.path.path}}' destination: server: https://kubernetes.default.svc - namespace: '{{path.basename}}' + namespace: '{{.path.basename}}' ``` ### Pass additional key-value pairs via `values` field @@ -288,6 +294,8 @@ metadata: name: guestbook namespace: argocd spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git @@ -296,7 +304,7 @@ spec: - path: "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" template: metadata: - name: '{{cluster.name}}-guestbook' + name: '{{.cluster.name}}-guestbook' spec: project: default source: @@ -304,7 +312,7 @@ spec: targetRevision: HEAD path: "applicationset/examples/git-generator-files-discovery/apps/guestbook" destination: - server: '{{cluster.address}}' + server: '{{.cluster.address}}' namespace: guestbook ``` (*The full example can be found [here](https://github.com/argoproj/argo-cd/tree/master/applicationset/examples/git-generator-files-discovery).*) diff --git a/docs/operator-manual/applicationset/Generators-List.md b/docs/operator-manual/applicationset/Generators-List.md index 12ba0b820fb61..7cee47ae60f0e 100644 --- a/docs/operator-manual/applicationset/Generators-List.md +++ b/docs/operator-manual/applicationset/Generators-List.md @@ -64,6 +64,7 @@ metadata: namespace: argocd spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - matrix: generators: @@ -112,4 +113,4 @@ key: releaseName: component2 repoUrl: "ghcr.io/stefanprodan/charts" namespace: component2 -``` \ No newline at end of file +``` diff --git a/docs/operator-manual/applicationset/GoTemplate.md b/docs/operator-manual/applicationset/GoTemplate.md index 911754009ab14..c663ea788185a 100644 --- a/docs/operator-manual/applicationset/GoTemplate.md +++ b/docs/operator-manual/applicationset/GoTemplate.md @@ -12,6 +12,14 @@ An additional `normalize` function makes any string parameter usable as a valid with hyphens and truncating at 253 characters. This is useful when making parameters safe for things like Application names. +If you want to customize [options defined by text/template](https://pkg.go.dev/text/template#Template.Option), you can +add the `goTemplateOptions: ["opt1", "opt2", ...]` key to your ApplicationSet next to `goTemplate: true`. Note that at +the time of writing, there is only one useful option defined, which is `missingkey=error`. + +The recommended setting of `goTemplateOptions` is `["missingkey=error"]`, which ensures that if undefined values are +looked up by your template then an error is reported instead of being ignored silently. This is not currently the default +behavior, for backwards compatibility. + ## Motivation Go Template is the Go Standard for string templating. It is also more powerful than fasttemplate (the default templating @@ -29,6 +37,7 @@ possible with Go text templates: kind: ApplicationSet spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] template: spec: source: @@ -42,6 +51,7 @@ possible with Go text templates: kind: ApplicationSet spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] template: spec: syncPolicy: "{{.syncPolicy}}" # This field may NOT be templated, because it is an object field. @@ -53,6 +63,7 @@ possible with Go text templates: kind: ApplicationSet spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] template: spec: source: @@ -126,6 +137,7 @@ metadata: name: cluster-addons spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - git: repoURL: https://github.com/argoproj/argo-cd.git @@ -170,6 +182,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: @@ -205,6 +218,7 @@ metadata: name: guestbook spec: goTemplate: true + goTemplateOptions: ["missingkey=error"] generators: - list: elements: @@ -215,7 +229,7 @@ spec: nameSuffix: -my-name-suffix template: metadata: - name: '{{.cluster}}{{default "" .nameSuffix}}' + name: '{{.cluster}}{{dig "nameSuffix" . ""}}' spec: project: default source: @@ -229,3 +243,7 @@ spec: This ApplicationSet will produce an Application called `engineering-dev` and another called `engineering-prod-my-name-suffix`. + +Note that unset parameters are an error, so you need to avoid looking up a property that doesn't exist. Instead, use +template functions like `dig` to do the lookup with a default. If you prefer to have unset parameters default to zero, +you can remove `goTemplateOptions: ["missingkey=error"]` or set it to `goTemplateOptions: ["missingkey=invalid"]` diff --git a/docs/operator-manual/applicationset/Progressive-Syncs.md b/docs/operator-manual/applicationset/Progressive-Syncs.md index 4a6a5edeea996..f29689af6dfc3 100644 --- a/docs/operator-manual/applicationset/Progressive-Syncs.md +++ b/docs/operator-manual/applicationset/Progressive-Syncs.md @@ -94,6 +94,7 @@ spec: - env-prod maxUpdate: 10% # maxUpdate supports both integer and percentage string values (rounds down, but floored at 1 Application for >0%) goTemplate: true + goTemplateOptions: ["missingkey=error"] template: metadata: name: '{{.cluster}}-guestbook' diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 30e07c715c85d..6f794a470f730 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -15448,6 +15448,10 @@ spec: type: array goTemplate: type: boolean + goTemplateOptions: + items: + type: string + type: array preservedFields: properties: annotations: diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index bf99459b33f01..f783ad457f99a 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -11084,6 +11084,10 @@ spec: type: array goTemplate: type: boolean + goTemplateOptions: + items: + type: string + type: array preservedFields: properties: annotations: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 35de87dacca99..d4ddf0ba213a3 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -15448,6 +15448,10 @@ spec: type: array goTemplate: type: boolean + goTemplateOptions: + items: + type: string + type: array preservedFields: properties: annotations: diff --git a/manifests/install.yaml b/manifests/install.yaml index 1dcc263fe35ef..6333264dac44e 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -15448,6 +15448,10 @@ spec: type: array goTemplate: type: boolean + goTemplateOptions: + items: + type: string + type: array preservedFields: properties: annotations: diff --git a/pkg/apis/api-rules/violation_exceptions.list b/pkg/apis/api-rules/violation_exceptions.list index 0a48839844bac..e4c77bb4686d8 100644 --- a/pkg/apis/api-rules/violation_exceptions.list +++ b/pkg/apis/api-rules/violation_exceptions.list @@ -12,6 +12,7 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetRolloutStep,MatchExpressions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetRolloutStrategy,Steps API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,Generators +API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,GoTemplateOptions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,ApplicationStatus API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Conditions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTemplateMeta,Finalizers diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index 3a95bfe3f2701..37549cfa2b394 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -54,12 +54,13 @@ func (a *ApplicationSet) RBACName() string { // ApplicationSetSpec represents a class of application set state. type ApplicationSetSpec struct { - GoTemplate bool `json:"goTemplate,omitempty" protobuf:"bytes,1,name=goTemplate"` - Generators []ApplicationSetGenerator `json:"generators" protobuf:"bytes,2,name=generators"` - Template ApplicationSetTemplate `json:"template" protobuf:"bytes,3,name=template"` - SyncPolicy *ApplicationSetSyncPolicy `json:"syncPolicy,omitempty" protobuf:"bytes,4,name=syncPolicy"` - Strategy *ApplicationSetStrategy `json:"strategy,omitempty" protobuf:"bytes,5,opt,name=strategy"` - PreservedFields *ApplicationPreservedFields `json:"preservedFields,omitempty" protobuf:"bytes,6,opt,name=preservedFields"` + GoTemplate bool `json:"goTemplate,omitempty" protobuf:"bytes,1,name=goTemplate"` + Generators []ApplicationSetGenerator `json:"generators" protobuf:"bytes,2,name=generators"` + Template ApplicationSetTemplate `json:"template" protobuf:"bytes,3,name=template"` + SyncPolicy *ApplicationSetSyncPolicy `json:"syncPolicy,omitempty" protobuf:"bytes,4,name=syncPolicy"` + Strategy *ApplicationSetStrategy `json:"strategy,omitempty" protobuf:"bytes,5,opt,name=strategy"` + PreservedFields *ApplicationPreservedFields `json:"preservedFields,omitempty" protobuf:"bytes,6,opt,name=preservedFields"` + GoTemplateOptions []string `json:"goTemplateOptions,omitempty" protobuf:"bytes,7,opt,name=goTemplateOptions"` } type ApplicationPreservedFields struct { diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index b57d61e2b95a9..cdbc200ee2c81 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -4123,640 +4123,641 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 10117 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x1c, 0xc9, - 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0x90, 0x68, 0x92, 0x77, 0x38, 0xea, 0x8e, 0xa0, - 0xe7, 0xca, 0xa7, 0x53, 0x74, 0x07, 0xf8, 0xa8, 0x3b, 0x85, 0xf1, 0xd9, 0x27, 0x63, 0x01, 0x12, - 0x04, 0x09, 0x10, 0xb8, 0x06, 0x48, 0x4a, 0x77, 0x3e, 0x9d, 0x06, 0xb3, 0xbd, 0x8b, 0x21, 0x66, - 0x67, 0x96, 0x33, 0xb3, 0x20, 0x70, 0x96, 0x65, 0xc9, 0xb6, 0x6c, 0x25, 0xfa, 0x38, 0xe5, 0x94, - 0x2a, 0xcb, 0x49, 0xec, 0x28, 0xb6, 0xcb, 0x15, 0x57, 0x72, 0x15, 0xa7, 0xf2, 0x23, 0xce, 0x57, - 0xb9, 0x6c, 0xe7, 0xc7, 0xa5, 0x94, 0x54, 0x54, 0x15, 0x97, 0xe5, 0xc4, 0x0e, 0x2c, 0x21, 0x95, - 0x4a, 0x2a, 0x55, 0x71, 0x55, 0x3e, 0xfe, 0x84, 0xe5, 0xaa, 0xa4, 0xfa, 0xbb, 0x67, 0x76, 0x97, - 0x58, 0x00, 0x03, 0x92, 0x52, 0xdd, 0xbf, 0xdd, 0x7e, 0x6f, 0xde, 0xeb, 0xe9, 0xe9, 0x7e, 0xfd, - 0x5e, 0xbf, 0x8f, 0x86, 0xc5, 0x86, 0x97, 0x6c, 0xb4, 0xd7, 0xa7, 0xdc, 0xb0, 0x39, 0xed, 0x44, - 0x8d, 0xb0, 0x15, 0x85, 0xb7, 0xd9, 0x8f, 0xe7, 0xdd, 0xda, 0xf4, 0xd6, 0x85, 0xe9, 0xd6, 0x66, - 0x63, 0xda, 0x69, 0x79, 0xf1, 0xb4, 0xd3, 0x6a, 0xf9, 0x9e, 0xeb, 0x24, 0x5e, 0x18, 0x4c, 0x6f, - 0xbd, 0xe0, 0xf8, 0xad, 0x0d, 0xe7, 0x85, 0xe9, 0x06, 0x09, 0x48, 0xe4, 0x24, 0xa4, 0x36, 0xd5, - 0x8a, 0xc2, 0x24, 0x44, 0x3f, 0xa6, 0xa9, 0x4d, 0x49, 0x6a, 0xec, 0xc7, 0x9b, 0x6e, 0x6d, 0x6a, - 0xeb, 0xc2, 0x54, 0x6b, 0xb3, 0x31, 0x45, 0xa9, 0x4d, 0x19, 0xd4, 0xa6, 0x24, 0xb5, 0xb3, 0xcf, - 0x1b, 0x7d, 0x69, 0x84, 0x8d, 0x70, 0x9a, 0x11, 0x5d, 0x6f, 0xd7, 0xd9, 0x3f, 0xf6, 0x87, 0xfd, - 0xe2, 0xcc, 0xce, 0xda, 0x9b, 0x17, 0xe3, 0x29, 0x2f, 0xa4, 0xdd, 0x9b, 0x76, 0xc3, 0x88, 0x4c, - 0x6f, 0x75, 0x74, 0xe8, 0xec, 0x15, 0x8d, 0x43, 0xb6, 0x13, 0x12, 0xc4, 0x5e, 0x18, 0xc4, 0xcf, - 0xd3, 0x2e, 0x90, 0x68, 0x8b, 0x44, 0xe6, 0xeb, 0x19, 0x08, 0xdd, 0x28, 0xbd, 0xa8, 0x29, 0x35, - 0x1d, 0x77, 0xc3, 0x0b, 0x48, 0xb4, 0xa3, 0x1f, 0x6f, 0x92, 0xc4, 0xe9, 0xf6, 0xd4, 0x74, 0xaf, - 0xa7, 0xa2, 0x76, 0x90, 0x78, 0x4d, 0xd2, 0xf1, 0xc0, 0xc7, 0xf6, 0x7b, 0x20, 0x76, 0x37, 0x48, - 0xd3, 0xe9, 0x78, 0xee, 0xa3, 0xbd, 0x9e, 0x6b, 0x27, 0x9e, 0x3f, 0xed, 0x05, 0x49, 0x9c, 0x44, - 0xd9, 0x87, 0xec, 0x3b, 0x30, 0x3a, 0x73, 0x6b, 0x75, 0xa6, 0x9d, 0x6c, 0xcc, 0x86, 0x41, 0xdd, - 0x6b, 0xa0, 0x97, 0x60, 0xd8, 0xf5, 0xdb, 0x71, 0x42, 0xa2, 0xeb, 0x4e, 0x93, 0x4c, 0x58, 0xe7, - 0xad, 0x67, 0x2b, 0xd5, 0x53, 0xef, 0xed, 0x4e, 0x7e, 0x60, 0x6f, 0x77, 0x72, 0x78, 0x56, 0x83, - 0xb0, 0x89, 0x87, 0x3e, 0x0c, 0x43, 0x51, 0xe8, 0x93, 0x19, 0x7c, 0x7d, 0xa2, 0xc0, 0x1e, 0x39, - 0x21, 0x1e, 0x19, 0xc2, 0xbc, 0x19, 0x4b, 0xb8, 0xfd, 0x47, 0x05, 0x80, 0x99, 0x56, 0x6b, 0x25, - 0x0a, 0x6f, 0x13, 0x37, 0x41, 0x9f, 0x86, 0x32, 0x1d, 0xba, 0x9a, 0x93, 0x38, 0x8c, 0xdb, 0xf0, - 0x85, 0x1f, 0x99, 0xe2, 0x6f, 0x32, 0x65, 0xbe, 0x89, 0x9e, 0x38, 0x14, 0x7b, 0x6a, 0xeb, 0x85, - 0xa9, 0xe5, 0x75, 0xfa, 0xfc, 0x12, 0x49, 0x9c, 0x2a, 0x12, 0xcc, 0x40, 0xb7, 0x61, 0x45, 0x15, - 0x05, 0x30, 0x10, 0xb7, 0x88, 0xcb, 0x3a, 0x36, 0x7c, 0x61, 0x71, 0xea, 0x28, 0x33, 0x74, 0x4a, - 0xf7, 0x7c, 0xb5, 0x45, 0xdc, 0xea, 0x88, 0xe0, 0x3c, 0x40, 0xff, 0x61, 0xc6, 0x07, 0x6d, 0xc1, - 0x60, 0x9c, 0x38, 0x49, 0x3b, 0x9e, 0x28, 0x32, 0x8e, 0xd7, 0x73, 0xe3, 0xc8, 0xa8, 0x56, 0xc7, - 0x04, 0xcf, 0x41, 0xfe, 0x1f, 0x0b, 0x6e, 0xf6, 0x7f, 0xb2, 0x60, 0x4c, 0x23, 0x2f, 0x7a, 0x71, - 0x82, 0x7e, 0xb2, 0x63, 0x70, 0xa7, 0xfa, 0x1b, 0x5c, 0xfa, 0x34, 0x1b, 0xda, 0x93, 0x82, 0x59, - 0x59, 0xb6, 0x18, 0x03, 0xdb, 0x84, 0x92, 0x97, 0x90, 0x66, 0x3c, 0x51, 0x38, 0x5f, 0x7c, 0x76, - 0xf8, 0xc2, 0x95, 0xbc, 0xde, 0xb3, 0x3a, 0x2a, 0x98, 0x96, 0x16, 0x28, 0x79, 0xcc, 0xb9, 0xd8, - 0xbf, 0x35, 0x62, 0xbe, 0x1f, 0x1d, 0x70, 0xf4, 0x02, 0x0c, 0xc7, 0x61, 0x3b, 0x72, 0x09, 0x26, - 0xad, 0x30, 0x9e, 0xb0, 0xce, 0x17, 0xe9, 0xd4, 0xa3, 0x33, 0x75, 0x55, 0x37, 0x63, 0x13, 0x07, - 0x7d, 0xd5, 0x82, 0x91, 0x1a, 0x89, 0x13, 0x2f, 0x60, 0xfc, 0x65, 0xe7, 0xd7, 0x8e, 0xdc, 0x79, - 0xd9, 0x38, 0xa7, 0x89, 0x57, 0x4f, 0x8b, 0x17, 0x19, 0x31, 0x1a, 0x63, 0x9c, 0xe2, 0x4f, 0x57, - 0x5c, 0x8d, 0xc4, 0x6e, 0xe4, 0xb5, 0xe8, 0x7f, 0x36, 0x67, 0x8c, 0x15, 0x37, 0xa7, 0x41, 0xd8, - 0xc4, 0x43, 0x01, 0x94, 0xe8, 0x8a, 0x8a, 0x27, 0x06, 0x58, 0xff, 0x17, 0x8e, 0xd6, 0x7f, 0x31, - 0xa8, 0x74, 0xb1, 0xea, 0xd1, 0xa7, 0xff, 0x62, 0xcc, 0xd9, 0xa0, 0xaf, 0x58, 0x30, 0x21, 0x56, - 0x3c, 0x26, 0x7c, 0x40, 0x6f, 0x6d, 0x78, 0x09, 0xf1, 0xbd, 0x38, 0x99, 0x28, 0xb1, 0x3e, 0x4c, - 0xf7, 0x37, 0xb7, 0xe6, 0xa3, 0xb0, 0xdd, 0xba, 0xe6, 0x05, 0xb5, 0xea, 0x79, 0xc1, 0x69, 0x62, - 0xb6, 0x07, 0x61, 0xdc, 0x93, 0x25, 0xfa, 0xba, 0x05, 0x67, 0x03, 0xa7, 0x49, 0xe2, 0x96, 0x43, - 0x3f, 0x2d, 0x07, 0x57, 0x7d, 0xc7, 0xdd, 0x64, 0x3d, 0x1a, 0x3c, 0x5c, 0x8f, 0x6c, 0xd1, 0xa3, - 0xb3, 0xd7, 0x7b, 0x92, 0xc6, 0xf7, 0x61, 0x8b, 0x7e, 0xdd, 0x82, 0xf1, 0x30, 0x6a, 0x6d, 0x38, - 0x01, 0xa9, 0x49, 0x68, 0x3c, 0x31, 0xc4, 0x96, 0xde, 0xa7, 0x8e, 0xf6, 0x89, 0x96, 0xb3, 0x64, - 0x97, 0xc2, 0xc0, 0x4b, 0xc2, 0x68, 0x95, 0x24, 0x89, 0x17, 0x34, 0xe2, 0xea, 0x99, 0xbd, 0xdd, - 0xc9, 0xf1, 0x0e, 0x2c, 0xdc, 0xd9, 0x1f, 0xf4, 0x53, 0x30, 0x1c, 0xef, 0x04, 0xee, 0x2d, 0x2f, - 0xa8, 0x85, 0x77, 0xe3, 0x89, 0x72, 0x1e, 0xcb, 0x77, 0x55, 0x11, 0x14, 0x0b, 0x50, 0x33, 0xc0, - 0x26, 0xb7, 0xee, 0x1f, 0x4e, 0x4f, 0xa5, 0x4a, 0xde, 0x1f, 0x4e, 0x4f, 0xa6, 0xfb, 0xb0, 0x45, - 0xbf, 0x68, 0xc1, 0x68, 0xec, 0x35, 0x02, 0x27, 0x69, 0x47, 0xe4, 0x1a, 0xd9, 0x89, 0x27, 0x80, - 0x75, 0xe4, 0xea, 0x11, 0x47, 0xc5, 0x20, 0x59, 0x3d, 0x23, 0xfa, 0x38, 0x6a, 0xb6, 0xc6, 0x38, - 0xcd, 0xb7, 0xdb, 0x42, 0xd3, 0xd3, 0x7a, 0x38, 0xdf, 0x85, 0xa6, 0x27, 0x75, 0x4f, 0x96, 0xe8, - 0x27, 0xe0, 0x24, 0x6f, 0x52, 0x23, 0x1b, 0x4f, 0x8c, 0x30, 0x41, 0x7b, 0x7a, 0x6f, 0x77, 0xf2, - 0xe4, 0x6a, 0x06, 0x86, 0x3b, 0xb0, 0xd1, 0x1d, 0x98, 0x6c, 0x91, 0xa8, 0xe9, 0x25, 0xcb, 0x81, - 0xbf, 0x23, 0xc5, 0xb7, 0x1b, 0xb6, 0x48, 0x4d, 0x74, 0x27, 0x9e, 0x18, 0x3d, 0x6f, 0x3d, 0x5b, - 0xae, 0x7e, 0x48, 0x74, 0x73, 0x72, 0xe5, 0xfe, 0xe8, 0x78, 0x3f, 0x7a, 0xf6, 0xbf, 0x2e, 0xc0, - 0xc9, 0xec, 0xc6, 0x89, 0x7e, 0xd3, 0x82, 0x13, 0xb7, 0xef, 0x26, 0x6b, 0xe1, 0x26, 0x09, 0xe2, - 0xea, 0x0e, 0x15, 0x6f, 0x6c, 0xcb, 0x18, 0xbe, 0xe0, 0xe6, 0xbb, 0x45, 0x4f, 0x5d, 0x4d, 0x73, - 0xb9, 0x14, 0x24, 0xd1, 0x4e, 0xf5, 0x71, 0xf1, 0x76, 0x27, 0xae, 0xde, 0x5a, 0x33, 0xa1, 0x38, - 0xdb, 0xa9, 0xb3, 0x5f, 0xb2, 0xe0, 0x74, 0x37, 0x12, 0xe8, 0x24, 0x14, 0x37, 0xc9, 0x0e, 0xd7, - 0xca, 0x30, 0xfd, 0x89, 0xde, 0x80, 0xd2, 0x96, 0xe3, 0xb7, 0x89, 0xd0, 0x6e, 0xe6, 0x8f, 0xf6, - 0x22, 0xaa, 0x67, 0x98, 0x53, 0xfd, 0xd1, 0xc2, 0x45, 0xcb, 0xfe, 0x77, 0x45, 0x18, 0x36, 0xf6, - 0xb7, 0x07, 0xa0, 0xb1, 0x85, 0x29, 0x8d, 0x6d, 0x29, 0xb7, 0xad, 0xb9, 0xa7, 0xca, 0x76, 0x37, - 0xa3, 0xb2, 0x2d, 0xe7, 0xc7, 0xf2, 0xbe, 0x3a, 0x1b, 0x4a, 0xa0, 0x12, 0xb6, 0xa8, 0x46, 0x4e, - 0xb7, 0xfe, 0x81, 0x3c, 0x3e, 0xe1, 0xb2, 0x24, 0x57, 0x1d, 0xdd, 0xdb, 0x9d, 0xac, 0xa8, 0xbf, - 0x58, 0x33, 0xb2, 0xbf, 0x63, 0xc1, 0x69, 0xa3, 0x8f, 0xb3, 0x61, 0x50, 0xf3, 0xd8, 0xa7, 0x3d, - 0x0f, 0x03, 0xc9, 0x4e, 0x4b, 0xaa, 0xfd, 0x6a, 0xa4, 0xd6, 0x76, 0x5a, 0x04, 0x33, 0x08, 0x55, - 0xf4, 0x9b, 0x24, 0x8e, 0x9d, 0x06, 0xc9, 0x2a, 0xfa, 0x4b, 0xbc, 0x19, 0x4b, 0x38, 0x8a, 0x00, - 0xf9, 0x4e, 0x9c, 0xac, 0x45, 0x4e, 0x10, 0x33, 0xf2, 0x6b, 0x5e, 0x93, 0x88, 0x01, 0xfe, 0x4b, - 0xfd, 0xcd, 0x18, 0xfa, 0x44, 0xf5, 0xb1, 0xbd, 0xdd, 0x49, 0xb4, 0xd8, 0x41, 0x09, 0x77, 0xa1, - 0x6e, 0x7f, 0xdd, 0x82, 0xc7, 0xba, 0xeb, 0x62, 0xe8, 0x19, 0x18, 0xe4, 0x26, 0x9f, 0x78, 0x3b, - 0xfd, 0x49, 0x58, 0x2b, 0x16, 0x50, 0x34, 0x0d, 0x15, 0xb5, 0x4f, 0x88, 0x77, 0x1c, 0x17, 0xa8, - 0x15, 0xbd, 0xb9, 0x68, 0x1c, 0x3a, 0x68, 0xf4, 0x8f, 0xd0, 0xdc, 0xd4, 0xa0, 0x31, 0x23, 0x89, - 0x41, 0xec, 0x3f, 0xb3, 0xe0, 0x84, 0xd1, 0xab, 0x07, 0xa0, 0x9a, 0x07, 0x69, 0xd5, 0x7c, 0x21, - 0xb7, 0xf9, 0xdc, 0x43, 0x37, 0xff, 0x8a, 0x05, 0x67, 0x0d, 0xac, 0x25, 0x27, 0x71, 0x37, 0x2e, - 0x6d, 0xb7, 0x22, 0x12, 0x53, 0x73, 0x1a, 0x3d, 0x65, 0xc8, 0xad, 0xea, 0xb0, 0xa0, 0x50, 0xbc, - 0x46, 0x76, 0xb8, 0x10, 0x7b, 0x0e, 0xca, 0x7c, 0x72, 0x86, 0x91, 0x18, 0x71, 0xf5, 0x6e, 0xcb, - 0xa2, 0x1d, 0x2b, 0x0c, 0x64, 0xc3, 0x20, 0x13, 0x4e, 0x74, 0xb1, 0xd2, 0x6d, 0x08, 0xe8, 0x47, - 0xbc, 0xc9, 0x5a, 0xb0, 0x80, 0xd8, 0xcb, 0xa9, 0xee, 0xac, 0x44, 0x84, 0x7d, 0xdc, 0xda, 0x65, - 0x8f, 0xf8, 0xb5, 0x98, 0x9a, 0x0d, 0x4e, 0x10, 0x84, 0x89, 0xb0, 0x00, 0x0c, 0xb3, 0x61, 0x46, - 0x37, 0x63, 0x13, 0xc7, 0xde, 0x2b, 0x30, 0xe3, 0x43, 0x2d, 0x6b, 0xf2, 0x20, 0x2c, 0xd7, 0x28, - 0x25, 0x07, 0x57, 0xf2, 0x13, 0x4a, 0xa4, 0xb7, 0xf5, 0xfa, 0x56, 0x46, 0x14, 0xe2, 0x5c, 0xb9, - 0xde, 0xdf, 0x82, 0xfd, 0xbd, 0x02, 0x4c, 0xa6, 0x1f, 0xe8, 0x90, 0xa4, 0xd4, 0x5c, 0x32, 0x18, - 0x65, 0x0f, 0x28, 0x0c, 0x7c, 0x6c, 0xe2, 0xf5, 0x10, 0x46, 0x85, 0xe3, 0x14, 0x46, 0xa6, 0xac, - 0x2c, 0xee, 0x23, 0x2b, 0x9f, 0x51, 0xa3, 0x3e, 0x90, 0x11, 0x4e, 0xe9, 0xfd, 0xe2, 0x3c, 0x0c, - 0xc4, 0x09, 0x69, 0x4d, 0x94, 0xd2, 0xb2, 0x66, 0x35, 0x21, 0x2d, 0xcc, 0x20, 0xf6, 0x7f, 0x2f, - 0xc0, 0xe3, 0xe9, 0x31, 0xd4, 0xe2, 0xfd, 0xe3, 0x29, 0xf1, 0xfe, 0x11, 0x53, 0xbc, 0xdf, 0xdb, - 0x9d, 0xfc, 0x60, 0x8f, 0xc7, 0xbe, 0x6f, 0xa4, 0x3f, 0x9a, 0xcf, 0x8c, 0xe2, 0x74, 0x7a, 0x14, - 0xef, 0xed, 0x4e, 0x3e, 0xd5, 0xe3, 0x1d, 0x33, 0xc3, 0xfc, 0x0c, 0x0c, 0x46, 0xc4, 0x89, 0xc3, - 0x40, 0x0c, 0xb4, 0xfa, 0x1c, 0x98, 0xb5, 0x62, 0x01, 0xb5, 0xff, 0xac, 0x9c, 0x1d, 0xec, 0x79, - 0x7e, 0xc0, 0x16, 0x46, 0xc8, 0x83, 0x01, 0xa6, 0xb2, 0x73, 0xd1, 0x70, 0xed, 0x68, 0xcb, 0x88, - 0x8a, 0x78, 0x45, 0xba, 0x5a, 0xa6, 0x5f, 0x8d, 0x36, 0x61, 0xc6, 0x02, 0x6d, 0x43, 0xd9, 0x95, - 0x9a, 0x74, 0x21, 0x8f, 0x33, 0x27, 0xa1, 0x47, 0x6b, 0x8e, 0x23, 0x54, 0x16, 0x2b, 0xf5, 0x5b, - 0x71, 0x43, 0x04, 0x8a, 0x0d, 0x2f, 0x11, 0x9f, 0xf5, 0x88, 0xb6, 0xd2, 0xbc, 0x67, 0xbc, 0xe2, - 0x10, 0xdd, 0x20, 0xe6, 0xbd, 0x04, 0x53, 0xfa, 0xe8, 0x0b, 0x16, 0x0c, 0xc7, 0x6e, 0x73, 0x25, - 0x0a, 0xb7, 0xbc, 0x1a, 0x89, 0x84, 0xa6, 0x74, 0x44, 0xd1, 0xb4, 0x3a, 0xbb, 0x24, 0x09, 0x6a, - 0xbe, 0xdc, 0x76, 0xd5, 0x10, 0x6c, 0xf2, 0xa5, 0x16, 0xc4, 0xe3, 0xe2, 0xdd, 0xe7, 0x88, 0xeb, - 0xd1, 0xbd, 0x4d, 0x1a, 0x4c, 0x6c, 0xa6, 0x1c, 0x59, 0x73, 0x9c, 0x6b, 0xbb, 0x9b, 0x74, 0xbd, - 0xe9, 0x0e, 0x7d, 0x70, 0x6f, 0x77, 0xf2, 0xf1, 0xd9, 0xee, 0x3c, 0x71, 0xaf, 0xce, 0xb0, 0x01, - 0x6b, 0xb5, 0x7d, 0x1f, 0x93, 0x3b, 0x6d, 0xc2, 0x8e, 0x43, 0x72, 0x18, 0xb0, 0x15, 0x4d, 0x30, - 0x33, 0x60, 0x06, 0x04, 0x9b, 0x7c, 0xd1, 0x1d, 0x18, 0x6c, 0x3a, 0x49, 0xe4, 0x6d, 0x8b, 0x33, - 0x90, 0x23, 0xea, 0xf2, 0x4b, 0x8c, 0x96, 0x66, 0xce, 0xb6, 0x7e, 0xde, 0x88, 0x05, 0x23, 0xd4, - 0x84, 0x52, 0x93, 0x44, 0x0d, 0x32, 0x51, 0xce, 0xe3, 0xbc, 0x77, 0x89, 0x92, 0xd2, 0x0c, 0x2b, - 0x54, 0xf3, 0x61, 0x6d, 0x98, 0x73, 0x41, 0x6f, 0x40, 0x39, 0x26, 0x3e, 0x71, 0xa9, 0xee, 0x52, - 0x61, 0x1c, 0x3f, 0xda, 0xa7, 0x1e, 0xe7, 0xac, 0x13, 0x7f, 0x55, 0x3c, 0xca, 0x17, 0x98, 0xfc, - 0x87, 0x15, 0x49, 0xfb, 0xbf, 0x58, 0x80, 0xd2, 0x12, 0xe6, 0x01, 0x68, 0x8f, 0x77, 0xd2, 0xda, - 0xe3, 0x62, 0x9e, 0x2a, 0x40, 0x0f, 0x05, 0xf2, 0xbd, 0x32, 0x64, 0x64, 0xf3, 0x75, 0x12, 0x27, - 0xa4, 0xf6, 0xbe, 0x3c, 0x7d, 0x5f, 0x9e, 0xbe, 0x2f, 0x4f, 0x95, 0x3c, 0x5d, 0xcf, 0xc8, 0xd3, - 0x57, 0x8c, 0x55, 0xaf, 0xbd, 0x97, 0x6f, 0x2a, 0xf7, 0xa6, 0xd9, 0x03, 0x03, 0x81, 0x4a, 0x82, - 0xab, 0xab, 0xcb, 0xd7, 0xbb, 0x0a, 0xd0, 0x37, 0xd3, 0x02, 0xf4, 0xa8, 0x2c, 0x1e, 0xb8, 0xc8, - 0xfc, 0x5b, 0x05, 0x78, 0x22, 0x2d, 0x4a, 0x70, 0xe8, 0xfb, 0x61, 0x3b, 0xa1, 0x5a, 0x32, 0xfa, - 0x55, 0x0b, 0x4e, 0x36, 0xd3, 0xe6, 0x69, 0x2c, 0x4e, 0x01, 0x3f, 0x91, 0x9b, 0x9c, 0xcb, 0xd8, - 0xbf, 0xd5, 0x09, 0x21, 0xf3, 0x4e, 0x66, 0x00, 0x31, 0xee, 0xe8, 0x0b, 0x7a, 0x03, 0x2a, 0x4d, - 0x67, 0xfb, 0x46, 0xab, 0xe6, 0x24, 0xd2, 0x40, 0xe9, 0x6d, 0x57, 0xb6, 0x13, 0xcf, 0x9f, 0xe2, - 0xbe, 0xdd, 0xa9, 0x85, 0x20, 0x59, 0x8e, 0x56, 0x93, 0xc8, 0x0b, 0x1a, 0xfc, 0xec, 0x67, 0x49, - 0x92, 0xc1, 0x9a, 0xa2, 0xfd, 0x2b, 0x56, 0x56, 0xd0, 0xaa, 0xd1, 0x89, 0x9c, 0x84, 0x34, 0x76, - 0xd0, 0x67, 0xa0, 0x44, 0x2d, 0x09, 0x39, 0x2a, 0xb7, 0xf2, 0x94, 0xfe, 0xc6, 0x97, 0xd0, 0x1b, - 0x01, 0xfd, 0x17, 0x63, 0xce, 0xd4, 0xfe, 0x8b, 0x52, 0x76, 0xc3, 0x63, 0x9e, 0xbe, 0x0b, 0x00, - 0x8d, 0x70, 0x8d, 0x34, 0x5b, 0x3e, 0x1d, 0x16, 0x8b, 0x1d, 0x17, 0x2b, 0xe3, 0x79, 0x5e, 0x41, - 0xb0, 0x81, 0x85, 0xfe, 0xaa, 0x05, 0xd0, 0x90, 0x0b, 0x4b, 0x6e, 0x66, 0x37, 0xf2, 0x7c, 0x1d, - 0xbd, 0x6c, 0x75, 0x5f, 0x14, 0x43, 0x6c, 0x30, 0x47, 0x3f, 0x6b, 0x41, 0x39, 0x91, 0xdd, 0xe7, - 0xe2, 0x7d, 0x2d, 0xcf, 0x9e, 0xc8, 0x97, 0xd6, 0xfb, 0xba, 0x1a, 0x12, 0xc5, 0x17, 0xfd, 0x82, - 0x05, 0x10, 0xef, 0x04, 0xee, 0x4a, 0xe8, 0x7b, 0xee, 0x8e, 0x90, 0xfa, 0x37, 0x73, 0x35, 0xf0, - 0x15, 0xf5, 0xea, 0x18, 0x1d, 0x0d, 0xfd, 0x1f, 0x1b, 0x9c, 0xd1, 0x67, 0xa1, 0x1c, 0x8b, 0xe9, - 0x26, 0xe4, 0xfc, 0x5a, 0xbe, 0xc7, 0x0c, 0x9c, 0xb6, 0x10, 0x11, 0xe2, 0x1f, 0x56, 0x3c, 0xd1, - 0x2f, 0x59, 0x70, 0xa2, 0x95, 0x3e, 0x14, 0x12, 0x22, 0x3d, 0x3f, 0x19, 0x90, 0x39, 0x74, 0xaa, - 0x9e, 0xda, 0xdb, 0x9d, 0x3c, 0x91, 0x69, 0xc4, 0xd9, 0x5e, 0xd8, 0xdf, 0x2a, 0xa4, 0x8e, 0x66, - 0xd5, 0x99, 0x09, 0x9b, 0xcc, 0xae, 0x34, 0x57, 0xe5, 0xda, 0xcc, 0x75, 0x32, 0x2b, 0x63, 0x58, - 0x4f, 0x66, 0xd5, 0x14, 0x63, 0x83, 0x39, 0xdd, 0xb6, 0xc7, 0x9d, 0xec, 0xc9, 0x8c, 0x58, 0x5f, - 0x6f, 0xe4, 0xd9, 0xa5, 0xce, 0x83, 0xf4, 0x27, 0x44, 0xd7, 0xc6, 0x3b, 0x40, 0xb8, 0xb3, 0x4b, - 0xf6, 0xb7, 0xd2, 0xc7, 0xc1, 0xc6, 0xd4, 0xe8, 0xe3, 0xa8, 0xfb, 0xab, 0x16, 0x0c, 0x47, 0xa1, - 0xef, 0x7b, 0x41, 0x83, 0x4e, 0x63, 0x21, 0x8b, 0x5f, 0x3f, 0x16, 0x71, 0x28, 0xe6, 0x2b, 0xdb, - 0xfc, 0xb1, 0xe6, 0x89, 0xcd, 0x0e, 0xd8, 0x9f, 0xb7, 0x60, 0xa2, 0xd7, 0x72, 0x43, 0x04, 0x3e, - 0x28, 0xe7, 0x92, 0x72, 0xf4, 0x2e, 0x07, 0x73, 0xc4, 0x27, 0xea, 0x9c, 0xac, 0x5c, 0x7d, 0x5a, - 0xbc, 0xe6, 0x07, 0x57, 0x7a, 0xa3, 0xe2, 0xfb, 0xd1, 0xb1, 0x7f, 0xa3, 0x90, 0x1d, 0x51, 0x25, - 0x6e, 0xbf, 0x61, 0x75, 0x18, 0x25, 0x9f, 0x38, 0x0e, 0x11, 0xc7, 0xcc, 0x17, 0xe5, 0xef, 0xed, - 0x8d, 0xf3, 0x10, 0x1d, 0x4a, 0xf6, 0xbf, 0x19, 0x80, 0xfb, 0xf4, 0x4c, 0xb9, 0x0c, 0xac, 0x5e, - 0x2e, 0x83, 0x83, 0x7b, 0x21, 0xbe, 0x6c, 0xc1, 0xa0, 0x4f, 0xf5, 0x23, 0x7e, 0x2c, 0x3e, 0x7c, - 0xa1, 0x76, 0x5c, 0x63, 0xcf, 0xd5, 0xb0, 0x98, 0x3b, 0x35, 0xd5, 0xc9, 0x18, 0x6f, 0xc4, 0xa2, - 0x0f, 0xe8, 0x9b, 0x56, 0xfa, 0x8c, 0x9d, 0x47, 0xa9, 0x78, 0xc7, 0xd6, 0x27, 0xe3, 0xe0, 0x9e, - 0x77, 0x4c, 0x1f, 0x09, 0xf7, 0x38, 0xd2, 0x47, 0x53, 0x00, 0x75, 0x2f, 0x70, 0x7c, 0xef, 0x2d, - 0x6a, 0xe7, 0x95, 0x98, 0x13, 0x80, 0x6d, 0x5a, 0x97, 0x55, 0x2b, 0x36, 0x30, 0xce, 0xfe, 0x15, - 0x18, 0x36, 0xde, 0xbc, 0x8b, 0x2f, 0xf6, 0xb4, 0xe9, 0x8b, 0xad, 0x18, 0x2e, 0xd4, 0xb3, 0xaf, - 0xc0, 0xc9, 0x6c, 0x07, 0x0f, 0xf2, 0xbc, 0xfd, 0x9b, 0x83, 0xd9, 0x83, 0xf1, 0x35, 0x12, 0x35, - 0x69, 0xd7, 0xde, 0xb7, 0x8f, 0xdf, 0xb7, 0x8f, 0xdf, 0xb7, 0x8f, 0xe5, 0x1f, 0x7b, 0xaf, 0x04, - 0x29, 0xcd, 0x80, 0xf7, 0xee, 0xc3, 0x30, 0x14, 0x91, 0x56, 0x78, 0x03, 0x2f, 0x0a, 0x89, 0xab, - 0xa3, 0x53, 0x79, 0x33, 0x96, 0x70, 0x2a, 0x99, 0x5b, 0x4e, 0xb2, 0x21, 0x44, 0xae, 0x92, 0xcc, - 0x2b, 0x4e, 0xb2, 0x81, 0x19, 0x04, 0xbd, 0x02, 0x63, 0x89, 0x13, 0x35, 0x48, 0x82, 0xc9, 0x16, - 0x1b, 0x04, 0xe1, 0x6c, 0x78, 0x4c, 0xe0, 0x8e, 0xad, 0xa5, 0xa0, 0x38, 0x83, 0x8d, 0xee, 0xc0, - 0xc0, 0x06, 0xf1, 0x9b, 0xc2, 0x80, 0x5f, 0xcd, 0x4f, 0x22, 0xb2, 0x77, 0xbd, 0x42, 0xfc, 0x26, - 0x5f, 0xaf, 0xf4, 0x17, 0x66, 0xac, 0xe8, 0xd7, 0xa9, 0x6c, 0xb6, 0xe3, 0x24, 0x6c, 0x7a, 0x6f, - 0x49, 0xb3, 0xfe, 0x13, 0x39, 0x33, 0xbe, 0x26, 0xe9, 0x73, 0xdb, 0x53, 0xfd, 0xc5, 0x9a, 0x33, - 0xeb, 0x47, 0xcd, 0x8b, 0x98, 0x99, 0xbe, 0x33, 0x01, 0xc7, 0xd2, 0x8f, 0x39, 0x49, 0x9f, 0xf7, - 0x43, 0xfd, 0xc5, 0x9a, 0x33, 0xda, 0x81, 0xc1, 0x96, 0xdf, 0x6e, 0x78, 0xc1, 0xc4, 0x30, 0xeb, - 0xc3, 0x8d, 0x9c, 0xfb, 0xb0, 0xc2, 0x88, 0xf3, 0xc3, 0x15, 0xfe, 0x1b, 0x0b, 0x86, 0xe8, 0x69, - 0x28, 0xb9, 0x1b, 0x4e, 0x94, 0x4c, 0x8c, 0xb0, 0x49, 0xa3, 0x6c, 0xe0, 0x59, 0xda, 0x88, 0x39, - 0x0c, 0x3d, 0x05, 0xc5, 0x88, 0xd4, 0x59, 0x50, 0x94, 0xe1, 0x2e, 0xc7, 0xa4, 0x8e, 0x69, 0xbb, - 0xfd, 0x77, 0x0b, 0x69, 0xe5, 0x22, 0xfd, 0xde, 0x7c, 0xb6, 0xbb, 0xed, 0x28, 0x96, 0x76, 0xb2, - 0x31, 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x79, 0x0b, 0x86, 0x6e, 0xc7, 0x61, 0x10, 0x90, 0x44, - 0x08, 0xf2, 0x9b, 0x39, 0x0f, 0xc5, 0x55, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, 0x97, 0x76, - 0x97, 0x6c, 0xbb, 0x7e, 0xbb, 0xd6, 0xe1, 0x25, 0xbd, 0xc4, 0x9b, 0xb1, 0x84, 0x53, 0x54, 0x2f, - 0xe0, 0xa8, 0x03, 0x69, 0xd4, 0x85, 0x40, 0xa0, 0x0a, 0xb8, 0xfd, 0xdb, 0x25, 0x38, 0xd3, 0x75, - 0x71, 0xd0, 0x6d, 0x9f, 0x6d, 0xac, 0x97, 0x3d, 0x9f, 0x48, 0xdf, 0x3f, 0xdb, 0xf6, 0x6f, 0xaa, - 0x56, 0x6c, 0x60, 0xa0, 0x9f, 0x01, 0x68, 0x39, 0x91, 0xd3, 0x24, 0x62, 0xbb, 0x2b, 0x1e, 0x7d, - 0x77, 0xa5, 0xfd, 0x58, 0x91, 0x34, 0xb5, 0xb5, 0xa5, 0x9a, 0x62, 0x6c, 0xb0, 0x44, 0x2f, 0xc1, - 0x70, 0x44, 0x7c, 0xe2, 0xc4, 0x2c, 0xa6, 0x2e, 0x1b, 0x20, 0x8c, 0x35, 0x08, 0x9b, 0x78, 0xe8, - 0x19, 0x15, 0x26, 0x91, 0x71, 0x29, 0xa7, 0x43, 0x25, 0xd0, 0xdb, 0x16, 0x8c, 0xd5, 0x3d, 0x9f, - 0x68, 0xee, 0x22, 0x9c, 0x77, 0xf9, 0xe8, 0x2f, 0x79, 0xd9, 0xa4, 0xab, 0x25, 0x64, 0xaa, 0x39, - 0xc6, 0x19, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x88, 0x89, 0xd6, 0xc1, 0xf4, 0x67, 0xbe, 0xc9, 0x9b, - 0xb1, 0x84, 0xa3, 0x19, 0x38, 0xd1, 0x72, 0xe2, 0x78, 0x36, 0x22, 0x35, 0x12, 0x24, 0x9e, 0xe3, - 0xf3, 0x60, 0xdb, 0xb2, 0x0e, 0xb6, 0x5b, 0x49, 0x83, 0x71, 0x16, 0x1f, 0x7d, 0x12, 0x1e, 0xf7, - 0x1a, 0x41, 0x18, 0x91, 0x25, 0x2f, 0x8e, 0xbd, 0xa0, 0xa1, 0xa7, 0x01, 0x93, 0x94, 0xe5, 0xea, - 0xa4, 0x20, 0xf5, 0xf8, 0x42, 0x77, 0x34, 0xdc, 0xeb, 0x79, 0xf4, 0x1c, 0x94, 0xe3, 0x4d, 0xaf, - 0x35, 0x1b, 0xd5, 0x62, 0x76, 0xd0, 0x59, 0xd6, 0xa7, 0x33, 0xab, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, - 0x97, 0x0b, 0x69, 0xf3, 0xce, 0x5c, 0x3f, 0x28, 0xa6, 0xab, 0x24, 0xb9, 0xe9, 0x44, 0xd2, 0xf4, - 0x3f, 0x62, 0xb8, 0xae, 0xa0, 0x7b, 0xd3, 0x89, 0xcc, 0xf5, 0xc6, 0x18, 0x60, 0xc9, 0x09, 0xdd, - 0x86, 0x81, 0xc4, 0x77, 0x72, 0x8a, 0xef, 0x37, 0x38, 0x6a, 0x6b, 0x7b, 0x71, 0x26, 0xc6, 0x8c, - 0x07, 0x7a, 0x92, 0xaa, 0xaf, 0xeb, 0x32, 0xa6, 0x47, 0x68, 0x9c, 0xeb, 0x31, 0x66, 0xad, 0xf6, - 0xff, 0x2b, 0x77, 0x11, 0x79, 0x6a, 0x8f, 0x41, 0x17, 0x00, 0xa8, 0x25, 0xb4, 0x12, 0x91, 0xba, - 0xb7, 0x2d, 0xf6, 0x78, 0xb5, 0xac, 0xae, 0x2b, 0x08, 0x36, 0xb0, 0xe4, 0x33, 0xab, 0xed, 0x3a, - 0x7d, 0xa6, 0xd0, 0xf9, 0x0c, 0x87, 0x60, 0x03, 0x0b, 0xbd, 0x08, 0x83, 0x5e, 0xd3, 0x69, 0xa8, - 0xd0, 0xa3, 0x27, 0xe9, 0x7a, 0x5a, 0x60, 0x2d, 0xf7, 0x76, 0x27, 0xc7, 0x54, 0x87, 0x58, 0x13, - 0x16, 0xb8, 0xe8, 0x37, 0x2c, 0x18, 0x71, 0xc3, 0x66, 0x33, 0x0c, 0xb8, 0xfd, 0x20, 0x8c, 0xa1, - 0xdb, 0xc7, 0xb5, 0x03, 0x4f, 0xcd, 0x1a, 0xcc, 0xb8, 0x35, 0xa4, 0x12, 0x11, 0x4c, 0x10, 0x4e, - 0xf5, 0xca, 0x5c, 0x76, 0xa5, 0x7d, 0x96, 0xdd, 0xef, 0x58, 0x30, 0xce, 0x9f, 0x35, 0xcc, 0x1a, - 0x11, 0x73, 0x1f, 0x1e, 0xf3, 0x6b, 0x75, 0x58, 0x7a, 0xea, 0x48, 0xa8, 0x03, 0x8e, 0x3b, 0x3b, - 0x89, 0xe6, 0x61, 0xbc, 0x1e, 0x46, 0x2e, 0x31, 0x07, 0x42, 0xc8, 0x0c, 0x45, 0xe8, 0x72, 0x16, - 0x01, 0x77, 0x3e, 0x83, 0x6e, 0xc2, 0x63, 0x46, 0xa3, 0x39, 0x0e, 0x5c, 0x6c, 0x9c, 0x13, 0xd4, - 0x1e, 0xbb, 0xdc, 0x15, 0x0b, 0xf7, 0x78, 0x3a, 0x6d, 0xf9, 0x57, 0xfa, 0xb0, 0xfc, 0xdf, 0x84, - 0x27, 0xdc, 0xce, 0x91, 0xd9, 0x8a, 0xdb, 0xeb, 0x71, 0xc2, 0x94, 0xac, 0x72, 0xf5, 0x87, 0x04, - 0x81, 0x27, 0x66, 0x7b, 0x21, 0xe2, 0xde, 0x34, 0xd0, 0x67, 0xa0, 0x1c, 0x11, 0xf6, 0x55, 0x62, - 0x11, 0x80, 0x7e, 0x44, 0x73, 0x4f, 0x2b, 0x87, 0x9c, 0xac, 0x16, 0x8b, 0xa2, 0x21, 0xc6, 0x8a, - 0xe3, 0xd9, 0x8f, 0xc3, 0x78, 0xc7, 0x7c, 0x3e, 0x90, 0xf1, 0x3d, 0x07, 0x8f, 0x75, 0x9f, 0x39, - 0x07, 0x32, 0xc1, 0xff, 0x71, 0x26, 0xae, 0xca, 0x50, 0xf4, 0xfa, 0x38, 0xce, 0x71, 0xa0, 0x48, - 0x82, 0x2d, 0x21, 0x48, 0x2f, 0x1f, 0x6d, 0xf4, 0x2e, 0x05, 0x5b, 0x7c, 0xe2, 0x33, 0x9b, 0xf5, - 0x52, 0xb0, 0x85, 0x29, 0x6d, 0xf4, 0x8e, 0x95, 0x52, 0x54, 0xf8, 0x21, 0xd0, 0xa7, 0x8e, 0x45, - 0xb3, 0xed, 0x5b, 0x77, 0xb1, 0xff, 0x6d, 0x01, 0xce, 0xef, 0x47, 0xa4, 0x8f, 0xe1, 0x7b, 0x1a, - 0x06, 0x63, 0xe6, 0xd8, 0x12, 0x92, 0x69, 0x98, 0x4a, 0x25, 0xee, 0xea, 0x7a, 0x13, 0x0b, 0x10, - 0xf2, 0xa1, 0xd8, 0x74, 0x5a, 0xe2, 0x6c, 0x60, 0xe1, 0xa8, 0x51, 0xd4, 0xf4, 0xbf, 0xe3, 0x2f, - 0x39, 0x2d, 0x6e, 0x71, 0x1a, 0x0d, 0x98, 0xb2, 0x41, 0x09, 0x94, 0x9c, 0x28, 0x72, 0xa4, 0x17, - 0xe5, 0x5a, 0x3e, 0xfc, 0x66, 0x28, 0xc9, 0xea, 0xf8, 0xde, 0xee, 0xe4, 0x68, 0xaa, 0x09, 0x73, - 0x66, 0xf6, 0x97, 0x87, 0x52, 0x91, 0xc4, 0xcc, 0x35, 0x16, 0xc3, 0xa0, 0x38, 0x12, 0xb0, 0xf2, - 0x0e, 0x5e, 0xe7, 0xa9, 0x20, 0xcc, 0x8e, 0x11, 0x09, 0x75, 0x82, 0x15, 0xfa, 0x92, 0xc5, 0xd2, - 0xd6, 0x64, 0x74, 0xb5, 0xb0, 0x1e, 0x8e, 0x27, 0x8b, 0xce, 0x4c, 0x86, 0x93, 0x8d, 0xd8, 0xe4, - 0x4e, 0xb7, 0xae, 0x16, 0x4f, 0xc0, 0xc8, 0xda, 0x10, 0x32, 0xb1, 0x4d, 0xc2, 0xd1, 0x76, 0x17, - 0x17, 0x58, 0x0e, 0xa9, 0x4f, 0x7d, 0x38, 0xbd, 0xbe, 0x69, 0xc1, 0x38, 0xd7, 0x14, 0xe7, 0xbc, - 0x7a, 0x9d, 0x44, 0x24, 0x70, 0x89, 0xd4, 0xb5, 0x8f, 0xe8, 0x64, 0x95, 0xe7, 0x30, 0x0b, 0x59, - 0xf2, 0x7a, 0x4f, 0xeb, 0x00, 0xe1, 0xce, 0xce, 0xa0, 0x1a, 0x0c, 0x78, 0x41, 0x3d, 0x14, 0x3b, - 0x79, 0xf5, 0x68, 0x9d, 0x5a, 0x08, 0xea, 0xa1, 0x5e, 0xcd, 0xf4, 0x1f, 0x66, 0xd4, 0xd1, 0x22, - 0x9c, 0x8e, 0xc4, 0x69, 0xc8, 0x15, 0x2f, 0xa6, 0x36, 0xeb, 0xa2, 0xd7, 0xf4, 0x12, 0xb6, 0x0b, - 0x17, 0xab, 0x13, 0x7b, 0xbb, 0x93, 0xa7, 0x71, 0x17, 0x38, 0xee, 0xfa, 0x14, 0x7a, 0x0b, 0x86, - 0x64, 0x9e, 0x5d, 0x39, 0x0f, 0xbb, 0xa5, 0x73, 0xfe, 0xab, 0xc9, 0xb4, 0x2a, 0x52, 0xea, 0x24, - 0x43, 0xfb, 0xed, 0x61, 0xe8, 0x74, 0x44, 0xa1, 0x9f, 0x86, 0x4a, 0xa4, 0x72, 0xff, 0xac, 0x3c, - 0x42, 0xa8, 0xe4, 0xf7, 0x15, 0x4e, 0x30, 0xa5, 0x0f, 0xe8, 0x2c, 0x3f, 0xcd, 0x91, 0x6a, 0xed, - 0xb1, 0xf6, 0x57, 0xe5, 0x30, 0xb7, 0x05, 0x57, 0xed, 0xe7, 0xd8, 0x09, 0x5c, 0xcc, 0x78, 0xa0, - 0x08, 0x06, 0x37, 0x88, 0xe3, 0x27, 0x1b, 0xf9, 0x1c, 0xc9, 0x5e, 0x61, 0xb4, 0xb2, 0x51, 0xe2, - 0xbc, 0x15, 0x0b, 0x4e, 0x68, 0x1b, 0x86, 0x36, 0xf8, 0x04, 0x10, 0x8a, 0xf4, 0xd2, 0x51, 0x07, - 0x37, 0x35, 0xab, 0xf4, 0xe7, 0x16, 0x0d, 0x58, 0xb2, 0x63, 0xfe, 0x73, 0xc3, 0x07, 0xcb, 0x97, - 0x6e, 0x7e, 0x01, 0xf2, 0xfd, 0x3b, 0x60, 0x3f, 0x0d, 0x23, 0x11, 0x71, 0xc3, 0xc0, 0xf5, 0x7c, - 0x52, 0x9b, 0x91, 0xc7, 0xad, 0x07, 0x09, 0xab, 0x3e, 0x49, 0x8d, 0x01, 0x6c, 0xd0, 0xc0, 0x29, - 0x8a, 0xe8, 0x8b, 0x16, 0x8c, 0xa9, 0x84, 0x21, 0xfa, 0x41, 0x88, 0x38, 0xb0, 0x5c, 0xcc, 0x29, - 0x3d, 0x89, 0xd1, 0xac, 0xa2, 0xbd, 0xdd, 0xc9, 0xb1, 0x74, 0x1b, 0xce, 0xf0, 0x45, 0xaf, 0x01, - 0x84, 0xeb, 0xdc, 0x49, 0x3e, 0x93, 0x88, 0xd3, 0xcb, 0x83, 0xbc, 0xea, 0x18, 0xcf, 0xaf, 0x90, - 0x14, 0xb0, 0x41, 0x0d, 0x5d, 0x03, 0xe0, 0xcb, 0x66, 0x6d, 0xa7, 0x25, 0xb5, 0x6d, 0x19, 0x17, - 0x0f, 0xab, 0x0a, 0x72, 0x6f, 0x77, 0xb2, 0xf3, 0x34, 0x89, 0xb9, 0x8a, 0x8d, 0xc7, 0xd1, 0x4f, - 0xc1, 0x50, 0xdc, 0x6e, 0x36, 0x1d, 0x75, 0xb6, 0x99, 0x63, 0xc6, 0x06, 0xa7, 0x6b, 0x88, 0x22, - 0xde, 0x80, 0x25, 0x47, 0x74, 0x9b, 0x0a, 0xd5, 0x58, 0x1c, 0x73, 0xb1, 0x55, 0xc4, 0x75, 0x82, - 0x61, 0xf6, 0x4e, 0x1f, 0x13, 0xcf, 0x9d, 0xc6, 0x5d, 0x70, 0xee, 0xed, 0x4e, 0x3e, 0x96, 0x6e, - 0x5f, 0x0c, 0x45, 0x0e, 0x45, 0x57, 0x9a, 0xe8, 0xaa, 0x4c, 0xbb, 0xa7, 0xaf, 0x2d, 0xb3, 0x41, - 0x9f, 0xd5, 0x69, 0xf7, 0xac, 0xb9, 0xf7, 0x98, 0x99, 0x0f, 0xa3, 0x25, 0x38, 0xe5, 0x86, 0x41, - 0x12, 0x85, 0xbe, 0xcf, 0x6b, 0x49, 0x70, 0xc3, 0x87, 0x9f, 0x7d, 0x7e, 0x50, 0x74, 0xfb, 0xd4, - 0x6c, 0x27, 0x0a, 0xee, 0xf6, 0x9c, 0x1d, 0xa4, 0xa3, 0x87, 0xc4, 0xe0, 0xbc, 0x08, 0x23, 0x64, - 0x3b, 0x21, 0x51, 0xe0, 0xf8, 0x37, 0xf0, 0xa2, 0x3c, 0xf5, 0x63, 0x6b, 0xe0, 0x92, 0xd1, 0x8e, - 0x53, 0x58, 0xc8, 0x56, 0xd6, 0x7e, 0x41, 0x27, 0x1a, 0x71, 0x6b, 0x5f, 0xda, 0xf6, 0xf6, 0xff, - 0x2d, 0xa4, 0x14, 0xb2, 0xb5, 0x88, 0x10, 0x14, 0x42, 0x29, 0x08, 0x6b, 0x4a, 0xf6, 0x5f, 0xcd, - 0x47, 0xf6, 0x5f, 0x0f, 0x6b, 0x46, 0x6e, 0x3e, 0xfd, 0x17, 0x63, 0xce, 0x87, 0x25, 0x2f, 0xcb, - 0x2c, 0x6f, 0x06, 0x10, 0x86, 0x46, 0x9e, 0x9c, 0x55, 0xf2, 0xf2, 0xb2, 0xc9, 0x08, 0xa7, 0xf9, - 0xa2, 0x4d, 0x28, 0x6d, 0x84, 0x71, 0x22, 0xcd, 0x8f, 0x23, 0x5a, 0x3a, 0x57, 0xc2, 0x38, 0x61, - 0x5a, 0x84, 0x7a, 0x6d, 0xda, 0x12, 0x63, 0xce, 0xc3, 0xfe, 0xaf, 0x56, 0xea, 0x8c, 0xf7, 0x16, - 0x8b, 0xa4, 0xdb, 0x22, 0x01, 0x5d, 0xd6, 0x66, 0x70, 0xc7, 0x5f, 0xce, 0x24, 0xba, 0x7c, 0xa8, - 0x57, 0xa5, 0x94, 0xbb, 0x94, 0xc2, 0x14, 0x23, 0x61, 0xc4, 0x81, 0x7c, 0xce, 0x4a, 0xa7, 0x1c, - 0x15, 0xf2, 0x30, 0x30, 0xcc, 0x94, 0xba, 0x7d, 0xb3, 0x97, 0xec, 0x77, 0x2c, 0x18, 0xaa, 0x3a, - 0xee, 0x66, 0x58, 0xaf, 0xa3, 0xe7, 0xa0, 0x5c, 0x6b, 0x47, 0x66, 0xf6, 0x93, 0xb2, 0x9e, 0xe7, - 0x44, 0x3b, 0x56, 0x18, 0x74, 0x0e, 0xd7, 0x1d, 0x57, 0x26, 0xd6, 0x15, 0xf9, 0x1c, 0xbe, 0xcc, - 0x5a, 0xb0, 0x80, 0xa0, 0x97, 0x60, 0xb8, 0xe9, 0x6c, 0xcb, 0x87, 0xb3, 0x07, 0xcc, 0x4b, 0x1a, - 0x84, 0x4d, 0x3c, 0xfb, 0x5f, 0x59, 0x30, 0x51, 0x75, 0x62, 0xcf, 0x9d, 0x69, 0x27, 0x1b, 0x55, - 0x2f, 0x59, 0x6f, 0xbb, 0x9b, 0x24, 0xe1, 0xd9, 0x94, 0xb4, 0x97, 0xed, 0x98, 0x2e, 0x25, 0x65, - 0xd7, 0xa9, 0x5e, 0xde, 0x10, 0xed, 0x58, 0x61, 0xa0, 0xb7, 0x60, 0xb8, 0xe5, 0xc4, 0xf1, 0xdd, - 0x30, 0xaa, 0x61, 0x52, 0xcf, 0x27, 0x97, 0x79, 0x95, 0xb8, 0x11, 0x49, 0x30, 0xa9, 0x0b, 0x97, - 0xa1, 0xa6, 0x8f, 0x4d, 0x66, 0xf6, 0xdf, 0xb4, 0x60, 0x84, 0x79, 0x5f, 0xe6, 0x48, 0xe2, 0x78, - 0x7e, 0x47, 0x41, 0x0e, 0xab, 0xcf, 0x82, 0x1c, 0xe7, 0x61, 0x60, 0x23, 0x6c, 0x92, 0xac, 0xe7, - 0xf0, 0x4a, 0x48, 0xad, 0x58, 0x0a, 0x41, 0x2f, 0xd0, 0x71, 0xf6, 0x82, 0xc4, 0xa1, 0x33, 0x4e, - 0x1e, 0x21, 0x9e, 0xe0, 0x63, 0xac, 0x9a, 0xb1, 0x89, 0x63, 0xff, 0x5e, 0x05, 0x86, 0x84, 0x33, - 0xb6, 0xef, 0x04, 0x56, 0x69, 0x4e, 0x17, 0x7a, 0x9a, 0xd3, 0x31, 0x0c, 0xba, 0xac, 0xdc, 0x8f, - 0xd0, 0xda, 0xae, 0xe5, 0xe2, 0xbd, 0xe7, 0x15, 0x84, 0x74, 0xb7, 0xf8, 0x7f, 0x2c, 0x58, 0xa1, - 0xaf, 0x59, 0x70, 0xc2, 0x0d, 0x83, 0x80, 0xb8, 0x5a, 0xa5, 0x18, 0xc8, 0x23, 0x1e, 0x67, 0x36, - 0x4d, 0x54, 0x1f, 0xfd, 0x67, 0x00, 0x38, 0xcb, 0x1e, 0xbd, 0x0c, 0xa3, 0x7c, 0xcc, 0x6e, 0xa6, - 0xce, 0x3d, 0x75, 0x9d, 0x06, 0x13, 0x88, 0xd3, 0xb8, 0x68, 0x8a, 0x9f, 0x1f, 0x8b, 0x8a, 0x08, - 0x83, 0xda, 0x8f, 0x64, 0xd4, 0x42, 0x30, 0x30, 0x50, 0x04, 0x28, 0x22, 0xf5, 0x88, 0xc4, 0x1b, - 0xc2, 0x59, 0xcd, 0xd4, 0x99, 0xa1, 0xc3, 0x25, 0xc4, 0xe1, 0x0e, 0x4a, 0xb8, 0x0b, 0x75, 0xb4, - 0x29, 0xec, 0xb9, 0x72, 0x1e, 0x22, 0x4b, 0x7c, 0xe6, 0x9e, 0x66, 0xdd, 0x24, 0x94, 0xe2, 0x0d, - 0x27, 0xaa, 0x31, 0x35, 0xaa, 0xc8, 0xe3, 0xbe, 0x57, 0x69, 0x03, 0xe6, 0xed, 0x68, 0x0e, 0x4e, - 0x66, 0xaa, 0x4c, 0xc4, 0xe2, 0x7c, 0x52, 0xc5, 0x47, 0x67, 0xea, 0x53, 0xc4, 0xb8, 0xe3, 0x09, - 0xd3, 0xd6, 0x1f, 0xde, 0xc7, 0xd6, 0xdf, 0x51, 0x21, 0x51, 0x23, 0x6c, 0x3b, 0x7a, 0x35, 0x97, - 0x01, 0xe8, 0x2b, 0xfe, 0xe9, 0x2b, 0x99, 0xf8, 0xa7, 0x51, 0xd6, 0x81, 0x9b, 0xf9, 0x74, 0xe0, - 0xe0, 0xc1, 0x4e, 0x0f, 0x33, 0x78, 0xe9, 0xff, 0x58, 0x20, 0xbf, 0xeb, 0xac, 0xe3, 0x6e, 0x10, - 0x3a, 0x65, 0xd0, 0x2b, 0x30, 0xa6, 0x2c, 0xd6, 0xd9, 0xb0, 0x1d, 0xf0, 0xb8, 0xa5, 0xa2, 0xf6, - 0x11, 0xe2, 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x34, 0x54, 0xe8, 0x38, 0xf1, 0x47, 0xf9, 0xd6, 0xa6, - 0xac, 0xe2, 0x99, 0x95, 0x05, 0xf1, 0x94, 0xc6, 0x41, 0x21, 0x8c, 0xfb, 0x4e, 0x9c, 0xb0, 0x1e, - 0x50, 0x03, 0xf6, 0x90, 0xe9, 0xa8, 0xac, 0xc8, 0xce, 0x62, 0x96, 0x10, 0xee, 0xa4, 0x6d, 0x7f, - 0x67, 0x00, 0x46, 0x53, 0x92, 0xf1, 0x80, 0x7b, 0xe2, 0x73, 0x50, 0x96, 0xdb, 0x54, 0x36, 0x29, - 0x5e, 0xed, 0x65, 0x0a, 0x83, 0x6e, 0x5a, 0xeb, 0xc4, 0x89, 0x48, 0xc4, 0xea, 0x77, 0x64, 0xf7, - 0xf0, 0xaa, 0x06, 0x61, 0x13, 0x8f, 0x09, 0xe5, 0xc4, 0x8f, 0x67, 0x7d, 0x8f, 0x04, 0x09, 0xef, - 0x66, 0x3e, 0x42, 0x79, 0x6d, 0x71, 0xd5, 0x24, 0xaa, 0x85, 0x72, 0x06, 0x80, 0xb3, 0xec, 0xd1, - 0xcf, 0x5b, 0x30, 0xea, 0xdc, 0x8d, 0x75, 0x4d, 0x3a, 0x11, 0xe9, 0x74, 0xc4, 0x4d, 0x2a, 0x55, - 0xe6, 0x8e, 0x9f, 0xb0, 0xa6, 0x9a, 0x70, 0x9a, 0x29, 0xfa, 0x86, 0x05, 0x88, 0x6c, 0x13, 0x57, - 0xc6, 0x62, 0x89, 0xbe, 0x0c, 0xe6, 0x61, 0xd8, 0x5d, 0xea, 0xa0, 0xcb, 0xa5, 0x7a, 0x67, 0x3b, - 0xee, 0xd2, 0x07, 0xfb, 0x9f, 0x15, 0xd5, 0x82, 0xd2, 0xe1, 0x7f, 0x8e, 0x91, 0x54, 0x63, 0x1d, - 0x3e, 0xa9, 0x46, 0x3b, 0xa8, 0x3b, 0x12, 0x6b, 0xd2, 0x39, 0x0c, 0x85, 0x87, 0x94, 0xc3, 0xf0, - 0xb3, 0x56, 0xaa, 0xfc, 0xc3, 0xf0, 0x85, 0xd7, 0xf2, 0x0d, 0x3d, 0x9c, 0xe2, 0xe1, 0x11, 0x19, - 0xe9, 0x9e, 0x8e, 0x99, 0xa0, 0xd2, 0xd4, 0x40, 0x3b, 0x90, 0x34, 0xfc, 0x8f, 0x45, 0x18, 0x36, - 0x76, 0xd2, 0xae, 0x6a, 0x91, 0xf5, 0x88, 0xa9, 0x45, 0x85, 0x03, 0xa8, 0x45, 0x3f, 0x03, 0x15, - 0x57, 0x4a, 0xf9, 0x7c, 0x0a, 0x20, 0x66, 0xf7, 0x0e, 0x2d, 0xe8, 0x55, 0x13, 0xd6, 0x3c, 0xd1, - 0x7c, 0x2a, 0x37, 0x41, 0xec, 0x10, 0x03, 0x6c, 0x87, 0xe8, 0x96, 0x3c, 0x20, 0x76, 0x8a, 0xce, - 0x67, 0x58, 0x95, 0x90, 0x96, 0x27, 0xde, 0x4b, 0x06, 0x08, 0xf3, 0x2a, 0x21, 0x2b, 0x0b, 0xb2, - 0x19, 0x9b, 0x38, 0xf6, 0x77, 0x2c, 0xf5, 0x71, 0x1f, 0x40, 0x9a, 0xee, 0xed, 0x74, 0x9a, 0xee, - 0xa5, 0x5c, 0x86, 0xb9, 0x47, 0x7e, 0xee, 0x75, 0x18, 0x9a, 0x0d, 0x9b, 0x4d, 0x27, 0xa8, 0xa1, - 0x1f, 0x86, 0x21, 0x97, 0xff, 0x14, 0xe7, 0x28, 0xcc, 0x1b, 0x27, 0xa0, 0x58, 0xc2, 0xd0, 0x93, - 0x30, 0xe0, 0x44, 0x0d, 0x79, 0x76, 0xc2, 0x02, 0x3a, 0x66, 0xa2, 0x46, 0x8c, 0x59, 0xab, 0xfd, - 0x76, 0x11, 0x60, 0x36, 0x6c, 0xb6, 0x9c, 0x88, 0xd4, 0xd6, 0x42, 0x56, 0x80, 0xe9, 0x58, 0x7d, - 0x58, 0xda, 0x58, 0x7a, 0x94, 0xfd, 0x58, 0x86, 0x2f, 0xa3, 0xf8, 0xa0, 0x7d, 0x19, 0x5f, 0xb6, - 0x00, 0xd1, 0x2f, 0x12, 0x06, 0x24, 0x48, 0xb4, 0x73, 0x76, 0x1a, 0x2a, 0xae, 0x6c, 0x15, 0x5a, - 0x8b, 0x5e, 0x7f, 0x12, 0x80, 0x35, 0x4e, 0x1f, 0xe6, 0xe7, 0xd3, 0x52, 0x38, 0x16, 0xd3, 0x31, - 0x90, 0x4c, 0xa4, 0x0a, 0x59, 0x69, 0xff, 0x7e, 0x01, 0x1e, 0xe3, 0xfb, 0xdd, 0x92, 0x13, 0x38, - 0x0d, 0xd2, 0xa4, 0xbd, 0xea, 0xd7, 0xdd, 0xee, 0x52, 0xbb, 0xc7, 0x93, 0x31, 0x8d, 0x47, 0x5d, - 0x18, 0x7c, 0x42, 0xf3, 0x29, 0xbc, 0x10, 0x78, 0x09, 0x66, 0xc4, 0x51, 0x0c, 0x65, 0x59, 0x4e, - 0x57, 0x08, 0xba, 0x9c, 0x18, 0xa9, 0x35, 0x2f, 0x36, 0x25, 0x82, 0x15, 0x23, 0xaa, 0x15, 0xfa, - 0xa1, 0xbb, 0x89, 0x49, 0x2b, 0x64, 0x42, 0xcd, 0x08, 0x29, 0x5b, 0x14, 0xed, 0x58, 0x61, 0xd8, - 0xbf, 0x6f, 0x41, 0x56, 0xdc, 0x1b, 0xa5, 0x66, 0xac, 0xfb, 0x96, 0x9a, 0x39, 0x40, 0xad, 0x97, - 0x9f, 0x84, 0x61, 0x27, 0xa1, 0x3b, 0x34, 0xb7, 0x69, 0x8b, 0x87, 0x3b, 0xa2, 0x5f, 0x0a, 0x6b, - 0x5e, 0xdd, 0x63, 0xb6, 0xac, 0x49, 0xce, 0xfe, 0x5f, 0x03, 0x30, 0xde, 0x11, 0xa7, 0x8e, 0x2e, - 0xc2, 0x88, 0x2b, 0xa6, 0x47, 0x0b, 0x93, 0xba, 0x78, 0x19, 0x23, 0xce, 0x49, 0xc3, 0x70, 0x0a, - 0xb3, 0x8f, 0x09, 0xba, 0x00, 0xa7, 0x22, 0x6a, 0x45, 0xb7, 0xc9, 0x4c, 0x3d, 0x21, 0xd1, 0x2a, - 0x71, 0xc3, 0xa0, 0xc6, 0x0b, 0x22, 0x15, 0xab, 0x8f, 0xef, 0xed, 0x4e, 0x9e, 0xc2, 0x9d, 0x60, - 0xdc, 0xed, 0x19, 0xd4, 0x82, 0x51, 0xdf, 0x54, 0xb0, 0x84, 0x76, 0x7d, 0x28, 0xdd, 0x4c, 0x6d, - 0xc0, 0xa9, 0x66, 0x9c, 0x66, 0x90, 0xd6, 0xd2, 0x4a, 0x0f, 0x49, 0x4b, 0xfb, 0x39, 0xad, 0xa5, - 0x71, 0x5f, 0xf2, 0xeb, 0x39, 0xe7, 0x29, 0x1c, 0xb7, 0x9a, 0xf6, 0x2a, 0x94, 0x65, 0x9c, 0x4d, - 0x5f, 0xf1, 0x29, 0x26, 0x9d, 0x1e, 0x12, 0xed, 0x5e, 0x01, 0xba, 0x68, 0xf8, 0x74, 0x9d, 0xe9, - 0xed, 0x34, 0xb5, 0xce, 0x0e, 0xb6, 0xa5, 0xa2, 0x6d, 0x1e, 0x63, 0xc4, 0x37, 0x8e, 0x4f, 0xe6, - 0x6d, 0xa1, 0xe8, 0xb0, 0x23, 0x15, 0x90, 0xae, 0x42, 0x8f, 0x2e, 0x00, 0x68, 0x2d, 0x48, 0x84, - 0x1b, 0x2b, 0x17, 0xa6, 0x56, 0x96, 0xb0, 0x81, 0x45, 0x0d, 0x56, 0x2f, 0x88, 0x13, 0xc7, 0xf7, - 0xaf, 0x78, 0x41, 0x22, 0x4e, 0xde, 0xd4, 0x0e, 0xb9, 0xa0, 0x41, 0xd8, 0xc4, 0x3b, 0xfb, 0x31, - 0xe3, 0xbb, 0x1c, 0xe4, 0x7b, 0x6e, 0xc0, 0x13, 0xf3, 0x5e, 0xa2, 0x82, 0xe4, 0xd5, 0x3c, 0xa2, - 0x4a, 0x8e, 0x4a, 0xfa, 0xb0, 0x7a, 0x26, 0x7d, 0x18, 0x41, 0xea, 0x85, 0x74, 0x4c, 0x7d, 0x36, - 0x48, 0xdd, 0xbe, 0x08, 0xa7, 0xe7, 0xbd, 0xe4, 0xb2, 0xe7, 0x93, 0x03, 0x32, 0xb1, 0x7f, 0x77, - 0x10, 0x46, 0xcc, 0xa4, 0xa4, 0x83, 0xe4, 0xad, 0x7c, 0x95, 0xea, 0x31, 0xe2, 0xed, 0x3c, 0xe5, - 0x00, 0xba, 0x75, 0xe4, 0x0c, 0xa9, 0xee, 0x23, 0x66, 0xa8, 0x32, 0x9a, 0x27, 0x36, 0x3b, 0x80, - 0xee, 0x42, 0xa9, 0xce, 0x82, 0xa8, 0x8b, 0x79, 0x78, 0xc9, 0xbb, 0x8d, 0xa8, 0x5e, 0x66, 0x3c, - 0x0c, 0x9b, 0xf3, 0xa3, 0x3b, 0x64, 0x94, 0xce, 0xcc, 0x31, 0xa2, 0x0b, 0x45, 0x4e, 0x8e, 0xc2, - 0xe8, 0x25, 0xea, 0x4b, 0x87, 0x10, 0xf5, 0x29, 0xc1, 0x3b, 0xf8, 0x90, 0x04, 0x2f, 0x0b, 0x88, - 0x4f, 0x36, 0x98, 0xfe, 0x26, 0xc2, 0xa1, 0x87, 0xd8, 0x20, 0x18, 0x01, 0xf1, 0x29, 0x30, 0xce, - 0xe2, 0xa3, 0xcf, 0x2a, 0xd1, 0x5d, 0xce, 0xe3, 0xd0, 0xd2, 0x9c, 0xd1, 0xc7, 0x2d, 0xb5, 0xbf, - 0x5c, 0x80, 0xb1, 0xf9, 0xa0, 0xbd, 0x32, 0xbf, 0xd2, 0x5e, 0xf7, 0x3d, 0xf7, 0x1a, 0xd9, 0xa1, - 0xa2, 0x79, 0x93, 0xec, 0x2c, 0xcc, 0x89, 0x15, 0xa4, 0xe6, 0xcc, 0x35, 0xda, 0x88, 0x39, 0x8c, - 0x0a, 0xa3, 0xba, 0x17, 0x34, 0x48, 0xd4, 0x8a, 0x3c, 0x71, 0x9e, 0x68, 0x08, 0xa3, 0xcb, 0x1a, - 0x84, 0x4d, 0x3c, 0x4a, 0x3b, 0xbc, 0x1b, 0x90, 0x28, 0xab, 0xc8, 0x2e, 0xd3, 0x46, 0xcc, 0x61, - 0x14, 0x29, 0x89, 0xda, 0x71, 0x22, 0x26, 0xa3, 0x42, 0x5a, 0xa3, 0x8d, 0x98, 0xc3, 0xe8, 0x4a, - 0x8f, 0xdb, 0xeb, 0x2c, 0x08, 0x21, 0x13, 0x7b, 0xbd, 0xca, 0x9b, 0xb1, 0x84, 0x53, 0xd4, 0x4d, - 0xb2, 0x33, 0x47, 0x4d, 0xca, 0x4c, 0x76, 0xc4, 0x35, 0xde, 0x8c, 0x25, 0x9c, 0x15, 0x8f, 0x4a, - 0x0f, 0xc7, 0xf7, 0x5d, 0xf1, 0xa8, 0x74, 0xf7, 0x7b, 0x18, 0xa7, 0xbf, 0x66, 0xc1, 0x88, 0x19, - 0x3a, 0x84, 0x1a, 0x19, 0x1d, 0x77, 0xb9, 0xa3, 0x10, 0xe0, 0x8f, 0x77, 0xbb, 0xf5, 0xa4, 0xe1, - 0x25, 0x61, 0x2b, 0x7e, 0x9e, 0x04, 0x0d, 0x2f, 0x20, 0xcc, 0x23, 0xcc, 0x43, 0x8e, 0x52, 0x71, - 0x49, 0xb3, 0x61, 0x8d, 0x1c, 0x42, 0x49, 0xb6, 0x6f, 0xc1, 0x78, 0x47, 0x4a, 0x4c, 0x1f, 0xaa, - 0xc5, 0xbe, 0x09, 0x89, 0x36, 0x86, 0x61, 0x4a, 0x98, 0xc7, 0x8b, 0xc6, 0x68, 0x16, 0xc6, 0xf9, - 0x42, 0xa2, 0x9c, 0x56, 0xdd, 0x0d, 0xd2, 0x54, 0x69, 0x4e, 0xec, 0xf0, 0xfa, 0x66, 0x16, 0x88, - 0x3b, 0xf1, 0xed, 0xaf, 0x58, 0x30, 0x9a, 0xca, 0x52, 0xca, 0x49, 0x09, 0x62, 0x2b, 0x2d, 0x64, - 0x91, 0x6c, 0x2c, 0x9c, 0xb7, 0xc8, 0x36, 0x53, 0xbd, 0xd2, 0x34, 0x08, 0x9b, 0x78, 0xf6, 0x3b, - 0x05, 0x28, 0xcb, 0x68, 0x80, 0x3e, 0xba, 0xf2, 0x25, 0x0b, 0x46, 0x95, 0xc3, 0x80, 0x9d, 0x44, - 0x15, 0xf2, 0x88, 0x5b, 0xa7, 0x3d, 0x50, 0xa1, 0x96, 0x41, 0x3d, 0xd4, 0x1a, 0x39, 0x36, 0x99, - 0xe1, 0x34, 0x6f, 0x74, 0x13, 0x20, 0xde, 0x89, 0x13, 0xd2, 0x34, 0xce, 0xc4, 0x6c, 0x63, 0xc5, - 0x4d, 0xb9, 0x61, 0x44, 0xe8, 0xfa, 0xba, 0x1e, 0xd6, 0xc8, 0xaa, 0xc2, 0xd4, 0x2a, 0x94, 0x6e, - 0xc3, 0x06, 0x25, 0xfb, 0x1f, 0x16, 0xe0, 0x64, 0xb6, 0x4b, 0xe8, 0x75, 0x18, 0x91, 0xdc, 0x8d, - 0x1b, 0x5c, 0x64, 0x08, 0xc4, 0x08, 0x36, 0x60, 0xf7, 0x76, 0x27, 0x27, 0x3b, 0x6f, 0xd0, 0x99, - 0x32, 0x51, 0x70, 0x8a, 0x18, 0xf7, 0xda, 0x08, 0xf7, 0x62, 0x75, 0x67, 0xa6, 0xd5, 0x12, 0xae, - 0x17, 0xc3, 0x6b, 0x63, 0x42, 0x71, 0x06, 0x1b, 0xad, 0xc0, 0x69, 0xa3, 0xe5, 0x3a, 0xf1, 0x1a, - 0x1b, 0xeb, 0x61, 0x24, 0x2d, 0xab, 0x27, 0x75, 0x90, 0x52, 0x27, 0x0e, 0xee, 0xfa, 0x24, 0xdd, - 0xed, 0x5d, 0xa7, 0xe5, 0xb8, 0x5e, 0xb2, 0x23, 0x0e, 0xf9, 0x94, 0x6c, 0x9a, 0x15, 0xed, 0x58, - 0x61, 0xd8, 0x4b, 0x30, 0xd0, 0xe7, 0x0c, 0xea, 0x4b, 0xa3, 0x7f, 0x15, 0xca, 0x94, 0x9c, 0x54, - 0xef, 0xf2, 0x20, 0x19, 0x42, 0x59, 0x16, 0x61, 0x47, 0x36, 0x14, 0x3d, 0x47, 0x3a, 0xc6, 0xd4, - 0x6b, 0x2d, 0xc4, 0x71, 0x9b, 0x19, 0xc9, 0x14, 0x88, 0x9e, 0x86, 0x22, 0xd9, 0x6e, 0x65, 0x3d, - 0x60, 0x97, 0xb6, 0x5b, 0x5e, 0x44, 0x62, 0x8a, 0x44, 0xb6, 0x5b, 0xe8, 0x2c, 0x14, 0xbc, 0x9a, - 0xd8, 0xa4, 0x40, 0xe0, 0x14, 0x16, 0xe6, 0x70, 0xc1, 0xab, 0xd9, 0xdb, 0x50, 0x51, 0x55, 0xdf, - 0xd1, 0xa6, 0x94, 0xdd, 0x56, 0x1e, 0xe1, 0x3b, 0x92, 0x6e, 0x0f, 0xa9, 0xdd, 0x06, 0xd0, 0x39, - 0x61, 0x79, 0xc9, 0x97, 0xf3, 0x30, 0xe0, 0x86, 0x22, 0x95, 0xb4, 0xac, 0xc9, 0x30, 0xa1, 0xcd, - 0x20, 0xf6, 0x2d, 0x18, 0xbb, 0x16, 0x84, 0x77, 0x59, 0x59, 0x5b, 0x56, 0x74, 0x87, 0x12, 0xae, - 0xd3, 0x1f, 0x59, 0x15, 0x81, 0x41, 0x31, 0x87, 0xa9, 0x7a, 0x31, 0x85, 0x5e, 0xf5, 0x62, 0xec, - 0xcf, 0x59, 0x70, 0x52, 0x65, 0xb6, 0x48, 0x69, 0x7c, 0x11, 0x46, 0xd6, 0xdb, 0x9e, 0x5f, 0x13, - 0xff, 0xb3, 0xc7, 0x14, 0x55, 0x03, 0x86, 0x53, 0x98, 0xd4, 0xa8, 0x5a, 0xf7, 0x02, 0x27, 0xda, - 0x59, 0xd1, 0xe2, 0x5f, 0x49, 0x84, 0xaa, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x92, 0xd9, 0x05, 0x91, - 0x4b, 0xd3, 0xc7, 0xc8, 0xde, 0x80, 0x92, 0xab, 0x1c, 0xa9, 0x87, 0x2a, 0x37, 0xa6, 0xd2, 0x98, - 0xd9, 0x61, 0x3a, 0xa7, 0x66, 0xff, 0x8b, 0x02, 0x8c, 0xa6, 0x0a, 0x49, 0x20, 0x1f, 0xca, 0xc4, - 0x67, 0x47, 0x79, 0x72, 0x8a, 0x1d, 0xb5, 0xba, 0x9c, 0x5a, 0x16, 0x97, 0x04, 0x5d, 0xac, 0x38, - 0x3c, 0x1a, 0xfe, 0xaa, 0x8b, 0x30, 0x22, 0x3b, 0xf4, 0x49, 0xa7, 0xe9, 0x8b, 0x55, 0xa8, 0x26, - 0xc0, 0x25, 0x03, 0x86, 0x53, 0x98, 0xf6, 0x1f, 0x14, 0x61, 0x82, 0x9f, 0x7d, 0xd6, 0x54, 0x48, - 0xc9, 0x92, 0xd4, 0xb2, 0xfe, 0x9a, 0x2e, 0xf7, 0xc2, 0x07, 0x72, 0xfd, 0xa8, 0x95, 0x55, 0xbb, - 0x33, 0xea, 0x2b, 0xd8, 0xe1, 0x57, 0x33, 0xc1, 0x0e, 0x7c, 0xb3, 0x6d, 0x1c, 0x53, 0x8f, 0xbe, - 0xbf, 0xa2, 0x1f, 0xfe, 0x5e, 0x01, 0x4e, 0x64, 0xca, 0xd6, 0xa2, 0xb7, 0xd3, 0x85, 0xe9, 0xac, - 0x3c, 0x4e, 0xc8, 0xee, 0x5b, 0x3c, 0xf5, 0x60, 0xe5, 0xe9, 0x1e, 0xd2, 0x52, 0xb1, 0xff, 0xb0, - 0x00, 0x63, 0xe9, 0x7a, 0xbb, 0x8f, 0xe0, 0x48, 0x7d, 0x04, 0x2a, 0xac, 0x8a, 0x25, 0xbb, 0x23, - 0x88, 0x1f, 0xc4, 0xf1, 0x62, 0x8b, 0xb2, 0x11, 0x6b, 0xf8, 0x23, 0x51, 0xf5, 0xcf, 0xfe, 0xfb, - 0x16, 0x9c, 0xe1, 0x6f, 0x99, 0x9d, 0x87, 0x7f, 0xbd, 0xdb, 0xe8, 0xbe, 0x91, 0x6f, 0x07, 0x33, - 0x65, 0x8a, 0xf6, 0x1b, 0x5f, 0x76, 0x37, 0x89, 0xe8, 0x6d, 0x7a, 0x2a, 0x3c, 0x82, 0x9d, 0x3d, - 0xd0, 0x64, 0xb0, 0xff, 0xb0, 0x08, 0xfa, 0x3a, 0x16, 0xe4, 0x89, 0x2c, 0x9d, 0x5c, 0xca, 0x35, - 0xad, 0xee, 0x04, 0xae, 0xbe, 0xf8, 0xa5, 0x9c, 0x49, 0xd2, 0xf9, 0x45, 0x0b, 0x86, 0xbd, 0xc0, - 0x4b, 0x3c, 0x87, 0x29, 0xcf, 0xf9, 0x5c, 0x27, 0xa1, 0xd8, 0x2d, 0x70, 0xca, 0x61, 0x64, 0x9e, - 0xde, 0x2a, 0x66, 0xd8, 0xe4, 0x8c, 0x3e, 0x2d, 0xe2, 0x11, 0x8b, 0xb9, 0xe5, 0x97, 0x95, 0x33, - 0x41, 0x88, 0x2d, 0x28, 0x45, 0x24, 0x89, 0x72, 0x4a, 0xcb, 0xc4, 0x94, 0x94, 0xaa, 0xce, 0xa7, - 0x2f, 0xc6, 0xa3, 0xcd, 0x98, 0x33, 0xb2, 0x63, 0x40, 0x9d, 0x63, 0x71, 0xc0, 0x58, 0xaf, 0x69, - 0xa8, 0x38, 0xed, 0x24, 0x6c, 0xd2, 0x61, 0x12, 0x07, 0xcc, 0x3a, 0x9a, 0x4d, 0x02, 0xb0, 0xc6, - 0xb1, 0xdf, 0x2e, 0x41, 0x26, 0x6d, 0x06, 0x6d, 0x9b, 0x57, 0x09, 0x59, 0xf9, 0x5e, 0x25, 0xa4, - 0x3a, 0xd3, 0xed, 0x3a, 0x21, 0xd4, 0x80, 0x52, 0x6b, 0xc3, 0x89, 0xa5, 0x6e, 0xfc, 0xaa, 0x1c, - 0xa6, 0x15, 0xda, 0x78, 0x6f, 0x77, 0xf2, 0x27, 0xfa, 0x3b, 0x6b, 0xa1, 0x73, 0x75, 0x9a, 0x67, - 0xa1, 0x6b, 0xd6, 0x8c, 0x06, 0xe6, 0xf4, 0x0f, 0x72, 0xa1, 0xc6, 0xe7, 0x45, 0xa9, 0x53, 0x4c, - 0xe2, 0xb6, 0x9f, 0x88, 0xd9, 0xf0, 0x6a, 0x8e, 0xab, 0x8c, 0x13, 0xd6, 0x09, 0x9f, 0xfc, 0x3f, - 0x36, 0x98, 0xa2, 0xd7, 0xa1, 0x12, 0x27, 0x4e, 0x94, 0x1c, 0x32, 0x45, 0x4b, 0x0d, 0xfa, 0xaa, - 0x24, 0x82, 0x35, 0x3d, 0xf4, 0x1a, 0xab, 0x5e, 0xe7, 0xc5, 0x1b, 0x87, 0x0c, 0x23, 0x96, 0x95, - 0xee, 0x04, 0x05, 0x6c, 0x50, 0xa3, 0xa6, 0x07, 0x9b, 0xdb, 0x3c, 0x76, 0xa6, 0xcc, 0x6c, 0x4b, - 0x25, 0x0a, 0xb1, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x11, 0x48, 0x67, 0x2c, 0xa3, 0x49, 0x99, 0x20, - 0xcd, 0xcf, 0x9e, 0x58, 0x38, 0x70, 0x2a, 0x97, 0xf9, 0x77, 0x2c, 0x30, 0xd3, 0xaa, 0xd1, 0x1d, - 0x9e, 0xbf, 0x6d, 0xe5, 0xe1, 0x2f, 0x30, 0xe8, 0x4e, 0x2d, 0x39, 0xad, 0x8c, 0xe3, 0x4a, 0x26, - 0x71, 0x9f, 0xfd, 0x18, 0x94, 0x25, 0xf4, 0x40, 0x4a, 0xdd, 0x67, 0xe1, 0x54, 0xf6, 0xa2, 0x45, - 0x71, 0xd6, 0xdc, 0x88, 0xc2, 0x76, 0x2b, 0x6b, 0x48, 0xb2, 0x8b, 0xf8, 0x30, 0x87, 0x51, 0x73, - 0x6c, 0xd3, 0x0b, 0x6a, 0x59, 0x43, 0xf2, 0x9a, 0x17, 0xd4, 0x30, 0x83, 0xf4, 0x71, 0xa1, 0xd4, - 0x3f, 0xb7, 0xe0, 0xfc, 0x7e, 0xf7, 0x41, 0xa2, 0x27, 0x61, 0xe0, 0xae, 0x13, 0xc9, 0xd2, 0x9f, - 0x4c, 0x50, 0xde, 0x72, 0xa2, 0x00, 0xb3, 0x56, 0xb4, 0x03, 0x83, 0x3c, 0xff, 0x57, 0x68, 0xeb, - 0xaf, 0xe6, 0x7b, 0x3b, 0xe5, 0x35, 0x62, 0x98, 0x0b, 0x3c, 0xf7, 0x18, 0x0b, 0x86, 0xf6, 0x77, - 0x2d, 0x40, 0xcb, 0x5b, 0x24, 0x8a, 0xbc, 0x9a, 0x91, 0xb1, 0x8c, 0x5e, 0x84, 0x91, 0xdb, 0xab, - 0xcb, 0xd7, 0x57, 0x42, 0x2f, 0x60, 0x15, 0x0c, 0x8c, 0x24, 0xad, 0xab, 0x46, 0x3b, 0x4e, 0x61, - 0xa1, 0x59, 0x18, 0xbf, 0x7d, 0x87, 0x1a, 0xbf, 0x66, 0x3d, 0xef, 0x82, 0x3e, 0xee, 0xbc, 0xfa, - 0x6a, 0x06, 0x88, 0x3b, 0xf1, 0xd1, 0x32, 0x9c, 0x69, 0x72, 0x73, 0x83, 0x97, 0xe1, 0xe5, 0xb6, - 0x87, 0xca, 0xd1, 0x78, 0x62, 0x6f, 0x77, 0xf2, 0xcc, 0x52, 0x37, 0x04, 0xdc, 0xfd, 0x39, 0xfb, - 0xdd, 0x02, 0x0c, 0x1b, 0x77, 0xaa, 0xf6, 0x61, 0x83, 0x67, 0xb2, 0x4e, 0x0a, 0x7d, 0x66, 0x9d, - 0x3c, 0x0b, 0xe5, 0x56, 0xe8, 0x7b, 0xae, 0xa7, 0x6a, 0xd2, 0xb0, 0xd2, 0x89, 0x2b, 0xa2, 0x0d, - 0x2b, 0x28, 0xba, 0x0b, 0x15, 0x75, 0xcf, 0xa0, 0x48, 0x9c, 0xcd, 0xeb, 0x7c, 0x47, 0x49, 0x2a, - 0x7d, 0x7f, 0xa0, 0xe6, 0x85, 0x6c, 0x18, 0x64, 0x33, 0x5f, 0x86, 0xd0, 0xb1, 0x14, 0x24, 0xb6, - 0x24, 0x62, 0x2c, 0x20, 0xf6, 0x17, 0x86, 0xe0, 0x74, 0xb7, 0x72, 0x7f, 0xe8, 0x33, 0x30, 0xc8, - 0xfb, 0x98, 0x4f, 0x45, 0xd9, 0x6e, 0x3c, 0xe6, 0x19, 0x41, 0xd1, 0x2d, 0xf6, 0x1b, 0x0b, 0x9e, - 0x82, 0xbb, 0xef, 0xac, 0x0b, 0x9d, 0xe9, 0x78, 0xb8, 0x2f, 0x3a, 0x9a, 0xfb, 0xa2, 0xc3, 0xb9, - 0xfb, 0xce, 0x3a, 0xda, 0x86, 0x52, 0xc3, 0x4b, 0x88, 0x23, 0x2c, 0x87, 0x5b, 0xc7, 0xc2, 0x9c, - 0x38, 0x5c, 0x34, 0xb3, 0x9f, 0x98, 0x33, 0x44, 0xdf, 0xb4, 0xe0, 0xc4, 0x7a, 0x3a, 0xa3, 0x4b, - 0x6c, 0xa1, 0xce, 0x31, 0x94, 0x74, 0x4c, 0x33, 0xe2, 0x85, 0xb2, 0x33, 0x8d, 0x38, 0xdb, 0x1d, - 0xf4, 0x73, 0x16, 0x0c, 0xd5, 0x3d, 0xdf, 0xa8, 0x57, 0x76, 0x0c, 0x1f, 0xe7, 0x32, 0x63, 0xa0, - 0xd5, 0x0c, 0xfe, 0x3f, 0xc6, 0x92, 0x73, 0x2f, 0xf7, 0xf1, 0xe0, 0x51, 0xdd, 0xc7, 0x43, 0x0f, - 0xc9, 0x56, 0xfc, 0xa5, 0x02, 0x3c, 0xdd, 0xc7, 0x37, 0x32, 0x93, 0x70, 0xac, 0x7d, 0x92, 0x70, - 0xce, 0xc3, 0x40, 0x44, 0x5a, 0x61, 0x76, 0xbf, 0x63, 0x91, 0x6a, 0x0c, 0x82, 0x9e, 0x82, 0xa2, - 0xd3, 0xf2, 0xc4, 0x76, 0xa7, 0x36, 0xe9, 0x99, 0x95, 0x05, 0x4c, 0xdb, 0xe9, 0x97, 0xae, 0xac, - 0xcb, 0x3c, 0xc3, 0x7c, 0x8a, 0xd6, 0xf7, 0x4a, 0x5b, 0xe4, 0xd6, 0x9b, 0x82, 0x62, 0xcd, 0xd7, - 0xfe, 0x1b, 0x16, 0x9c, 0xed, 0x3d, 0x45, 0xd0, 0x0b, 0x30, 0xbc, 0x1e, 0x39, 0x81, 0xbb, 0xc1, - 0x6e, 0x78, 0x90, 0x83, 0xc2, 0x72, 0x2f, 0x74, 0x33, 0x36, 0x71, 0xe8, 0xce, 0xc5, 0x4b, 0x83, - 0x1a, 0x18, 0x32, 0xd4, 0x9a, 0xee, 0x5c, 0x6b, 0x59, 0x20, 0xee, 0xc4, 0xb7, 0xff, 0xa0, 0xd0, - 0xbd, 0x5b, 0x5c, 0x94, 0x1c, 0xe4, 0x3b, 0x89, 0xaf, 0x50, 0xe8, 0xf1, 0x15, 0xee, 0x40, 0x39, - 0x61, 0xf9, 0x23, 0xa4, 0x2e, 0xe4, 0x51, 0x6e, 0xf9, 0x99, 0x6c, 0xc7, 0x5a, 0x13, 0xc4, 0xb1, - 0x62, 0x43, 0x37, 0x0e, 0x5f, 0x17, 0x4c, 0x13, 0x1b, 0x47, 0xe6, 0xe8, 0x71, 0x0e, 0x4e, 0x1a, - 0xf5, 0x5f, 0x79, 0xf8, 0x3c, 0xf7, 0xa0, 0xab, 0x9c, 0xb2, 0x95, 0x0c, 0x1c, 0x77, 0x3c, 0x61, - 0xff, 0x5a, 0x01, 0x9e, 0xe8, 0x29, 0x1f, 0xb5, 0x9b, 0xdf, 0xba, 0x8f, 0x9b, 0xff, 0xc8, 0xd3, - 0xdc, 0x1c, 0xe0, 0x81, 0x07, 0x33, 0xc0, 0xcf, 0x41, 0xd9, 0x0b, 0x62, 0xe2, 0xb6, 0x23, 0x3e, - 0x68, 0x46, 0x30, 0xe9, 0x82, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0xa3, 0xde, 0x53, 0x8d, 0xee, 0x95, - 0x3f, 0xb0, 0xa3, 0xf4, 0x32, 0x8c, 0x3a, 0xad, 0x16, 0xc7, 0x63, 0x2e, 0xd5, 0x4c, 0x96, 0xe8, - 0x8c, 0x09, 0xc4, 0x69, 0x5c, 0x63, 0x0e, 0x0f, 0xf6, 0x9a, 0xc3, 0xf6, 0x9f, 0x5a, 0x50, 0xc1, - 0xa4, 0xce, 0xd7, 0x3b, 0xba, 0x2d, 0x86, 0xc8, 0xca, 0xa3, 0x7c, 0x0b, 0x1d, 0xd8, 0xd8, 0x63, - 0x65, 0x4d, 0xba, 0x0d, 0x76, 0x67, 0x2d, 0xe3, 0xc2, 0x81, 0x6a, 0x19, 0xab, 0x6a, 0xb6, 0xc5, - 0xde, 0xd5, 0x6c, 0xed, 0x77, 0x87, 0xe8, 0xeb, 0xb5, 0xc2, 0xd9, 0x88, 0xd4, 0x62, 0xfa, 0x7d, - 0xdb, 0x91, 0x9f, 0xbd, 0x0a, 0xf6, 0x06, 0x5e, 0xc4, 0xb4, 0x3d, 0x75, 0x6e, 0x52, 0x38, 0x50, - 0x8e, 0x5c, 0x71, 0xdf, 0x1c, 0xb9, 0x97, 0x61, 0x34, 0x8e, 0x37, 0x56, 0x22, 0x6f, 0xcb, 0x49, - 0xa8, 0x81, 0x22, 0x22, 0x72, 0x74, 0x5e, 0xcb, 0xea, 0x15, 0x0d, 0xc4, 0x69, 0x5c, 0x34, 0x0f, - 0xe3, 0x3a, 0x53, 0x8d, 0x44, 0x09, 0x0b, 0xc0, 0xe1, 0x33, 0x41, 0xa5, 0x95, 0xe8, 0xdc, 0x36, - 0x81, 0x80, 0x3b, 0x9f, 0xa1, 0x12, 0x2b, 0xd5, 0x48, 0x3b, 0x32, 0x98, 0x96, 0x58, 0x29, 0x3a, - 0xb4, 0x2f, 0x1d, 0x4f, 0xa0, 0x25, 0x38, 0xc5, 0x27, 0x06, 0xbb, 0x7b, 0x5c, 0xbd, 0xd1, 0x50, - 0xba, 0x6c, 0xc6, 0x7c, 0x27, 0x0a, 0xee, 0xf6, 0x1c, 0xb5, 0x3e, 0x54, 0xf3, 0xc2, 0x9c, 0x30, - 0xf9, 0x95, 0xf5, 0xa1, 0xc8, 0x2c, 0xd4, 0xb0, 0x89, 0x87, 0x3e, 0x09, 0x8f, 0xeb, 0xbf, 0x3c, - 0x4a, 0x93, 0x9f, 0x83, 0xcd, 0x89, 0x24, 0x60, 0x55, 0x3b, 0x75, 0xbe, 0x2b, 0x5a, 0x0d, 0xf7, - 0x7a, 0x1e, 0xad, 0xc3, 0x59, 0x05, 0xba, 0x44, 0x4d, 0xbd, 0x56, 0xe4, 0xc5, 0xa4, 0xea, 0xc4, - 0xe4, 0x46, 0xe4, 0xb3, 0xb4, 0xe1, 0x8a, 0xbe, 0x04, 0x62, 0xde, 0x4b, 0xae, 0x74, 0xc3, 0xc4, - 0x8b, 0xf8, 0x3e, 0x54, 0xd0, 0x34, 0x54, 0x48, 0xe0, 0xac, 0xfb, 0x64, 0x79, 0x76, 0x81, 0x25, - 0x13, 0x1b, 0xc7, 0x6e, 0x97, 0x24, 0x00, 0x6b, 0x1c, 0xe5, 0x04, 0x1e, 0xe9, 0x79, 0x69, 0xc8, - 0x0a, 0x9c, 0x6e, 0xb8, 0x2d, 0xaa, 0x4d, 0x78, 0x2e, 0x99, 0x71, 0x99, 0x23, 0x94, 0x7e, 0x18, - 0x5e, 0xcf, 0x44, 0x45, 0x38, 0xcc, 0xcf, 0xae, 0x74, 0xe0, 0xe0, 0xae, 0x4f, 0xd2, 0x35, 0xd6, - 0x8a, 0xc2, 0xed, 0x9d, 0x89, 0x53, 0xe9, 0x35, 0xb6, 0x42, 0x1b, 0x31, 0x87, 0xa1, 0xab, 0x80, - 0x58, 0xb8, 0xcc, 0x95, 0x24, 0x69, 0x29, 0xf5, 0x65, 0xe2, 0x34, 0x7b, 0xa5, 0xb3, 0xe2, 0x09, - 0x74, 0xb9, 0x03, 0x03, 0x77, 0x79, 0xca, 0xfe, 0x13, 0x0b, 0x46, 0xd5, 0x7a, 0x7d, 0x00, 0x01, - 0x63, 0x7e, 0x3a, 0x60, 0x6c, 0xfe, 0xe8, 0x12, 0x8f, 0xf5, 0xbc, 0x47, 0xd4, 0xc1, 0x17, 0x86, - 0x01, 0xb4, 0x54, 0x54, 0x1b, 0x92, 0xd5, 0x73, 0x43, 0x7a, 0x64, 0x25, 0x52, 0xb7, 0xcc, 0xc1, - 0xd2, 0xc3, 0xcd, 0x1c, 0x5c, 0x85, 0x33, 0x52, 0x5d, 0xe0, 0x07, 0x3b, 0x57, 0xc2, 0x58, 0x09, - 0xb8, 0x72, 0xf5, 0x29, 0x41, 0xe8, 0xcc, 0x42, 0x37, 0x24, 0xdc, 0xfd, 0xd9, 0x94, 0x96, 0x32, - 0xb4, 0x9f, 0x96, 0xa2, 0xd7, 0xf4, 0x62, 0x5d, 0x56, 0x62, 0xcd, 0xac, 0xe9, 0xc5, 0xcb, 0xab, - 0x58, 0xe3, 0x74, 0x17, 0xec, 0x95, 0x9c, 0x04, 0x3b, 0x1c, 0x58, 0xb0, 0x4b, 0x11, 0x33, 0xdc, - 0x53, 0xc4, 0xc8, 0xb3, 0xa4, 0x91, 0x9e, 0x67, 0x49, 0xaf, 0xc0, 0x98, 0x17, 0x6c, 0x90, 0xc8, - 0x4b, 0x48, 0x8d, 0xad, 0x05, 0x26, 0x7e, 0xca, 0x7a, 0x5b, 0x5f, 0x48, 0x41, 0x71, 0x06, 0x3b, - 0x2d, 0x17, 0xc7, 0xfa, 0x90, 0x8b, 0x3d, 0x76, 0xa3, 0x13, 0xf9, 0xec, 0x46, 0x27, 0x8f, 0xbe, - 0x1b, 0x8d, 0x1f, 0xeb, 0x6e, 0x84, 0x72, 0xd9, 0x8d, 0xfa, 0x12, 0xf4, 0x86, 0x41, 0x77, 0x7a, - 0x1f, 0x83, 0xae, 0xd7, 0x56, 0x74, 0xe6, 0xd0, 0x5b, 0x51, 0xf7, 0x5d, 0xe6, 0xb1, 0x43, 0xed, - 0x32, 0x5f, 0x2c, 0xc0, 0x19, 0x2d, 0x87, 0xe9, 0xec, 0xf7, 0xea, 0x54, 0x12, 0xb1, 0x62, 0xde, - 0x3c, 0xf6, 0xc7, 0x88, 0x5f, 0xd4, 0xa1, 0x90, 0x0a, 0x82, 0x0d, 0x2c, 0x16, 0x06, 0x48, 0x22, - 0x56, 0xb5, 0x29, 0x2b, 0xa4, 0x67, 0x45, 0x3b, 0x56, 0x18, 0x74, 0x7e, 0xd1, 0xdf, 0x22, 0xb4, - 0x3a, 0x5b, 0x2c, 0x61, 0x56, 0x83, 0xb0, 0x89, 0x87, 0x9e, 0xe5, 0x4c, 0x98, 0x80, 0xa0, 0x82, - 0x7a, 0x44, 0x5c, 0x53, 0x23, 0x65, 0x82, 0x82, 0xca, 0xee, 0xb0, 0x78, 0xcf, 0x52, 0x67, 0x77, - 0x98, 0xbf, 0x52, 0x61, 0xd8, 0xff, 0xdb, 0x82, 0x27, 0xba, 0x0e, 0xc5, 0x03, 0xd8, 0x7c, 0xb7, - 0xd3, 0x9b, 0xef, 0x6a, 0x5e, 0xe6, 0x86, 0xf1, 0x16, 0x3d, 0x36, 0xe2, 0xff, 0x60, 0xc1, 0x98, - 0xc6, 0x7f, 0x00, 0xaf, 0xea, 0xa5, 0x5f, 0x35, 0x3f, 0xcb, 0xaa, 0xd2, 0xf1, 0x6e, 0x7f, 0xc2, - 0xde, 0x8d, 0x7b, 0x42, 0x66, 0x5c, 0x59, 0x1e, 0x6a, 0x1f, 0x0f, 0xc0, 0x0e, 0x0c, 0xb2, 0xca, - 0xc9, 0x71, 0x3e, 0x1e, 0x99, 0x34, 0x7f, 0x16, 0xc8, 0xad, 0x3d, 0x32, 0xec, 0x6f, 0x8c, 0x05, - 0x43, 0x56, 0x53, 0xcc, 0x8b, 0xa9, 0x34, 0xaf, 0x89, 0xc8, 0x49, 0x5d, 0x53, 0x4c, 0xb4, 0x63, - 0x85, 0x61, 0x37, 0x61, 0x22, 0x4d, 0x7c, 0x8e, 0xd4, 0x99, 0x97, 0xbf, 0xaf, 0xd7, 0x9c, 0x86, - 0x8a, 0xc3, 0x9e, 0x5a, 0x6c, 0x3b, 0xd9, 0x9b, 0xcd, 0x66, 0x24, 0x00, 0x6b, 0x1c, 0xfb, 0xb7, - 0x2c, 0x38, 0xd5, 0xe5, 0x65, 0x72, 0x8c, 0x18, 0x4d, 0xb4, 0x14, 0xe8, 0xb6, 0xe1, 0x7e, 0x18, - 0x86, 0x6a, 0xa4, 0xee, 0x48, 0x3f, 0xb2, 0x21, 0x73, 0xe7, 0x78, 0x33, 0x96, 0x70, 0xfb, 0x7f, - 0x58, 0x70, 0x22, 0xdd, 0xd7, 0x98, 0x4a, 0x4d, 0xfe, 0x32, 0x73, 0x5e, 0xec, 0x86, 0x5b, 0x24, - 0xda, 0xa1, 0x6f, 0xce, 0x7b, 0xad, 0xa4, 0xe6, 0x4c, 0x07, 0x06, 0xee, 0xf2, 0x14, 0x2b, 0x2b, - 0x54, 0x53, 0xa3, 0x2d, 0x67, 0xca, 0xcd, 0x3c, 0x67, 0x8a, 0xfe, 0x98, 0xa6, 0xfb, 0x49, 0xb1, - 0xc4, 0x26, 0x7f, 0xfb, 0xbb, 0x03, 0xa0, 0x42, 0xca, 0x99, 0x13, 0x2f, 0x27, 0x17, 0x68, 0xaa, - 0x08, 0x7e, 0xb1, 0x8f, 0x22, 0xf8, 0x72, 0x32, 0x0c, 0xdc, 0xcf, 0xc1, 0xc6, 0x4f, 0x2f, 0xcc, - 0x43, 0x42, 0xf5, 0x86, 0x6b, 0x1a, 0x84, 0x4d, 0x3c, 0xda, 0x13, 0xdf, 0xdb, 0x22, 0xfc, 0xa1, - 0xc1, 0x74, 0x4f, 0x16, 0x25, 0x00, 0x6b, 0x1c, 0xda, 0x93, 0x9a, 0x57, 0xaf, 0x0b, 0x53, 0x5c, - 0xf5, 0x84, 0x8e, 0x0e, 0x66, 0x10, 0x5e, 0x29, 0x2e, 0xdc, 0x14, 0xda, 0xa9, 0x51, 0x29, 0x2e, - 0xdc, 0xc4, 0x0c, 0x42, 0xf5, 0xa9, 0x20, 0x8c, 0x9a, 0xec, 0xe6, 0xb9, 0x9a, 0xe2, 0x22, 0xb4, - 0x52, 0xa5, 0x4f, 0x5d, 0xef, 0x44, 0xc1, 0xdd, 0x9e, 0xa3, 0x33, 0xb0, 0x15, 0x91, 0x9a, 0xe7, - 0x26, 0x26, 0x35, 0x48, 0xcf, 0xc0, 0x95, 0x0e, 0x0c, 0xdc, 0xe5, 0x29, 0x34, 0x03, 0x27, 0x64, - 0x4a, 0x80, 0x4c, 0xf8, 0x1c, 0x4e, 0x27, 0x98, 0xe1, 0x34, 0x18, 0x67, 0xf1, 0xa9, 0xb4, 0x69, - 0x8a, 0x5c, 0x6f, 0xa6, 0xc4, 0x1a, 0xd2, 0x46, 0xe6, 0x80, 0x63, 0x85, 0x61, 0x7f, 0xbe, 0x48, - 0x77, 0xc7, 0x1e, 0xf5, 0xad, 0x1f, 0x98, 0xcb, 0x3d, 0x3d, 0x23, 0x07, 0xfa, 0x98, 0x91, 0x2f, - 0xc2, 0xc8, 0xed, 0x38, 0x0c, 0x94, 0x3b, 0xbb, 0xd4, 0xd3, 0x9d, 0x6d, 0x60, 0x75, 0x77, 0x67, - 0x0f, 0xe6, 0xe5, 0xce, 0x1e, 0x3a, 0xa4, 0x3b, 0xfb, 0x5b, 0x25, 0x50, 0x15, 0x62, 0xaf, 0x93, - 0xe4, 0x6e, 0x18, 0x6d, 0x7a, 0x41, 0x83, 0xa5, 0x52, 0x7c, 0xd3, 0x82, 0x11, 0xbe, 0x5e, 0x16, - 0xcd, 0x70, 0xe4, 0x7a, 0x4e, 0xa5, 0x47, 0x53, 0xcc, 0xa6, 0xd6, 0x0c, 0x46, 0x99, 0x8b, 0x4d, - 0x4c, 0x10, 0x4e, 0xf5, 0x08, 0xfd, 0x34, 0x80, 0x3c, 0xb7, 0xac, 0x4b, 0x91, 0xb9, 0x90, 0x4f, - 0xff, 0x30, 0xa9, 0x6b, 0xdd, 0x74, 0x4d, 0x31, 0xc1, 0x06, 0x43, 0xf4, 0xc5, 0xec, 0xcd, 0x9c, - 0x9f, 0x3e, 0x96, 0xb1, 0xe9, 0x27, 0x50, 0x1b, 0xc3, 0x90, 0x17, 0x34, 0xe8, 0x3c, 0x11, 0x11, - 0x00, 0x1f, 0xea, 0x96, 0x86, 0xb4, 0x18, 0x3a, 0xb5, 0xaa, 0xe3, 0x3b, 0x81, 0x4b, 0xa2, 0x05, - 0x8e, 0x6e, 0xde, 0xb4, 0xc5, 0x1a, 0xb0, 0x24, 0xd4, 0x51, 0x5b, 0xb7, 0xd4, 0x4f, 0x6d, 0xdd, - 0xb3, 0x1f, 0x87, 0xf1, 0x8e, 0x8f, 0x79, 0xa0, 0xb8, 0xec, 0xc3, 0x87, 0x74, 0xdb, 0xff, 0x72, - 0x50, 0x6f, 0x5a, 0xd7, 0xc3, 0x1a, 0xaf, 0xf0, 0x1a, 0xe9, 0x2f, 0x2a, 0x74, 0xcf, 0x1c, 0xa7, - 0x88, 0x71, 0x5b, 0x97, 0x6a, 0xc4, 0x26, 0x4b, 0x3a, 0x47, 0x5b, 0x4e, 0x44, 0x82, 0xe3, 0x9e, - 0xa3, 0x2b, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0x8d, 0x54, 0x60, 0xe6, 0xe5, 0xa3, 0x07, 0x66, 0xb2, - 0x04, 0xed, 0x6e, 0x55, 0x22, 0xbf, 0x66, 0xc1, 0x58, 0x90, 0x9a, 0xb9, 0xc2, 0x8f, 0xb3, 0x76, - 0x1c, 0xab, 0x82, 0x17, 0x18, 0x4f, 0xb7, 0xe1, 0x0c, 0xff, 0x6e, 0x5b, 0x5a, 0xe9, 0x80, 0x5b, - 0x9a, 0x2e, 0x15, 0x3d, 0xd8, 0xab, 0x54, 0x34, 0x0a, 0x54, 0xad, 0xfc, 0xa1, 0xdc, 0x6b, 0xe5, - 0x43, 0x97, 0x3a, 0xf9, 0xb7, 0xa0, 0xe2, 0x46, 0xc4, 0x49, 0x0e, 0x59, 0x36, 0x9d, 0xb9, 0xc2, - 0x67, 0x25, 0x01, 0xac, 0x69, 0xd9, 0xff, 0xbe, 0x08, 0x27, 0xe5, 0x88, 0xc8, 0x38, 0x2e, 0xba, - 0x3f, 0x72, 0xbe, 0x5a, 0xb9, 0x55, 0xfb, 0xe3, 0x15, 0x09, 0xc0, 0x1a, 0x87, 0xea, 0x63, 0xed, - 0x98, 0x2c, 0xb7, 0x48, 0xb0, 0xe8, 0xad, 0xc7, 0xc2, 0xff, 0xa8, 0x16, 0xca, 0x0d, 0x0d, 0xc2, - 0x26, 0x1e, 0x55, 0xc6, 0xb9, 0x5e, 0x1c, 0x67, 0x63, 0x40, 0x85, 0xbe, 0x8d, 0x25, 0x1c, 0xfd, - 0x72, 0xd7, 0x0b, 0x37, 0xf2, 0x89, 0x7e, 0xee, 0x08, 0x5f, 0x3b, 0xe0, 0x4d, 0x1b, 0x6f, 0x5b, - 0x70, 0x62, 0x33, 0x95, 0x86, 0x26, 0x45, 0xf2, 0x11, 0x13, 0xa6, 0xd3, 0xb9, 0x6d, 0x7a, 0x0a, - 0xa7, 0xdb, 0x63, 0x9c, 0xe5, 0x6e, 0xff, 0x4f, 0x0b, 0x4c, 0xf1, 0xd4, 0x9f, 0x66, 0x65, 0xdc, - 0x19, 0x56, 0xd8, 0xe7, 0xce, 0x30, 0xa9, 0x84, 0x15, 0xfb, 0x53, 0xfa, 0x07, 0x0e, 0xa0, 0xf4, - 0x97, 0x7a, 0x6a, 0x6d, 0x4f, 0x41, 0xb1, 0xed, 0xd5, 0x84, 0xde, 0xae, 0xbd, 0x8d, 0x0b, 0x73, - 0x98, 0xb6, 0xdb, 0xff, 0xb4, 0xa4, 0xed, 0x74, 0x11, 0xb4, 0xfb, 0x03, 0xf1, 0xda, 0x75, 0x95, - 0xff, 0xce, 0xdf, 0xfc, 0x7a, 0x47, 0xfe, 0xfb, 0x8f, 0x1d, 0x3c, 0x26, 0x9b, 0x0f, 0x50, 0xaf, - 0xf4, 0xf7, 0xa1, 0x7d, 0x02, 0xb2, 0x6f, 0x43, 0x99, 0x9a, 0x36, 0xec, 0xc0, 0xad, 0x9c, 0xea, - 0x54, 0xf9, 0x8a, 0x68, 0xbf, 0xb7, 0x3b, 0xf9, 0xa3, 0x07, 0xef, 0x96, 0x7c, 0x1a, 0x2b, 0xfa, - 0x28, 0x86, 0x0a, 0xfd, 0xcd, 0x62, 0xc7, 0x85, 0xd1, 0x74, 0x43, 0xc9, 0x22, 0x09, 0xc8, 0x25, - 0x30, 0x5d, 0xf3, 0x41, 0x01, 0x54, 0xd8, 0x65, 0x3f, 0x8c, 0x29, 0xb7, 0xad, 0x56, 0x54, 0x04, - 0xb7, 0x04, 0xdc, 0xdb, 0x9d, 0x7c, 0xf9, 0xe0, 0x4c, 0xd5, 0xe3, 0x58, 0xb3, 0xb0, 0xdf, 0x19, - 0xd0, 0x73, 0x57, 0x94, 0x3d, 0xf8, 0x81, 0x98, 0xbb, 0x17, 0x33, 0x73, 0xf7, 0x7c, 0xc7, 0xdc, - 0x1d, 0xd3, 0x97, 0xd2, 0xa4, 0x66, 0xe3, 0x83, 0xde, 0x60, 0xf7, 0xb7, 0xe3, 0x99, 0x66, 0x71, - 0xa7, 0xed, 0x45, 0x24, 0x5e, 0x89, 0xda, 0x81, 0x17, 0x34, 0xc4, 0x3d, 0xa0, 0x86, 0x66, 0x91, - 0x02, 0xe3, 0x2c, 0x3e, 0xbb, 0x43, 0x74, 0x27, 0x70, 0x6f, 0x39, 0x5b, 0x7c, 0x56, 0x19, 0x99, - 0xe0, 0xab, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x5d, 0xe6, 0xbb, 0x35, 0x92, 0x56, 0xe8, 0x9c, 0xf0, - 0xd9, 0xed, 0x4a, 0x3c, 0x8d, 0x5c, 0xcd, 0x09, 0x7e, 0xa5, 0x12, 0x87, 0xa1, 0xbb, 0x30, 0xb4, - 0xce, 0xaf, 0x17, 0xc8, 0xa7, 0x64, 0x9e, 0xb8, 0xab, 0x80, 0x55, 0xb5, 0x95, 0x17, 0x17, 0xdc, - 0xd3, 0x3f, 0xb1, 0xe4, 0x66, 0xbf, 0x37, 0x00, 0x27, 0x32, 0xf7, 0xef, 0xa4, 0x0a, 0xf8, 0x14, - 0xf6, 0x2d, 0xe0, 0xf3, 0x29, 0x80, 0x1a, 0x69, 0xf9, 0xe1, 0x0e, 0x53, 0x73, 0x06, 0x0e, 0xac, - 0xe6, 0x28, 0xcd, 0x78, 0x4e, 0x51, 0xc1, 0x06, 0x45, 0x91, 0x3b, 0xcf, 0xeb, 0x01, 0x65, 0x72, - 0xe7, 0x8d, 0xaa, 0x95, 0x83, 0x0f, 0xb6, 0x6a, 0xa5, 0x07, 0x27, 0x78, 0x17, 0x55, 0x6a, 0xc8, - 0x21, 0x32, 0x40, 0x58, 0x9c, 0xed, 0x5c, 0x9a, 0x0c, 0xce, 0xd2, 0x7d, 0x98, 0xd7, 0x6b, 0xa1, - 0x8f, 0x40, 0x45, 0x7e, 0xe7, 0x78, 0xa2, 0xa2, 0xd3, 0xeb, 0xe4, 0x34, 0x60, 0xd7, 0x5e, 0x89, - 0x9f, 0xf6, 0x57, 0x0b, 0x54, 0x2b, 0xe5, 0xff, 0x54, 0x9a, 0xf4, 0x33, 0x30, 0xe8, 0xb4, 0x93, - 0x8d, 0xb0, 0xe3, 0xce, 0x84, 0x19, 0xd6, 0x8a, 0x05, 0x14, 0x2d, 0xc2, 0x40, 0x4d, 0xa7, 0xbe, - 0x1e, 0x64, 0x14, 0xf5, 0x01, 0x9f, 0x93, 0x10, 0xcc, 0xa8, 0xa0, 0x27, 0x61, 0x20, 0x71, 0x1a, - 0xa9, 0xbb, 0x6c, 0xd7, 0x9c, 0x46, 0x8c, 0x59, 0xab, 0xb9, 0x69, 0x0e, 0xec, 0xb3, 0x69, 0xbe, - 0x0c, 0xa3, 0xb1, 0xd7, 0x08, 0x9c, 0xa4, 0x1d, 0x11, 0xc3, 0x99, 0xa4, 0xe3, 0x03, 0x4c, 0x20, - 0x4e, 0xe3, 0xda, 0xbf, 0x3b, 0x02, 0xa7, 0x57, 0x67, 0x97, 0x64, 0x19, 0xb7, 0x63, 0x8b, 0xa9, - 0xef, 0xc6, 0xe3, 0xc1, 0xc5, 0xd4, 0xf7, 0xe0, 0xee, 0x1b, 0x31, 0xf5, 0xbe, 0x11, 0x53, 0xff, - 0x45, 0x0b, 0x2a, 0x2a, 0x94, 0x5c, 0x04, 0xb2, 0xbe, 0x9e, 0x7f, 0x0f, 0x54, 0x5c, 0xb1, 0x88, - 0x28, 0x96, 0x7f, 0xb1, 0x66, 0x7e, 0x7c, 0x41, 0xf6, 0xf7, 0xed, 0xd0, 0x81, 0x82, 0xec, 0x55, - 0x06, 0x42, 0x29, 0x8f, 0x0c, 0x84, 0x1e, 0x9f, 0xaa, 0x6b, 0x06, 0xc2, 0xd7, 0x2c, 0x18, 0x76, - 0xde, 0x6a, 0x47, 0x64, 0x8e, 0x6c, 0x2d, 0xb7, 0x62, 0x21, 0x60, 0xdf, 0xc8, 0xbf, 0x03, 0x33, - 0x9a, 0x89, 0x28, 0xee, 0xac, 0x1b, 0xb0, 0xd9, 0x85, 0x54, 0xc6, 0xc1, 0x50, 0x1e, 0x19, 0x07, - 0xdd, 0xba, 0xb3, 0x6f, 0xc6, 0xc1, 0xcb, 0x30, 0xea, 0xfa, 0x61, 0x40, 0x56, 0xa2, 0x30, 0x09, - 0xdd, 0xd0, 0x17, 0xca, 0xb4, 0x12, 0x09, 0xb3, 0x26, 0x10, 0xa7, 0x71, 0x7b, 0xa5, 0x2b, 0x54, - 0x8e, 0x9a, 0xae, 0x00, 0x0f, 0xa9, 0xb8, 0xc6, 0x2f, 0xe8, 0x32, 0xa3, 0xc3, 0x79, 0xdc, 0x77, - 0xdb, 0xed, 0x8b, 0xf4, 0x53, 0xb3, 0x0e, 0x7d, 0x83, 0x5f, 0x5a, 0x40, 0xd5, 0xd1, 0xd9, 0xb0, - 0x49, 0xd5, 0xad, 0x11, 0x36, 0x24, 0x6f, 0x1e, 0xc3, 0x84, 0xbd, 0xb5, 0xaa, 0xd9, 0xa8, 0x8b, - 0x0c, 0x74, 0x13, 0x4e, 0x77, 0xe4, 0x28, 0xe5, 0xf4, 0x7e, 0xa5, 0x00, 0x3f, 0xb4, 0x6f, 0x17, - 0xd0, 0x5d, 0x80, 0xc4, 0x69, 0x88, 0x89, 0x2a, 0x8e, 0xff, 0x8f, 0x18, 0xc4, 0xb7, 0x26, 0xe9, - 0xf1, 0x34, 0x55, 0xf5, 0x97, 0x1d, 0xac, 0xcb, 0xdf, 0x2c, 0x76, 0x2f, 0xf4, 0x3b, 0x4a, 0xf2, - 0xe0, 0xd0, 0x27, 0x98, 0x41, 0xe8, 0xf6, 0x1f, 0x91, 0x86, 0xbe, 0xd4, 0x4a, 0x7d, 0x3e, 0xcc, - 0x5a, 0xb1, 0x80, 0xa2, 0x97, 0x60, 0xd8, 0xf1, 0x7d, 0x9e, 0x57, 0x41, 0x62, 0x51, 0x58, 0x59, - 0x97, 0x15, 0xd1, 0x20, 0x6c, 0xe2, 0xd9, 0x7f, 0x5e, 0x80, 0xc9, 0x7d, 0x64, 0x0a, 0xba, 0x08, - 0x23, 0x61, 0xd4, 0x70, 0x02, 0xef, 0x2d, 0x9e, 0x99, 0x5d, 0x4a, 0xd7, 0x7f, 0x59, 0x36, 0x60, - 0x38, 0x85, 0x29, 0x23, 0xe1, 0x07, 0x7b, 0x44, 0xc2, 0xbf, 0x04, 0xc3, 0x09, 0x71, 0x9a, 0x22, - 0xec, 0x47, 0xd8, 0xdf, 0xda, 0x9f, 0xa9, 0x41, 0xd8, 0xc4, 0xa3, 0x52, 0x6c, 0xcc, 0x71, 0x5d, - 0x12, 0xc7, 0x32, 0xd4, 0x5d, 0x9c, 0x0d, 0xe6, 0x16, 0x47, 0xcf, 0x8e, 0x5c, 0x67, 0x52, 0x2c, - 0x70, 0x86, 0x65, 0x76, 0xc0, 0x2b, 0x7d, 0x0e, 0xf8, 0xaf, 0x17, 0xe0, 0xa9, 0xfb, 0xee, 0x6e, - 0x7d, 0x67, 0x21, 0xb4, 0x63, 0x12, 0x65, 0x27, 0xce, 0x8d, 0x98, 0x44, 0x98, 0x41, 0xf8, 0x28, - 0xb5, 0x5a, 0xc6, 0xa5, 0x61, 0x79, 0x27, 0xbd, 0xf0, 0x51, 0x4a, 0xb1, 0xc0, 0x19, 0x96, 0x87, - 0x9d, 0x96, 0xff, 0xa0, 0x00, 0x4f, 0xf7, 0xa1, 0x03, 0xe4, 0x98, 0x1c, 0x94, 0x4e, 0xd1, 0x2a, - 0x3e, 0x9c, 0x14, 0xad, 0xc3, 0x0e, 0xd7, 0xbb, 0x05, 0x38, 0xdb, 0x7b, 0x2b, 0x46, 0x3f, 0x4e, - 0x6d, 0x78, 0x19, 0xeb, 0x63, 0x66, 0x77, 0x9d, 0xe2, 0xf6, 0x7b, 0x0a, 0x84, 0xb3, 0xb8, 0x68, - 0x0a, 0xa0, 0xe5, 0x24, 0x1b, 0xf1, 0xa5, 0x6d, 0x2f, 0x4e, 0x44, 0x62, 0xf2, 0x18, 0xf7, 0xc4, - 0xc8, 0x56, 0x6c, 0x60, 0x50, 0x76, 0xec, 0xdf, 0x5c, 0x78, 0x3d, 0x4c, 0xf8, 0x43, 0xdc, 0x8c, - 0x38, 0x25, 0x8b, 0xb7, 0x1a, 0x20, 0x9c, 0xc5, 0xa5, 0xec, 0x98, 0xaf, 0x8f, 0x77, 0x94, 0xdb, - 0x17, 0x8c, 0xdd, 0xa2, 0x6a, 0xc5, 0x06, 0x46, 0x36, 0x6f, 0xad, 0xb4, 0x7f, 0xde, 0x9a, 0xfd, - 0x4f, 0x0a, 0xf0, 0x44, 0x4f, 0x55, 0xae, 0xbf, 0x05, 0xf8, 0xe8, 0xe5, 0x9a, 0x1d, 0x6e, 0xee, - 0x1c, 0x30, 0x83, 0xea, 0x4f, 0x7b, 0xcc, 0x34, 0x91, 0x41, 0x95, 0xdd, 0x2a, 0xac, 0x83, 0x6e, - 0x15, 0x8f, 0xd0, 0x78, 0x76, 0x24, 0x4d, 0x0d, 0x1c, 0x20, 0x69, 0x2a, 0xf3, 0x31, 0x4a, 0x7d, - 0x2e, 0xe4, 0x6f, 0xf7, 0x1e, 0x5e, 0x6a, 0xfa, 0xf5, 0x75, 0x3a, 0x3a, 0x07, 0x27, 0xbd, 0x80, - 0x15, 0xf2, 0x5e, 0x6d, 0xaf, 0x8b, 0xb4, 0xf5, 0x42, 0xfa, 0x8e, 0xba, 0x85, 0x0c, 0x1c, 0x77, - 0x3c, 0xf1, 0x08, 0x26, 0xb1, 0x1d, 0x72, 0x48, 0x3f, 0x05, 0x15, 0x45, 0x9b, 0x07, 0xe6, 0xaa, - 0x0f, 0xda, 0x11, 0x98, 0xab, 0xbe, 0xa6, 0x81, 0x45, 0x47, 0x82, 0xaa, 0x9b, 0x99, 0x99, 0x79, - 0x8d, 0xec, 0x30, 0xdd, 0xd3, 0xfe, 0x28, 0x8c, 0xa8, 0x33, 0x8c, 0x7e, 0xab, 0x35, 0xdb, 0xef, - 0x0c, 0xc2, 0x68, 0xaa, 0x16, 0x4b, 0xea, 0xc8, 0xd0, 0xda, 0xf7, 0xc8, 0x90, 0x05, 0x5a, 0xb7, - 0x03, 0x59, 0xca, 0xdd, 0x08, 0xb4, 0x6e, 0x07, 0x04, 0x73, 0x18, 0x55, 0x1d, 0x6b, 0xd1, 0x0e, - 0x6e, 0x07, 0x22, 0x20, 0x52, 0xa9, 0x8e, 0x73, 0xac, 0x15, 0x0b, 0x28, 0xfa, 0x9c, 0x05, 0x23, - 0x31, 0x3b, 0x8f, 0xe6, 0x07, 0xae, 0xe2, 0x83, 0x5e, 0xcd, 0xe3, 0xda, 0x75, 0x51, 0x77, 0x88, - 0xc5, 0x52, 0x98, 0x2d, 0x38, 0xc5, 0x11, 0xfd, 0xbc, 0x65, 0x5e, 0x38, 0x3f, 0x98, 0x47, 0x20, - 0x6f, 0xb6, 0xd4, 0x0d, 0x3f, 0xa9, 0xbb, 0xff, 0xbd, 0xf3, 0xb1, 0x3a, 0x0d, 0x1d, 0x3a, 0x9e, - 0xd3, 0x50, 0xe8, 0x72, 0x12, 0xfa, 0x11, 0xa8, 0x34, 0x9d, 0xc0, 0xab, 0x93, 0x38, 0xe1, 0x07, - 0x94, 0xb2, 0x02, 0x97, 0x6c, 0xc4, 0x1a, 0x4e, 0x37, 0xbb, 0x98, 0xbd, 0x58, 0x62, 0x9c, 0x28, - 0xb2, 0xcd, 0x6e, 0x55, 0x37, 0x63, 0x13, 0xc7, 0x3c, 0xfe, 0x84, 0x87, 0x7a, 0xfc, 0x39, 0xbc, - 0xcf, 0xf1, 0xe7, 0x3f, 0xb2, 0xe0, 0x4c, 0xd7, 0xaf, 0xf6, 0xe8, 0x86, 0xc8, 0xd9, 0x5f, 0x2f, - 0xc1, 0xa9, 0x2e, 0x45, 0x95, 0xd0, 0x8e, 0x39, 0x9f, 0xad, 0x3c, 0xbc, 0xe2, 0x69, 0x27, 0xaf, - 0x1c, 0xc6, 0x2e, 0x93, 0xf8, 0x60, 0xce, 0x07, 0xed, 0x00, 0x28, 0x3e, 0x58, 0x07, 0x80, 0x31, - 0x2d, 0x07, 0x1e, 0xea, 0xb4, 0x2c, 0xdd, 0x7f, 0x5a, 0xa2, 0xdf, 0xb6, 0x60, 0xa2, 0xd9, 0xa3, - 0x92, 0xa7, 0x38, 0xd4, 0xbb, 0x79, 0x3c, 0x75, 0x42, 0xab, 0x4f, 0xee, 0xed, 0x4e, 0xf6, 0x2c, - 0xa0, 0x8a, 0x7b, 0xf6, 0xca, 0xfe, 0x6e, 0x11, 0x58, 0x45, 0x2f, 0x56, 0x43, 0x67, 0x07, 0x7d, - 0xd6, 0xac, 0xcd, 0x66, 0xe5, 0x55, 0x47, 0x8c, 0x13, 0x57, 0xb5, 0xdd, 0xf8, 0x08, 0x76, 0x2b, - 0xf5, 0x96, 0x15, 0x5a, 0x85, 0x3e, 0x84, 0x96, 0x2f, 0x8b, 0xe0, 0x15, 0xf3, 0x2f, 0x82, 0x57, - 0xc9, 0x16, 0xc0, 0xbb, 0xff, 0x27, 0x1e, 0x78, 0x24, 0x3f, 0xf1, 0xdf, 0xb6, 0xb8, 0xe0, 0xc9, - 0x7c, 0x05, 0xad, 0x19, 0x58, 0xf7, 0xd1, 0x0c, 0x9e, 0x63, 0x37, 0x6d, 0xd6, 0xaf, 0x10, 0xc7, - 0x17, 0x1a, 0x84, 0x79, 0x69, 0x26, 0x6b, 0xc7, 0x0a, 0x83, 0xdd, 0x8d, 0xe3, 0xfb, 0xe1, 0xdd, - 0x4b, 0xcd, 0x56, 0xb2, 0x23, 0x74, 0x09, 0x7d, 0x37, 0x8e, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x3b, - 0x05, 0x3e, 0x03, 0x85, 0x5b, 0xff, 0x62, 0xe6, 0x36, 0x83, 0xfe, 0x3d, 0xe2, 0x9f, 0x01, 0x70, - 0xd5, 0x25, 0x7b, 0xc2, 0xdf, 0x72, 0xe5, 0xc8, 0x97, 0x94, 0x09, 0x7a, 0xfa, 0x35, 0x74, 0x1b, - 0x36, 0xf8, 0xa5, 0x64, 0x69, 0x71, 0x5f, 0x59, 0x9a, 0x12, 0x2b, 0x03, 0xfb, 0xec, 0x76, 0x7f, - 0x6e, 0x41, 0x4a, 0x23, 0x42, 0x2d, 0x28, 0xd1, 0xee, 0xee, 0xe4, 0x73, 0x7f, 0xa0, 0x49, 0x9a, - 0x8a, 0x46, 0x31, 0xed, 0xd9, 0x4f, 0xcc, 0x19, 0x21, 0x5f, 0x78, 0xff, 0x0b, 0x79, 0xdc, 0x71, - 0x69, 0x32, 0xbc, 0x12, 0x86, 0x9b, 0xdc, 0x69, 0xa8, 0x23, 0x09, 0xec, 0x8b, 0x30, 0xde, 0xd1, - 0x29, 0x56, 0xb8, 0x3c, 0x94, 0x97, 0x26, 0x1a, 0xd3, 0x95, 0xa5, 0xe0, 0x61, 0x0e, 0xb3, 0xdf, - 0xb5, 0xe0, 0x64, 0x96, 0x3c, 0xfa, 0x86, 0x05, 0xe3, 0x71, 0x96, 0xde, 0x71, 0x8d, 0x9d, 0x8a, - 0x8c, 0xeb, 0x00, 0xe1, 0xce, 0x4e, 0xd8, 0x7f, 0x21, 0x26, 0xff, 0x2d, 0x2f, 0xa8, 0x85, 0x77, - 0x95, 0x62, 0x62, 0xf5, 0x54, 0x4c, 0xe8, 0x7a, 0x74, 0x37, 0x48, 0xad, 0xed, 0x77, 0xe4, 0xfe, - 0xad, 0x8a, 0x76, 0xac, 0x30, 0x58, 0xaa, 0x53, 0x5b, 0x54, 0xc9, 0xcc, 0x4c, 0xca, 0x39, 0xd1, - 0x8e, 0x15, 0x06, 0x7a, 0x11, 0x46, 0xcc, 0x8b, 0x41, 0xc5, 0xbc, 0x64, 0x0a, 0xb9, 0x79, 0x87, - 0x28, 0x4e, 0x61, 0x65, 0xae, 0x86, 0x2f, 0xed, 0x7b, 0x35, 0xfc, 0xb3, 0x50, 0x16, 0xd7, 0x9c, - 0xcb, 0xf8, 0x51, 0x9e, 0x58, 0x28, 0xda, 0xb0, 0x82, 0x52, 0x69, 0xd2, 0x74, 0x82, 0xb6, 0xe3, - 0xd3, 0x11, 0x12, 0xd9, 0xd0, 0x6a, 0x19, 0x2e, 0x29, 0x08, 0x36, 0xb0, 0xe8, 0x1b, 0x27, 0x5e, - 0x93, 0xbc, 0x16, 0x06, 0x32, 0xf2, 0x4a, 0xbb, 0x54, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x7f, 0xb3, - 0x20, 0x7b, 0x47, 0x73, 0xea, 0x94, 0xc3, 0xda, 0x37, 0x03, 0x3b, 0x9d, 0xbf, 0x59, 0xe8, 0x2b, - 0x7f, 0xd3, 0x4c, 0xad, 0x2c, 0xde, 0x37, 0xb5, 0xf2, 0x87, 0xf5, 0xf5, 0x37, 0x3c, 0x07, 0x73, - 0xb8, 0xdb, 0xd5, 0x37, 0xc8, 0x86, 0x41, 0xd7, 0x51, 0x35, 0x3a, 0x46, 0xb8, 0xed, 0x30, 0x3b, - 0xc3, 0x90, 0x04, 0xc4, 0x5e, 0x86, 0x8a, 0xf2, 0x2c, 0x48, 0x43, 0xd5, 0xea, 0x6e, 0xa8, 0xf6, - 0x95, 0x4a, 0x56, 0x5d, 0x7f, 0xef, 0x7b, 0xe7, 0x3e, 0xf0, 0xed, 0xef, 0x9d, 0xfb, 0xc0, 0x1f, - 0x7f, 0xef, 0xdc, 0x07, 0x3e, 0xb7, 0x77, 0xce, 0x7a, 0x6f, 0xef, 0x9c, 0xf5, 0xed, 0xbd, 0x73, - 0xd6, 0x1f, 0xef, 0x9d, 0xb3, 0xbe, 0xbb, 0x77, 0xce, 0xfa, 0xda, 0x7f, 0x3e, 0xf7, 0x81, 0xd7, - 0xba, 0x86, 0xde, 0xd1, 0x1f, 0xcf, 0xbb, 0xb5, 0xe9, 0xad, 0x0b, 0x2c, 0xfa, 0x8b, 0x2e, 0xaf, - 0x69, 0x63, 0x4e, 0x4d, 0xcb, 0xe5, 0xf5, 0xff, 0x03, 0x00, 0x00, 0xff, 0xff, 0xb4, 0x21, 0xda, - 0x10, 0xaf, 0xcb, 0x00, 0x00, + // 10141 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x7d, 0x70, 0x1c, 0xc9, + 0x75, 0x18, 0xae, 0xd9, 0xc5, 0x02, 0xbb, 0x0f, 0x1f, 0x24, 0x9a, 0xe4, 0x1d, 0x8e, 0xba, 0x23, + 0xe8, 0xb9, 0xf2, 0xe9, 0xf4, 0xd3, 0x1d, 0xe0, 0xa3, 0xee, 0xf4, 0x63, 0x7c, 0xf6, 0xc9, 0x58, + 0x80, 0x04, 0x41, 0x02, 0x04, 0xae, 0x01, 0x92, 0xd2, 0x9d, 0x4f, 0xa7, 0xc1, 0x6c, 0xef, 0x62, + 0x88, 0xd9, 0x99, 0xe5, 0xcc, 0x2c, 0x08, 0x9c, 0x65, 0x59, 0xb2, 0x2d, 0x5b, 0x89, 0x3e, 0x4e, + 0x39, 0xa5, 0xca, 0x72, 0x12, 0x3b, 0x8a, 0xed, 0x72, 0xc5, 0x95, 0x5c, 0xc5, 0xa9, 0xfc, 0x11, + 0xe7, 0xab, 0x5c, 0xb2, 0xf3, 0xc7, 0xa5, 0x94, 0x54, 0x54, 0x15, 0x97, 0xe5, 0xc4, 0x0e, 0x2c, + 0x21, 0x95, 0x4a, 0x2a, 0x55, 0x71, 0x55, 0x3e, 0xfe, 0x09, 0x2b, 0x55, 0x49, 0xf5, 0x77, 0xcf, + 0xec, 0x2e, 0xb1, 0x00, 0x06, 0x24, 0xa5, 0xba, 0xff, 0x76, 0xfb, 0xbd, 0x79, 0xaf, 0xa7, 0xa7, + 0xfb, 0xf5, 0x7b, 0xfd, 0x3e, 0x1a, 0x16, 0x1b, 0x5e, 0xb2, 0xd1, 0x5e, 0x9f, 0x72, 0xc3, 0xe6, + 0xb4, 0x13, 0x35, 0xc2, 0x56, 0x14, 0xde, 0x66, 0x3f, 0x9e, 0x77, 0x6b, 0xd3, 0x5b, 0x17, 0xa6, + 0x5b, 0x9b, 0x8d, 0x69, 0xa7, 0xe5, 0xc5, 0xd3, 0x4e, 0xab, 0xe5, 0x7b, 0xae, 0x93, 0x78, 0x61, + 0x30, 0xbd, 0xf5, 0x82, 0xe3, 0xb7, 0x36, 0x9c, 0x17, 0xa6, 0x1b, 0x24, 0x20, 0x91, 0x93, 0x90, + 0xda, 0x54, 0x2b, 0x0a, 0x93, 0x10, 0xfd, 0x84, 0xa6, 0x36, 0x25, 0xa9, 0xb1, 0x1f, 0x6f, 0xba, + 0xb5, 0xa9, 0xad, 0x0b, 0x53, 0xad, 0xcd, 0xc6, 0x14, 0xa5, 0x36, 0x65, 0x50, 0x9b, 0x92, 0xd4, + 0xce, 0x3e, 0x6f, 0xf4, 0xa5, 0x11, 0x36, 0xc2, 0x69, 0x46, 0x74, 0xbd, 0x5d, 0x67, 0xff, 0xd8, + 0x1f, 0xf6, 0x8b, 0x33, 0x3b, 0x6b, 0x6f, 0x5e, 0x8c, 0xa7, 0xbc, 0x90, 0x76, 0x6f, 0xda, 0x0d, + 0x23, 0x32, 0xbd, 0xd5, 0xd1, 0xa1, 0xb3, 0x57, 0x34, 0x0e, 0xd9, 0x4e, 0x48, 0x10, 0x7b, 0x61, + 0x10, 0x3f, 0x4f, 0xbb, 0x40, 0xa2, 0x2d, 0x12, 0x99, 0xaf, 0x67, 0x20, 0x74, 0xa3, 0xf4, 0xa2, + 0xa6, 0xd4, 0x74, 0xdc, 0x0d, 0x2f, 0x20, 0xd1, 0x8e, 0x7e, 0xbc, 0x49, 0x12, 0xa7, 0xdb, 0x53, + 0xd3, 0xbd, 0x9e, 0x8a, 0xda, 0x41, 0xe2, 0x35, 0x49, 0xc7, 0x03, 0x1f, 0xdb, 0xef, 0x81, 0xd8, + 0xdd, 0x20, 0x4d, 0xa7, 0xe3, 0xb9, 0x8f, 0xf6, 0x7a, 0xae, 0x9d, 0x78, 0xfe, 0xb4, 0x17, 0x24, + 0x71, 0x12, 0x65, 0x1f, 0xb2, 0xef, 0xc0, 0xe8, 0xcc, 0xad, 0xd5, 0x99, 0x76, 0xb2, 0x31, 0x1b, + 0x06, 0x75, 0xaf, 0x81, 0x5e, 0x82, 0x61, 0xd7, 0x6f, 0xc7, 0x09, 0x89, 0xae, 0x3b, 0x4d, 0x32, + 0x61, 0x9d, 0xb7, 0x9e, 0xad, 0x54, 0x4f, 0xbd, 0xb7, 0x3b, 0xf9, 0x81, 0xbd, 0xdd, 0xc9, 0xe1, + 0x59, 0x0d, 0xc2, 0x26, 0x1e, 0xfa, 0x30, 0x0c, 0x45, 0xa1, 0x4f, 0x66, 0xf0, 0xf5, 0x89, 0x02, + 0x7b, 0xe4, 0x84, 0x78, 0x64, 0x08, 0xf3, 0x66, 0x2c, 0xe1, 0xf6, 0x1f, 0x17, 0x00, 0x66, 0x5a, + 0xad, 0x95, 0x28, 0xbc, 0x4d, 0xdc, 0x04, 0x7d, 0x1a, 0xca, 0x74, 0xe8, 0x6a, 0x4e, 0xe2, 0x30, + 0x6e, 0xc3, 0x17, 0x7e, 0x6c, 0x8a, 0xbf, 0xc9, 0x94, 0xf9, 0x26, 0x7a, 0xe2, 0x50, 0xec, 0xa9, + 0xad, 0x17, 0xa6, 0x96, 0xd7, 0xe9, 0xf3, 0x4b, 0x24, 0x71, 0xaa, 0x48, 0x30, 0x03, 0xdd, 0x86, + 0x15, 0x55, 0x14, 0xc0, 0x40, 0xdc, 0x22, 0x2e, 0xeb, 0xd8, 0xf0, 0x85, 0xc5, 0xa9, 0xa3, 0xcc, + 0xd0, 0x29, 0xdd, 0xf3, 0xd5, 0x16, 0x71, 0xab, 0x23, 0x82, 0xf3, 0x00, 0xfd, 0x87, 0x19, 0x1f, + 0xb4, 0x05, 0x83, 0x71, 0xe2, 0x24, 0xed, 0x78, 0xa2, 0xc8, 0x38, 0x5e, 0xcf, 0x8d, 0x23, 0xa3, + 0x5a, 0x1d, 0x13, 0x3c, 0x07, 0xf9, 0x7f, 0x2c, 0xb8, 0xd9, 0xff, 0xc1, 0x82, 0x31, 0x8d, 0xbc, + 0xe8, 0xc5, 0x09, 0xfa, 0xe9, 0x8e, 0xc1, 0x9d, 0xea, 0x6f, 0x70, 0xe9, 0xd3, 0x6c, 0x68, 0x4f, + 0x0a, 0x66, 0x65, 0xd9, 0x62, 0x0c, 0x6c, 0x13, 0x4a, 0x5e, 0x42, 0x9a, 0xf1, 0x44, 0xe1, 0x7c, + 0xf1, 0xd9, 0xe1, 0x0b, 0x57, 0xf2, 0x7a, 0xcf, 0xea, 0xa8, 0x60, 0x5a, 0x5a, 0xa0, 0xe4, 0x31, + 0xe7, 0x62, 0xff, 0xce, 0x88, 0xf9, 0x7e, 0x74, 0xc0, 0xd1, 0x0b, 0x30, 0x1c, 0x87, 0xed, 0xc8, + 0x25, 0x98, 0xb4, 0xc2, 0x78, 0xc2, 0x3a, 0x5f, 0xa4, 0x53, 0x8f, 0xce, 0xd4, 0x55, 0xdd, 0x8c, + 0x4d, 0x1c, 0xf4, 0x55, 0x0b, 0x46, 0x6a, 0x24, 0x4e, 0xbc, 0x80, 0xf1, 0x97, 0x9d, 0x5f, 0x3b, + 0x72, 0xe7, 0x65, 0xe3, 0x9c, 0x26, 0x5e, 0x3d, 0x2d, 0x5e, 0x64, 0xc4, 0x68, 0x8c, 0x71, 0x8a, + 0x3f, 0x5d, 0x71, 0x35, 0x12, 0xbb, 0x91, 0xd7, 0xa2, 0xff, 0xd9, 0x9c, 0x31, 0x56, 0xdc, 0x9c, + 0x06, 0x61, 0x13, 0x0f, 0x05, 0x50, 0xa2, 0x2b, 0x2a, 0x9e, 0x18, 0x60, 0xfd, 0x5f, 0x38, 0x5a, + 0xff, 0xc5, 0xa0, 0xd2, 0xc5, 0xaa, 0x47, 0x9f, 0xfe, 0x8b, 0x31, 0x67, 0x83, 0xbe, 0x62, 0xc1, + 0x84, 0x58, 0xf1, 0x98, 0xf0, 0x01, 0xbd, 0xb5, 0xe1, 0x25, 0xc4, 0xf7, 0xe2, 0x64, 0xa2, 0xc4, + 0xfa, 0x30, 0xdd, 0xdf, 0xdc, 0x9a, 0x8f, 0xc2, 0x76, 0xeb, 0x9a, 0x17, 0xd4, 0xaa, 0xe7, 0x05, + 0xa7, 0x89, 0xd9, 0x1e, 0x84, 0x71, 0x4f, 0x96, 0xe8, 0xeb, 0x16, 0x9c, 0x0d, 0x9c, 0x26, 0x89, + 0x5b, 0x0e, 0xfd, 0xb4, 0x1c, 0x5c, 0xf5, 0x1d, 0x77, 0x93, 0xf5, 0x68, 0xf0, 0x70, 0x3d, 0xb2, + 0x45, 0x8f, 0xce, 0x5e, 0xef, 0x49, 0x1a, 0xdf, 0x87, 0x2d, 0xfa, 0x4d, 0x0b, 0xc6, 0xc3, 0xa8, + 0xb5, 0xe1, 0x04, 0xa4, 0x26, 0xa1, 0xf1, 0xc4, 0x10, 0x5b, 0x7a, 0x9f, 0x3a, 0xda, 0x27, 0x5a, + 0xce, 0x92, 0x5d, 0x0a, 0x03, 0x2f, 0x09, 0xa3, 0x55, 0x92, 0x24, 0x5e, 0xd0, 0x88, 0xab, 0x67, + 0xf6, 0x76, 0x27, 0xc7, 0x3b, 0xb0, 0x70, 0x67, 0x7f, 0xd0, 0xcf, 0xc0, 0x70, 0xbc, 0x13, 0xb8, + 0xb7, 0xbc, 0xa0, 0x16, 0xde, 0x8d, 0x27, 0xca, 0x79, 0x2c, 0xdf, 0x55, 0x45, 0x50, 0x2c, 0x40, + 0xcd, 0x00, 0x9b, 0xdc, 0xba, 0x7f, 0x38, 0x3d, 0x95, 0x2a, 0x79, 0x7f, 0x38, 0x3d, 0x99, 0xee, + 0xc3, 0x16, 0xfd, 0xb2, 0x05, 0xa3, 0xb1, 0xd7, 0x08, 0x9c, 0xa4, 0x1d, 0x91, 0x6b, 0x64, 0x27, + 0x9e, 0x00, 0xd6, 0x91, 0xab, 0x47, 0x1c, 0x15, 0x83, 0x64, 0xf5, 0x8c, 0xe8, 0xe3, 0xa8, 0xd9, + 0x1a, 0xe3, 0x34, 0xdf, 0x6e, 0x0b, 0x4d, 0x4f, 0xeb, 0xe1, 0x7c, 0x17, 0x9a, 0x9e, 0xd4, 0x3d, + 0x59, 0xa2, 0x9f, 0x82, 0x93, 0xbc, 0x49, 0x8d, 0x6c, 0x3c, 0x31, 0xc2, 0x04, 0xed, 0xe9, 0xbd, + 0xdd, 0xc9, 0x93, 0xab, 0x19, 0x18, 0xee, 0xc0, 0x46, 0x77, 0x60, 0xb2, 0x45, 0xa2, 0xa6, 0x97, + 0x2c, 0x07, 0xfe, 0x8e, 0x14, 0xdf, 0x6e, 0xd8, 0x22, 0x35, 0xd1, 0x9d, 0x78, 0x62, 0xf4, 0xbc, + 0xf5, 0x6c, 0xb9, 0xfa, 0x21, 0xd1, 0xcd, 0xc9, 0x95, 0xfb, 0xa3, 0xe3, 0xfd, 0xe8, 0xd9, 0xff, + 0xb2, 0x00, 0x27, 0xb3, 0x1b, 0x27, 0xfa, 0x6d, 0x0b, 0x4e, 0xdc, 0xbe, 0x9b, 0xac, 0x85, 0x9b, + 0x24, 0x88, 0xab, 0x3b, 0x54, 0xbc, 0xb1, 0x2d, 0x63, 0xf8, 0x82, 0x9b, 0xef, 0x16, 0x3d, 0x75, + 0x35, 0xcd, 0xe5, 0x52, 0x90, 0x44, 0x3b, 0xd5, 0xc7, 0xc5, 0xdb, 0x9d, 0xb8, 0x7a, 0x6b, 0xcd, + 0x84, 0xe2, 0x6c, 0xa7, 0xce, 0x7e, 0xc9, 0x82, 0xd3, 0xdd, 0x48, 0xa0, 0x93, 0x50, 0xdc, 0x24, + 0x3b, 0x5c, 0x2b, 0xc3, 0xf4, 0x27, 0x7a, 0x03, 0x4a, 0x5b, 0x8e, 0xdf, 0x26, 0x42, 0xbb, 0x99, + 0x3f, 0xda, 0x8b, 0xa8, 0x9e, 0x61, 0x4e, 0xf5, 0xc7, 0x0b, 0x17, 0x2d, 0xfb, 0xdf, 0x14, 0x61, + 0xd8, 0xd8, 0xdf, 0x1e, 0x80, 0xc6, 0x16, 0xa6, 0x34, 0xb6, 0xa5, 0xdc, 0xb6, 0xe6, 0x9e, 0x2a, + 0xdb, 0xdd, 0x8c, 0xca, 0xb6, 0x9c, 0x1f, 0xcb, 0xfb, 0xea, 0x6c, 0x28, 0x81, 0x4a, 0xd8, 0xa2, + 0x1a, 0x39, 0xdd, 0xfa, 0x07, 0xf2, 0xf8, 0x84, 0xcb, 0x92, 0x5c, 0x75, 0x74, 0x6f, 0x77, 0xb2, + 0xa2, 0xfe, 0x62, 0xcd, 0xc8, 0xfe, 0xae, 0x05, 0xa7, 0x8d, 0x3e, 0xce, 0x86, 0x41, 0xcd, 0x63, + 0x9f, 0xf6, 0x3c, 0x0c, 0x24, 0x3b, 0x2d, 0xa9, 0xf6, 0xab, 0x91, 0x5a, 0xdb, 0x69, 0x11, 0xcc, + 0x20, 0x54, 0xd1, 0x6f, 0x92, 0x38, 0x76, 0x1a, 0x24, 0xab, 0xe8, 0x2f, 0xf1, 0x66, 0x2c, 0xe1, + 0x28, 0x02, 0xe4, 0x3b, 0x71, 0xb2, 0x16, 0x39, 0x41, 0xcc, 0xc8, 0xaf, 0x79, 0x4d, 0x22, 0x06, + 0xf8, 0xff, 0xeb, 0x6f, 0xc6, 0xd0, 0x27, 0xaa, 0x8f, 0xed, 0xed, 0x4e, 0xa2, 0xc5, 0x0e, 0x4a, + 0xb8, 0x0b, 0x75, 0xfb, 0xeb, 0x16, 0x3c, 0xd6, 0x5d, 0x17, 0x43, 0xcf, 0xc0, 0x20, 0x37, 0xf9, + 0xc4, 0xdb, 0xe9, 0x4f, 0xc2, 0x5a, 0xb1, 0x80, 0xa2, 0x69, 0xa8, 0xa8, 0x7d, 0x42, 0xbc, 0xe3, + 0xb8, 0x40, 0xad, 0xe8, 0xcd, 0x45, 0xe3, 0xd0, 0x41, 0xa3, 0x7f, 0x84, 0xe6, 0xa6, 0x06, 0x8d, + 0x19, 0x49, 0x0c, 0x62, 0xff, 0xb9, 0x05, 0x27, 0x8c, 0x5e, 0x3d, 0x00, 0xd5, 0x3c, 0x48, 0xab, + 0xe6, 0x0b, 0xb9, 0xcd, 0xe7, 0x1e, 0xba, 0xf9, 0x57, 0x2c, 0x38, 0x6b, 0x60, 0x2d, 0x39, 0x89, + 0xbb, 0x71, 0x69, 0xbb, 0x15, 0x91, 0x98, 0x9a, 0xd3, 0xe8, 0x29, 0x43, 0x6e, 0x55, 0x87, 0x05, + 0x85, 0xe2, 0x35, 0xb2, 0xc3, 0x85, 0xd8, 0x73, 0x50, 0xe6, 0x93, 0x33, 0x8c, 0xc4, 0x88, 0xab, + 0x77, 0x5b, 0x16, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0x70, 0xa2, 0x8b, 0x95, 0x6e, 0x43, + 0x40, 0x3f, 0xe2, 0x4d, 0xd6, 0x82, 0x05, 0xc4, 0x5e, 0x4e, 0x75, 0x67, 0x25, 0x22, 0xec, 0xe3, + 0xd6, 0x2e, 0x7b, 0xc4, 0xaf, 0xc5, 0xd4, 0x6c, 0x70, 0x82, 0x20, 0x4c, 0x84, 0x05, 0x60, 0x98, + 0x0d, 0x33, 0xba, 0x19, 0x9b, 0x38, 0xf6, 0x5e, 0x81, 0x19, 0x1f, 0x6a, 0x59, 0x93, 0x07, 0x61, + 0xb9, 0x46, 0x29, 0x39, 0xb8, 0x92, 0x9f, 0x50, 0x22, 0xbd, 0xad, 0xd7, 0xb7, 0x32, 0xa2, 0x10, + 0xe7, 0xca, 0xf5, 0xfe, 0x16, 0xec, 0xb7, 0x0a, 0x30, 0x99, 0x7e, 0xa0, 0x43, 0x92, 0x52, 0x73, + 0xc9, 0x60, 0x94, 0x3d, 0xa0, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x18, 0x15, 0x8e, 0x53, 0x18, + 0x99, 0xb2, 0xb2, 0xb8, 0x8f, 0xac, 0x7c, 0x46, 0x8d, 0xfa, 0x40, 0x46, 0x38, 0xa5, 0xf7, 0x8b, + 0xf3, 0x30, 0x10, 0x27, 0xa4, 0x35, 0x51, 0x4a, 0xcb, 0x9a, 0xd5, 0x84, 0xb4, 0x30, 0x83, 0xd8, + 0xff, 0xb5, 0x00, 0x8f, 0xa7, 0xc7, 0x50, 0x8b, 0xf7, 0x8f, 0xa7, 0xc4, 0xfb, 0x47, 0x4c, 0xf1, + 0x7e, 0x6f, 0x77, 0xf2, 0x83, 0x3d, 0x1e, 0xfb, 0x81, 0x91, 0xfe, 0x68, 0x3e, 0x33, 0x8a, 0xd3, + 0xe9, 0x51, 0xbc, 0xb7, 0x3b, 0xf9, 0x54, 0x8f, 0x77, 0xcc, 0x0c, 0xf3, 0x33, 0x30, 0x18, 0x11, + 0x27, 0x0e, 0x03, 0x31, 0xd0, 0xea, 0x73, 0x60, 0xd6, 0x8a, 0x05, 0xd4, 0xfe, 0xf3, 0x72, 0x76, + 0xb0, 0xe7, 0xf9, 0x01, 0x5b, 0x18, 0x21, 0x0f, 0x06, 0x98, 0xca, 0xce, 0x45, 0xc3, 0xb5, 0xa3, + 0x2d, 0x23, 0x2a, 0xe2, 0x15, 0xe9, 0x6a, 0x99, 0x7e, 0x35, 0xda, 0x84, 0x19, 0x0b, 0xb4, 0x0d, + 0x65, 0x57, 0x6a, 0xd2, 0x85, 0x3c, 0xce, 0x9c, 0x84, 0x1e, 0xad, 0x39, 0x8e, 0x50, 0x59, 0xac, + 0xd4, 0x6f, 0xc5, 0x0d, 0x11, 0x28, 0x36, 0xbc, 0x44, 0x7c, 0xd6, 0x23, 0xda, 0x4a, 0xf3, 0x9e, + 0xf1, 0x8a, 0x43, 0x74, 0x83, 0x98, 0xf7, 0x12, 0x4c, 0xe9, 0xa3, 0x2f, 0x58, 0x30, 0x1c, 0xbb, + 0xcd, 0x95, 0x28, 0xdc, 0xf2, 0x6a, 0x24, 0x12, 0x9a, 0xd2, 0x11, 0x45, 0xd3, 0xea, 0xec, 0x92, + 0x24, 0xa8, 0xf9, 0x72, 0xdb, 0x55, 0x43, 0xb0, 0xc9, 0x97, 0x5a, 0x10, 0x8f, 0x8b, 0x77, 0x9f, + 0x23, 0xae, 0x47, 0xf7, 0x36, 0x69, 0x30, 0xb1, 0x99, 0x72, 0x64, 0xcd, 0x71, 0xae, 0xed, 0x6e, + 0xd2, 0xf5, 0xa6, 0x3b, 0xf4, 0xc1, 0xbd, 0xdd, 0xc9, 0xc7, 0x67, 0xbb, 0xf3, 0xc4, 0xbd, 0x3a, + 0xc3, 0x06, 0xac, 0xd5, 0xf6, 0x7d, 0x4c, 0xee, 0xb4, 0x09, 0x3b, 0x0e, 0xc9, 0x61, 0xc0, 0x56, + 0x34, 0xc1, 0xcc, 0x80, 0x19, 0x10, 0x6c, 0xf2, 0x45, 0x77, 0x60, 0xb0, 0xe9, 0x24, 0x91, 0xb7, + 0x2d, 0xce, 0x40, 0x8e, 0xa8, 0xcb, 0x2f, 0x31, 0x5a, 0x9a, 0x39, 0xdb, 0xfa, 0x79, 0x23, 0x16, + 0x8c, 0x50, 0x13, 0x4a, 0x4d, 0x12, 0x35, 0xc8, 0x44, 0x39, 0x8f, 0xf3, 0xde, 0x25, 0x4a, 0x4a, + 0x33, 0xac, 0x50, 0xcd, 0x87, 0xb5, 0x61, 0xce, 0x05, 0xbd, 0x01, 0xe5, 0x98, 0xf8, 0xc4, 0xa5, + 0xba, 0x4b, 0x85, 0x71, 0xfc, 0x68, 0x9f, 0x7a, 0x9c, 0xb3, 0x4e, 0xfc, 0x55, 0xf1, 0x28, 0x5f, + 0x60, 0xf2, 0x1f, 0x56, 0x24, 0xed, 0xff, 0x64, 0x01, 0x4a, 0x4b, 0x98, 0x07, 0xa0, 0x3d, 0xde, + 0x49, 0x6b, 0x8f, 0x8b, 0x79, 0xaa, 0x00, 0x3d, 0x14, 0xc8, 0xf7, 0xca, 0x90, 0x91, 0xcd, 0xd7, + 0x49, 0x9c, 0x90, 0xda, 0xfb, 0xf2, 0xf4, 0x7d, 0x79, 0xfa, 0xbe, 0x3c, 0x55, 0xf2, 0x74, 0x3d, + 0x23, 0x4f, 0x5f, 0x31, 0x56, 0xbd, 0xf6, 0x5e, 0xbe, 0xa9, 0xdc, 0x9b, 0x66, 0x0f, 0x0c, 0x04, + 0x2a, 0x09, 0xae, 0xae, 0x2e, 0x5f, 0xef, 0x2a, 0x40, 0xdf, 0x4c, 0x0b, 0xd0, 0xa3, 0xb2, 0x78, + 0xe0, 0x22, 0xf3, 0x6f, 0x14, 0xe0, 0x89, 0xb4, 0x28, 0xc1, 0xa1, 0xef, 0x87, 0xed, 0x84, 0x6a, + 0xc9, 0xe8, 0xd7, 0x2d, 0x38, 0xd9, 0x4c, 0x9b, 0xa7, 0xb1, 0x38, 0x05, 0xfc, 0x44, 0x6e, 0x72, + 0x2e, 0x63, 0xff, 0x56, 0x27, 0x84, 0xcc, 0x3b, 0x99, 0x01, 0xc4, 0xb8, 0xa3, 0x2f, 0xe8, 0x0d, + 0xa8, 0x34, 0x9d, 0xed, 0x1b, 0xad, 0x9a, 0x93, 0x48, 0x03, 0xa5, 0xb7, 0x5d, 0xd9, 0x4e, 0x3c, + 0x7f, 0x8a, 0xfb, 0x76, 0xa7, 0x16, 0x82, 0x64, 0x39, 0x5a, 0x4d, 0x22, 0x2f, 0x68, 0xf0, 0xb3, + 0x9f, 0x25, 0x49, 0x06, 0x6b, 0x8a, 0xf6, 0xaf, 0x59, 0x59, 0x41, 0xab, 0x46, 0x27, 0x72, 0x12, + 0xd2, 0xd8, 0x41, 0x9f, 0x81, 0x12, 0xb5, 0x24, 0xe4, 0xa8, 0xdc, 0xca, 0x53, 0xfa, 0x1b, 0x5f, + 0x42, 0x6f, 0x04, 0xf4, 0x5f, 0x8c, 0x39, 0x53, 0xfb, 0x5b, 0x83, 0xd9, 0x0d, 0x8f, 0x79, 0xfa, + 0x2e, 0x00, 0x34, 0xc2, 0x35, 0xd2, 0x6c, 0xf9, 0x74, 0x58, 0x2c, 0x76, 0x5c, 0xac, 0x8c, 0xe7, + 0x79, 0x05, 0xc1, 0x06, 0x16, 0xfa, 0xcb, 0x16, 0x40, 0x43, 0x2e, 0x2c, 0xb9, 0x99, 0xdd, 0xc8, + 0xf3, 0x75, 0xf4, 0xb2, 0xd5, 0x7d, 0x51, 0x0c, 0xb1, 0xc1, 0x1c, 0xfd, 0xbc, 0x05, 0xe5, 0x44, + 0x76, 0x9f, 0x8b, 0xf7, 0xb5, 0x3c, 0x7b, 0x22, 0x5f, 0x5a, 0xef, 0xeb, 0x6a, 0x48, 0x14, 0x5f, + 0xf4, 0x4b, 0x16, 0x40, 0xbc, 0x13, 0xb8, 0x2b, 0xa1, 0xef, 0xb9, 0x3b, 0x42, 0xea, 0xdf, 0xcc, + 0xd5, 0xc0, 0x57, 0xd4, 0xab, 0x63, 0x74, 0x34, 0xf4, 0x7f, 0x6c, 0x70, 0x46, 0x9f, 0x85, 0x72, + 0x2c, 0xa6, 0x9b, 0x90, 0xf3, 0x6b, 0xf9, 0x1e, 0x33, 0x70, 0xda, 0x42, 0x44, 0x88, 0x7f, 0x58, + 0xf1, 0x44, 0xbf, 0x62, 0xc1, 0x89, 0x56, 0xfa, 0x50, 0x48, 0x88, 0xf4, 0xfc, 0x64, 0x40, 0xe6, + 0xd0, 0xa9, 0x7a, 0x6a, 0x6f, 0x77, 0xf2, 0x44, 0xa6, 0x11, 0x67, 0x7b, 0x81, 0x66, 0x61, 0x5c, + 0xcf, 0xe0, 0xe5, 0x16, 0x3f, 0xa0, 0x1a, 0x62, 0x07, 0x54, 0xcc, 0xbf, 0x37, 0x9f, 0x05, 0xe2, + 0x4e, 0x7c, 0xfb, 0xdb, 0x85, 0xd4, 0xf9, 0xae, 0x3a, 0x78, 0x61, 0x2b, 0xc2, 0x95, 0x36, 0xaf, + 0x5c, 0xe0, 0xb9, 0xae, 0x08, 0x65, 0x51, 0xeb, 0x15, 0xa1, 0x9a, 0x62, 0x6c, 0x30, 0xa7, 0x7b, + 0xff, 0xb8, 0x93, 0x3d, 0xde, 0x11, 0x8b, 0xf4, 0x8d, 0x3c, 0xbb, 0xd4, 0x79, 0x1a, 0xff, 0x84, + 0xe8, 0xda, 0x78, 0x07, 0x08, 0x77, 0x76, 0xc9, 0xfe, 0x76, 0xfa, 0x4c, 0xd9, 0x98, 0x5f, 0x7d, + 0x9c, 0x97, 0x7f, 0xd5, 0x82, 0xe1, 0x28, 0xf4, 0x7d, 0x2f, 0x68, 0xd0, 0xb5, 0x20, 0x04, 0xfa, + 0xeb, 0xc7, 0x22, 0x53, 0xc5, 0xa4, 0x67, 0x1a, 0x04, 0xd6, 0x3c, 0xb1, 0xd9, 0x01, 0xfb, 0xf3, + 0x16, 0x4c, 0xf4, 0x5a, 0xb3, 0x88, 0xc0, 0x07, 0xe5, 0x84, 0x54, 0xde, 0xe2, 0xe5, 0x60, 0x8e, + 0xf8, 0x44, 0x1d, 0xb6, 0x95, 0xab, 0x4f, 0x8b, 0xd7, 0xfc, 0xe0, 0x4a, 0x6f, 0x54, 0x7c, 0x3f, + 0x3a, 0xf6, 0x6f, 0x15, 0xb2, 0x23, 0xaa, 0x64, 0xf6, 0x37, 0xac, 0x0e, 0xcb, 0xe6, 0x13, 0xc7, + 0x21, 0x27, 0x99, 0x0d, 0xa4, 0x9c, 0xc6, 0xbd, 0x71, 0x1e, 0xa2, 0x57, 0xca, 0xfe, 0x57, 0x03, + 0x70, 0x9f, 0x9e, 0x29, 0xbf, 0x83, 0xd5, 0xcb, 0xef, 0x70, 0x70, 0x57, 0xc6, 0x97, 0x2d, 0x18, + 0xf4, 0xa9, 0x92, 0xc5, 0xcf, 0xd6, 0x87, 0x2f, 0xd4, 0x8e, 0x6b, 0xec, 0xb9, 0x2e, 0x17, 0x73, + 0xcf, 0xa8, 0x3a, 0x5e, 0xe3, 0x8d, 0x58, 0xf4, 0x01, 0x7d, 0xd3, 0x4a, 0x1f, 0xd4, 0xf3, 0x50, + 0x17, 0xef, 0xd8, 0xfa, 0x64, 0x9c, 0xfe, 0xf3, 0x8e, 0xe9, 0x73, 0xe5, 0x1e, 0x7e, 0x01, 0x34, + 0x05, 0x50, 0xf7, 0x02, 0xc7, 0xf7, 0xde, 0xa2, 0xc6, 0x62, 0x89, 0x09, 0x6a, 0xb6, 0xf3, 0x5d, + 0x56, 0xad, 0xd8, 0xc0, 0x38, 0xfb, 0x97, 0x60, 0xd8, 0x78, 0xf3, 0x2e, 0x0e, 0xdd, 0xd3, 0xa6, + 0x43, 0xb7, 0x62, 0xf8, 0x61, 0xcf, 0xbe, 0x02, 0x27, 0xb3, 0x1d, 0x3c, 0xc8, 0xf3, 0xf6, 0x6f, + 0x0f, 0x66, 0x4f, 0xd7, 0xd7, 0x48, 0xd4, 0xa4, 0x5d, 0x7b, 0xdf, 0xc8, 0x7e, 0xdf, 0xc8, 0x7e, + 0xdf, 0xc8, 0x96, 0x7f, 0xec, 0xbd, 0x12, 0xa4, 0x34, 0x03, 0xde, 0xbb, 0x0f, 0xc3, 0x50, 0x44, + 0x5a, 0xe1, 0x0d, 0xbc, 0x28, 0x24, 0xae, 0x0e, 0x71, 0xe5, 0xcd, 0x58, 0xc2, 0xa9, 0x64, 0x6e, + 0x39, 0xc9, 0x86, 0x10, 0xb9, 0x4a, 0x32, 0xaf, 0x38, 0xc9, 0x06, 0x66, 0x10, 0xf4, 0x0a, 0x8c, + 0x25, 0x4e, 0xd4, 0x20, 0x09, 0x26, 0x5b, 0x6c, 0x10, 0x84, 0xc7, 0xe2, 0x31, 0x81, 0x3b, 0xb6, + 0x96, 0x82, 0xe2, 0x0c, 0x36, 0xba, 0x03, 0x03, 0x1b, 0xc4, 0x6f, 0x8a, 0x53, 0x80, 0xd5, 0xfc, + 0x24, 0x22, 0x7b, 0xd7, 0x2b, 0xc4, 0x6f, 0xf2, 0xf5, 0x4a, 0x7f, 0x61, 0xc6, 0x8a, 0x7e, 0x9d, + 0xca, 0x66, 0x3b, 0x4e, 0xc2, 0xa6, 0xf7, 0x96, 0x3c, 0x1b, 0xf8, 0x44, 0xce, 0x8c, 0xaf, 0x49, + 0xfa, 0xdc, 0x80, 0x55, 0x7f, 0xb1, 0xe6, 0xcc, 0xfa, 0x51, 0xf3, 0x22, 0x66, 0xeb, 0xef, 0x4c, + 0xc0, 0xb1, 0xf4, 0x63, 0x4e, 0xd2, 0xe7, 0xfd, 0x50, 0x7f, 0xb1, 0xe6, 0x8c, 0x76, 0x60, 0xb0, + 0xe5, 0xb7, 0x1b, 0x5e, 0x30, 0x31, 0xcc, 0xfa, 0x70, 0x23, 0xe7, 0x3e, 0xac, 0x30, 0xe2, 0xfc, + 0x84, 0x86, 0xff, 0xc6, 0x82, 0x21, 0x7a, 0x1a, 0x4a, 0xee, 0x86, 0x13, 0x25, 0x13, 0x23, 0x6c, + 0xd2, 0x28, 0x43, 0x7a, 0x96, 0x36, 0x62, 0x0e, 0x43, 0x4f, 0x41, 0x31, 0x22, 0x75, 0x16, 0x59, + 0x65, 0xf8, 0xdc, 0x31, 0xa9, 0x63, 0xda, 0x6e, 0xff, 0xed, 0x42, 0x5a, 0xb9, 0x48, 0xbf, 0x37, + 0x9f, 0xed, 0x6e, 0x3b, 0x8a, 0xa5, 0xb1, 0x6d, 0xcc, 0x76, 0xd6, 0x8c, 0x25, 0x1c, 0x7d, 0xde, + 0x82, 0xa1, 0xdb, 0x71, 0x18, 0x04, 0x24, 0x11, 0x82, 0xfc, 0x66, 0xce, 0x43, 0x71, 0x95, 0x53, + 0xd7, 0x7d, 0x10, 0x0d, 0x58, 0xf2, 0xa5, 0xdd, 0x25, 0xdb, 0xae, 0xdf, 0xae, 0x75, 0xb8, 0x5a, + 0x2f, 0xf1, 0x66, 0x2c, 0xe1, 0x14, 0xd5, 0x0b, 0x38, 0xea, 0x40, 0x1a, 0x75, 0x21, 0x10, 0xa8, + 0x02, 0x6e, 0xff, 0x6e, 0x09, 0xce, 0x74, 0x5d, 0x1c, 0x74, 0xdb, 0x67, 0x1b, 0xeb, 0x65, 0xcf, + 0x27, 0x32, 0x80, 0x80, 0x6d, 0xfb, 0x37, 0x55, 0x2b, 0x36, 0x30, 0xd0, 0xcf, 0x01, 0xb4, 0x9c, + 0xc8, 0x69, 0x12, 0xb1, 0xdd, 0x15, 0x8f, 0xbe, 0xbb, 0xd2, 0x7e, 0xac, 0x48, 0x9a, 0xda, 0xda, + 0x52, 0x4d, 0x31, 0x36, 0x58, 0xa2, 0x97, 0x60, 0x38, 0x22, 0x3e, 0x71, 0x62, 0x16, 0x98, 0x97, + 0x8d, 0x32, 0xc6, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0x8c, 0x8a, 0xb5, 0xc8, 0xf8, 0xa5, 0xd3, 0xf1, + 0x16, 0xe8, 0x6d, 0x0b, 0xc6, 0xea, 0x9e, 0x4f, 0x34, 0x77, 0x11, 0x13, 0xbc, 0x7c, 0xf4, 0x97, + 0xbc, 0x6c, 0xd2, 0xd5, 0x12, 0x32, 0xd5, 0x1c, 0xe3, 0x0c, 0x7b, 0xfa, 0x99, 0xb7, 0x48, 0xc4, + 0x44, 0xeb, 0x60, 0xfa, 0x33, 0xdf, 0xe4, 0xcd, 0x58, 0xc2, 0xd1, 0x0c, 0x9c, 0x68, 0x39, 0x71, + 0x3c, 0x1b, 0x91, 0x1a, 0x09, 0x12, 0xcf, 0xf1, 0x79, 0xc4, 0x6e, 0x59, 0x47, 0xec, 0xad, 0xa4, + 0xc1, 0x38, 0x8b, 0x8f, 0x3e, 0x09, 0x8f, 0x7b, 0x8d, 0x20, 0x8c, 0xc8, 0x92, 0x17, 0xc7, 0x5e, + 0xd0, 0xd0, 0xd3, 0x80, 0x49, 0xca, 0x72, 0x75, 0x52, 0x90, 0x7a, 0x7c, 0xa1, 0x3b, 0x1a, 0xee, + 0xf5, 0x3c, 0x7a, 0x0e, 0xca, 0xf1, 0xa6, 0xd7, 0x9a, 0x8d, 0x6a, 0x31, 0x3b, 0x2d, 0x2d, 0xeb, + 0x23, 0x9e, 0x55, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0xab, 0x85, 0xb4, 0x79, 0x67, 0xae, 0x1f, 0x14, + 0xd3, 0x55, 0x92, 0xdc, 0x74, 0x22, 0x69, 0xfa, 0x1f, 0x31, 0xe6, 0x57, 0xd0, 0xbd, 0xe9, 0x44, + 0xe6, 0x7a, 0x63, 0x0c, 0xb0, 0xe4, 0x84, 0x6e, 0xc3, 0x40, 0xe2, 0x3b, 0x39, 0x25, 0x09, 0x18, + 0x1c, 0xb5, 0xb5, 0xbd, 0x38, 0x13, 0x63, 0xc6, 0x03, 0x3d, 0x49, 0xd5, 0xd7, 0x75, 0x19, 0x18, + 0x24, 0x34, 0xce, 0xf5, 0x18, 0xb3, 0x56, 0xfb, 0xff, 0x96, 0xbb, 0x88, 0x3c, 0xb5, 0xc7, 0xa0, + 0x0b, 0x00, 0xd4, 0x12, 0x5a, 0x89, 0x48, 0xdd, 0xdb, 0x16, 0x7b, 0xbc, 0x5a, 0x56, 0xd7, 0x15, + 0x04, 0x1b, 0x58, 0xf2, 0x99, 0xd5, 0x76, 0x9d, 0x3e, 0x53, 0xe8, 0x7c, 0x86, 0x43, 0xb0, 0x81, + 0x85, 0x5e, 0x84, 0x41, 0xaf, 0xe9, 0x34, 0x54, 0xfc, 0xd2, 0x93, 0x74, 0x3d, 0x2d, 0xb0, 0x96, + 0x7b, 0xbb, 0x93, 0x63, 0xaa, 0x43, 0xac, 0x09, 0x0b, 0x5c, 0xf4, 0x5b, 0x16, 0x8c, 0xb8, 0x61, + 0xb3, 0x19, 0x06, 0xdc, 0x7e, 0x10, 0xc6, 0xd0, 0xed, 0xe3, 0xda, 0x81, 0xa7, 0x66, 0x0d, 0x66, + 0xdc, 0x1a, 0x52, 0xd9, 0x0c, 0x26, 0x08, 0xa7, 0x7a, 0x65, 0x2e, 0xbb, 0xd2, 0x3e, 0xcb, 0xee, + 0xf7, 0x2c, 0x18, 0xe7, 0xcf, 0x1a, 0x66, 0x8d, 0x08, 0xdc, 0x0f, 0x8f, 0xf9, 0xb5, 0x3a, 0x2c, + 0x3d, 0x75, 0x24, 0xd4, 0x01, 0xc7, 0x9d, 0x9d, 0x44, 0xf3, 0x30, 0x5e, 0x0f, 0x23, 0x97, 0x98, + 0x03, 0x21, 0x64, 0x86, 0x22, 0x74, 0x39, 0x8b, 0x80, 0x3b, 0x9f, 0x41, 0x37, 0xe1, 0x31, 0xa3, + 0xd1, 0x1c, 0x07, 0x2e, 0x36, 0xce, 0x09, 0x6a, 0x8f, 0x5d, 0xee, 0x8a, 0x85, 0x7b, 0x3c, 0x9d, + 0xb6, 0xfc, 0x2b, 0x7d, 0x58, 0xfe, 0x6f, 0xc2, 0x13, 0x6e, 0xe7, 0xc8, 0x6c, 0xc5, 0xed, 0xf5, + 0x38, 0x61, 0x4a, 0x56, 0xb9, 0xfa, 0x23, 0x82, 0xc0, 0x13, 0xb3, 0xbd, 0x10, 0x71, 0x6f, 0x1a, + 0xe8, 0x33, 0x50, 0x8e, 0x08, 0xfb, 0x2a, 0xb1, 0x88, 0x62, 0x3f, 0xa2, 0xb9, 0xa7, 0x95, 0x43, + 0x4e, 0x56, 0x8b, 0x45, 0xd1, 0x10, 0x63, 0xc5, 0xf1, 0xec, 0xc7, 0x61, 0xbc, 0x63, 0x3e, 0x1f, + 0xc8, 0xf8, 0x9e, 0x83, 0xc7, 0xba, 0xcf, 0x9c, 0x03, 0x99, 0xe0, 0xff, 0x30, 0x13, 0x9c, 0x65, + 0x28, 0x7a, 0x7d, 0x1c, 0xe7, 0x38, 0x50, 0x24, 0xc1, 0x96, 0x10, 0xa4, 0x97, 0x8f, 0x36, 0x7a, + 0x97, 0x82, 0x2d, 0x3e, 0xf1, 0x99, 0xcd, 0x7a, 0x29, 0xd8, 0xc2, 0x94, 0x36, 0x7a, 0xc7, 0x4a, + 0x29, 0x2a, 0xfc, 0x10, 0xe8, 0x53, 0xc7, 0xa2, 0xd9, 0xf6, 0xad, 0xbb, 0xd8, 0xff, 0xba, 0x00, + 0xe7, 0xf7, 0x23, 0xd2, 0xc7, 0xf0, 0x3d, 0x0d, 0x83, 0x31, 0xf3, 0x8e, 0x09, 0xc9, 0x34, 0x4c, + 0xa5, 0x12, 0xf7, 0x97, 0xbd, 0x89, 0x05, 0x08, 0xf9, 0x50, 0x6c, 0x3a, 0x2d, 0x71, 0x36, 0xb0, + 0x70, 0xd4, 0x50, 0x6c, 0xfa, 0xdf, 0xf1, 0x97, 0x9c, 0x16, 0xb7, 0x38, 0x8d, 0x06, 0x4c, 0xd9, + 0xa0, 0x04, 0x4a, 0x4e, 0x14, 0x39, 0xd2, 0x15, 0x73, 0x2d, 0x1f, 0x7e, 0x33, 0x94, 0x64, 0x75, + 0x7c, 0x6f, 0x77, 0x72, 0x34, 0xd5, 0x84, 0x39, 0x33, 0xfb, 0xcb, 0x43, 0xa9, 0x70, 0x64, 0xe6, + 0x5f, 0x8b, 0x61, 0x50, 0x1c, 0x09, 0x58, 0x79, 0x47, 0xc0, 0xf3, 0x7c, 0x12, 0x66, 0xc7, 0x88, + 0xac, 0x3c, 0xc1, 0x0a, 0x7d, 0xc9, 0x62, 0xb9, 0x6f, 0x32, 0x44, 0x5b, 0x58, 0x0f, 0xc7, 0x93, + 0x8a, 0x67, 0x66, 0xd4, 0xc9, 0x46, 0x6c, 0x72, 0xa7, 0x5b, 0x57, 0x8b, 0x67, 0x71, 0x64, 0x6d, + 0x08, 0x99, 0x1d, 0x27, 0xe1, 0x68, 0xbb, 0x8b, 0x1f, 0x2d, 0x87, 0xfc, 0xa9, 0x3e, 0x3c, 0x67, + 0xdf, 0xb4, 0x60, 0x9c, 0x6b, 0x8a, 0x73, 0x5e, 0xbd, 0x4e, 0x22, 0x12, 0xb8, 0x44, 0xea, 0xda, + 0x47, 0xf4, 0xd4, 0xca, 0x73, 0x98, 0x85, 0x2c, 0x79, 0xbd, 0xa7, 0x75, 0x80, 0x70, 0x67, 0x67, + 0x50, 0x0d, 0x06, 0xbc, 0xa0, 0x1e, 0x8a, 0x9d, 0xbc, 0x7a, 0xb4, 0x4e, 0x2d, 0x04, 0xf5, 0x50, + 0xaf, 0x66, 0xfa, 0x0f, 0x33, 0xea, 0x68, 0x11, 0x4e, 0x47, 0xe2, 0x34, 0xe4, 0x8a, 0x17, 0x53, + 0x9b, 0x75, 0xd1, 0x6b, 0x7a, 0x09, 0xdb, 0x85, 0x8b, 0xd5, 0x89, 0xbd, 0xdd, 0xc9, 0xd3, 0xb8, + 0x0b, 0x1c, 0x77, 0x7d, 0x0a, 0xbd, 0x05, 0x43, 0x32, 0x59, 0xaf, 0x9c, 0x87, 0xdd, 0xd2, 0x39, + 0xff, 0xd5, 0x64, 0x5a, 0x15, 0x79, 0x79, 0x92, 0xa1, 0xfd, 0xf6, 0x30, 0x74, 0x3a, 0xa2, 0xd0, + 0xcf, 0x42, 0x25, 0x52, 0x09, 0x84, 0x56, 0x1e, 0x71, 0x58, 0xf2, 0xfb, 0x0a, 0x27, 0x98, 0xd2, + 0x07, 0x74, 0xaa, 0xa0, 0xe6, 0x48, 0xb5, 0xf6, 0x58, 0xfb, 0xab, 0x72, 0x98, 0xdb, 0x82, 0xab, + 0xf6, 0x73, 0xec, 0x04, 0x2e, 0x66, 0x3c, 0x50, 0x04, 0x83, 0x1b, 0xc4, 0xf1, 0x93, 0x8d, 0x7c, + 0x8e, 0x64, 0xaf, 0x30, 0x5a, 0xd9, 0x50, 0x73, 0xde, 0x8a, 0x05, 0x27, 0xb4, 0x0d, 0x43, 0x1b, + 0x7c, 0x02, 0x08, 0x45, 0x7a, 0xe9, 0xa8, 0x83, 0x9b, 0x9a, 0x55, 0xfa, 0x73, 0x8b, 0x06, 0x2c, + 0xd9, 0x31, 0x27, 0xbc, 0xe1, 0x83, 0xe5, 0x4b, 0x37, 0xbf, 0x28, 0xfb, 0xfe, 0x1d, 0xb0, 0x9f, + 0x86, 0x91, 0x88, 0xb8, 0x61, 0xe0, 0x7a, 0x3e, 0xa9, 0xcd, 0xc8, 0xe3, 0xd6, 0x83, 0xc4, 0x66, + 0x9f, 0xa4, 0xc6, 0x00, 0x36, 0x68, 0xe0, 0x14, 0x45, 0xf4, 0x45, 0x0b, 0xc6, 0x54, 0xd6, 0x11, + 0xfd, 0x20, 0x44, 0x1c, 0x58, 0x2e, 0xe6, 0x94, 0xe3, 0xc4, 0x68, 0x56, 0xd1, 0xde, 0xee, 0xe4, + 0x58, 0xba, 0x0d, 0x67, 0xf8, 0xa2, 0xd7, 0x00, 0xc2, 0x75, 0xee, 0x69, 0x9f, 0x49, 0xc4, 0xe9, + 0xe5, 0x41, 0x5e, 0x75, 0x8c, 0x27, 0x69, 0x48, 0x0a, 0xd8, 0xa0, 0x86, 0xae, 0x01, 0xf0, 0x65, + 0xb3, 0xb6, 0xd3, 0x92, 0xda, 0xb6, 0x0c, 0xae, 0x87, 0x55, 0x05, 0xb9, 0xb7, 0x3b, 0xd9, 0x79, + 0x9a, 0xc4, 0x5c, 0xc5, 0xc6, 0xe3, 0xe8, 0x67, 0x60, 0x28, 0x6e, 0x37, 0x9b, 0x8e, 0x3a, 0xdb, + 0xcc, 0x31, 0xed, 0x83, 0xd3, 0x35, 0x44, 0x11, 0x6f, 0xc0, 0x92, 0x23, 0xba, 0x4d, 0x85, 0x6a, + 0x2c, 0x8e, 0xb9, 0xd8, 0x2a, 0xe2, 0x3a, 0xc1, 0x30, 0x7b, 0xa7, 0x8f, 0x89, 0xe7, 0x4e, 0xe3, + 0x2e, 0x38, 0xf7, 0x76, 0x27, 0x1f, 0x4b, 0xb7, 0x2f, 0x86, 0x22, 0x11, 0xa3, 0x2b, 0x4d, 0x74, + 0x55, 0xe6, 0xee, 0xd3, 0xd7, 0x96, 0x29, 0xa5, 0xcf, 0xea, 0xdc, 0x7d, 0xd6, 0xdc, 0x7b, 0xcc, + 0xcc, 0x87, 0xd1, 0x12, 0x9c, 0x72, 0xc3, 0x20, 0x89, 0x42, 0xdf, 0xe7, 0x05, 0x29, 0xb8, 0xe1, + 0xc3, 0xcf, 0x3e, 0x3f, 0x28, 0xba, 0x7d, 0x6a, 0xb6, 0x13, 0x05, 0x77, 0x7b, 0xce, 0x0e, 0xd2, + 0x21, 0x48, 0x62, 0x70, 0x5e, 0x84, 0x11, 0xb2, 0x9d, 0x90, 0x28, 0x70, 0xfc, 0x1b, 0x78, 0x51, + 0x9e, 0xfa, 0xb1, 0x35, 0x70, 0xc9, 0x68, 0xc7, 0x29, 0x2c, 0x64, 0x2b, 0x6b, 0xbf, 0xa0, 0xb3, + 0x95, 0xb8, 0xb5, 0x2f, 0x6d, 0x7b, 0xfb, 0x7f, 0x17, 0x52, 0x0a, 0xd9, 0x5a, 0x44, 0x08, 0x0a, + 0xa1, 0x14, 0x84, 0x35, 0x25, 0xfb, 0xaf, 0xe6, 0x23, 0xfb, 0xaf, 0x87, 0x35, 0x23, 0xc1, 0x9f, + 0xfe, 0x8b, 0x31, 0xe7, 0xc3, 0x32, 0xa0, 0x65, 0xaa, 0x38, 0x03, 0x08, 0x43, 0x23, 0x4f, 0xce, + 0x2a, 0x03, 0x7a, 0xd9, 0x64, 0x84, 0xd3, 0x7c, 0xd1, 0x26, 0x94, 0x36, 0xc2, 0x38, 0x91, 0xe6, + 0xc7, 0x11, 0x2d, 0x9d, 0x2b, 0x61, 0x9c, 0x30, 0x2d, 0x42, 0xbd, 0x36, 0x6d, 0x89, 0x31, 0xe7, + 0x61, 0xff, 0x67, 0x2b, 0x75, 0xc6, 0x7b, 0x8b, 0x85, 0xe3, 0x6d, 0x91, 0x80, 0x2e, 0x6b, 0x33, + 0xb8, 0xe3, 0xff, 0xcf, 0x64, 0xcb, 0x7c, 0xa8, 0x57, 0xb9, 0x95, 0xbb, 0x94, 0xc2, 0x14, 0x23, + 0x61, 0xc4, 0x81, 0x7c, 0xce, 0x4a, 0xe7, 0x2d, 0x15, 0xf2, 0x30, 0x30, 0xcc, 0xbc, 0xbc, 0x7d, + 0x53, 0xa0, 0xec, 0x77, 0x2c, 0x18, 0xaa, 0x3a, 0xee, 0x66, 0x58, 0xaf, 0xa3, 0xe7, 0xa0, 0x5c, + 0x6b, 0x47, 0x66, 0x0a, 0x95, 0xb2, 0x9e, 0xe7, 0x44, 0x3b, 0x56, 0x18, 0x74, 0x0e, 0xd7, 0x1d, + 0x57, 0x66, 0xe7, 0x15, 0xf9, 0x1c, 0xbe, 0xcc, 0x5a, 0xb0, 0x80, 0xa0, 0x97, 0x60, 0xb8, 0xe9, + 0x6c, 0xcb, 0x87, 0xb3, 0x07, 0xcc, 0x4b, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x5f, 0x58, 0x30, 0x51, + 0x75, 0x62, 0xcf, 0x9d, 0x69, 0x27, 0x1b, 0x55, 0x2f, 0x59, 0x6f, 0xbb, 0x9b, 0x24, 0xe1, 0x29, + 0x99, 0xb4, 0x97, 0xed, 0x98, 0x2e, 0x25, 0x65, 0xd7, 0xa9, 0x5e, 0xde, 0x10, 0xed, 0x58, 0x61, + 0xa0, 0xb7, 0x60, 0xb8, 0xe5, 0xc4, 0xf1, 0xdd, 0x30, 0xaa, 0x61, 0x52, 0xcf, 0x27, 0x21, 0x7a, + 0x95, 0xb8, 0x11, 0x49, 0x30, 0xa9, 0x0b, 0x97, 0xa1, 0xa6, 0x8f, 0x4d, 0x66, 0xf6, 0x5f, 0xb7, + 0x60, 0x84, 0x79, 0x5f, 0xe6, 0x48, 0xe2, 0x78, 0x7e, 0x47, 0x55, 0x0f, 0xab, 0xcf, 0xaa, 0x1e, + 0xe7, 0x61, 0x60, 0x23, 0x6c, 0x92, 0xac, 0xe7, 0xf0, 0x4a, 0x48, 0xad, 0x58, 0x0a, 0x41, 0x2f, + 0xd0, 0x71, 0xf6, 0x82, 0xc4, 0xa1, 0x33, 0x4e, 0x1e, 0x21, 0x9e, 0xe0, 0x63, 0xac, 0x9a, 0xb1, + 0x89, 0x63, 0x7f, 0xab, 0x02, 0x43, 0xc2, 0x19, 0xdb, 0x77, 0x16, 0xac, 0x34, 0xa7, 0x0b, 0x3d, + 0xcd, 0xe9, 0x18, 0x06, 0x5d, 0x56, 0x33, 0x48, 0x68, 0x6d, 0xd7, 0x72, 0xf1, 0xde, 0xf3, 0x32, + 0x44, 0xba, 0x5b, 0xfc, 0x3f, 0x16, 0xac, 0xd0, 0xd7, 0x2c, 0x38, 0xe1, 0x86, 0x41, 0x40, 0x5c, + 0xad, 0x52, 0x0c, 0xe4, 0x11, 0x8f, 0x33, 0x9b, 0x26, 0xaa, 0x8f, 0xfe, 0x33, 0x00, 0x9c, 0x65, + 0x8f, 0x5e, 0x86, 0x51, 0x3e, 0x66, 0x37, 0x53, 0xe7, 0x9e, 0xba, 0xd8, 0x83, 0x09, 0xc4, 0x69, + 0x5c, 0x34, 0xc5, 0xcf, 0x8f, 0x45, 0x59, 0x85, 0x41, 0xed, 0x47, 0x32, 0x0a, 0x2a, 0x18, 0x18, + 0x28, 0x02, 0x14, 0x91, 0x7a, 0x44, 0xe2, 0x0d, 0xe1, 0xac, 0x66, 0xea, 0xcc, 0xd0, 0xe1, 0xb2, + 0xea, 0x70, 0x07, 0x25, 0xdc, 0x85, 0x3a, 0xda, 0x14, 0xf6, 0x5c, 0x39, 0x0f, 0x91, 0x25, 0x3e, + 0x73, 0x4f, 0xb3, 0x6e, 0x12, 0x4a, 0xf1, 0x86, 0x13, 0xd5, 0x98, 0x1a, 0x55, 0xe4, 0xc1, 0xe3, + 0xab, 0xb4, 0x01, 0xf3, 0x76, 0x34, 0x07, 0x27, 0x33, 0xa5, 0x2a, 0x62, 0x71, 0x3e, 0xa9, 0x82, + 0xac, 0x33, 0x45, 0x2e, 0x62, 0xdc, 0xf1, 0x84, 0x69, 0xeb, 0x0f, 0xef, 0x63, 0xeb, 0xef, 0xa8, + 0x90, 0xa8, 0x11, 0xb6, 0x1d, 0xbd, 0x9a, 0xcb, 0x00, 0xf4, 0x15, 0xff, 0xf4, 0x95, 0x4c, 0xfc, + 0xd3, 0x28, 0xeb, 0xc0, 0xcd, 0x7c, 0x3a, 0x70, 0xf0, 0x60, 0xa7, 0x87, 0x19, 0xbc, 0xf4, 0xbf, + 0x2c, 0x90, 0xdf, 0x75, 0xd6, 0x71, 0x37, 0x08, 0x9d, 0x32, 0xe8, 0x15, 0x18, 0x53, 0x16, 0xeb, + 0x6c, 0xd8, 0x0e, 0x78, 0xdc, 0x52, 0x51, 0xfb, 0x08, 0x71, 0x0a, 0x8a, 0x33, 0xd8, 0x68, 0x1a, + 0x2a, 0x74, 0x9c, 0xf8, 0xa3, 0x7c, 0x6b, 0x53, 0x56, 0xf1, 0xcc, 0xca, 0x82, 0x78, 0x4a, 0xe3, + 0xa0, 0x10, 0xc6, 0x7d, 0x27, 0x4e, 0x58, 0x0f, 0xa8, 0x01, 0x7b, 0xc8, 0x9c, 0x56, 0x16, 0xc9, + 0xbb, 0x98, 0x25, 0x84, 0x3b, 0x69, 0xdb, 0xdf, 0x1d, 0x80, 0xd1, 0x94, 0x64, 0x3c, 0xe0, 0x9e, + 0xf8, 0x1c, 0x94, 0xe5, 0x36, 0x95, 0xcd, 0xac, 0x57, 0x7b, 0x99, 0xc2, 0xa0, 0x9b, 0xd6, 0x3a, + 0x71, 0x22, 0x12, 0xb1, 0x22, 0x20, 0xd9, 0x3d, 0xbc, 0xaa, 0x41, 0xd8, 0xc4, 0x63, 0x42, 0x39, + 0xf1, 0xe3, 0x59, 0xdf, 0x23, 0x41, 0xc2, 0xbb, 0x99, 0x8f, 0x50, 0x5e, 0x5b, 0x5c, 0x35, 0x89, + 0x6a, 0xa1, 0x9c, 0x01, 0xe0, 0x2c, 0x7b, 0xf4, 0x8b, 0x16, 0x8c, 0x3a, 0x77, 0x63, 0x5d, 0xd8, + 0x4e, 0x44, 0x3a, 0x1d, 0x71, 0x93, 0x4a, 0xd5, 0xca, 0xe3, 0x27, 0xac, 0xa9, 0x26, 0x9c, 0x66, + 0x8a, 0xbe, 0x61, 0x01, 0x22, 0xdb, 0xc4, 0x95, 0xb1, 0x58, 0xa2, 0x2f, 0x83, 0x79, 0x18, 0x76, + 0x97, 0x3a, 0xe8, 0x72, 0xa9, 0xde, 0xd9, 0x8e, 0xbb, 0xf4, 0xc1, 0xfe, 0x27, 0x45, 0xb5, 0xa0, + 0x74, 0xf8, 0x9f, 0x63, 0x64, 0xe6, 0x58, 0x87, 0xcf, 0xcc, 0xd1, 0x0e, 0xea, 0x8e, 0xec, 0x9c, + 0x74, 0x22, 0x44, 0xe1, 0x21, 0x25, 0x42, 0xfc, 0xbc, 0x95, 0xaa, 0x21, 0x31, 0x7c, 0xe1, 0xb5, + 0x7c, 0x43, 0x0f, 0xa7, 0x78, 0x78, 0x44, 0x46, 0xba, 0xa7, 0x63, 0x26, 0xa8, 0x34, 0x35, 0xd0, + 0x0e, 0x24, 0x0d, 0xff, 0x7d, 0x11, 0x86, 0x8d, 0x9d, 0xb4, 0xab, 0x5a, 0x64, 0x3d, 0x62, 0x6a, + 0x51, 0xe1, 0x00, 0x6a, 0xd1, 0xcf, 0x41, 0xc5, 0x95, 0x52, 0x3e, 0x9f, 0x2a, 0x8a, 0xd9, 0xbd, + 0x43, 0x0b, 0x7a, 0xd5, 0x84, 0x35, 0x4f, 0x34, 0x9f, 0xca, 0x4d, 0x10, 0x3b, 0xc4, 0x00, 0xdb, + 0x21, 0xba, 0x25, 0x0f, 0x88, 0x9d, 0xa2, 0xf3, 0x19, 0x56, 0x6a, 0xa4, 0xe5, 0x89, 0xf7, 0x92, + 0x01, 0xc2, 0xbc, 0xd4, 0xc8, 0xca, 0x82, 0x6c, 0xc6, 0x26, 0x8e, 0xfd, 0x5d, 0x4b, 0x7d, 0xdc, + 0x07, 0x90, 0xeb, 0x7b, 0x3b, 0x9d, 0xeb, 0x7b, 0x29, 0x97, 0x61, 0xee, 0x91, 0xe4, 0x7b, 0x1d, + 0x86, 0x66, 0xc3, 0x66, 0xd3, 0x09, 0x6a, 0xe8, 0x47, 0x61, 0xc8, 0xe5, 0x3f, 0xc5, 0x39, 0x0a, + 0xf3, 0xc6, 0x09, 0x28, 0x96, 0x30, 0xf4, 0x24, 0x0c, 0x38, 0x51, 0x43, 0x9e, 0x9d, 0xb0, 0x80, + 0x8e, 0x99, 0xa8, 0x11, 0x63, 0xd6, 0x6a, 0xbf, 0x5d, 0x04, 0x98, 0x0d, 0x9b, 0x2d, 0x27, 0x22, + 0xb5, 0xb5, 0x90, 0x55, 0x71, 0x3a, 0x56, 0x1f, 0x96, 0x36, 0x96, 0x1e, 0x65, 0x3f, 0x96, 0xe1, + 0xcb, 0x28, 0x3e, 0x68, 0x5f, 0xc6, 0x97, 0x2d, 0x40, 0xf4, 0x8b, 0x84, 0x01, 0x09, 0x12, 0xed, + 0x9c, 0x9d, 0x86, 0x8a, 0x2b, 0x5b, 0x85, 0xd6, 0xa2, 0xd7, 0x9f, 0x04, 0x60, 0x8d, 0xd3, 0x87, + 0xf9, 0xf9, 0xb4, 0x14, 0x8e, 0xc5, 0x74, 0x0c, 0x24, 0x13, 0xa9, 0x42, 0x56, 0xda, 0x7f, 0x50, + 0x80, 0xc7, 0xf8, 0x7e, 0xb7, 0xe4, 0x04, 0x4e, 0x83, 0x34, 0x69, 0xaf, 0xfa, 0x75, 0xb7, 0xbb, + 0xd4, 0xee, 0xf1, 0x64, 0x4c, 0xe3, 0x51, 0x17, 0x06, 0x9f, 0xd0, 0x7c, 0x0a, 0x2f, 0x04, 0x5e, + 0x82, 0x19, 0x71, 0x14, 0x43, 0x59, 0xd6, 0xe4, 0x15, 0x82, 0x2e, 0x27, 0x46, 0x6a, 0xcd, 0x8b, + 0x4d, 0x89, 0x60, 0xc5, 0x88, 0x6a, 0x85, 0x7e, 0xe8, 0x6e, 0x62, 0xd2, 0x0a, 0x99, 0x50, 0x33, + 0x42, 0xca, 0x16, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0x1f, 0x58, 0x90, 0x15, 0xf7, 0x46, 0xbd, 0x1a, + 0xeb, 0xbe, 0xf5, 0x6a, 0x0e, 0x50, 0x30, 0xe6, 0xa7, 0x61, 0xd8, 0x49, 0xe8, 0x0e, 0xcd, 0x6d, + 0xda, 0xe2, 0xe1, 0x8e, 0xe8, 0x97, 0xc2, 0x9a, 0x57, 0xf7, 0x98, 0x2d, 0x6b, 0x92, 0xb3, 0xff, + 0xc7, 0x00, 0x8c, 0x77, 0xc4, 0xa9, 0xa3, 0x8b, 0x30, 0xe2, 0x8a, 0xe9, 0xd1, 0xc2, 0xa4, 0x2e, + 0x5e, 0xc6, 0x88, 0x73, 0xd2, 0x30, 0x9c, 0xc2, 0xec, 0x63, 0x82, 0x2e, 0xc0, 0xa9, 0x88, 0x5a, + 0xd1, 0x6d, 0x32, 0x53, 0x4f, 0x48, 0xb4, 0x4a, 0xdc, 0x30, 0xa8, 0xf1, 0xaa, 0x4a, 0xc5, 0xea, + 0xe3, 0x7b, 0xbb, 0x93, 0xa7, 0x70, 0x27, 0x18, 0x77, 0x7b, 0x06, 0xb5, 0x60, 0xd4, 0x37, 0x15, + 0x2c, 0xa1, 0x5d, 0x1f, 0x4a, 0x37, 0x53, 0x1b, 0x70, 0xaa, 0x19, 0xa7, 0x19, 0xa4, 0xb5, 0xb4, + 0xd2, 0x43, 0xd2, 0xd2, 0x7e, 0x41, 0x6b, 0x69, 0xdc, 0x97, 0xfc, 0x7a, 0xce, 0x79, 0x0a, 0xc7, + 0xad, 0xa6, 0xbd, 0x0a, 0x65, 0x19, 0x67, 0xd3, 0x57, 0x7c, 0x8a, 0x49, 0xa7, 0x87, 0x44, 0xbb, + 0x57, 0x80, 0x2e, 0x1a, 0x3e, 0x5d, 0x67, 0x7a, 0x3b, 0x4d, 0xad, 0xb3, 0x83, 0x6d, 0xa9, 0x68, + 0x9b, 0xc7, 0x18, 0xf1, 0x8d, 0xe3, 0x93, 0x79, 0x5b, 0x28, 0x3a, 0xec, 0x48, 0x05, 0xa4, 0xab, + 0xd0, 0xa3, 0x0b, 0x00, 0x5a, 0x0b, 0x12, 0xe1, 0xc6, 0xca, 0x85, 0xa9, 0x95, 0x25, 0x6c, 0x60, + 0x51, 0x83, 0xd5, 0x0b, 0xe2, 0xc4, 0xf1, 0xfd, 0x2b, 0x5e, 0x90, 0x88, 0x93, 0x37, 0xb5, 0x43, + 0x2e, 0x68, 0x10, 0x36, 0xf1, 0xce, 0x7e, 0xcc, 0xf8, 0x2e, 0x07, 0xf9, 0x9e, 0x1b, 0xf0, 0xc4, + 0xbc, 0x97, 0xa8, 0x20, 0x79, 0x35, 0x8f, 0xa8, 0x92, 0xa3, 0x92, 0x3e, 0xac, 0x9e, 0x49, 0x1f, + 0x46, 0x90, 0x7a, 0x21, 0x1d, 0x53, 0x9f, 0x0d, 0x52, 0xb7, 0x2f, 0xc2, 0xe9, 0x79, 0x2f, 0xb9, + 0xec, 0xf9, 0xe4, 0x80, 0x4c, 0xec, 0xdf, 0x1f, 0x84, 0x11, 0x33, 0x29, 0xe9, 0x20, 0x79, 0x2b, + 0x5f, 0xa5, 0x7a, 0x8c, 0x78, 0x3b, 0x4f, 0x39, 0x80, 0x6e, 0x1d, 0x39, 0x43, 0xaa, 0xfb, 0x88, + 0x19, 0xaa, 0x8c, 0xe6, 0x89, 0xcd, 0x0e, 0xa0, 0xbb, 0x50, 0xaa, 0xb3, 0x20, 0xea, 0x62, 0x1e, + 0x5e, 0xf2, 0x6e, 0x23, 0xaa, 0x97, 0x19, 0x0f, 0xc3, 0xe6, 0xfc, 0xe8, 0x0e, 0x19, 0xa5, 0x33, + 0x73, 0x8c, 0xe8, 0x42, 0x91, 0x93, 0xa3, 0x30, 0x7a, 0x89, 0xfa, 0xd2, 0x21, 0x44, 0x7d, 0x4a, + 0xf0, 0x0e, 0x3e, 0x24, 0xc1, 0xcb, 0x02, 0xe2, 0x93, 0x0d, 0xa6, 0xbf, 0x89, 0x70, 0xe8, 0x21, + 0x36, 0x08, 0x46, 0x40, 0x7c, 0x0a, 0x8c, 0xb3, 0xf8, 0xe8, 0xb3, 0x4a, 0x74, 0x97, 0xf3, 0x38, + 0xb4, 0x34, 0x67, 0xf4, 0x71, 0x4b, 0xed, 0x2f, 0x17, 0x60, 0x6c, 0x3e, 0x68, 0xaf, 0xcc, 0xaf, + 0xb4, 0xd7, 0x7d, 0xcf, 0xbd, 0x46, 0x76, 0xa8, 0x68, 0xde, 0x24, 0x3b, 0x0b, 0x73, 0x62, 0x05, + 0xa9, 0x39, 0x73, 0x8d, 0x36, 0x62, 0x0e, 0xa3, 0xc2, 0xa8, 0xee, 0x05, 0x0d, 0x12, 0xb5, 0x22, + 0x4f, 0x9c, 0x27, 0x1a, 0xc2, 0xe8, 0xb2, 0x06, 0x61, 0x13, 0x8f, 0xd2, 0x0e, 0xef, 0x06, 0x24, + 0xca, 0x2a, 0xb2, 0xcb, 0xb4, 0x11, 0x73, 0x18, 0x45, 0x4a, 0xa2, 0x76, 0x9c, 0x88, 0xc9, 0xa8, + 0x90, 0xd6, 0x68, 0x23, 0xe6, 0x30, 0xba, 0xd2, 0xe3, 0xf6, 0x3a, 0x0b, 0x42, 0xc8, 0xc4, 0x5e, + 0xaf, 0xf2, 0x66, 0x2c, 0xe1, 0x14, 0x75, 0x93, 0xec, 0xcc, 0x51, 0x93, 0x32, 0x93, 0x1d, 0x71, + 0x8d, 0x37, 0x63, 0x09, 0x67, 0x15, 0xa8, 0xd2, 0xc3, 0xf1, 0x03, 0x57, 0x81, 0x2a, 0xdd, 0xfd, + 0x1e, 0xc6, 0xe9, 0x6f, 0x58, 0x30, 0x62, 0x86, 0x0e, 0xa1, 0x46, 0x46, 0xc7, 0x5d, 0xee, 0xa8, + 0x26, 0xf8, 0x93, 0xdd, 0xae, 0x4e, 0x69, 0x78, 0x49, 0xd8, 0x8a, 0x9f, 0x27, 0x41, 0xc3, 0x0b, + 0x08, 0xf3, 0x08, 0xf3, 0x90, 0xa3, 0x54, 0x5c, 0xd2, 0x6c, 0x58, 0x23, 0x87, 0x50, 0x92, 0xed, + 0x5b, 0x30, 0xde, 0x91, 0x12, 0xd3, 0x87, 0x6a, 0xb1, 0x6f, 0x42, 0xa2, 0x8d, 0x61, 0x98, 0x12, + 0x16, 0x15, 0x24, 0xd0, 0x2c, 0x8c, 0xf3, 0x85, 0x44, 0x39, 0xad, 0xba, 0x1b, 0xa4, 0xa9, 0xd2, + 0x9c, 0xd8, 0xe1, 0xf5, 0xcd, 0x2c, 0x10, 0x77, 0xe2, 0xdb, 0x5f, 0xb1, 0x60, 0x34, 0x95, 0xa5, + 0x94, 0x93, 0x12, 0xc4, 0x56, 0x5a, 0xc8, 0x22, 0xd9, 0x58, 0x38, 0x6f, 0x91, 0x6d, 0xa6, 0x7a, + 0xa5, 0x69, 0x10, 0x36, 0xf1, 0xec, 0x77, 0x0a, 0x50, 0x96, 0xd1, 0x00, 0x7d, 0x74, 0xe5, 0x4b, + 0x16, 0x8c, 0x2a, 0x87, 0x01, 0x3b, 0x89, 0x2a, 0xe4, 0x11, 0xb7, 0x4e, 0x7b, 0xa0, 0x42, 0x2d, + 0x83, 0x7a, 0xa8, 0x35, 0x72, 0x6c, 0x32, 0xc3, 0x69, 0xde, 0xe8, 0x26, 0x40, 0xbc, 0x13, 0x27, + 0xa4, 0x69, 0x9c, 0x89, 0xd9, 0xc6, 0x8a, 0x9b, 0x72, 0xc3, 0x88, 0xd0, 0xf5, 0x75, 0x3d, 0xac, + 0x91, 0x55, 0x85, 0xa9, 0x55, 0x28, 0xdd, 0x86, 0x0d, 0x4a, 0xf6, 0xdf, 0x2f, 0xc0, 0xc9, 0x6c, + 0x97, 0xd0, 0xeb, 0x30, 0x22, 0xb9, 0x1b, 0xd7, 0xc0, 0xc8, 0x10, 0x88, 0x11, 0x6c, 0xc0, 0xee, + 0xed, 0x4e, 0x4e, 0x76, 0x5e, 0xc3, 0x33, 0x65, 0xa2, 0xe0, 0x14, 0x31, 0xee, 0xb5, 0x11, 0xee, + 0xc5, 0xea, 0xce, 0x4c, 0xab, 0x25, 0x5c, 0x2f, 0x86, 0xd7, 0xc6, 0x84, 0xe2, 0x0c, 0x36, 0x5a, + 0x81, 0xd3, 0x46, 0xcb, 0x75, 0xe2, 0x35, 0x36, 0xd6, 0xc3, 0x48, 0x5a, 0x56, 0x4f, 0xea, 0x20, + 0xa5, 0x4e, 0x1c, 0xdc, 0xf5, 0x49, 0xba, 0xdb, 0xbb, 0x4e, 0xcb, 0x71, 0xbd, 0x64, 0x47, 0x1c, + 0xf2, 0x29, 0xd9, 0x34, 0x2b, 0xda, 0xb1, 0xc2, 0xb0, 0x97, 0x60, 0xa0, 0xcf, 0x19, 0xd4, 0x97, + 0x46, 0xff, 0x2a, 0x94, 0x29, 0x39, 0xa9, 0xde, 0xe5, 0x41, 0x32, 0x84, 0xb2, 0xac, 0xe4, 0x8e, + 0x6c, 0x28, 0x7a, 0x8e, 0x74, 0x8c, 0xa9, 0xd7, 0x5a, 0x88, 0xe3, 0x36, 0x33, 0x92, 0x29, 0x10, + 0x3d, 0x0d, 0x45, 0xb2, 0xdd, 0xca, 0x7a, 0xc0, 0x2e, 0x6d, 0xb7, 0xbc, 0x88, 0xc4, 0x14, 0x89, + 0x6c, 0xb7, 0xd0, 0x59, 0x28, 0x78, 0x35, 0xb1, 0x49, 0x81, 0xc0, 0x29, 0x2c, 0xcc, 0xe1, 0x82, + 0x57, 0xb3, 0xb7, 0xa1, 0xa2, 0x4a, 0xc7, 0xa3, 0x4d, 0x29, 0xbb, 0xad, 0x3c, 0xc2, 0x77, 0x24, + 0xdd, 0x1e, 0x52, 0xbb, 0x0d, 0xa0, 0x73, 0xc2, 0xf2, 0x92, 0x2f, 0xe7, 0x61, 0xc0, 0x0d, 0x45, + 0x2a, 0x69, 0x59, 0x93, 0x61, 0x42, 0x9b, 0x41, 0xec, 0x5b, 0x30, 0x76, 0x2d, 0x08, 0xef, 0xb2, + 0xda, 0xb8, 0xac, 0x72, 0x0f, 0x25, 0x5c, 0xa7, 0x3f, 0xb2, 0x2a, 0x02, 0x83, 0x62, 0x0e, 0x53, + 0xf5, 0x62, 0x0a, 0xbd, 0xea, 0xc5, 0xd8, 0x9f, 0xb3, 0xe0, 0xa4, 0xca, 0x6c, 0x91, 0xd2, 0xf8, + 0x22, 0x8c, 0xac, 0xb7, 0x3d, 0xbf, 0x26, 0xeb, 0x01, 0x65, 0x8e, 0x29, 0xaa, 0x06, 0x0c, 0xa7, + 0x30, 0xa9, 0x51, 0xb5, 0xee, 0x05, 0x4e, 0xb4, 0xb3, 0xa2, 0xc5, 0xbf, 0x92, 0x08, 0x55, 0x05, + 0xc1, 0x06, 0x96, 0xfd, 0x25, 0xb3, 0x0b, 0x22, 0x97, 0xa6, 0x8f, 0x91, 0xbd, 0x01, 0x25, 0x57, + 0x39, 0x52, 0x0f, 0x55, 0xb3, 0x4c, 0xa5, 0x31, 0xb3, 0xc3, 0x74, 0x4e, 0xcd, 0xfe, 0x67, 0x05, + 0x18, 0x4d, 0x15, 0x92, 0x40, 0x3e, 0x94, 0x89, 0xcf, 0x8e, 0xf2, 0xe4, 0x14, 0x3b, 0x6a, 0x89, + 0x3a, 0xb5, 0x2c, 0x2e, 0x09, 0xba, 0x58, 0x71, 0x78, 0x34, 0xfc, 0x55, 0x17, 0x61, 0x44, 0x76, + 0xe8, 0x93, 0x4e, 0xd3, 0x17, 0xab, 0x50, 0x4d, 0x80, 0x4b, 0x06, 0x0c, 0xa7, 0x30, 0xed, 0x3f, + 0x2c, 0xc2, 0x04, 0x3f, 0xfb, 0xac, 0xa9, 0x90, 0x92, 0x25, 0xa9, 0x65, 0xfd, 0x15, 0x5d, 0xee, + 0x85, 0x0f, 0xe4, 0xfa, 0x51, 0xcb, 0xb3, 0x76, 0x67, 0xd4, 0x57, 0xb0, 0xc3, 0xaf, 0x67, 0x82, + 0x1d, 0xf8, 0x66, 0xdb, 0x38, 0xa6, 0x1e, 0xfd, 0x60, 0x45, 0x3f, 0xfc, 0x9d, 0x02, 0x9c, 0xc8, + 0xd4, 0xbe, 0x45, 0x6f, 0xa7, 0xab, 0xdb, 0x59, 0x79, 0x9c, 0x90, 0xdd, 0xb7, 0x02, 0xeb, 0xc1, + 0x6a, 0xdc, 0x3d, 0xa4, 0xa5, 0x62, 0xff, 0x51, 0x01, 0xc6, 0xd2, 0x45, 0x7b, 0x1f, 0xc1, 0x91, + 0xfa, 0x08, 0x54, 0x58, 0x29, 0x4c, 0x76, 0xd1, 0x10, 0x3f, 0x88, 0xe3, 0x15, 0x1b, 0x65, 0x23, + 0xd6, 0xf0, 0x47, 0xa2, 0x74, 0xa0, 0xfd, 0x77, 0x2d, 0x38, 0xc3, 0xdf, 0x32, 0x3b, 0x0f, 0xff, + 0x6a, 0xb7, 0xd1, 0x7d, 0x23, 0xdf, 0x0e, 0x66, 0xca, 0x14, 0xed, 0x37, 0xbe, 0xec, 0x82, 0x13, + 0xd1, 0xdb, 0xf4, 0x54, 0x78, 0x04, 0x3b, 0x7b, 0xa0, 0xc9, 0x60, 0xff, 0x51, 0x11, 0xf4, 0x9d, + 0x2e, 0xc8, 0x13, 0x59, 0x3a, 0xb9, 0x94, 0x6b, 0x5a, 0xdd, 0x09, 0x5c, 0x7d, 0x7b, 0x4c, 0x39, + 0x93, 0xa4, 0xf3, 0xcb, 0x16, 0x0c, 0x7b, 0x81, 0x97, 0x78, 0x0e, 0x53, 0x9e, 0xf3, 0xb9, 0x93, + 0x42, 0xb1, 0x5b, 0xe0, 0x94, 0xc3, 0xc8, 0x3c, 0xbd, 0x55, 0xcc, 0xb0, 0xc9, 0x19, 0x7d, 0x5a, + 0xc4, 0x23, 0x16, 0x73, 0xcb, 0x2f, 0x2b, 0x67, 0x82, 0x10, 0x5b, 0x50, 0x8a, 0x48, 0x12, 0xe5, + 0x94, 0x96, 0x89, 0x29, 0x29, 0x55, 0x9d, 0x4f, 0xdf, 0xae, 0x47, 0x9b, 0x31, 0x67, 0x64, 0xc7, + 0x80, 0x3a, 0xc7, 0xe2, 0x80, 0xb1, 0x5e, 0xd3, 0x50, 0x71, 0xda, 0x49, 0xd8, 0xa4, 0xc3, 0x24, + 0x0e, 0x98, 0x75, 0x34, 0x9b, 0x04, 0x60, 0x8d, 0x63, 0xbf, 0x5d, 0x82, 0x4c, 0xda, 0x0c, 0xda, + 0x36, 0xef, 0x23, 0xb2, 0xf2, 0xbd, 0x8f, 0x48, 0x75, 0xa6, 0xdb, 0x9d, 0x44, 0xa8, 0x01, 0xa5, + 0xd6, 0x86, 0x13, 0x4b, 0xdd, 0xf8, 0x55, 0x39, 0x4c, 0x2b, 0xb4, 0xf1, 0xde, 0xee, 0xe4, 0x4f, + 0xf5, 0x77, 0xd6, 0x42, 0xe7, 0xea, 0x34, 0xcf, 0x42, 0xd7, 0xac, 0x19, 0x0d, 0xcc, 0xe9, 0x1f, + 0xe4, 0x56, 0x8e, 0xcf, 0x8b, 0x7a, 0xa9, 0x98, 0xc4, 0x6d, 0x3f, 0x11, 0xb3, 0xe1, 0xd5, 0x1c, + 0x57, 0x19, 0x27, 0xac, 0x13, 0x3e, 0xf9, 0x7f, 0x6c, 0x30, 0x45, 0xaf, 0x43, 0x25, 0x4e, 0x9c, + 0x28, 0x39, 0x64, 0x8a, 0x96, 0x1a, 0xf4, 0x55, 0x49, 0x04, 0x6b, 0x7a, 0xe8, 0x35, 0x56, 0xbd, + 0xce, 0x8b, 0x37, 0x0e, 0x19, 0x46, 0x2c, 0x2b, 0xdd, 0x09, 0x0a, 0xd8, 0xa0, 0x46, 0x4d, 0x0f, + 0x36, 0xb7, 0x79, 0xec, 0x4c, 0x99, 0xd9, 0x96, 0x4a, 0x14, 0x62, 0x05, 0xc1, 0x06, 0x96, 0xfd, + 0x63, 0x90, 0xce, 0x58, 0x46, 0x93, 0x32, 0x41, 0x9a, 0x9f, 0x3d, 0xb1, 0x70, 0xe0, 0x54, 0x2e, + 0xf3, 0xef, 0x59, 0x60, 0xa6, 0x55, 0xa3, 0x3b, 0x3c, 0x7f, 0xdb, 0xca, 0xc3, 0x5f, 0x60, 0xd0, + 0x9d, 0x5a, 0x72, 0x5a, 0x19, 0xc7, 0x95, 0x4c, 0xe2, 0x3e, 0xfb, 0x31, 0x28, 0x4b, 0xe8, 0x81, + 0x94, 0xba, 0xcf, 0xc2, 0xa9, 0xec, 0x6d, 0x8d, 0xe2, 0xac, 0xb9, 0x11, 0x85, 0xed, 0x56, 0xd6, + 0x90, 0x64, 0xb7, 0xf9, 0x61, 0x0e, 0xa3, 0xe6, 0xd8, 0xa6, 0x17, 0xd4, 0xb2, 0x86, 0xe4, 0x35, + 0x2f, 0xa8, 0x61, 0x06, 0xe9, 0xe3, 0x56, 0xaa, 0x7f, 0x6a, 0xc1, 0xf9, 0xfd, 0x2e, 0x95, 0x44, + 0x4f, 0xc2, 0xc0, 0x5d, 0x27, 0x92, 0xa5, 0x3f, 0x99, 0xa0, 0xbc, 0xe5, 0x44, 0x01, 0x66, 0xad, + 0x68, 0x07, 0x06, 0x79, 0xfe, 0xaf, 0xd0, 0xd6, 0x5f, 0xcd, 0xf7, 0x8a, 0xcb, 0x6b, 0xc4, 0x30, + 0x17, 0x78, 0xee, 0x31, 0x16, 0x0c, 0xed, 0xef, 0x59, 0x80, 0x96, 0xb7, 0x48, 0x14, 0x79, 0x35, + 0x23, 0x63, 0x19, 0xbd, 0x08, 0x23, 0xb7, 0x57, 0x97, 0xaf, 0xaf, 0x84, 0x5e, 0xc0, 0x2a, 0x18, + 0x18, 0x49, 0x5a, 0x57, 0x8d, 0x76, 0x9c, 0xc2, 0x42, 0xb3, 0x30, 0x7e, 0xfb, 0x0e, 0x35, 0x7e, + 0xcd, 0xa2, 0xe0, 0x05, 0x7d, 0xdc, 0x79, 0xf5, 0xd5, 0x0c, 0x10, 0x77, 0xe2, 0xa3, 0x65, 0x38, + 0xd3, 0xe4, 0xe6, 0x06, 0xaf, 0xe5, 0xcb, 0x6d, 0x0f, 0x95, 0xa3, 0xf1, 0xc4, 0xde, 0xee, 0xe4, + 0x99, 0xa5, 0x6e, 0x08, 0xb8, 0xfb, 0x73, 0xf6, 0xbb, 0x05, 0x18, 0x36, 0x2e, 0x66, 0xed, 0xc3, + 0x06, 0xcf, 0x64, 0x9d, 0x14, 0xfa, 0xcc, 0x3a, 0x79, 0x16, 0xca, 0xad, 0xd0, 0xf7, 0x5c, 0x4f, + 0xd5, 0xa4, 0x61, 0xa5, 0x13, 0x57, 0x44, 0x1b, 0x56, 0x50, 0x74, 0x17, 0x2a, 0xea, 0xb2, 0x42, + 0x91, 0x38, 0x9b, 0xd7, 0xf9, 0x8e, 0x92, 0x54, 0xfa, 0x12, 0x42, 0xcd, 0x0b, 0xd9, 0x30, 0xc8, + 0x66, 0xbe, 0x0c, 0xa1, 0x63, 0x29, 0x48, 0x6c, 0x49, 0xc4, 0x58, 0x40, 0xec, 0x2f, 0x0c, 0xc1, + 0xe9, 0x6e, 0xe5, 0xfe, 0xd0, 0x67, 0x60, 0x90, 0xf7, 0x31, 0x9f, 0x8a, 0xb2, 0xdd, 0x78, 0xcc, + 0x33, 0x82, 0xa2, 0x5b, 0xec, 0x37, 0x16, 0x3c, 0x05, 0x77, 0xdf, 0x59, 0x17, 0x3a, 0xd3, 0xf1, + 0x70, 0x5f, 0x74, 0x34, 0xf7, 0x45, 0x87, 0x73, 0xf7, 0x9d, 0x75, 0xb4, 0x0d, 0xa5, 0x86, 0x97, + 0x10, 0x47, 0x58, 0x0e, 0xb7, 0x8e, 0x85, 0x39, 0x71, 0xb8, 0x68, 0x66, 0x3f, 0x31, 0x67, 0x88, + 0xbe, 0x69, 0xc1, 0x89, 0xf5, 0x74, 0x46, 0x97, 0xd8, 0x42, 0x9d, 0x63, 0x28, 0xe9, 0x98, 0x66, + 0xc4, 0xab, 0x6d, 0x67, 0x1a, 0x71, 0xb6, 0x3b, 0xe8, 0x17, 0x2c, 0x18, 0xaa, 0x7b, 0xbe, 0x51, + 0xaf, 0xec, 0x18, 0x3e, 0xce, 0x65, 0xc6, 0x40, 0xab, 0x19, 0xfc, 0x7f, 0x8c, 0x25, 0xe7, 0x5e, + 0xee, 0xe3, 0xc1, 0xa3, 0xba, 0x8f, 0x87, 0x1e, 0x92, 0xad, 0xf8, 0x2b, 0x05, 0x78, 0xba, 0x8f, + 0x6f, 0x64, 0x26, 0xe1, 0x58, 0xfb, 0x24, 0xe1, 0x9c, 0x87, 0x81, 0x88, 0xb4, 0xc2, 0xec, 0x7e, + 0xc7, 0x22, 0xd5, 0x18, 0x04, 0x3d, 0x05, 0x45, 0xa7, 0xe5, 0x89, 0xed, 0x4e, 0x6d, 0xd2, 0x33, + 0x2b, 0x0b, 0x98, 0xb6, 0xd3, 0x2f, 0x5d, 0x59, 0x97, 0x79, 0x86, 0xf9, 0x54, 0xbe, 0xef, 0x95, + 0xb6, 0xc8, 0xad, 0x37, 0x05, 0xc5, 0x9a, 0xaf, 0xfd, 0xd7, 0x2c, 0x38, 0xdb, 0x7b, 0x8a, 0xa0, + 0x17, 0x60, 0x78, 0x3d, 0x72, 0x02, 0x77, 0x83, 0x5d, 0x13, 0x21, 0x07, 0x85, 0xe5, 0x5e, 0xe8, + 0x66, 0x6c, 0xe2, 0xd0, 0x9d, 0x8b, 0x97, 0x06, 0x35, 0x30, 0x64, 0xa8, 0x35, 0xdd, 0xb9, 0xd6, + 0xb2, 0x40, 0xdc, 0x89, 0x6f, 0xff, 0x61, 0xa1, 0x7b, 0xb7, 0xb8, 0x28, 0x39, 0xc8, 0x77, 0x12, + 0x5f, 0xa1, 0xd0, 0xe3, 0x2b, 0xdc, 0x81, 0x72, 0xc2, 0xf2, 0x47, 0x48, 0x5d, 0xc8, 0xa3, 0xdc, + 0xf2, 0x33, 0xd9, 0x8e, 0xb5, 0x26, 0x88, 0x63, 0xc5, 0x86, 0x6e, 0x1c, 0xbe, 0x2e, 0x98, 0x26, + 0x36, 0x8e, 0xcc, 0xd1, 0xe3, 0x1c, 0x9c, 0x34, 0xea, 0xbf, 0xf2, 0xf0, 0x79, 0xee, 0x41, 0x57, + 0x39, 0x65, 0x2b, 0x19, 0x38, 0xee, 0x78, 0xc2, 0xfe, 0x8d, 0x02, 0x3c, 0xd1, 0x53, 0x3e, 0x6a, + 0x37, 0xbf, 0x75, 0x1f, 0x37, 0xff, 0x91, 0xa7, 0xb9, 0x39, 0xc0, 0x03, 0x0f, 0x66, 0x80, 0x9f, + 0x83, 0xb2, 0x17, 0xc4, 0xc4, 0x6d, 0x47, 0x7c, 0xd0, 0x8c, 0x60, 0xd2, 0x05, 0xd1, 0x8e, 0x15, + 0x86, 0xfd, 0xc7, 0xbd, 0xa7, 0x1a, 0xdd, 0x2b, 0x7f, 0x68, 0x47, 0xe9, 0x65, 0x18, 0x75, 0x5a, + 0x2d, 0x8e, 0xc7, 0x5c, 0xaa, 0x99, 0x2c, 0xd1, 0x19, 0x13, 0x88, 0xd3, 0xb8, 0xc6, 0x1c, 0x1e, + 0xec, 0x35, 0x87, 0xed, 0x3f, 0xb3, 0xa0, 0x82, 0x49, 0x9d, 0xaf, 0x77, 0x74, 0x5b, 0x0c, 0x91, + 0x95, 0x47, 0xf9, 0x16, 0x3a, 0xb0, 0xb1, 0xc7, 0xca, 0x9a, 0x74, 0x1b, 0xec, 0xce, 0x5a, 0xc6, + 0x85, 0x03, 0xd5, 0x32, 0x56, 0xd5, 0x6c, 0x8b, 0xbd, 0xab, 0xd9, 0xda, 0xef, 0x0e, 0xd1, 0xd7, + 0x6b, 0x85, 0xb3, 0x11, 0xa9, 0xc5, 0xf4, 0xfb, 0xb6, 0x23, 0x3f, 0x7b, 0x9f, 0xec, 0x0d, 0xbc, + 0x88, 0x69, 0x7b, 0xea, 0xdc, 0xa4, 0x70, 0xa0, 0x1c, 0xb9, 0xe2, 0xbe, 0x39, 0x72, 0x2f, 0xc3, + 0x68, 0x1c, 0x6f, 0xac, 0x44, 0xde, 0x96, 0x93, 0x50, 0x03, 0x45, 0x44, 0xe4, 0xe8, 0xbc, 0x96, + 0xd5, 0x2b, 0x1a, 0x88, 0xd3, 0xb8, 0x68, 0x1e, 0xc6, 0x75, 0xa6, 0x1a, 0x89, 0x12, 0x16, 0x80, + 0xc3, 0x67, 0x82, 0x4a, 0x2b, 0xd1, 0xb9, 0x6d, 0x02, 0x01, 0x77, 0x3e, 0x43, 0x25, 0x56, 0xaa, + 0x91, 0x76, 0x64, 0x30, 0x2d, 0xb1, 0x52, 0x74, 0x68, 0x5f, 0x3a, 0x9e, 0x40, 0x4b, 0x70, 0x8a, + 0x4f, 0x0c, 0x76, 0x81, 0xb9, 0x7a, 0xa3, 0xa1, 0x74, 0xd9, 0x8c, 0xf9, 0x4e, 0x14, 0xdc, 0xed, + 0x39, 0x6a, 0x7d, 0xa8, 0xe6, 0x85, 0x39, 0x61, 0xf2, 0x2b, 0xeb, 0x43, 0x91, 0x59, 0xa8, 0x61, + 0x13, 0x0f, 0x7d, 0x12, 0x1e, 0xd7, 0x7f, 0x79, 0x94, 0x26, 0x3f, 0x07, 0x9b, 0x13, 0x49, 0xc0, + 0xaa, 0x76, 0xea, 0x7c, 0x57, 0xb4, 0x1a, 0xee, 0xf5, 0x3c, 0x5a, 0x87, 0xb3, 0x0a, 0x74, 0x89, + 0x9a, 0x7a, 0xad, 0xc8, 0x8b, 0x49, 0xd5, 0x89, 0xc9, 0x8d, 0xc8, 0x67, 0x69, 0xc3, 0x15, 0x7d, + 0x09, 0xc4, 0xbc, 0x97, 0x5c, 0xe9, 0x86, 0x89, 0x17, 0xf1, 0x7d, 0xa8, 0xa0, 0x69, 0xa8, 0x90, + 0xc0, 0x59, 0xf7, 0xc9, 0xf2, 0xec, 0x02, 0x4b, 0x26, 0x36, 0x8e, 0xdd, 0x2e, 0x49, 0x00, 0xd6, + 0x38, 0xca, 0x09, 0x3c, 0xd2, 0xf3, 0xd2, 0x90, 0x15, 0x38, 0xdd, 0x70, 0x5b, 0x54, 0x9b, 0xf0, + 0x5c, 0x32, 0xe3, 0x32, 0x47, 0x28, 0xfd, 0x30, 0xbc, 0x9e, 0x89, 0x8a, 0x70, 0x98, 0x9f, 0x5d, + 0xe9, 0xc0, 0xc1, 0x5d, 0x9f, 0xa4, 0x6b, 0xac, 0x15, 0x85, 0xdb, 0x3b, 0x13, 0xa7, 0xd2, 0x6b, + 0x6c, 0x85, 0x36, 0x62, 0x0e, 0x43, 0x57, 0x01, 0xb1, 0x70, 0x99, 0x2b, 0x49, 0xd2, 0x52, 0xea, + 0xcb, 0xc4, 0x69, 0xf6, 0x4a, 0x67, 0xc5, 0x13, 0xe8, 0x72, 0x07, 0x06, 0xee, 0xf2, 0x94, 0xfd, + 0xa7, 0x16, 0x8c, 0xaa, 0xf5, 0xfa, 0x00, 0x02, 0xc6, 0xfc, 0x74, 0xc0, 0xd8, 0xfc, 0xd1, 0x25, + 0x1e, 0xeb, 0x79, 0x8f, 0xa8, 0x83, 0x2f, 0x0c, 0x03, 0x68, 0xa9, 0xa8, 0x36, 0x24, 0xab, 0xe7, + 0x86, 0xf4, 0xc8, 0x4a, 0xa4, 0x6e, 0x99, 0x83, 0xa5, 0x87, 0x9b, 0x39, 0xb8, 0x0a, 0x67, 0xa4, + 0xba, 0xc0, 0x0f, 0x76, 0xae, 0x84, 0xb1, 0x12, 0x70, 0xe5, 0xea, 0x53, 0x82, 0xd0, 0x99, 0x85, + 0x6e, 0x48, 0xb8, 0xfb, 0xb3, 0x29, 0x2d, 0x65, 0x68, 0x3f, 0x2d, 0x45, 0xaf, 0xe9, 0xc5, 0xba, + 0xac, 0xc4, 0x9a, 0x59, 0xd3, 0x8b, 0x97, 0x57, 0xb1, 0xc6, 0xe9, 0x2e, 0xd8, 0x2b, 0x39, 0x09, + 0x76, 0x38, 0xb0, 0x60, 0x97, 0x22, 0x66, 0xb8, 0xa7, 0x88, 0x91, 0x67, 0x49, 0x23, 0x3d, 0xcf, + 0x92, 0x5e, 0x81, 0x31, 0x2f, 0xd8, 0x20, 0x91, 0x97, 0x90, 0x1a, 0x5b, 0x0b, 0x4c, 0xfc, 0x94, + 0xf5, 0xb6, 0xbe, 0x90, 0x82, 0xe2, 0x0c, 0x76, 0x5a, 0x2e, 0x8e, 0xf5, 0x21, 0x17, 0x7b, 0xec, + 0x46, 0x27, 0xf2, 0xd9, 0x8d, 0x4e, 0x1e, 0x7d, 0x37, 0x1a, 0x3f, 0xd6, 0xdd, 0x08, 0xe5, 0xb2, + 0x1b, 0xf5, 0x25, 0xe8, 0x0d, 0x83, 0xee, 0xf4, 0x3e, 0x06, 0x5d, 0xaf, 0xad, 0xe8, 0xcc, 0xa1, + 0xb7, 0xa2, 0xee, 0xbb, 0xcc, 0x63, 0x87, 0xda, 0x65, 0xbe, 0x58, 0x80, 0x33, 0x5a, 0x0e, 0xd3, + 0xd9, 0xef, 0xd5, 0xa9, 0x24, 0x62, 0xc5, 0xbc, 0x79, 0xec, 0x8f, 0x11, 0xbf, 0xa8, 0x43, 0x21, + 0x15, 0x04, 0x1b, 0x58, 0x2c, 0x0c, 0x90, 0x44, 0xac, 0x6a, 0x53, 0x56, 0x48, 0xcf, 0x8a, 0x76, + 0xac, 0x30, 0xe8, 0xfc, 0xa2, 0xbf, 0x45, 0x68, 0x75, 0xb6, 0x58, 0xc2, 0xac, 0x06, 0x61, 0x13, + 0x0f, 0x3d, 0xcb, 0x99, 0x30, 0x01, 0x41, 0x05, 0xf5, 0x88, 0xb8, 0xa6, 0x46, 0xca, 0x04, 0x05, + 0x95, 0xdd, 0x61, 0xf1, 0x9e, 0xa5, 0xce, 0xee, 0x30, 0x7f, 0xa5, 0xc2, 0xb0, 0xff, 0xa7, 0x05, + 0x4f, 0x74, 0x1d, 0x8a, 0x07, 0xb0, 0xf9, 0x6e, 0xa7, 0x37, 0xdf, 0xd5, 0xbc, 0xcc, 0x0d, 0xe3, + 0x2d, 0x7a, 0x6c, 0xc4, 0xff, 0xce, 0x82, 0x31, 0x8d, 0xff, 0x00, 0x5e, 0xd5, 0x4b, 0xbf, 0x6a, + 0x7e, 0x96, 0x55, 0xa5, 0xe3, 0xdd, 0xfe, 0x94, 0xbd, 0x1b, 0xf7, 0x84, 0xcc, 0xb8, 0xb2, 0x3c, + 0xd4, 0x3e, 0x1e, 0x80, 0x1d, 0x18, 0x64, 0x95, 0x93, 0xe3, 0x7c, 0x3c, 0x32, 0x69, 0xfe, 0x2c, + 0x90, 0x5b, 0x7b, 0x64, 0xd8, 0xdf, 0x18, 0x0b, 0x86, 0xac, 0xa6, 0x98, 0x17, 0x53, 0x69, 0x5e, + 0x13, 0x91, 0x93, 0xba, 0xa6, 0x98, 0x68, 0xc7, 0x0a, 0xc3, 0x6e, 0xc2, 0x44, 0x9a, 0xf8, 0x1c, + 0xa9, 0x33, 0x2f, 0x7f, 0x5f, 0xaf, 0x39, 0x0d, 0x15, 0x87, 0x3d, 0xb5, 0xd8, 0x76, 0xb2, 0x37, + 0x9b, 0xcd, 0x48, 0x00, 0xd6, 0x38, 0xf6, 0xef, 0x58, 0x70, 0xaa, 0xcb, 0xcb, 0xe4, 0x18, 0x31, + 0x9a, 0x68, 0x29, 0xd0, 0x6d, 0xc3, 0xfd, 0x30, 0x0c, 0xd5, 0x48, 0xdd, 0x91, 0x7e, 0x64, 0x43, + 0xe6, 0xce, 0xf1, 0x66, 0x2c, 0xe1, 0xf6, 0x7f, 0xb3, 0xe0, 0x44, 0xba, 0xaf, 0x31, 0x95, 0x9a, + 0xfc, 0x65, 0xe6, 0xbc, 0xd8, 0x0d, 0xb7, 0x48, 0xb4, 0x43, 0xdf, 0x9c, 0xf7, 0x5a, 0x49, 0xcd, + 0x99, 0x0e, 0x0c, 0xdc, 0xe5, 0x29, 0x56, 0x56, 0xa8, 0xa6, 0x46, 0x5b, 0xce, 0x94, 0x9b, 0x79, + 0xce, 0x14, 0xfd, 0x31, 0x4d, 0xf7, 0x93, 0x62, 0x89, 0x4d, 0xfe, 0xf6, 0xf7, 0x06, 0x40, 0x85, + 0x94, 0x33, 0x27, 0x5e, 0x4e, 0x2e, 0xd0, 0x54, 0x11, 0xfc, 0x62, 0x1f, 0x45, 0xf0, 0xe5, 0x64, + 0x18, 0xb8, 0x9f, 0x83, 0x8d, 0x9f, 0x5e, 0x98, 0x87, 0x84, 0xea, 0x0d, 0xd7, 0x34, 0x08, 0x9b, + 0x78, 0xb4, 0x27, 0xbe, 0xb7, 0x45, 0xf8, 0x43, 0x83, 0xe9, 0x9e, 0x2c, 0x4a, 0x00, 0xd6, 0x38, + 0xb4, 0x27, 0x35, 0xaf, 0x5e, 0x17, 0xa6, 0xb8, 0xea, 0x09, 0x1d, 0x1d, 0xcc, 0x20, 0xbc, 0x52, + 0x5c, 0xb8, 0x29, 0xb4, 0x53, 0xa3, 0x52, 0x5c, 0xb8, 0x89, 0x19, 0x84, 0xea, 0x53, 0x41, 0x18, + 0x35, 0xd9, 0xcd, 0x73, 0x35, 0xc5, 0x45, 0x68, 0xa5, 0x4a, 0x9f, 0xba, 0xde, 0x89, 0x82, 0xbb, + 0x3d, 0x47, 0x67, 0x60, 0x2b, 0x22, 0x35, 0xcf, 0x4d, 0x4c, 0x6a, 0x90, 0x9e, 0x81, 0x2b, 0x1d, + 0x18, 0xb8, 0xcb, 0x53, 0x68, 0x06, 0x4e, 0xc8, 0x94, 0x00, 0x99, 0xf0, 0x39, 0x9c, 0x4e, 0x30, + 0xc3, 0x69, 0x30, 0xce, 0xe2, 0x53, 0x69, 0xd3, 0x14, 0xb9, 0xde, 0x4c, 0x89, 0x35, 0xa4, 0x8d, + 0xcc, 0x01, 0xc7, 0x0a, 0xc3, 0xfe, 0x7c, 0x91, 0xee, 0x8e, 0x3d, 0xea, 0x5b, 0x3f, 0x30, 0x97, + 0x7b, 0x7a, 0x46, 0x0e, 0xf4, 0x31, 0x23, 0x5f, 0x84, 0x91, 0xdb, 0x71, 0x18, 0x28, 0x77, 0x76, + 0xa9, 0xa7, 0x3b, 0xdb, 0xc0, 0xea, 0xee, 0xce, 0x1e, 0xcc, 0xcb, 0x9d, 0x3d, 0x74, 0x48, 0x77, + 0xf6, 0xb7, 0x4b, 0xa0, 0x2a, 0xc4, 0x5e, 0x27, 0xc9, 0xdd, 0x30, 0xda, 0xf4, 0x82, 0x06, 0x4b, + 0xa5, 0xf8, 0xa6, 0x05, 0x23, 0x7c, 0xbd, 0x2c, 0x9a, 0xe1, 0xc8, 0xf5, 0x9c, 0x4a, 0x8f, 0xa6, + 0x98, 0x4d, 0xad, 0x19, 0x8c, 0x32, 0x17, 0x9b, 0x98, 0x20, 0x9c, 0xea, 0x11, 0xfa, 0x59, 0x00, + 0x79, 0x6e, 0x59, 0x97, 0x22, 0x73, 0x21, 0x9f, 0xfe, 0x61, 0x52, 0xd7, 0xba, 0xe9, 0x9a, 0x62, + 0x82, 0x0d, 0x86, 0xe8, 0x8b, 0xd9, 0x9b, 0x39, 0x3f, 0x7d, 0x2c, 0x63, 0xd3, 0x4f, 0xa0, 0x36, + 0x86, 0x21, 0x2f, 0x68, 0xd0, 0x79, 0x22, 0x22, 0x00, 0x3e, 0xd4, 0x2d, 0x0d, 0x69, 0x31, 0x74, + 0x6a, 0x55, 0xc7, 0x77, 0x02, 0x97, 0x44, 0x0b, 0x1c, 0xdd, 0xbc, 0x69, 0x8b, 0x35, 0x60, 0x49, + 0xa8, 0xa3, 0xb6, 0x6e, 0xa9, 0x9f, 0xda, 0xba, 0x67, 0x3f, 0x0e, 0xe3, 0x1d, 0x1f, 0xf3, 0x40, + 0x71, 0xd9, 0x87, 0x0f, 0xe9, 0xb6, 0xff, 0xf9, 0xa0, 0xde, 0xb4, 0xae, 0x87, 0x35, 0x5e, 0xe1, + 0x35, 0xd2, 0x5f, 0x54, 0xe8, 0x9e, 0x39, 0x4e, 0x11, 0xe3, 0xb6, 0x2e, 0xd5, 0x88, 0x4d, 0x96, + 0x74, 0x8e, 0xb6, 0x9c, 0x88, 0x04, 0xc7, 0x3d, 0x47, 0x57, 0x14, 0x13, 0x6c, 0x30, 0x44, 0x1b, + 0xa9, 0xc0, 0xcc, 0xcb, 0x47, 0x0f, 0xcc, 0x64, 0x09, 0xda, 0xdd, 0xaa, 0x44, 0x7e, 0xcd, 0x82, + 0xb1, 0x20, 0x35, 0x73, 0x85, 0x1f, 0x67, 0xed, 0x38, 0x56, 0x05, 0x2f, 0x30, 0x9e, 0x6e, 0xc3, + 0x19, 0xfe, 0xdd, 0xb6, 0xb4, 0xd2, 0x01, 0xb7, 0x34, 0x5d, 0x2a, 0x7a, 0xb0, 0x57, 0xa9, 0x68, + 0x14, 0xa8, 0x5a, 0xf9, 0x43, 0xb9, 0xd7, 0xca, 0x87, 0x2e, 0x75, 0xf2, 0x6f, 0x41, 0xc5, 0x8d, + 0x88, 0x93, 0x1c, 0xb2, 0x6c, 0x3a, 0x73, 0x85, 0xcf, 0x4a, 0x02, 0x58, 0xd3, 0xb2, 0xff, 0x6d, + 0x11, 0x4e, 0xca, 0x11, 0x91, 0x71, 0x5c, 0x74, 0x7f, 0xe4, 0x7c, 0xb5, 0x72, 0xab, 0xf6, 0xc7, + 0x2b, 0x12, 0x80, 0x35, 0x0e, 0xd5, 0xc7, 0xda, 0x31, 0x59, 0x6e, 0x91, 0x60, 0xd1, 0x5b, 0x8f, + 0x85, 0xff, 0x51, 0x2d, 0x94, 0x1b, 0x1a, 0x84, 0x4d, 0x3c, 0xaa, 0x8c, 0x73, 0xbd, 0x38, 0xce, + 0xc6, 0x80, 0x0a, 0x7d, 0x1b, 0x4b, 0x38, 0xfa, 0xd5, 0xae, 0x17, 0x6e, 0xe4, 0x13, 0xfd, 0xdc, + 0x11, 0xbe, 0x76, 0xc0, 0x9b, 0x36, 0xde, 0xb6, 0xe0, 0xc4, 0x66, 0x2a, 0x0d, 0x4d, 0x8a, 0xe4, + 0x23, 0x26, 0x4c, 0xa7, 0x73, 0xdb, 0xf4, 0x14, 0x4e, 0xb7, 0xc7, 0x38, 0xcb, 0xdd, 0xfe, 0xef, + 0x16, 0x98, 0xe2, 0xa9, 0x3f, 0xcd, 0xca, 0xb8, 0x33, 0xac, 0xb0, 0xcf, 0x9d, 0x61, 0x52, 0x09, + 0x2b, 0xf6, 0xa7, 0xf4, 0x0f, 0x1c, 0x40, 0xe9, 0x2f, 0xf5, 0xd4, 0xda, 0x9e, 0x82, 0x62, 0xdb, + 0xab, 0x09, 0xbd, 0x5d, 0x7b, 0x1b, 0x17, 0xe6, 0x30, 0x6d, 0xb7, 0xff, 0x71, 0x49, 0xdb, 0xe9, + 0x22, 0x68, 0xf7, 0x87, 0xe2, 0xb5, 0xeb, 0x2a, 0xff, 0x9d, 0xbf, 0xf9, 0xf5, 0x8e, 0xfc, 0xf7, + 0x9f, 0x38, 0x78, 0x4c, 0x36, 0x1f, 0xa0, 0x5e, 0xe9, 0xef, 0x43, 0xfb, 0x04, 0x64, 0xdf, 0x86, + 0x32, 0x35, 0x6d, 0xd8, 0x81, 0x5b, 0x39, 0xd5, 0xa9, 0xf2, 0x15, 0xd1, 0x7e, 0x6f, 0x77, 0xf2, + 0xc7, 0x0f, 0xde, 0x2d, 0xf9, 0x34, 0x56, 0xf4, 0x51, 0x0c, 0x15, 0xfa, 0x9b, 0xc5, 0x8e, 0x0b, + 0xa3, 0xe9, 0x86, 0x92, 0x45, 0x12, 0x90, 0x4b, 0x60, 0xba, 0xe6, 0x83, 0x02, 0xa8, 0xb0, 0xcb, + 0x7e, 0x18, 0x53, 0x6e, 0x5b, 0xad, 0xa8, 0x08, 0x6e, 0x09, 0xb8, 0xb7, 0x3b, 0xf9, 0xf2, 0xc1, + 0x99, 0xaa, 0xc7, 0xb1, 0x66, 0x61, 0xbf, 0x33, 0xa0, 0xe7, 0xae, 0x28, 0x7b, 0xf0, 0x43, 0x31, + 0x77, 0x2f, 0x66, 0xe6, 0xee, 0xf9, 0x8e, 0xb9, 0x3b, 0xa6, 0x2f, 0xa5, 0x49, 0xcd, 0xc6, 0x07, + 0xbd, 0xc1, 0xee, 0x6f, 0xc7, 0x33, 0xcd, 0xe2, 0x4e, 0xdb, 0x8b, 0x48, 0xbc, 0x12, 0xb5, 0x03, + 0x2f, 0x68, 0x88, 0x7b, 0x40, 0x0d, 0xcd, 0x22, 0x05, 0xc6, 0x59, 0x7c, 0x76, 0x87, 0xe8, 0x4e, + 0xe0, 0xde, 0x72, 0xb6, 0xf8, 0xac, 0x32, 0x32, 0xc1, 0x57, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0xbb, + 0xcc, 0x77, 0x6b, 0x24, 0xad, 0xd0, 0x39, 0xe1, 0xb3, 0xdb, 0x95, 0x78, 0x1a, 0xb9, 0x9a, 0x13, + 0xfc, 0x4a, 0x25, 0x0e, 0x43, 0x77, 0x61, 0x68, 0x9d, 0x5f, 0x2f, 0x90, 0x4f, 0xc9, 0x3c, 0x71, + 0x57, 0x01, 0xab, 0x6a, 0x2b, 0x2f, 0x2e, 0xb8, 0xa7, 0x7f, 0x62, 0xc9, 0xcd, 0x7e, 0x6f, 0x00, + 0x4e, 0x64, 0xee, 0xdf, 0x49, 0x15, 0xf0, 0x29, 0xec, 0x5b, 0xc0, 0xe7, 0x53, 0x00, 0x35, 0xd2, + 0xf2, 0xc3, 0x1d, 0xa6, 0xe6, 0x0c, 0x1c, 0x58, 0xcd, 0x51, 0x9a, 0xf1, 0x9c, 0xa2, 0x82, 0x0d, + 0x8a, 0x22, 0x77, 0x9e, 0xd7, 0x03, 0xca, 0xe4, 0xce, 0x1b, 0x55, 0x2b, 0x07, 0x1f, 0x6c, 0xd5, + 0x4a, 0x0f, 0x4e, 0xf0, 0x2e, 0xaa, 0xd4, 0x90, 0x43, 0x64, 0x80, 0xb0, 0x38, 0xdb, 0xb9, 0x34, + 0x19, 0x9c, 0xa5, 0xfb, 0x30, 0xaf, 0xd7, 0x42, 0x1f, 0x81, 0x8a, 0xfc, 0xce, 0xf1, 0x44, 0x45, + 0xa7, 0xd7, 0xc9, 0x69, 0xc0, 0xae, 0xbd, 0x12, 0x3f, 0xed, 0xaf, 0x16, 0xa8, 0x56, 0xca, 0xff, + 0xa9, 0x34, 0xe9, 0x67, 0x60, 0xd0, 0x69, 0x27, 0x1b, 0x61, 0xc7, 0x9d, 0x09, 0x33, 0xac, 0x15, + 0x0b, 0x28, 0x5a, 0x84, 0x81, 0x9a, 0x4e, 0x7d, 0x3d, 0xc8, 0x28, 0xea, 0x03, 0x3e, 0x27, 0x21, + 0x98, 0x51, 0x41, 0x4f, 0xc2, 0x40, 0xe2, 0x34, 0x52, 0x77, 0xd9, 0xae, 0x39, 0x8d, 0x18, 0xb3, + 0x56, 0x73, 0xd3, 0x1c, 0xd8, 0x67, 0xd3, 0x7c, 0x19, 0x46, 0x63, 0xaf, 0x11, 0x38, 0x49, 0x3b, + 0x22, 0x86, 0x33, 0x49, 0xc7, 0x07, 0x98, 0x40, 0x9c, 0xc6, 0xb5, 0x7f, 0x7f, 0x04, 0x4e, 0xaf, + 0xce, 0x2e, 0xc9, 0x32, 0x6e, 0xc7, 0x16, 0x53, 0xdf, 0x8d, 0xc7, 0x83, 0x8b, 0xa9, 0xef, 0xc1, + 0xdd, 0x37, 0x62, 0xea, 0x7d, 0x23, 0xa6, 0xfe, 0x8b, 0x16, 0x54, 0x54, 0x28, 0xb9, 0x08, 0x64, + 0x7d, 0x3d, 0xff, 0x1e, 0xa8, 0xb8, 0x62, 0x11, 0x51, 0x2c, 0xff, 0x62, 0xcd, 0xfc, 0xf8, 0x82, + 0xec, 0xef, 0xdb, 0xa1, 0x03, 0x05, 0xd9, 0xab, 0x0c, 0x84, 0x52, 0x1e, 0x19, 0x08, 0x3d, 0x3e, + 0x55, 0xd7, 0x0c, 0x84, 0xaf, 0x59, 0x30, 0xec, 0xbc, 0xd5, 0x8e, 0xc8, 0x1c, 0xd9, 0x5a, 0x6e, + 0xc5, 0x42, 0xc0, 0xbe, 0x91, 0x7f, 0x07, 0x66, 0x34, 0x13, 0x51, 0xdc, 0x59, 0x37, 0x60, 0xb3, + 0x0b, 0xa9, 0x8c, 0x83, 0xa1, 0x3c, 0x32, 0x0e, 0xba, 0x75, 0x67, 0xdf, 0x8c, 0x83, 0x97, 0x61, + 0xd4, 0xf5, 0xc3, 0x80, 0xac, 0x44, 0x61, 0x12, 0xba, 0xa1, 0x2f, 0x94, 0x69, 0x25, 0x12, 0x66, + 0x4d, 0x20, 0x4e, 0xe3, 0xf6, 0x4a, 0x57, 0xa8, 0x1c, 0x35, 0x5d, 0x01, 0x1e, 0x52, 0x71, 0x8d, + 0x5f, 0xd2, 0x65, 0x46, 0x87, 0xf3, 0xb8, 0xef, 0xb6, 0xdb, 0x17, 0xe9, 0xa7, 0x66, 0x1d, 0xfa, + 0x06, 0xbf, 0xb4, 0x80, 0xaa, 0xa3, 0xb3, 0x61, 0x93, 0xaa, 0x5b, 0x23, 0x6c, 0x48, 0xde, 0x3c, + 0x86, 0x09, 0x7b, 0x6b, 0x55, 0xb3, 0x51, 0x17, 0x19, 0xe8, 0x26, 0x9c, 0xee, 0xc8, 0x51, 0xca, + 0xe9, 0xfd, 0x5a, 0x01, 0x7e, 0x64, 0xdf, 0x2e, 0xa0, 0xbb, 0x00, 0x89, 0xd3, 0x10, 0x13, 0x55, + 0x1c, 0xff, 0x1f, 0x31, 0x88, 0x6f, 0x4d, 0xd2, 0xe3, 0x69, 0xaa, 0xea, 0x2f, 0x3b, 0x58, 0x97, + 0xbf, 0x59, 0xec, 0x5e, 0xe8, 0x77, 0x94, 0xe4, 0xc1, 0xa1, 0x4f, 0x30, 0x83, 0xd0, 0xed, 0x3f, + 0x22, 0x0d, 0x7d, 0xa9, 0x95, 0xfa, 0x7c, 0x98, 0xb5, 0x62, 0x01, 0x45, 0x2f, 0xc1, 0xb0, 0xe3, + 0xfb, 0x3c, 0xaf, 0x82, 0xc4, 0xa2, 0xb0, 0xb2, 0x2e, 0x2b, 0xa2, 0x41, 0xd8, 0xc4, 0xb3, 0xff, + 0xa2, 0x00, 0x93, 0xfb, 0xc8, 0x14, 0x74, 0x11, 0x46, 0xc2, 0xa8, 0xe1, 0x04, 0xde, 0x5b, 0x3c, + 0x33, 0xbb, 0x94, 0xae, 0xff, 0xb2, 0x6c, 0xc0, 0x70, 0x0a, 0x53, 0x46, 0xc2, 0x0f, 0xf6, 0x88, + 0x84, 0x7f, 0x09, 0x86, 0x13, 0xe2, 0x34, 0x45, 0xd8, 0x8f, 0xb0, 0xbf, 0xb5, 0x3f, 0x53, 0x83, + 0xb0, 0x89, 0x47, 0xa5, 0xd8, 0x98, 0xe3, 0xba, 0x24, 0x8e, 0x65, 0xa8, 0xbb, 0x38, 0x1b, 0xcc, + 0x2d, 0x8e, 0x9e, 0x1d, 0xb9, 0xce, 0xa4, 0x58, 0xe0, 0x0c, 0xcb, 0xec, 0x80, 0x57, 0xfa, 0x1c, + 0xf0, 0xdf, 0x2c, 0xc0, 0x53, 0xf7, 0xdd, 0xdd, 0xfa, 0xce, 0x42, 0x68, 0xc7, 0x24, 0xca, 0x4e, + 0x9c, 0x1b, 0x31, 0x89, 0x30, 0x83, 0xf0, 0x51, 0x6a, 0xb5, 0x8c, 0x4b, 0xc3, 0xf2, 0x4e, 0x7a, + 0xe1, 0xa3, 0x94, 0x62, 0x81, 0x33, 0x2c, 0x0f, 0x3b, 0x2d, 0xff, 0x5e, 0x01, 0x9e, 0xee, 0x43, + 0x07, 0xc8, 0x31, 0x39, 0x28, 0x9d, 0xa2, 0x55, 0x7c, 0x38, 0x29, 0x5a, 0x87, 0x1d, 0xae, 0x77, + 0x0b, 0x70, 0xb6, 0xf7, 0x56, 0x8c, 0x7e, 0x92, 0xda, 0xf0, 0x32, 0xd6, 0xc7, 0xcc, 0xee, 0x3a, + 0xc5, 0xed, 0xf7, 0x14, 0x08, 0x67, 0x71, 0xd1, 0x14, 0x40, 0xcb, 0x49, 0x36, 0xe2, 0x4b, 0xdb, + 0x5e, 0x9c, 0x88, 0xc4, 0xe4, 0x31, 0xee, 0x89, 0x91, 0xad, 0xd8, 0xc0, 0xa0, 0xec, 0xd8, 0xbf, + 0xb9, 0xf0, 0x7a, 0x98, 0xf0, 0x87, 0xb8, 0x19, 0x71, 0x4a, 0x16, 0x6f, 0x35, 0x40, 0x38, 0x8b, + 0x4b, 0xd9, 0x31, 0x5f, 0x1f, 0xef, 0x28, 0xb7, 0x2f, 0x18, 0xbb, 0x45, 0xd5, 0x8a, 0x0d, 0x8c, + 0x6c, 0xde, 0x5a, 0x69, 0xff, 0xbc, 0x35, 0xfb, 0x1f, 0x15, 0xe0, 0x89, 0x9e, 0xaa, 0x5c, 0x7f, + 0x0b, 0xf0, 0xd1, 0xcb, 0x35, 0x3b, 0xdc, 0xdc, 0x39, 0x60, 0x06, 0xd5, 0x9f, 0xf5, 0x98, 0x69, + 0x22, 0x83, 0x2a, 0xbb, 0x55, 0x58, 0x07, 0xdd, 0x2a, 0x1e, 0xa1, 0xf1, 0xec, 0x48, 0x9a, 0x1a, + 0x38, 0x40, 0xd2, 0x54, 0xe6, 0x63, 0x94, 0xfa, 0x5c, 0xc8, 0xdf, 0xe9, 0x3d, 0xbc, 0xd4, 0xf4, + 0xeb, 0xeb, 0x74, 0x74, 0x0e, 0x4e, 0x7a, 0x01, 0x2b, 0xe4, 0xbd, 0xda, 0x5e, 0x17, 0x69, 0xeb, + 0x85, 0xf4, 0x1d, 0x75, 0x0b, 0x19, 0x38, 0xee, 0x78, 0xe2, 0x11, 0x4c, 0x62, 0x3b, 0xe4, 0x90, + 0x7e, 0x0a, 0x2a, 0x8a, 0x36, 0x0f, 0xcc, 0x55, 0x1f, 0xb4, 0x23, 0x30, 0x57, 0x7d, 0x4d, 0x03, + 0x8b, 0x8e, 0x04, 0x55, 0x37, 0x33, 0x33, 0xf3, 0x1a, 0xd9, 0x61, 0xba, 0xa7, 0xfd, 0x51, 0x18, + 0x51, 0x67, 0x18, 0xfd, 0x56, 0x6b, 0xb6, 0xdf, 0x19, 0x84, 0xd1, 0x54, 0x2d, 0x96, 0xd4, 0x91, + 0xa1, 0xb5, 0xef, 0x91, 0x21, 0x0b, 0xb4, 0x6e, 0x07, 0xb2, 0x94, 0xbb, 0x11, 0x68, 0xdd, 0x0e, + 0x08, 0xe6, 0x30, 0xaa, 0x3a, 0xd6, 0xa2, 0x1d, 0xdc, 0x0e, 0x44, 0x40, 0xa4, 0x52, 0x1d, 0xe7, + 0x58, 0x2b, 0x16, 0x50, 0xf4, 0x39, 0x0b, 0x46, 0x62, 0x76, 0x1e, 0xcd, 0x0f, 0x5c, 0xc5, 0x07, + 0xbd, 0x9a, 0xc7, 0xb5, 0xeb, 0xa2, 0xee, 0x10, 0x8b, 0xa5, 0x30, 0x5b, 0x70, 0x8a, 0x23, 0xfa, + 0x45, 0xcb, 0xbc, 0x70, 0x7e, 0x30, 0x8f, 0x40, 0xde, 0x6c, 0xa9, 0x1b, 0x7e, 0x52, 0x77, 0xff, + 0x7b, 0xe7, 0x63, 0x75, 0x1a, 0x3a, 0x74, 0x3c, 0xa7, 0xa1, 0xd0, 0xe5, 0x24, 0xf4, 0x23, 0x50, + 0x69, 0x3a, 0x81, 0x57, 0x27, 0x71, 0xc2, 0x0f, 0x28, 0x65, 0x05, 0x2e, 0xd9, 0x88, 0x35, 0x9c, + 0x6e, 0x76, 0x31, 0x7b, 0xb1, 0xc4, 0x38, 0x51, 0x64, 0x9b, 0xdd, 0xaa, 0x6e, 0xc6, 0x26, 0x8e, + 0x79, 0xfc, 0x09, 0x0f, 0xf5, 0xf8, 0x73, 0x78, 0x9f, 0xe3, 0xcf, 0x7f, 0x60, 0xc1, 0x99, 0xae, + 0x5f, 0xed, 0xd1, 0x0d, 0x91, 0xb3, 0xbf, 0x5e, 0x82, 0x53, 0x5d, 0x8a, 0x2a, 0xa1, 0x1d, 0x73, + 0x3e, 0x5b, 0x79, 0x78, 0xc5, 0xd3, 0x4e, 0x5e, 0x39, 0x8c, 0x5d, 0x26, 0xf1, 0xc1, 0x9c, 0x0f, + 0xda, 0x01, 0x50, 0x7c, 0xb0, 0x0e, 0x00, 0x63, 0x5a, 0x0e, 0x3c, 0xd4, 0x69, 0x59, 0xba, 0xff, + 0xb4, 0x44, 0xbf, 0x6b, 0xc1, 0x44, 0xb3, 0x47, 0x25, 0x4f, 0x71, 0xa8, 0x77, 0xf3, 0x78, 0xea, + 0x84, 0x56, 0x9f, 0xdc, 0xdb, 0x9d, 0xec, 0x59, 0x40, 0x15, 0xf7, 0xec, 0x95, 0xfd, 0xbd, 0x22, + 0xb0, 0x8a, 0x5e, 0xac, 0x86, 0xce, 0x0e, 0xfa, 0xac, 0x59, 0x9b, 0xcd, 0xca, 0xab, 0x8e, 0x18, + 0x27, 0xae, 0x6a, 0xbb, 0xf1, 0x11, 0xec, 0x56, 0xea, 0x2d, 0x2b, 0xb4, 0x0a, 0x7d, 0x08, 0x2d, + 0x5f, 0x16, 0xc1, 0x2b, 0xe6, 0x5f, 0x04, 0xaf, 0x92, 0x2d, 0x80, 0x77, 0xff, 0x4f, 0x3c, 0xf0, + 0x48, 0x7e, 0xe2, 0xbf, 0x69, 0x71, 0xc1, 0x93, 0xf9, 0x0a, 0x5a, 0x33, 0xb0, 0xee, 0xa3, 0x19, + 0x3c, 0xc7, 0x6e, 0xda, 0xac, 0x5f, 0x21, 0x8e, 0x2f, 0x34, 0x08, 0xf3, 0xd2, 0x4c, 0xd6, 0x8e, + 0x15, 0x06, 0xbb, 0x1b, 0xc7, 0xf7, 0xc3, 0xbb, 0x97, 0x9a, 0xad, 0x64, 0x47, 0xe8, 0x12, 0xfa, + 0x6e, 0x1c, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0xb7, 0x0a, 0x7c, 0x06, 0x0a, 0xb7, 0xfe, 0xc5, 0xcc, + 0x6d, 0x06, 0xfd, 0x7b, 0xc4, 0x3f, 0x03, 0xe0, 0xaa, 0x4b, 0xf6, 0x84, 0xbf, 0xe5, 0xca, 0x91, + 0x2f, 0x29, 0x13, 0xf4, 0xf4, 0x6b, 0xe8, 0x36, 0x6c, 0xf0, 0x4b, 0xc9, 0xd2, 0xe2, 0xbe, 0xb2, + 0x34, 0x25, 0x56, 0x06, 0xf6, 0xd9, 0xed, 0xfe, 0xc2, 0x82, 0x94, 0x46, 0x84, 0x5a, 0x50, 0xa2, + 0xdd, 0xdd, 0xc9, 0xe7, 0xfe, 0x40, 0x93, 0x34, 0x15, 0x8d, 0x62, 0xda, 0xb3, 0x9f, 0x98, 0x33, + 0x42, 0xbe, 0xf0, 0xfe, 0x17, 0xf2, 0xb8, 0xe3, 0xd2, 0x64, 0x78, 0x25, 0x0c, 0x37, 0xb9, 0xd3, + 0x50, 0x47, 0x12, 0xd8, 0x17, 0x61, 0xbc, 0xa3, 0x53, 0xac, 0x70, 0x79, 0x28, 0x2f, 0x4d, 0x34, + 0xa6, 0x2b, 0x4b, 0xc1, 0xc3, 0x1c, 0x66, 0xbf, 0x6b, 0xc1, 0xc9, 0x2c, 0x79, 0xf4, 0x0d, 0x0b, + 0xc6, 0xe3, 0x2c, 0xbd, 0xe3, 0x1a, 0x3b, 0x15, 0x19, 0xd7, 0x01, 0xc2, 0x9d, 0x9d, 0xb0, 0xff, + 0x8f, 0x98, 0xfc, 0xb7, 0xbc, 0xa0, 0x16, 0xde, 0x55, 0x8a, 0x89, 0xd5, 0x53, 0x31, 0xa1, 0xeb, + 0xd1, 0xdd, 0x20, 0xb5, 0xb6, 0xdf, 0x91, 0xfb, 0xb7, 0x2a, 0xda, 0xb1, 0xc2, 0x60, 0xa9, 0x4e, + 0x6d, 0x51, 0x25, 0x33, 0x33, 0x29, 0xe7, 0x44, 0x3b, 0x56, 0x18, 0xe8, 0x45, 0x18, 0x31, 0x2f, + 0x06, 0x15, 0xf3, 0x92, 0x29, 0xe4, 0xe6, 0x1d, 0xa2, 0x38, 0x85, 0x95, 0xb9, 0x1a, 0xbe, 0xb4, + 0xef, 0xd5, 0xf0, 0xcf, 0x42, 0x59, 0x5c, 0x73, 0x2e, 0xe3, 0x47, 0x79, 0x62, 0xa1, 0x68, 0xc3, + 0x0a, 0x4a, 0xa5, 0x49, 0xd3, 0x09, 0xda, 0x8e, 0x4f, 0x47, 0x48, 0x64, 0x43, 0xab, 0x65, 0xb8, + 0xa4, 0x20, 0xd8, 0xc0, 0xa2, 0x6f, 0x9c, 0x78, 0x4d, 0xf2, 0x5a, 0x18, 0xc8, 0xc8, 0x2b, 0xed, + 0x52, 0x11, 0xed, 0x58, 0x61, 0xd8, 0xff, 0xc5, 0x82, 0xec, 0x1d, 0xcd, 0xa9, 0x53, 0x0e, 0x6b, + 0xdf, 0x0c, 0xec, 0x74, 0xfe, 0x66, 0xa1, 0xaf, 0xfc, 0x4d, 0x33, 0xb5, 0xb2, 0x78, 0xdf, 0xd4, + 0xca, 0x1f, 0xd5, 0xd7, 0xdf, 0xf0, 0x1c, 0xcc, 0xe1, 0x6e, 0x57, 0xdf, 0x20, 0x1b, 0x06, 0x5d, + 0x47, 0xd5, 0xe8, 0x18, 0xe1, 0xb6, 0xc3, 0xec, 0x0c, 0x43, 0x12, 0x10, 0x7b, 0x19, 0x2a, 0xca, + 0xb3, 0x20, 0x0d, 0x55, 0xab, 0xbb, 0xa1, 0xda, 0x57, 0x2a, 0x59, 0x75, 0xfd, 0xbd, 0xef, 0x9f, + 0xfb, 0xc0, 0x77, 0xbe, 0x7f, 0xee, 0x03, 0x7f, 0xf2, 0xfd, 0x73, 0x1f, 0xf8, 0xdc, 0xde, 0x39, + 0xeb, 0xbd, 0xbd, 0x73, 0xd6, 0x77, 0xf6, 0xce, 0x59, 0x7f, 0xb2, 0x77, 0xce, 0xfa, 0xde, 0xde, + 0x39, 0xeb, 0x6b, 0xff, 0xf1, 0xdc, 0x07, 0x5e, 0xeb, 0x1a, 0x7a, 0x47, 0x7f, 0x3c, 0xef, 0xd6, + 0xa6, 0xb7, 0x2e, 0xb0, 0xe8, 0x2f, 0xba, 0xbc, 0xa6, 0x8d, 0x39, 0x35, 0x2d, 0x97, 0xd7, 0xff, + 0x0b, 0x00, 0x00, 0xff, 0xff, 0xe7, 0xad, 0xd9, 0x73, 0xf4, 0xcb, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -5969,6 +5970,15 @@ func (m *ApplicationSetSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.GoTemplateOptions) > 0 { + for iNdEx := len(m.GoTemplateOptions) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.GoTemplateOptions[iNdEx]) + copy(dAtA[i:], m.GoTemplateOptions[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.GoTemplateOptions[iNdEx]))) + i-- + dAtA[i] = 0x3a + } + } if m.PreservedFields != nil { { size, err := m.PreservedFields.MarshalToSizedBuffer(dAtA[:i]) @@ -13633,6 +13643,12 @@ func (m *ApplicationSetSpec) Size() (n int) { l = m.PreservedFields.Size() n += 1 + l + sovGenerated(uint64(l)) } + if len(m.GoTemplateOptions) > 0 { + for _, s := range m.GoTemplateOptions { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -16655,6 +16671,7 @@ func (this *ApplicationSetSpec) String() string { `SyncPolicy:` + strings.Replace(this.SyncPolicy.String(), "ApplicationSetSyncPolicy", "ApplicationSetSyncPolicy", 1) + `,`, `Strategy:` + strings.Replace(this.Strategy.String(), "ApplicationSetStrategy", "ApplicationSetStrategy", 1) + `,`, `PreservedFields:` + strings.Replace(this.PreservedFields.String(), "ApplicationPreservedFields", "ApplicationPreservedFields", 1) + `,`, + `GoTemplateOptions:` + fmt.Sprintf("%v", this.GoTemplateOptions) + `,`, `}`, }, "") return s @@ -22410,6 +22427,38 @@ func (m *ApplicationSetSpec) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field GoTemplateOptions", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.GoTemplateOptions = append(m.GoTemplateOptions, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 8ee9dd1ddfc73..6f29b2b4393e7 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -290,6 +290,8 @@ message ApplicationSetSpec { optional ApplicationSetStrategy strategy = 5; optional ApplicationPreservedFields preservedFields = 6; + + repeated string goTemplateOptions = 7; } // ApplicationSetStatus defines the observed state of ApplicationSet diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index a9f6f13869d49..0001735fb5e54 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -1162,6 +1162,20 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetSpec(ref common.Referenc Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationPreservedFields"), }, }, + "goTemplateOptions": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, Required: []string{"generators", "template"}, }, diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index dedd5a3b2d5d3..34b7bf06cb783 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -658,6 +658,11 @@ func (in *ApplicationSetSpec) DeepCopyInto(out *ApplicationSetSpec) { *out = new(ApplicationPreservedFields) (*in).DeepCopyInto(*out) } + if in.GoTemplateOptions != nil { + in, out := &in.GoTemplateOptions, &out.GoTemplateOptions + *out = make([]string, len(*in)) + copy(*out, *in) + } return } From c4a79309945727df351e6b0b11a9e07fad7fa31c Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Tue, 30 May 2023 14:13:22 -0400 Subject: [PATCH 075/252] chore: upgrade go to 1.20.4 (#13801) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .github/workflows/ci-build.yaml | 2 +- .github/workflows/image.yaml | 4 ++-- .github/workflows/release.yaml | 4 ++-- Dockerfile | 4 ++-- test/container/Dockerfile | 2 +- test/remote/Dockerfile | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 8894cf28d749b..8858fb8c3d769 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -13,7 +13,7 @@ on: env: # Golang version to use across CI steps - GOLANG_VERSION: '1.19' + GOLANG_VERSION: '1.20' concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 1700ddb216322..0a8898777cea0 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -52,7 +52,7 @@ jobs: uses: ./.github/workflows/image-reuse.yaml with: # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.19 + go-version: 1.20 platforms: ${{ needs.set-vars.outputs.platforms }} push: false @@ -68,7 +68,7 @@ jobs: quay_image_name: quay.io/argoproj/argocd:latest ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.19 + go-version: 1.20 platforms: ${{ needs.set-vars.outputs.platforms }} push: true secrets: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 275fe9064bcb3..1baa2a42a7cb4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ on: permissions: {} env: - GOLANG_VERSION: '1.19' # Note: go-version must also be set in job argocd-image.with.go-version + GOLANG_VERSION: '1.20' # Note: go-version must also be set in job argocd-image.with.go-version jobs: argocd-image: @@ -23,7 +23,7 @@ jobs: with: quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.19 + go-version: 1.20 platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le push: true secrets: diff --git a/Dockerfile b/Dockerfile index d903804e3cff2..37e6cdee36d22 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:9a0bdde4188b896a372804be238 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.19.7@sha256:5d947843dde82ba1df5ac1b2ebb70b203d106f0423bf5183df3dc96f6bc5a705 AS builder +FROM docker.io/library/golang:1.20.4@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS builder RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.19.7@sha256:5d947843dde82ba1df5ac1b2ebb70b203d106f0423bf5183df3dc96f6bc5a705 AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20.4@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd diff --git a/test/container/Dockerfile b/test/container/Dockerfile index a94a35dd31073..47f0b3b1716c3 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -9,7 +9,7 @@ RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version FROM docker.io/library/node:18.15.0@sha256:8d9a875ee427897ef245302e31e2319385b092f1c3368b497e89790f240368f5 as node -FROM docker.io/library/golang:1.19.7@sha256:5d947843dde82ba1df5ac1b2ebb70b203d106f0423bf5183df3dc96f6bc5a705 as golang +FROM docker.io/library/golang:1.20.4@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 as golang FROM docker.io/library/registry:2.8@sha256:41f413c22d6156587e2a51f3e80c09808b8c70e82be149b82b5e0196a88d49b4 as registry diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index 38af465d84d41..018adee07cf37 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 -FROM docker.io/library/golang:1.19.7@sha256:5d947843dde82ba1df5ac1b2ebb70b203d106f0423bf5183df3dc96f6bc5a705 AS go +FROM docker.io/library/golang:1.20.4@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS go RUN go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest From 21585ecd6a28585fd0cd04713127645085697a9f Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Tue, 30 May 2023 14:14:22 -0400 Subject: [PATCH 076/252] chore: upgrade node to 20.2.0 (#13800) * chore: upgrade node to 20.2.0 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * also ts-node Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .github/workflows/ci-build.yaml | 2 +- Dockerfile | 2 +- test/container/Dockerfile | 2 +- ui-test/Dockerfile | 2 +- ui/.nvmrc | 2 +- ui/package.json | 4 +-- ui/yarn.lock | 51 +++++++++++++++++---------------- 7 files changed, 34 insertions(+), 31 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 8858fb8c3d769..8a7d01be8e2a3 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -267,7 +267,7 @@ jobs: - name: Setup NodeJS uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: - node-version: '18.15.0' + node-version: '20.2.0' - name: Restore node dependency cache id: cache-dependencies uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 diff --git a/Dockerfile b/Dockerfile index 37e6cdee36d22..32c419838f137 100644 --- a/Dockerfile +++ b/Dockerfile @@ -83,7 +83,7 @@ WORKDIR /home/argocd #################################################################################################### # Argo CD UI stage #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/node:18.15.0@sha256:8d9a875ee427897ef245302e31e2319385b092f1c3368b497e89790f240368f5 AS argocd-ui +FROM --platform=$BUILDPLATFORM docker.io/library/node:20.2.0@sha256:14f0471d0478fbb9177d0f9e8c146dc872273dcdcfc7fea93a27ed81fc6b0e96 AS argocd-ui WORKDIR /src COPY ["ui/package.json", "ui/yarn.lock", "./"] diff --git a/test/container/Dockerfile b/test/container/Dockerfile index 47f0b3b1716c3..997dba8eeb2c0 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -7,7 +7,7 @@ RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version -FROM docker.io/library/node:18.15.0@sha256:8d9a875ee427897ef245302e31e2319385b092f1c3368b497e89790f240368f5 as node +FROM docker.io/library/node:20.2.0@sha256:14f0471d0478fbb9177d0f9e8c146dc872273dcdcfc7fea93a27ed81fc6b0e96 as node FROM docker.io/library/golang:1.20.4@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 as golang diff --git a/ui-test/Dockerfile b/ui-test/Dockerfile index 0bd9d544370e5..e284e2b5c0a34 100644 --- a/ui-test/Dockerfile +++ b/ui-test/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/node:18.15.0@sha256:8d9a875ee427897ef245302e31e2319385b092f1c3368b497e89790f240368f5 AS node +FROM docker.io/library/node:20.2.0@sha256:14f0471d0478fbb9177d0f9e8c146dc872273dcdcfc7fea93a27ed81fc6b0e96 AS node RUN apt-get update && apt-get install --no-install-recommends -y \ software-properties-common diff --git a/ui/.nvmrc b/ui/.nvmrc index e048c8ca198f9..6ed5da9554c06 100644 --- a/ui/.nvmrc +++ b/ui/.nvmrc @@ -1 +1 @@ -v18.15.0 +v20.2.0 diff --git a/ui/package.json b/ui/package.json index 7fa13a62a526f..eb34e42420367 100644 --- a/ui/package.json +++ b/ui/package.json @@ -78,7 +78,7 @@ "@types/js-yaml": "^3.11.2", "@types/lodash-es": "^4.17.6", "@types/minimatch": "^3.0.3", - "@types/node": "18.15.3", + "@types/node": "20.2.0", "@types/prop-types": "^15.7.5", "@types/react": "^16.8.5", "@types/react-autocomplete": "^1.8.4", @@ -110,7 +110,7 @@ "source-map-loader": "^0.2.3", "style-loader": "^0.20.1", "ts-jest": "^27.1.3", - "ts-node": "^10.7.0", + "ts-node": "10.9.1", "tslint": "^6.1.3", "tslint-config-prettier": "^1.18.0", "tslint-plugin-prettier": "^2.0.1", diff --git a/ui/yarn.lock b/ui/yarn.lock index bc2365f8ad2e2..e34744e800545 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -1111,17 +1111,12 @@ exec-sh "^0.3.2" minimist "^1.2.0" -"@cspotcode/source-map-consumer@0.8.0": - version "0.8.0" - resolved "https://registry.yarnpkg.com/@cspotcode/source-map-consumer/-/source-map-consumer-0.8.0.tgz#33bf4b7b39c178821606f669bbc447a6a629786b" - integrity sha512-41qniHzTU8yAGbCp04ohlmSrZf8bkf/iJsl3V0dRGsQN/5GFfx+LbCSsCpp2gqrqjTVg/K6O8ycoV35JIwAzAg== - -"@cspotcode/source-map-support@0.7.0": - version "0.7.0" - resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.7.0.tgz#4789840aa859e46d2f3173727ab707c66bf344f5" - integrity sha512-X4xqRHqN8ACt2aHVe51OxeA2HjbcL4MqFqXkrmQszJ1NOUuUu5u6Vqx/0lZSVNku7velL5FC/s5uEAj1lsBMhA== +"@cspotcode/source-map-support@^0.8.0": + version "0.8.1" + resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1" + integrity sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw== dependencies: - "@cspotcode/source-map-consumer" "0.8.0" + "@jridgewell/trace-mapping" "0.3.9" "@ctrl/tinycolor@^3.4.0": version "3.4.0" @@ -1430,6 +1425,14 @@ resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24" integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw== +"@jridgewell/trace-mapping@0.3.9": + version "0.3.9" + resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz#6534fd5933a53ba7cbf3a17615e273a0d1273ff9" + integrity sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ== + dependencies: + "@jridgewell/resolve-uri" "^3.0.3" + "@jridgewell/sourcemap-codec" "^1.4.10" + "@jridgewell/trace-mapping@^0.3.0": version "0.3.4" resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.4.tgz#f6a0832dffd5b8a6aaa633b7d9f8e8e94c83a0c3" @@ -1838,10 +1841,10 @@ resolved "https://registry.yarnpkg.com/@types/node/-/node-16.3.1.tgz#24691fa2b0c3ec8c0d34bfcfd495edac5593ebb4" integrity sha512-N87VuQi7HEeRJkhzovao/JviiqKjDKMVKxKMfUvSKw+MbkbW8R0nA3fi/MQhhlxV2fQ+2ReM+/Nt4efdrJx3zA== -"@types/node@18.15.3": - version "18.15.3" - resolved "https://registry.yarnpkg.com/@types/node/-/node-18.15.3.tgz#f0b991c32cfc6a4e7f3399d6cb4b8cf9a0315014" - integrity sha512-p6ua9zBxz5otCmbpb5D3U4B5Nanw6Pk3PPyX05xnxbB/fRv71N7CPmORg7uAD5P70T0xmx1pzAx/FUfa5X+3cw== +"@types/node@20.2.0": + version "20.2.0" + resolved "https://registry.yarnpkg.com/@types/node/-/node-20.2.0.tgz#e33da33171ac4eba79b9cfe30b68a4f1561e74ec" + integrity sha512-3iD2jaCCziTx04uudpJKwe39QxXgSUnpxXSvRQjRvHPxFQfmfP4NXIm/NURVeNlTCc+ru4WqjYGTmpXrW9uMlw== "@types/node@^14.11.8": version "14.18.12" @@ -9363,12 +9366,12 @@ ts-jest@^27.1.3: semver "7.x" yargs-parser "20.x" -ts-node@^10.7.0: - version "10.7.0" - resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.7.0.tgz#35d503d0fab3e2baa672a0e94f4b40653c2463f5" - integrity sha512-TbIGS4xgJoX2i3do417KSaep1uRAW/Lu+WAL2doDHC0D6ummjirVOXU5/7aiZotbQ5p1Zp9tP7U6cYhA0O7M8A== +ts-node@10.9.1: + version "10.9.1" + resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.9.1.tgz#e73de9102958af9e1f0b168a6ff320e25adcff4b" + integrity sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw== dependencies: - "@cspotcode/source-map-support" "0.7.0" + "@cspotcode/source-map-support" "^0.8.0" "@tsconfig/node10" "^1.0.7" "@tsconfig/node12" "^1.0.7" "@tsconfig/node14" "^1.0.0" @@ -9379,7 +9382,7 @@ ts-node@^10.7.0: create-require "^1.1.0" diff "^4.0.1" make-error "^1.1.1" - v8-compile-cache-lib "^3.0.0" + v8-compile-cache-lib "^3.0.1" yn "3.1.1" tslib@^1.13.0: @@ -9657,10 +9660,10 @@ uuid@^8.3.2: resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== -v8-compile-cache-lib@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.0.tgz#0582bcb1c74f3a2ee46487ceecf372e46bce53e8" - integrity sha512-mpSYqfsFvASnSn5qMiwrr4VKfumbPyONLCOPmsR3A6pTY/r0+tSaVbgPWSAIuzbk3lCTa+FForeTiO+wBQGkjA== +v8-compile-cache-lib@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf" + integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg== v8-to-istanbul@^8.1.0: version "8.1.1" From e731520c76ded48296a7ef2d397605bbbb2aa162 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Tue, 30 May 2023 14:17:25 -0400 Subject: [PATCH 077/252] docs: fix deep links docs formatting (#13747) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/operator-manual/deep_links.md | 46 ++++++++++++++++-------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index 7e512415031c8..f667449016d58 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -11,38 +11,42 @@ or individual resources (pods, services, etc.). ## Configuring Deep Links The configuration for Deep Links is present in `argocd-cm` as `.links` fields where -`` determines where it will be displayed. The possible values for `` are : -- `project` : all links under this field will show up in the project tab in the Argo CD UI -- `application` : all links under this field will show up in the application summary tab -- `resource` : all links under this field will show up in the resource (deployments, pods, services, etc.) summary tab +`` determines where it will be displayed. The possible values for `` are: -Each link in the list has five subfields : -1. `title` : title/tag that will be displayed in the UI corresponding to that link -2. `url` : the actual URL where the deep link will redirect to, this field can be templated to use data from the +- `project`: all links under this field will show up in the project tab in the Argo CD UI +- `application`: all links under this field will show up in the application summary tab +- `resource`: all links under this field will show up in the resource (deployments, pods, services, etc.) summary tab + +Each link in the list has five subfields: + +1. `title`: title/tag that will be displayed in the UI corresponding to that link +2. `url`: the actual URL where the deep link will redirect to, this field can be templated to use data from the corresponding application, project or resource objects (depending on where it is located). This uses [text/template](pkg.go.dev/text/template) pkg for templating -3. `description` (optional) : a description for what the deep link is about -4. `icon.class` (optional) : a font-awesome icon class to be used when displaying the links in dropdown menus -5. `if` (optional) : a conditional statement that results in either `true` or `false`, it also has access to the same +3. `description` (optional): a description for what the deep link is about +4. `icon.class` (optional): a font-awesome icon class to be used when displaying the links in dropdown menus +5. `if` (optional): a conditional statement that results in either `true` or `false`, it also has access to the same data as the `url` field. If the condition resolves to `true` the deep link will be displayed - else it will be hidden. If the field is omitted, by default the deep links will be displayed. This uses [antonmedv/expr](https://github.com/antonmedv/expr/tree/master/docs) for evaluating conditions !!!note - For resources of kind Secret the data fields are redacted but other fields are accessible for templating the deep links. + For resources of kind Secret the data fields are redacted but other fields are accessible for templating the deep links. !!!warning - Make sure to validate the url templates and inputs to prevent data leaks or possible generation of any malicious links. + Make sure to validate the url templates and inputs to prevent data leaks or possible generation of any malicious links. As mentioned earlier the links and conditions can be templated to use data from the resource, each category of links can access different types of data linked to that resource. -Overall we have these 4 resources available for templating in the system : -- `application` : this key is used to access the application resource data. -- `resource` : this key is used to access values for the actual k8s resource. -- `cluster` : this key is used to access the related destination cluster data like name, server, namespaces etc. -- `project` : this key is used to access the project resource data. +Overall we have these 4 resources available for templating in the system: + +- `application`: this key is used to access the application resource data. +- `resource`: this key is used to access values for the actual k8s resource. +- `cluster`: this key is used to access the related destination cluster data like name, server, namespaces etc. +- `project`: this key is used to access the project resource data. + +The above resources are accessible in particular link categories, here's a list of resources available in each category: -The above resources are accessible in particular link categories, here's a list of resources available in each category : -- `resource.links` : `resource`, `application`, `cluster` and `project` -- `application.links` : `application` and `cluster` -- `project.links` : `project` +- `resource.links`: `resource`, `application`, `cluster` and `project` +- `application.links`: `application` and `cluster` +- `project.links`: `project` An example `argocd-cm.yaml` file with deep links and their variations : From fb4dd6cc4755c4210f8a8eac3d19c9073ac6d454 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Tue, 30 May 2023 15:13:28 -0400 Subject: [PATCH 078/252] chore: bump otel dependencies (#13798) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- go.mod | 30 +++++++++++++++-------------- go.sum | 60 ++++++++++++++++++++++++++++++++-------------------------- 2 files changed, 49 insertions(+), 41 deletions(-) diff --git a/go.mod b/go.mod index cc99ffe279337..6c180b724aa3e 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/fsnotify/fsnotify v1.6.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e github.com/go-git/go-git/v5 v5.6.1 - github.com/go-logr/logr v1.2.3 + github.com/go-logr/logr v1.2.4 github.com/go-openapi/loads v0.21.2 github.com/go-openapi/runtime v0.25.0 github.com/go-redis/cache/v9 v9.0.0 @@ -71,18 +71,18 @@ require ( github.com/whilp/git-urls v1.0.0 github.com/xanzy/go-gitlab v0.83.0 github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.31.0 - go.opentelemetry.io/otel v1.11.1 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.1 - go.opentelemetry.io/otel/sdk v1.11.1 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 + go.opentelemetry.io/otel v1.16.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0 + go.opentelemetry.io/otel/sdk v1.16.0 golang.org/x/crypto v0.9.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/oauth2 v0.7.0 golang.org/x/sync v0.1.0 golang.org/x/term v0.8.0 - google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 - google.golang.org/grpc v1.51.0 - google.golang.org/protobuf v1.29.1 + google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 + google.golang.org/grpc v1.55.0 + google.golang.org/protobuf v1.30.0 gopkg.in/go-playground/webhooks.v5 v5.17.0 gopkg.in/square/go-jose.v2 v2.6.0 gopkg.in/yaml.v2 v2.4.0 @@ -104,7 +104,8 @@ require ( ) require ( - cloud.google.com/go/compute v1.7.0 // indirect + cloud.google.com/go/compute v1.18.0 // indirect + cloud.google.com/go/compute/metadata v0.2.3 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.18 // indirect @@ -122,7 +123,7 @@ require ( github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/cenkalti/backoff/v4 v4.1.3 // indirect + github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/gettext-go v0.0.0-20170215093142-bf70f2a70fb1 // indirect github.com/cloudflare/circl v1.3.3 // indirect @@ -151,7 +152,7 @@ require ( github.com/go-openapi/swag v0.21.1 // indirect github.com/go-openapi/validate v0.21.0 // indirect github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 // indirect - github.com/golang/glog v1.0.0 // indirect + github.com/golang/glog v1.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect @@ -218,9 +219,10 @@ require ( github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect go.mongodb.org/mongo-driver v1.10.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.1 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.11.1 // indirect - go.opentelemetry.io/otel/trace v1.11.1 // indirect + go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 // indirect + go.opentelemetry.io/otel/metric v1.16.0 // indirect + go.opentelemetry.io/otel/trace v1.16.0 // indirect go.opentelemetry.io/proto/otlp v0.19.0 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.8.0 // indirect diff --git a/go.sum b/go.sum index 453e3f99e72b0..83e5b45b98cfc 100644 --- a/go.sum +++ b/go.sum @@ -41,9 +41,12 @@ cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJW cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= -cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY= +cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= +cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= @@ -184,8 +187,8 @@ github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVO github.com/casbin/casbin/v2 v2.60.0 h1:ZmC0/t4wolfEsDpDxTEsu2z6dfbMNpc11F52ceLs2Eo= github.com/casbin/casbin/v2 v2.60.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4= -github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= +github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= +github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= @@ -366,8 +369,9 @@ github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v1.0.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= @@ -458,8 +462,9 @@ github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOW github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= +github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= +github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -1101,31 +1106,31 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.31.0 h1:li8u9OSMvLau7rMs8bmiL82OazG6MAkwPz2i6eS8TBQ= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.31.0/go.mod h1:SY9qHHUES6W3oZnO1H2W8NvsSovIoXRg/A1AH9px8+I= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel v1.6.1/go.mod h1:blzUabWHkX6LJewxvadmzafgh/wnvBSDBdOuwkAtrWQ= -go.opentelemetry.io/otel v1.11.1 h1:4WLLAmcfkmDk2ukNXJyq3/kiz/3UzCaYq6PskJsaou4= -go.opentelemetry.io/otel v1.11.1/go.mod h1:1nNhXBbWSD0nsL38H6btgnFN2k4i0sNLHNNMZMSbUGE= +go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s= +go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.1 h1:X2GndnMCsUPh6CiY2a+frAbNsXaPLbB0soHRYhAZ5Ig= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.1/go.mod h1:i8vjiSzbiUC7wOQplijSXMYUpNM93DtlS5CbUT+C6oQ= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.11.1 h1:MEQNafcNCB0uQIti/oHgU7CZpUMYQ7qigBwMVKycHvc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.11.1/go.mod h1:19O5I2U5iys38SsmT2uDJja/300woyzE1KPIQxEUBUc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.1 h1:LYyG/f1W/jzAix16jbksJfMQFpOH/Ma6T639pVPMgfI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.1/go.mod h1:QrRRQiY3kzAoYPNLP0W/Ikg0gR6V3LMc+ODSxr7yyvg= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 h1:t4ZwRPU+emrcvM2e9DHd0Fsf0JTPVcbfa/BhTDF03d0= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0/go.mod h1:vLarbg68dH2Wa77g71zmKQqlQ8+8Rq3GRG31uc0WcWI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 h1:cbsD4cUcviQGXdw8+bo5x2wazq10SKz8hEbtCRPcU78= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0/go.mod h1:JgXSGah17croqhJfhByOLVY719k1emAXC8MVhCIJlRs= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0 h1:TVQp/bboR4mhZSav+MdgXB8FaRho1RC8UwVn3T0vjVc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0/go.mod h1:I33vtIe0sR96wfrUcilIzLoA3mLHhRmz9S9Te0S3gDo= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= +go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo= +go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk v1.11.1 h1:F7KmQgoHljhUuJyA+9BiU+EkJfyX5nVVF4wyzWZpKxs= -go.opentelemetry.io/otel/sdk v1.11.1/go.mod h1:/l3FE4SupHJ12TduVjUkZtlfFqDCQJlOlithYrdktys= +go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE= +go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -go.opentelemetry.io/otel/trace v1.6.1/go.mod h1:RkFRM1m0puWIq10oxImnGEduNBzxiN7TXluRBtE+5j0= -go.opentelemetry.io/otel/trace v1.11.1 h1:ofxdnzsNrGBYXbP7t7zpUK281+go5rF7dvdIZXF8gdQ= -go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk= +go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs= +go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= @@ -1135,7 +1140,7 @@ go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= +go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= @@ -1729,8 +1734,9 @@ google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 h1:4SPz2GL2CXJt28MTF8V6Ap/9ZiVbQlJeGSd9qtA7DLs= google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1764,8 +1770,8 @@ google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11 google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= -google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= +google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= +google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= @@ -1776,8 +1782,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.29.1 h1:7QBf+IK2gx70Ap/hDsOmam3GE0v9HicjfEdAxE62UoM= -google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk= From 0eac76938d7cf12518b2183a62f701416ec9cfd8 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Tue, 30 May 2023 17:35:02 -0400 Subject: [PATCH 079/252] docs: add GHSA to vulnerability reporting methods (#13510) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- SECURITY.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 5563e3d11f903..9e2ba5c6ba542 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -65,9 +65,10 @@ We will publish security advisories using the feature to keep our community well-informed, and will credit you for your findings (unless you prefer to stay anonymous, of course). -Please report vulnerabilities by e-mail to the following address: +There are two ways to report a vulnerability to the Argo CD team: -* cncf-argo-security@lists.cncf.io +* By opening a draft GitHub security advisory: https://github.com/argoproj/argo-cd/security/advisories/new +* By e-mail to the following address: cncf-argo-security@lists.cncf.io ## Internet Bug Bounty collaboration From 3ca9416a151e8fe81d9931f64a1b6979dcd568e1 Mon Sep 17 00:00:00 2001 From: Geoffrey MUSELLI Date: Tue, 30 May 2023 18:40:58 -0400 Subject: [PATCH 080/252] fix(ui): Patch Resource missing appNamespace (#13839) Signed-off-by: Geoffrey Muselli --- ui/src/app/shared/services/applications-service.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ui/src/app/shared/services/applications-service.ts b/ui/src/app/shared/services/applications-service.ts index 38aa9dee65d61..a62aea13fccdf 100644 --- a/ui/src/app/shared/services/applications-service.ts +++ b/ui/src/app/shared/services/applications-service.ts @@ -331,11 +331,12 @@ export class ApplicationsService { .then(res => (res.body.actions as models.ResourceAction[]) || []); } - public patchResource(name: string, appNamspace: string, resource: models.ResourceNode, patch: string, patchType: string): Promise { + public patchResource(name: string, appNamespace: string, resource: models.ResourceNode, patch: string, patchType: string): Promise { return requests .post(`/applications/${name}/resource`) .query({ name: resource.name, + appNamespace, namespace: resource.namespace, resourceName: resource.name, version: resource.version, From 2d145f510749ad2ae2f2e5bf4a258ddf51fee123 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 May 2023 08:44:48 -0400 Subject: [PATCH 081/252] chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.55 to 0.9.58 (#13843) Bumps [github.com/ktrysmt/go-bitbucket](https://github.com/ktrysmt/go-bitbucket) from 0.9.55 to 0.9.58. - [Release notes](https://github.com/ktrysmt/go-bitbucket/releases) - [Commits](https://github.com/ktrysmt/go-bitbucket/compare/v0.9.55...v0.9.58) --- updated-dependencies: - dependency-name: github.com/ktrysmt/go-bitbucket dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 17 +++++++---------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 6c180b724aa3e..cf68412235b07 100644 --- a/go.mod +++ b/go.mod @@ -51,7 +51,7 @@ require ( github.com/itchyny/gojq v0.12.12 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 - github.com/ktrysmt/go-bitbucket v0.9.55 + github.com/ktrysmt/go-bitbucket v0.9.58 github.com/mattn/go-isatty v0.0.19 github.com/mattn/go-zglob v0.0.4 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 @@ -77,7 +77,7 @@ require ( go.opentelemetry.io/otel/sdk v1.16.0 golang.org/x/crypto v0.9.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 - golang.org/x/oauth2 v0.7.0 + golang.org/x/oauth2 v0.8.0 golang.org/x/sync v0.1.0 golang.org/x/term v0.8.0 google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 @@ -183,7 +183,7 @@ require ( github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect github.com/mitchellh/go-wordwrap v1.0.0 // indirect - github.com/mitchellh/mapstructure v1.4.3 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.0 // indirect github.com/moby/spdystream v0.2.0 // indirect github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect diff --git a/go.sum b/go.sum index 83e5b45b98cfc..0aa26312c66b5 100644 --- a/go.sum +++ b/go.sum @@ -708,8 +708,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/ktrysmt/go-bitbucket v0.9.55 h1:eOrF7wWmG4wz5iPr7ymgyWLoti2OfmrhU2tmT6yhAu8= -github.com/ktrysmt/go-bitbucket v0.9.55/go.mod h1:y5wrrDHCGUFAtuC43GyLBeFigq7rwrh4HqeDOOyZT+A= +github.com/ktrysmt/go-bitbucket v0.9.58 h1:EyEO5Na+ydAITnUr/s8NRGU20vfFl5PsnwSCB3HK5ZE= +github.com/ktrysmt/go-bitbucket v0.9.58/go.mod h1:apndNyqXgInXkIW9/MClTsr2VznPf4iBzST3yhAt8SU= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/libopenstorage/openstorage v1.0.0/go.mod h1:Sp1sIObHjat1BeXhfMqLZ14wnOzEhNx2YQedreMcUyc= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= @@ -775,12 +775,11 @@ github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUb github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= -github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM= @@ -1028,6 +1027,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= @@ -1229,7 +1229,6 @@ golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1302,7 +1301,6 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/oauth2 v0.0.0-20180227000427-d7d64896b5ff/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1326,8 +1324,9 @@ golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= +golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1344,7 +1343,6 @@ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180224232135-f6cff0780e54/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1642,7 +1640,6 @@ google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69 google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= -google.golang.org/appengine v1.0.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= From b8b678635bf18cff8dcc10016ded7f76c195ded1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 May 2023 08:47:02 -0400 Subject: [PATCH 082/252] chore(deps): bump github.com/go-openapi/runtime from 0.25.0 to 0.26.0 (#13845) Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.25.0 to 0.26.0. - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](https://github.com/go-openapi/runtime/compare/v0.25.0...v0.26.0) --- updated-dependencies: - dependency-name: github.com/go-openapi/runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 27 ++++++++++++++++----------- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/go.mod b/go.mod index cf68412235b07..d03ae0cafea2f 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/go-git/go-git/v5 v5.6.1 github.com/go-logr/logr v1.2.4 github.com/go-openapi/loads v0.21.2 - github.com/go-openapi/runtime v0.25.0 + github.com/go-openapi/runtime v0.26.0 github.com/go-redis/cache/v9 v9.0.0 github.com/gobwas/glob v0.2.3 github.com/gogits/go-gogs-client v0.0.0-20190616193657-5a05380e4bc2 @@ -121,7 +121,7 @@ require ( github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect - github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect @@ -144,13 +144,13 @@ require ( github.com/go-git/go-billy/v5 v5.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.21.4 // indirect - github.com/go-openapi/errors v0.20.2 // indirect + github.com/go-openapi/errors v0.20.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect - github.com/go-openapi/spec v0.20.6 // indirect - github.com/go-openapi/strfmt v0.21.3 // indirect - github.com/go-openapi/swag v0.21.1 // indirect - github.com/go-openapi/validate v0.21.0 // indirect + github.com/go-openapi/spec v0.20.8 // indirect + github.com/go-openapi/strfmt v0.21.7 // indirect + github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/validate v0.22.1 // indirect github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 // indirect github.com/golang/glog v1.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -218,7 +218,7 @@ require ( github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect - go.mongodb.org/mongo-driver v1.10.0 // indirect + go.mongodb.org/mongo-driver v1.11.3 // indirect go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 // indirect go.opentelemetry.io/otel/metric v1.16.0 // indirect diff --git a/go.sum b/go.sum index 0aa26312c66b5..f5a70c47be618 100644 --- a/go.sum +++ b/go.sum @@ -153,8 +153,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9vXW72U//IgN0BIM= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= @@ -381,8 +381,9 @@ github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GX github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.2 h1:dxy7PGTqEh94zj2E3h1cUmQQWiM1+aeCROfAr02EmK8= github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= +github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -394,22 +395,25 @@ github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXym github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= -github.com/go-openapi/runtime v0.25.0 h1:7yQTCdRbWhX8vnIjdzU8S00tBYf7Sg71EBeorlPHvhc= -github.com/go-openapi/runtime v0.25.0/go.mod h1:Ux6fikcHXyyob6LNWxtE96hWwjBPYF0DXgVFuMTneOs= +github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc= +github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ= github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= -github.com/go-openapi/spec v0.20.6 h1:ich1RQ3WDbfoeTqTAb+5EIxNmpKVJZWBNah9RAT0jIQ= github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxRU= +github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= -github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o= github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= +github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= +github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.21.1 h1:wm0rhTb5z7qpJRHBdPOMuY4QjVUMbF6/kwoYeRAOrKU= github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/validate v0.21.0 h1:+Wqk39yKOhfpLqNLEC0/eViCkzM5FVXVqrvt526+wcI= -github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= +github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-ozzo/ozzo-validation v3.5.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU= github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= @@ -1095,8 +1099,9 @@ go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD0 go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= -go.mongodb.org/mongo-driver v1.10.0 h1:UtV6N5k14upNp4LTduX0QCufG124fSu25Wz9tu94GLg= go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= +go.mongodb.org/mongo-driver v1.11.3 h1:Ql6K6qYHEzB6xvu4+AU0BoRoqf9vFPcc4o7MUIdPW8Y= +go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= From 4b56525613451791385b31caccdb25f0b6c99e07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 May 2023 13:47:08 +0000 Subject: [PATCH 083/252] chore(deps): bump github.com/coreos/go-oidc/v3 from 3.4.0 to 3.6.0 (#13844) Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.4.0 to 3.6.0. - [Release notes](https://github.com/coreos/go-oidc/releases) - [Commits](https://github.com/coreos/go-oidc/compare/v3.4.0...v3.6.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-oidc/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 3 +- go.sum | 134 +++------------------------------------------------------ 2 files changed, 7 insertions(+), 130 deletions(-) diff --git a/go.mod b/go.mod index d03ae0cafea2f..50b321736c65c 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 github.com/casbin/casbin/v2 v2.60.0 - github.com/coreos/go-oidc/v3 v3.4.0 + github.com/coreos/go-oidc/v3 v3.6.0 github.com/dustin/go-humanize v1.0.0 github.com/evanphx/json-patch v5.6.0+incompatible github.com/fsnotify/fsnotify v1.6.0 @@ -142,6 +142,7 @@ require ( github.com/go-errors/errors v1.0.1 // indirect github.com/go-git/gcfg v1.5.0 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect + github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.21.4 // indirect github.com/go-openapi/errors v0.20.3 // indirect diff --git a/go.sum b/go.sum index f5a70c47be618..1b09772868988 100644 --- a/go.sum +++ b/go.sum @@ -20,28 +20,12 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= -cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= -cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= -cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= -cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= -cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= -cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= -cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= -cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= @@ -50,7 +34,6 @@ cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2Aawl cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -60,7 +43,6 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= @@ -218,7 +200,6 @@ github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XP github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= @@ -243,8 +224,8 @@ github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkE github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-oidc/v3 v3.4.0 h1:xz7elHb/LDwm/ERpwHd+5nb7wFHL32rsr6bBOgaeu6g= -github.com/coreos/go-oidc/v3 v3.4.0/go.mod h1:eHUXhZtXPQLgEaDrOVTgwbgmz1xGOkJNye6h3zkD2Pw= +github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o= +github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= @@ -297,7 +278,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/euank/go-kmsg-parser v2.0.0+incompatible/go.mod h1:MhmAMZ8V4CYH4ybgdRwPr2TU5ThnS43puaKEMpja1uw= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= @@ -355,6 +335,8 @@ github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= +github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= @@ -488,7 +470,6 @@ github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+Licev github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -532,7 +513,6 @@ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -545,9 +525,6 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= @@ -555,16 +532,9 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= -github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= -github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= -github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= -github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4 h1:4EZlYQIiyecYJlUbVkFXCXHz1QPhVXcHnQKAzBTPfQo= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4/go.mod h1:lEO7XoHJ/xNRBCxrn4h/CEB67h0kW1B0t4ooP2yrjUA= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= @@ -1164,6 +1134,7 @@ golang.org/x/crypto v0.0.0-20190422183909-d864b10871cd/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -1289,11 +1260,7 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= @@ -1320,15 +1287,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= -golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= @@ -1344,7 +1304,6 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1426,38 +1385,23 @@ golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210608053332-aa57babbf139/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220406155245-289d7a0edf71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1574,8 +1518,6 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= @@ -1588,9 +1530,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 h1:juzzlx91nWAOsHuOVfXZPMXHtJEKouZvY9bBbwlOeYs= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45/go.mod h1:41y72mzHT7+jFNgyBpJRrZWuZJcLmLrTpq6iGgOFJMQ= gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= @@ -1627,24 +1566,6 @@ google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBz google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= -google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= -google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= -google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= -google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= -google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= -google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= -google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= -google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= -google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= -google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1696,47 +1617,12 @@ google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= -google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA= google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -1760,21 +1646,11 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= From 42479f5f2c58dfb6289af63b9df028d09915776a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 May 2023 13:58:29 +0000 Subject: [PATCH 084/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.271 to 1.44.272 (#13842) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.271 to 1.44.272. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.271...v1.44.272) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 50b321736c65c..c51560017ff88 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.271 + github.com/aws/aws-sdk-go v1.44.272 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 diff --git a/go.sum b/go.sum index 1b09772868988..95a5bbe826165 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.271 h1:aa+Nu2JcnFmW1TLIz/67SS7KPq1I1Adl4RmExSMjGVo= -github.com/aws/aws-sdk-go v1.44.271/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.272 h1:cP7BaZCz1a4P80vOxi8OVma8ZcxZNDYyuyU5/bojU+Y= +github.com/aws/aws-sdk-go v1.44.272/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From 60b7a315da223455e461bf667da35c0253b8dec2 Mon Sep 17 00:00:00 2001 From: Soumya Ghosh Dastidar <44349253+gdsoumya@users.noreply.github.com> Date: Wed, 31 May 2023 23:01:33 +0530 Subject: [PATCH 085/252] fix(doc): deep links example fix (#13855) Signed-off-by: Soumya Ghosh Dastidar --- docs/operator-manual/deep_links.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index f667449016d58..2998a9c863697 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -69,7 +69,7 @@ An example `argocd-cm.yaml` file with deep links and their variations : if: application.spec.project == "default" - url: https://{{.application.metadata.annotations.splunkhost}}?search={{.application.spec.destination.namespace}} title: Splunk - if: application.metadata.annotations.splunkhost + if: application.metadata.annotations.splunkhost != "" # sample resource level links resource.links: | - url: https://mycompany.splunk.com?search={{.resource.metadata.name}}&env={{.project.metadata.label.env}} From 187c7d0993c0568a3954cbfc624e982bc6e3921d Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Thu, 1 Jun 2023 09:43:38 -0400 Subject: [PATCH 086/252] feat: RBAC csv policy can be composed by multiple configmap keys (#12511) * feat: RBAC csv policy can be composed by multiple configmap keys Signed-off-by: Leonardo Luz Almeida * implement RBAC csv match by suffix and prefix Signed-off-by: Leonardo Luz Almeida * add documentation Signed-off-by: Leonardo Luz Almeida * add policies in deterministic order Signed-off-by: Leonardo Luz Almeida --------- Signed-off-by: Leonardo Luz Almeida --- docs/operator-manual/argocd-rbac-cm.yaml | 9 ++++ docs/operator-manual/rbac.md | 30 +++++++++++ util/rbac/rbac.go | 38 ++++++++++++-- util/rbac/rbac_test.go | 64 ++++++++++++++++++++++++ 4 files changed, 137 insertions(+), 4 deletions(-) diff --git a/docs/operator-manual/argocd-rbac-cm.yaml b/docs/operator-manual/argocd-rbac-cm.yaml index 12ec17f8e9e14..b68d93ecc4f89 100644 --- a/docs/operator-manual/argocd-rbac-cm.yaml +++ b/docs/operator-manual/argocd-rbac-cm.yaml @@ -19,6 +19,15 @@ data: # Grant all members of 'my-org:team-beta' admins g, my-org:team-beta, role:admin + # it is possible to provide additional entries in this configmap to compose the final policy csv. + # In this case the key must follow the pattern 'policy..csv'. Argo CD will concatenate + # all additional policies it finds with this pattern below the main one ('policy.csv'). This is useful + # to allow composing policies in config management tools like Kustomize, Helm, etc. + policy.overlay.csv: | + p, role:tester, applications, *, */*, allow + p, role:tester, projects, *, *, allow + g, my-org:team-qa, role:tester + # policy.default is the name of the default role which Argo CD will falls back to, when # authorizing API requests (optional). If omitted or empty, users may be still be able to login, # but will see no apps, projects, etc... diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md index 37680045fe406..b6fdc87ac2e23 100644 --- a/docs/operator-manual/rbac.md +++ b/docs/operator-manual/rbac.md @@ -171,6 +171,36 @@ g, db-admins, role:staging-db-admins This example defines a *role* called `staging-db-admins` with *nine permissions* that allow that role to perform the *actions* (`create`/`delete`/`get`/`override`/`sync`/`update` applications, `get` logs, `create` exec and `get` appprojects) against `*` (all) objects in the `staging-db-admins` Argo CD AppProject. +## Policy CSV Composition + +It is possible to provide additional entries in the `argocd-rbac-cm` +configmap to compose the final policy csv. In this case the key must +follow the pattern `policy..csv`. Argo CD will concatenate +all additional policies it finds with this pattern below the main one +('policy.csv'). The order of additional provided policies are +determined by the key string. Example: if two additional policies are +provided with keys `policy.A.csv` and `policy.B.csv`, it will first +concatenate `policy.A.csv` and then `policy.B.csv`. + +This is useful to allow composing policies in config management tools +like Kustomize, Helm, etc. + +The example below shows how a Kustomize patch can be provided in an +overlay to add additional configuration to an existing RBAC policy. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm + namespace: argocd +data: + policy.tester-overlay.csv: | + p, role:tester, applications, *, */*, allow + p, role:tester, projects, *, *, allow + g, my-org:team-qa, role:tester +``` + ## Anonymous Access The anonymous access to Argo CD can be enabled using `users.anonymous.enabled` field in `argocd-cm` (see [argocd-cm.yaml](argocd-cm.yaml)). diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index d37e602c04fe0..d0c4ca65630cf 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -5,6 +5,7 @@ import ( "encoding/csv" "errors" "fmt" + "sort" "strings" "sync" "time" @@ -394,14 +395,43 @@ func (e *Enforcer) runInformer(ctx context.Context, onUpdated func(cm *apiv1.Con log.Info("rbac configmap informer cancelled") } +// PolicyCSV will generate the final policy csv to be used +// by Argo CD RBAC. It will find entries in the given data +// that matches the policy key name convention: +// +// policy[.overlay].csv +func PolicyCSV(data map[string]string) string { + var strBuilder strings.Builder + // add the main policy first + if p, ok := data[ConfigMapPolicyCSVKey]; ok { + strBuilder.WriteString(p) + } + + keys := make([]string, 0, len(data)) + for k := range data { + keys = append(keys, k) + } + sort.Strings(keys) + + // append additional policies at the end of the csv + for _, key := range keys { + value := data[key] + if strings.HasPrefix(key, "policy.") && + strings.HasSuffix(key, ".csv") && + key != ConfigMapPolicyCSVKey { + + strBuilder.WriteString("\n") + strBuilder.WriteString(value) + } + } + return strBuilder.String() +} + // syncUpdate updates the enforcer func (e *Enforcer) syncUpdate(cm *apiv1.ConfigMap, onUpdated func(cm *apiv1.ConfigMap) error) error { e.SetDefaultRole(cm.Data[ConfigMapPolicyDefaultKey]) e.SetMatchMode(cm.Data[ConfigMapMatchModeKey]) - policyCSV, ok := cm.Data[ConfigMapPolicyCSVKey] - if !ok { - policyCSV = "" - } + policyCSV := PolicyCSV(cm.Data) if err := onUpdated(cm); err != nil { return err } diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index d0f572d86c248..04d833ce85871 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -3,6 +3,7 @@ package rbac import ( "context" "fmt" + "strings" "testing" "time" @@ -43,6 +44,69 @@ func fakeConfigMap() *apiv1.ConfigMap { return &cm } +func TestPolicyCSV(t *testing.T) { + t.Run("will return empty string if data has no csv entries", func(t *testing.T) { + // given + data := make(map[string]string) + + // when + policy := PolicyCSV(data) + + // then + assert.Equal(t, "", policy) + }) + t.Run("will return just policy defined with default key", func(t *testing.T) { + // given + data := make(map[string]string) + expectedPolicy := "policy1\npolicy2" + data[ConfigMapPolicyCSVKey] = expectedPolicy + data["UnrelatedKey"] = "unrelated value" + + // when + policy := PolicyCSV(data) + + // then + assert.Equal(t, expectedPolicy, policy) + }) + t.Run("will return composed policy provided by multiple policy keys", func(t *testing.T) { + // given + data := make(map[string]string) + data[ConfigMapPolicyCSVKey] = "policy1" + data["UnrelatedKey"] = "unrelated value" + data["policy.overlay1.csv"] = "policy2" + data["policy.overlay2.csv"] = "policy3" + + // when + policy := PolicyCSV(data) + + // then + assert.Regexp(t, "^policy1", policy) + assert.Contains(t, policy, "policy2") + assert.Contains(t, policy, "policy3") + }) + t.Run("will return composed policy in a deterministic order", func(t *testing.T) { + // given + data := make(map[string]string) + data["UnrelatedKey"] = "unrelated value" + data["policy.B.csv"] = "policyb" + data["policy.A.csv"] = "policya" + data["policy.C.csv"] = "policyc" + data[ConfigMapPolicyCSVKey] = "policy1" + + // when + policy := PolicyCSV(data) + + // then + result := strings.Split(policy, "\n") + assert.Len(t, result, 4) + assert.Equal(t, "policy1", result[0]) + assert.Equal(t, "policya", result[1]) + assert.Equal(t, "policyb", result[2]) + assert.Equal(t, "policyc", result[3]) + }) + +} + // TestBuiltinPolicyEnforcer tests the builtin policy rules func TestBuiltinPolicyEnforcer(t *testing.T) { kubeclientset := fake.NewSimpleClientset() From 7c8b3d31a1e6fa844670ced3cb395537b3c34cb1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 09:50:24 -0400 Subject: [PATCH 087/252] chore(deps): bump github.com/antonmedv/expr from 1.9.0 to 1.12.5 (#13860) Bumps [github.com/antonmedv/expr](https://github.com/antonmedv/expr) from 1.9.0 to 1.12.5. - [Release notes](https://github.com/antonmedv/expr/releases) - [Commits](https://github.com/antonmedv/expr/compare/v1.9.0...v1.12.5) --- updated-dependencies: - dependency-name: github.com/antonmedv/expr dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 17 ++--------------- 2 files changed, 3 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index c51560017ff88..c169d0557c873 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/alicebob/miniredis/v2 v2.23.1 - github.com/antonmedv/expr v1.9.0 + github.com/antonmedv/expr v1.12.5 github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d diff --git a/go.sum b/go.sum index 95a5bbe826165..eb53f449dc123 100644 --- a/go.sum +++ b/go.sum @@ -69,7 +69,6 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DATA-DOG/go-sqlmock v1.3.3/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/GoogleCloudPlatform/k8s-cloud-provider v1.16.1-0.20210702024009-ea6160c1d0e3/go.mod h1:8XasY4ymP2V/tn2OOV9ZadmiTE1FIB/h3W+yNlPttKw= github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA= github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo= @@ -118,8 +117,8 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= -github.com/antonmedv/expr v1.9.0 h1:j4HI3NHEdgDnN9p6oI6Ndr0G5QryMY0FNxT4ONrFDGU= -github.com/antonmedv/expr v1.9.0/go.mod h1:5qsM3oLGDND7sDmQGDXHkYfkjYMUX14qsgqmHhwGEk8= +github.com/antonmedv/expr v1.12.5 h1:Fq4okale9swwL3OeLLs9WD9H6GbgBLJyN/NUHRv+n0E= +github.com/antonmedv/expr v1.12.5/go.mod h1:FPC8iWArxls7axbVLsW+kpg1mz29A1b2M6jt+hZfDkU= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc h1:i6OgOvFFsoWiGBFEhhDNcYoRtxxtrVwcD7wCEeqhct4= github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= @@ -241,7 +240,6 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -309,8 +307,6 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fvbommel/sortorder v1.0.1 h1:dSnXLt4mJYH25uDDGa3biZNQsozaUWDSWeKJ0qqFfzE= github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= -github.com/gdamore/encoding v1.0.0/go.mod h1:alR0ol34c49FCSBLjhosxzcPHQbf2trDkoo5dl+VrEg= -github.com/gdamore/tcell v1.3.0/go.mod h1:Hjvr+Ofd+gLglo7RYKxxnzCBmev3BzsS67MebKS4zMM= github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e h1:C3DkNr9pxqXqCrmRHO7s3XgZS3zpi9GEA01GuWZODfo= @@ -690,8 +686,6 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhn github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/lpabon/godbc v0.1.1/go.mod h1:Jo9QV0cf3U6jZABgiJ2skINAXb9j8m51r07g4KI92ZA= -github.com/lucasb-eyer/go-colorful v1.0.2/go.mod h1:0MS4r+7BZKSJ5mw4/S5MPN+qHFF1fYclkSPilDOKW0s= -github.com/lucasb-eyer/go-colorful v1.0.3/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/lusis/go-slackbot v0.0.0-20180109053408-401027ccfef5/go.mod h1:c2mYKRyMb1BPkO5St0c/ps62L4S0W2NAkaTXj9qEI+0= github.com/lusis/slack-test v0.0.0-20190426140909-c40012f20018/go.mod h1:sFlOUpQL1YcjhFVXhg1CG8ZASEs/Mf1oVb6H75JL/zg= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -721,7 +715,6 @@ github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APP github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.8/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= @@ -858,7 +851,6 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= @@ -902,8 +894,6 @@ github.com/redis/go-redis/v9 v9.0.0-rc.4/go.mod h1:Vo3EsyWnicKnSKCA7HhgnvnyA74wO github.com/redis/go-redis/v9 v9.0.2 h1:BA426Zqe/7r56kCcvxYLWe1mkaz71LKF77GwgFzSxfE= github.com/redis/go-redis/v9 v9.0.2/go.mod h1:/xDTe9EF1LM61hek62Poq2nzQSGj0xSrEtEHbBQevps= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= -github.com/rivo/tview v0.0.0-20200219210816-cd38d7432498/go.mod h1:6lkG1x+13OShEf0EaOCaTQYyB7d5nSbb181KtjlS+84= -github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -926,7 +916,6 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/sanity-io/litter v1.2.0/go.mod h1:JF6pZUFgu2Q0sBZ+HSV35P8TVPI1TTzEwyu9FXAw2W4= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= @@ -991,7 +980,6 @@ github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoH github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v0.0.0-20161117074351-18a02ba4a312/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -1330,7 +1318,6 @@ golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190626150813-e07cf5db2756/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= From 09d7bc4c36f083ebd869bf5fd95d85bdccdd8304 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 09:52:38 -0400 Subject: [PATCH 088/252] chore(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 (#13862) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.1.0 to 0.2.0. - [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index c169d0557c873..467b279595140 100644 --- a/go.mod +++ b/go.mod @@ -78,7 +78,7 @@ require ( golang.org/x/crypto v0.9.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/oauth2 v0.8.0 - golang.org/x/sync v0.1.0 + golang.org/x/sync v0.2.0 golang.org/x/term v0.8.0 google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 google.golang.org/grpc v1.55.0 diff --git a/go.sum b/go.sum index eb53f449dc123..5a4b3b0ad5db4 100644 --- a/go.sum +++ b/go.sum @@ -1293,8 +1293,9 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= From 4e8b0c09d5e994d46f9402b32db47b29507a2b44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 09:54:06 -0400 Subject: [PATCH 089/252] chore(deps): bump github.com/google/go-jsonnet from 0.19.1 to 0.20.0 (#13863) Bumps [github.com/google/go-jsonnet](https://github.com/google/go-jsonnet) from 0.19.1 to 0.20.0. - [Release notes](https://github.com/google/go-jsonnet/releases) - [Changelog](https://github.com/google/go-jsonnet/blob/master/.goreleaser.yml) - [Commits](https://github.com/google/go-jsonnet/compare/v0.19.1...v0.20.0) --- updated-dependencies: - dependency-name: github.com/google/go-jsonnet dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 467b279595140..ab3eaf38f08e1 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 github.com/google/go-github/v35 v35.3.0 - github.com/google/go-jsonnet v0.19.1 + github.com/google/go-jsonnet v0.20.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/google/uuid v1.3.0 github.com/gorilla/handlers v1.5.1 diff --git a/go.sum b/go.sum index 5a4b3b0ad5db4..7f10af6ca1317 100644 --- a/go.sum +++ b/go.sum @@ -291,7 +291,6 @@ github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+ne github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= @@ -498,8 +497,8 @@ github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27u github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= github.com/google/go-github/v52 v52.0.0 h1:uyGWOY+jMQ8GVGSX8dkSwCzlehU3WfdxQ7GweO/JP7M= github.com/google/go-github/v52 v52.0.0/go.mod h1:WJV6VEEUPuMo5pXqqa2ZCZEdbQqua4zAk2MZTIo+m+4= -github.com/google/go-jsonnet v0.19.1 h1:MORxkrG0elylUqh36R4AcSPX0oZQa9hvI3lroN+kDhs= -github.com/google/go-jsonnet v0.19.1/go.mod h1:5JVT33JVCoehdTj5Z2KJq1eIdt3Nb8PCmZ+W5D8U350= +github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g= +github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -706,11 +705,9 @@ github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= -github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= @@ -1334,7 +1331,6 @@ golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= From 980d60b292bc3d7e781d3c1a0680d95a02ef5e9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 09:55:06 -0400 Subject: [PATCH 090/252] chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#13864) Bumps [github.com/dustin/go-humanize](https://github.com/dustin/go-humanize) from 1.0.0 to 1.0.1. - [Commits](https://github.com/dustin/go-humanize/compare/v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: github.com/dustin/go-humanize dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index ab3eaf38f08e1..d0ad54180857d 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 github.com/casbin/casbin/v2 v2.60.0 github.com/coreos/go-oidc/v3 v3.6.0 - github.com/dustin/go-humanize v1.0.0 + github.com/dustin/go-humanize v1.0.1 github.com/evanphx/json-patch v5.6.0+incompatible github.com/fsnotify/fsnotify v1.6.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e diff --git a/go.sum b/go.sum index 7f10af6ca1317..25523c774877e 100644 --- a/go.sum +++ b/go.sum @@ -258,8 +258,9 @@ github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= From 129892b5b64e92958d58f52f54d60288bfa2ba73 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 15:40:29 +0000 Subject: [PATCH 091/252] chore(deps): bump github.com/casbin/casbin/v2 from 2.60.0 to 2.69.1 (#13861) Bumps [github.com/casbin/casbin/v2](https://github.com/casbin/casbin) from 2.60.0 to 2.69.1. - [Release notes](https://github.com/casbin/casbin/releases) - [Changelog](https://github.com/casbin/casbin/blob/master/.releaserc.json) - [Commits](https://github.com/casbin/casbin/compare/v2.60.0...v2.69.1) --- updated-dependencies: - dependency-name: github.com/casbin/casbin/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d0ad54180857d..e8734aea8dcaf 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 - github.com/casbin/casbin/v2 v2.60.0 + github.com/casbin/casbin/v2 v2.69.1 github.com/coreos/go-oidc/v3 v3.6.0 github.com/dustin/go-humanize v1.0.1 github.com/evanphx/json-patch v5.6.0+incompatible diff --git a/go.sum b/go.sum index 25523c774877e..ddbd014444838 100644 --- a/go.sum +++ b/go.sum @@ -165,8 +165,8 @@ github.com/bsm/ginkgo/v2 v2.5.0 h1:aOAnND1T40wEdAtkGSkvSICWeQ8L3UASX7YVCqQx+eQ= github.com/bsm/gomega v1.20.0 h1:JhAwLmtRzXFTx2AkALSLa8ijZafntmhSoU63Ok18Uq8= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= -github.com/casbin/casbin/v2 v2.60.0 h1:ZmC0/t4wolfEsDpDxTEsu2z6dfbMNpc11F52ceLs2Eo= -github.com/casbin/casbin/v2 v2.60.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= +github.com/casbin/casbin/v2 v2.69.1 h1:R3e7uveIRN5Pdqvq0GXEhXmn7HyfoEVjp21/mgEXbdI= +github.com/casbin/casbin/v2 v2.69.1/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= From 1b0bf87e7b4dfa854c4ac9d6139717c3dcfe4bdd Mon Sep 17 00:00:00 2001 From: Fish-pro Date: Fri, 2 Jun 2023 00:48:09 +0800 Subject: [PATCH 092/252] chore: Clean up repeated package import (#13821) Signed-off-by: Zechun Chen --- cmd/argocd/commands/app_test.go | 69 +++-- cmd/argocd/commands/applicationset_test.go | 69 +++-- cmd/util/app_test.go | 5 +- controller/appcontroller_test.go | 325 ++++++++++----------- controller/state.go | 51 ++-- 5 files changed, 257 insertions(+), 262 deletions(-) diff --git a/cmd/argocd/commands/app_test.go b/cmd/argocd/commands/app_test.go index e6a0fa9e5c3c7..808efa5ad57da 100644 --- a/cmd/argocd/commands/app_test.go +++ b/cmd/argocd/commands/app_test.go @@ -9,7 +9,6 @@ import ( argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient" "github.com/argoproj/argo-cd/v2/pkg/apis/application" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/gitops-engine/pkg/health" "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/google/go-cmp/cmp" @@ -973,49 +972,49 @@ func TestFilterAppResources(t *testing.T) { } // Resource filters var ( - blankValues = argoappv1.SyncOperationResource{ + blankValues = v1alpha1.SyncOperationResource{ Group: "", Kind: "", Name: "", Namespace: "", Exclude: false} // *:*:* - includeAllResources = argoappv1.SyncOperationResource{ + includeAllResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "*", Name: "*", Namespace: "", Exclude: false} // !*:*:* - excludeAllResources = argoappv1.SyncOperationResource{ + excludeAllResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "*", Name: "*", Namespace: "", Exclude: true} // *:Service:* - includeAllServiceResources = argoappv1.SyncOperationResource{ + includeAllServiceResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "Service", Name: "*", Namespace: "", Exclude: false} // !*:Service:* - excludeAllServiceResources = argoappv1.SyncOperationResource{ + excludeAllServiceResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "Service", Name: "*", Namespace: "", Exclude: true} // apps:ReplicaSet:replicaSet-name1 - includeReplicaSet1Resource = argoappv1.SyncOperationResource{ + includeReplicaSet1Resource = v1alpha1.SyncOperationResource{ Group: "apps", Kind: "ReplicaSet", Name: "replicaSet-name1", Namespace: "", Exclude: false} // !apps:ReplicaSet:replicaSet-name2 - excludeReplicaSet2Resource = argoappv1.SyncOperationResource{ + excludeReplicaSet2Resource = v1alpha1.SyncOperationResource{ Group: "apps", Kind: "ReplicaSet", Name: "replicaSet-name2", @@ -1064,60 +1063,60 @@ func TestFilterAppResources(t *testing.T) { ) tests := []struct { testName string - selectedResources []*argoappv1.SyncOperationResource - expectedResult []*argoappv1.SyncOperationResource + selectedResources []*v1alpha1.SyncOperationResource + expectedResult []*v1alpha1.SyncOperationResource }{ // --resource apps:ReplicaSet:replicaSet-name1 --resource *:Service:* {testName: "Include ReplicaSet replicaSet-name1 resouce and all service resources", - selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSet1Resource}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &service1, &service2}, + selectedResources: []*v1alpha1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSet1Resource}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &service1, &service2}, }, // --resource apps:ReplicaSet:replicaSet-name1 --resource !*:Service:* {testName: "Include ReplicaSet replicaSet-name1 resouce and exclude all service resources", - selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSet1Resource}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, + selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSet1Resource}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, }, // --resource !apps:ReplicaSet:replicaSet-name2 --resource !*:Service:* {testName: "Exclude ReplicaSet replicaSet-name2 resouce and all service resources", - selectedResources: []*argoappv1.SyncOperationResource{&excludeReplicaSet2Resource, &excludeAllServiceResources}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, + selectedResources: []*v1alpha1.SyncOperationResource{&excludeReplicaSet2Resource, &excludeAllServiceResources}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, }, // --resource !apps:ReplicaSet:replicaSet-name2 {testName: "Exclude ReplicaSet replicaSet-name2 resouce", - selectedResources: []*argoappv1.SyncOperationResource{&excludeReplicaSet2Resource}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &job, &service1, &service2, &deployment}, + selectedResources: []*v1alpha1.SyncOperationResource{&excludeReplicaSet2Resource}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &job, &service1, &service2, &deployment}, }, // --resource apps:ReplicaSet:replicaSet-name1 {testName: "Include ReplicaSet replicaSet-name1 resouce", - selectedResources: []*argoappv1.SyncOperationResource{&includeReplicaSet1Resource}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1}, + selectedResources: []*v1alpha1.SyncOperationResource{&includeReplicaSet1Resource}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1}, }, // --resource !*:Service:* {testName: "Exclude Service resouces", - selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, + selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllServiceResources}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, }, // --resource *:Service:* {testName: "Include Service resouces", - selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources}, - expectedResult: []*argoappv1.SyncOperationResource{&service1, &service2}, + selectedResources: []*v1alpha1.SyncOperationResource{&includeAllServiceResources}, + expectedResult: []*v1alpha1.SyncOperationResource{&service1, &service2}, }, // --resource !*:*:* {testName: "Exclude all resouces", - selectedResources: []*argoappv1.SyncOperationResource{&excludeAllResources}, + selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllResources}, expectedResult: nil, }, // --resource *:*:* {testName: "Include all resouces", - selectedResources: []*argoappv1.SyncOperationResource{&includeAllResources}, - expectedResult: []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, + selectedResources: []*v1alpha1.SyncOperationResource{&includeAllResources}, + expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, }, {testName: "No Filters", - selectedResources: []*argoappv1.SyncOperationResource{&blankValues}, + selectedResources: []*v1alpha1.SyncOperationResource{&blankValues}, expectedResult: nil, }, {testName: "Empty Filter", - selectedResources: []*argoappv1.SyncOperationResource{}, + selectedResources: []*v1alpha1.SyncOperationResource{}, expectedResult: nil, }, } @@ -1440,8 +1439,8 @@ func TestCheckResourceStatus(t *testing.T) { func Test_hasAppChanged(t *testing.T) { type args struct { - appReq *argoappv1.Application - appRes *argoappv1.Application + appReq *v1alpha1.Application + appRes *v1alpha1.Application upsert bool } tests := []struct { @@ -1503,16 +1502,16 @@ func Test_hasAppChanged(t *testing.T) { } } -func testApp(name, project string, labels map[string]string, annotations map[string]string, finalizers []string) *argoappv1.Application { - return &argoappv1.Application{ +func testApp(name, project string, labels map[string]string, annotations map[string]string, finalizers []string) *v1alpha1.Application { + return &v1alpha1.Application{ ObjectMeta: metav1.ObjectMeta{ Name: name, Labels: labels, Annotations: annotations, Finalizers: finalizers, }, - Spec: argoappv1.ApplicationSpec{ - Source: &argoappv1.ApplicationSource{ + Spec: v1alpha1.ApplicationSpec{ + Source: &v1alpha1.ApplicationSource{ RepoURL: "https://github.com/argoproj/argocd-example-apps.git", }, Project: project, diff --git a/cmd/argocd/commands/applicationset_test.go b/cmd/argocd/commands/applicationset_test.go index 074c4d2b76bfc..0c511f8fd68e8 100644 --- a/cmd/argocd/commands/applicationset_test.go +++ b/cmd/argocd/commands/applicationset_test.go @@ -6,19 +6,18 @@ import ( "testing" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - arogappsetv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestPrintApplicationSetNames(t *testing.T) { output, _ := captureOutput(func() error { - appSet := &arogappsetv1.ApplicationSet{ + appSet := &v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "test", }, } - printApplicationSetNames([]arogappsetv1.ApplicationSet{*appSet, *appSet}) + printApplicationSetNames([]v1alpha1.ApplicationSet{*appSet, *appSet}) return nil }) expectation := "test\ntest\n" @@ -29,41 +28,41 @@ func TestPrintApplicationSetNames(t *testing.T) { func TestPrintApplicationSetTable(t *testing.T) { output, err := captureOutput(func() error { - app := &arogappsetv1.ApplicationSet{ + app := &v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "app-name", }, - Spec: arogappsetv1.ApplicationSetSpec{ - Generators: []arogappsetv1.ApplicationSetGenerator{ - arogappsetv1.ApplicationSetGenerator{ - Git: &arogappsetv1.GitGenerator{ + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + v1alpha1.ApplicationSetGenerator{ + Git: &v1alpha1.GitGenerator{ RepoURL: "https://github.com/argoproj/argo-cd.git", Revision: "head", - Directories: []arogappsetv1.GitDirectoryGeneratorItem{ - arogappsetv1.GitDirectoryGeneratorItem{ + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + v1alpha1.GitDirectoryGeneratorItem{ Path: "applicationset/examples/git-generator-directory/cluster-addons/*", }, }, }, }, }, - Template: arogappsetv1.ApplicationSetTemplate{ + Template: v1alpha1.ApplicationSetTemplate{ Spec: v1alpha1.ApplicationSpec{ Project: "default", }, }, }, - Status: arogappsetv1.ApplicationSetStatus{ - Conditions: []arogappsetv1.ApplicationSetCondition{ - arogappsetv1.ApplicationSetCondition{ + Status: v1alpha1.ApplicationSetStatus{ + Conditions: []v1alpha1.ApplicationSetCondition{ + v1alpha1.ApplicationSetCondition{ Status: v1alpha1.ApplicationSetConditionStatusTrue, - Type: arogappsetv1.ApplicationSetConditionResourcesUpToDate, + Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, }, }, }, } output := "table" - printApplicationSetTable([]arogappsetv1.ApplicationSet{*app, *app}, &output) + printApplicationSetTable([]v1alpha1.ApplicationSet{*app, *app}, &output) return nil }) assert.NoError(t, err) @@ -72,65 +71,65 @@ func TestPrintApplicationSetTable(t *testing.T) { } func TestPrintAppSetSummaryTable(t *testing.T) { - baseAppSet := &arogappsetv1.ApplicationSet{ + baseAppSet := &v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "app-name", }, - Spec: arogappsetv1.ApplicationSetSpec{ - Generators: []arogappsetv1.ApplicationSetGenerator{ - arogappsetv1.ApplicationSetGenerator{ - Git: &arogappsetv1.GitGenerator{ + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + v1alpha1.ApplicationSetGenerator{ + Git: &v1alpha1.GitGenerator{ RepoURL: "https://github.com/argoproj/argo-cd.git", Revision: "head", - Directories: []arogappsetv1.GitDirectoryGeneratorItem{ - arogappsetv1.GitDirectoryGeneratorItem{ + Directories: []v1alpha1.GitDirectoryGeneratorItem{ + v1alpha1.GitDirectoryGeneratorItem{ Path: "applicationset/examples/git-generator-directory/cluster-addons/*", }, }, }, }, }, - Template: arogappsetv1.ApplicationSetTemplate{ + Template: v1alpha1.ApplicationSetTemplate{ Spec: v1alpha1.ApplicationSpec{ Project: "default", }, }, }, - Status: arogappsetv1.ApplicationSetStatus{ - Conditions: []arogappsetv1.ApplicationSetCondition{ - arogappsetv1.ApplicationSetCondition{ + Status: v1alpha1.ApplicationSetStatus{ + Conditions: []v1alpha1.ApplicationSetCondition{ + v1alpha1.ApplicationSetCondition{ Status: v1alpha1.ApplicationSetConditionStatusTrue, - Type: arogappsetv1.ApplicationSetConditionResourcesUpToDate, + Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, }, }, }, } appsetSpecSyncPolicy := baseAppSet.DeepCopy() - appsetSpecSyncPolicy.Spec.SyncPolicy = &arogappsetv1.ApplicationSetSyncPolicy{ + appsetSpecSyncPolicy.Spec.SyncPolicy = &v1alpha1.ApplicationSetSyncPolicy{ PreserveResourcesOnDeletion: true, } appSetTemplateSpecSyncPolicy := baseAppSet.DeepCopy() - appSetTemplateSpecSyncPolicy.Spec.Template.Spec.SyncPolicy = &arogappsetv1.SyncPolicy{ - Automated: &arogappsetv1.SyncPolicyAutomated{ + appSetTemplateSpecSyncPolicy.Spec.Template.Spec.SyncPolicy = &v1alpha1.SyncPolicy{ + Automated: &v1alpha1.SyncPolicyAutomated{ SelfHeal: true, }, } appSetBothSyncPolicies := baseAppSet.DeepCopy() - appSetBothSyncPolicies.Spec.SyncPolicy = &arogappsetv1.ApplicationSetSyncPolicy{ + appSetBothSyncPolicies.Spec.SyncPolicy = &v1alpha1.ApplicationSetSyncPolicy{ PreserveResourcesOnDeletion: true, } - appSetBothSyncPolicies.Spec.Template.Spec.SyncPolicy = &arogappsetv1.SyncPolicy{ - Automated: &arogappsetv1.SyncPolicyAutomated{ + appSetBothSyncPolicies.Spec.Template.Spec.SyncPolicy = &v1alpha1.SyncPolicy{ + Automated: &v1alpha1.SyncPolicyAutomated{ SelfHeal: true, }, } for _, tt := range []struct { name string - appSet *arogappsetv1.ApplicationSet + appSet *v1alpha1.ApplicationSet expectedOutput string }{ { diff --git a/cmd/util/app_test.go b/cmd/util/app_test.go index ae8a7b8140788..2f49a3cc4c8c4 100644 --- a/cmd/util/app_test.go +++ b/cmd/util/app_test.go @@ -9,7 +9,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "k8s.io/apimachinery/pkg/util/intstr" ) @@ -217,7 +216,7 @@ func Test_setAppSpecOptions(t *testing.T) { t.Run("Kustomize", func(t *testing.T) { assert.NoError(t, f.SetFlag("kustomize-replica", "my-deployment=2")) assert.NoError(t, f.SetFlag("kustomize-replica", "my-statefulset=4")) - assert.Equal(t, f.spec.Source.Kustomize.Replicas, argoappv1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(2)}, {Name: "my-statefulset", Count: intstr.FromInt(4)}}) + assert.Equal(t, f.spec.Source.Kustomize.Replicas, v1alpha1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(2)}, {Name: "my-statefulset", Count: intstr.FromInt(4)}}) }) } @@ -294,7 +293,7 @@ func TestReadAppsFromURI(t *testing.T) { _, _ = file.WriteString(appsYaml) _ = file.Sync() - apps := make([]*argoappv1.Application, 0) + apps := make([]*v1alpha1.Application, 0) err = readAppsFromURI(file.Name(), &apps) assert.NoError(t, err) assert.Equal(t, 2, len(apps)) diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index 1573eef0a74bd..179ab84e2f879 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -32,7 +32,6 @@ import ( mockstatecache "github.com/argoproj/argo-cd/v2/controller/cache/mocks" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" mockrepoclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks" @@ -43,7 +42,7 @@ import ( ) type namespacedResource struct { - argoappv1.ResourceNode + v1alpha1.ResourceNode AppName string } @@ -132,7 +131,7 @@ func newFakeController(data *fakeData) *ApplicationController { mockStateCache.On("IsNamespaced", mock.Anything, mock.Anything).Return(true, nil) mockStateCache.On("GetManagedLiveObjs", mock.Anything, mock.Anything).Return(data.managedLiveObjs, nil) mockStateCache.On("GetVersionsInfo", mock.Anything).Return("v1.2.3", nil, nil) - response := make(map[kube.ResourceKey]argoappv1.ResourceNode) + response := make(map[kube.ResourceKey]v1alpha1.ResourceNode) for k, v := range data.namespacedResources { response[k] = v.ResourceNode } @@ -141,12 +140,12 @@ func newFakeController(data *fakeData) *ApplicationController { mockStateCache.On("GetClusterCache", mock.Anything).Return(&clusterCacheMock, nil) mockStateCache.On("IterateHierarchy", mock.Anything, mock.Anything, mock.Anything).Run(func(args mock.Arguments) { key := args[1].(kube.ResourceKey) - action := args[2].(func(child argoappv1.ResourceNode, appName string) bool) + action := args[2].(func(child v1alpha1.ResourceNode, appName string) bool) appName := "" if res, ok := data.namespacedResources[key]; ok { appName = res.AppName } - _ = action(argoappv1.ResourceNode{ResourceRef: argoappv1.ResourceRef{Kind: key.Kind, Group: key.Group, Namespace: key.Namespace, Name: key.Name}}, appName) + _ = action(v1alpha1.ResourceNode{ResourceRef: v1alpha1.ResourceRef{Kind: key.Kind, Group: key.Group, Namespace: key.Namespace, Name: key.Name}}, appName) }).Return(nil) return ctrl } @@ -309,24 +308,24 @@ metadata: data: ` -func newFakeApp() *argoappv1.Application { +func newFakeApp() *v1alpha1.Application { return createFakeApp(fakeApp) } -func newFakeMultiSourceApp() *argoappv1.Application { +func newFakeMultiSourceApp() *v1alpha1.Application { return createFakeApp(fakeMultiSourceApp) } -func newFakeAppWithDestMismatch() *argoappv1.Application { +func newFakeAppWithDestMismatch() *v1alpha1.Application { return createFakeApp(fakeAppWithDestMismatch) } -func newFakeAppWithDestName() *argoappv1.Application { +func newFakeAppWithDestName() *v1alpha1.Application { return createFakeApp(fakeAppWithDestName) } -func createFakeApp(testApp string) *argoappv1.Application { - var app argoappv1.Application +func createFakeApp(testApp string) *v1alpha1.Application { + var app v1alpha1.Application err := yaml.Unmarshal([]byte(testApp), &app) if err != nil { panic(err) @@ -346,11 +345,11 @@ func newFakeCM() map[string]interface{} { func TestAutoSync(t *testing.T) { app := newFakeApp() ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -363,11 +362,11 @@ func TestAutoSyncNotAllowEmpty(t *testing.T) { app := newFakeApp() app.Spec.SyncPolicy.Automated.Prune = true ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.NotNil(t, cond) } @@ -376,11 +375,11 @@ func TestAutoSyncAllowEmpty(t *testing.T) { app.Spec.SyncPolicy.Automated.Prune = true app.Spec.SyncPolicy.Automated.AllowEmpty = true ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) } @@ -390,11 +389,11 @@ func TestSkipAutoSync(t *testing.T) { t.Run("PreviouslySyncedToRevision", func(t *testing.T) { app := newFakeApp() ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -405,11 +404,11 @@ func TestSkipAutoSync(t *testing.T) { t.Run("AlreadyInSyncedState", func(t *testing.T) { app := newFakeApp() ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeSynced, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -421,11 +420,11 @@ func TestSkipAutoSync(t *testing.T) { app := newFakeApp() app.Spec.SyncPolicy = nil ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -438,11 +437,11 @@ func TestSkipAutoSync(t *testing.T) { now := metav1.Now() app.DeletionTimestamp = &now ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -453,22 +452,22 @@ func TestSkipAutoSync(t *testing.T) { // Set current to 'aaaaa', desired to 'bbbbb' and add 'bbbbb' to failure history t.Run("PreviousSyncAttemptFailed", func(t *testing.T) { app := newFakeApp() - app.Status.OperationState = &argoappv1.OperationState{ - Operation: argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, + app.Status.OperationState = &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, }, Phase: synccommon.OperationFailed, - SyncResult: &argoappv1.SyncOperationResult{ + SyncResult: &v1alpha1.SyncOperationResult{ Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", Source: *app.Spec.Source.DeepCopy(), }, } ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.NotNil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -478,12 +477,12 @@ func TestSkipAutoSync(t *testing.T) { t.Run("NeedsToPruneResourcesOnlyButAutomatedPruneDisabled", func(t *testing.T) { app := newFakeApp() ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{ - {Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync, RequiresPruning: true}, + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{ + {Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync, RequiresPruning: true}, }) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) @@ -495,8 +494,8 @@ func TestSkipAutoSync(t *testing.T) { // TestAutoSyncIndicateError verifies we skip auto-sync and return error condition if previous sync failed func TestAutoSyncIndicateError(t *testing.T) { app := newFakeApp() - app.Spec.Source.Helm = &argoappv1.ApplicationSourceHelm{ - Parameters: []argoappv1.HelmParameter{ + app.Spec.Source.Helm = &v1alpha1.ApplicationSourceHelm{ + Parameters: []v1alpha1.HelmParameter{ { Name: "a", Value: "1", @@ -504,23 +503,23 @@ func TestAutoSyncIndicateError(t *testing.T) { }, } ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", } - app.Status.OperationState = &argoappv1.OperationState{ - Operation: argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{ + app.Status.OperationState = &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ Source: app.Spec.Source.DeepCopy(), }, }, Phase: synccommon.OperationFailed, - SyncResult: &argoappv1.SyncOperationResult{ + SyncResult: &v1alpha1.SyncOperationResult{ Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", Source: *app.Spec.Source.DeepCopy(), }, } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.NotNil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -530,8 +529,8 @@ func TestAutoSyncIndicateError(t *testing.T) { // TestAutoSyncParameterOverrides verifies we auto-sync if revision is same but parameter overrides are different func TestAutoSyncParameterOverrides(t *testing.T) { app := newFakeApp() - app.Spec.Source.Helm = &argoappv1.ApplicationSourceHelm{ - Parameters: []argoappv1.HelmParameter{ + app.Spec.Source.Helm = &v1alpha1.ApplicationSourceHelm{ + Parameters: []v1alpha1.HelmParameter{ { Name: "a", Value: "1", @@ -539,16 +538,16 @@ func TestAutoSyncParameterOverrides(t *testing.T) { }, } ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) - syncStatus := argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeOutOfSync, + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", } - app.Status.OperationState = &argoappv1.OperationState{ - Operation: argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{ - Source: &argoappv1.ApplicationSource{ - Helm: &argoappv1.ApplicationSourceHelm{ - Parameters: []argoappv1.HelmParameter{ + app.Status.OperationState = &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ + Source: &v1alpha1.ApplicationSource{ + Helm: &v1alpha1.ApplicationSourceHelm{ + Parameters: []v1alpha1.HelmParameter{ { Name: "a", Value: "2", // this value changed @@ -559,11 +558,11 @@ func TestAutoSyncParameterOverrides(t *testing.T) { }, }, Phase: synccommon.OperationFailed, - SyncResult: &argoappv1.SyncOperationResult{ + SyncResult: &v1alpha1.SyncOperationResult{ Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", }, } - cond := ctrl.autoSync(app, &syncStatus, []argoappv1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: argoappv1.SyncStatusCodeOutOfSync}}) + cond := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) assert.NoError(t, err) @@ -572,14 +571,14 @@ func TestAutoSyncParameterOverrides(t *testing.T) { // TestFinalizeAppDeletion verifies application deletion func TestFinalizeAppDeletion(t *testing.T) { - defaultProj := argoappv1.AppProject{ + defaultProj := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "default", Namespace: test.FakeArgoCDNamespace, }, - Spec: argoappv1.AppProjectSpec{ + Spec: v1alpha1.AppProjectSpec{ SourceRepos: []string{"*"}, - Destinations: []argoappv1.ApplicationDestination{ + Destinations: []v1alpha1.ApplicationDestination{ { Server: "*", Namespace: "*", @@ -608,8 +607,8 @@ func TestFinalizeAppDeletion(t *testing.T) { patched = true return true, nil, nil }) - _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*argoappv1.Cluster, error) { - return []*argoappv1.Cluster{}, nil + _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { + return []*v1alpha1.Cluster{}, nil }) assert.NoError(t, err) assert.True(t, patched) @@ -618,14 +617,14 @@ func TestFinalizeAppDeletion(t *testing.T) { // Ensure any stray resources irregularly labeled with instance label of app are not deleted upon deleting, // when app project restriction is in place t.Run("ProjectRestrictionEnforced", func(*testing.T) { - restrictedProj := argoappv1.AppProject{ + restrictedProj := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "restricted", Namespace: test.FakeArgoCDNamespace, }, - Spec: argoappv1.AppProjectSpec{ + Spec: v1alpha1.AppProjectSpec{ SourceRepos: []string{"*"}, - Destinations: []argoappv1.ApplicationDestination{ + Destinations: []v1alpha1.ApplicationDestination{ { Server: "*", Namespace: "my-app", @@ -658,8 +657,8 @@ func TestFinalizeAppDeletion(t *testing.T) { patched = true return true, nil, nil }) - objs, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*argoappv1.Cluster, error) { - return []*argoappv1.Cluster{}, nil + objs, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { + return []*v1alpha1.Cluster{}, nil }) assert.NoError(t, err) assert.True(t, patched) @@ -692,8 +691,8 @@ func TestFinalizeAppDeletion(t *testing.T) { patched = true return true, nil, nil }) - _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*argoappv1.Cluster, error) { - return []*argoappv1.Cluster{}, nil + _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { + return []*v1alpha1.Cluster{}, nil }) assert.NoError(t, err) assert.True(t, patched) @@ -705,7 +704,7 @@ func TestFinalizeAppDeletion(t *testing.T) { appTemplate := newFakeAppWithDestName() - testShouldDelete := func(app *argoappv1.Application) { + testShouldDelete := func(app *v1alpha1.Application) { appObj := kube.MustToUnstructured(&app) ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, &defaultProj}, managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{ kube.GetResourceKey(appObj): appObj, @@ -717,8 +716,8 @@ func TestFinalizeAppDeletion(t *testing.T) { fakeAppCs.AddReactor("get", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { return defaultReactor.React(action) }) - _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*argoappv1.Cluster, error) { - return []*argoappv1.Cluster{}, nil + _, err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { + return []*v1alpha1.Cluster{}, nil }) assert.NoError(t, err) } @@ -742,14 +741,14 @@ func TestFinalizeAppDeletion(t *testing.T) { // TestNormalizeApplication verifies we normalize an application during reconciliation func TestNormalizeApplication(t *testing.T) { - defaultProj := argoappv1.AppProject{ + defaultProj := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "default", Namespace: test.FakeArgoCDNamespace, }, - Spec: argoappv1.AppProjectSpec{ + Spec: v1alpha1.AppProjectSpec{ SourceRepos: []string{"*"}, - Destinations: []argoappv1.ApplicationDestination{ + Destinations: []v1alpha1.ApplicationDestination{ { Server: "*", Namespace: "*", @@ -759,7 +758,7 @@ func TestNormalizeApplication(t *testing.T) { } app := newFakeApp() app.Spec.Project = "" - app.Spec.Source.Kustomize = &argoappv1.ApplicationSourceKustomize{NamePrefix: "foo-"} + app.Spec.Source.Kustomize = &v1alpha1.ApplicationSourceKustomize{NamePrefix: "foo-"} data := fakeData{ apps: []runtime.Object{app, &defaultProj}, manifestResponse: &apiclient.ManifestResponse{ @@ -817,7 +816,7 @@ func TestNormalizeApplication(t *testing.T) { func TestHandleAppUpdated(t *testing.T) { app := newFakeApp() app.Spec.Destination.Namespace = test.FakeArgoCDNamespace - app.Spec.Destination.Server = argoappv1.KubernetesInternalAPIServerAddr + app.Spec.Destination.Server = v1alpha1.KubernetesInternalAPIServerAddr proj := defaultProj.DeepCopy() proj.Spec.SourceNamespaces = []string{test.FakeArgoCDNamespace} ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, proj}}) @@ -837,15 +836,15 @@ func TestHandleOrphanedResourceUpdated(t *testing.T) { app1 := newFakeApp() app1.Name = "app1" app1.Spec.Destination.Namespace = test.FakeArgoCDNamespace - app1.Spec.Destination.Server = argoappv1.KubernetesInternalAPIServerAddr + app1.Spec.Destination.Server = v1alpha1.KubernetesInternalAPIServerAddr app2 := newFakeApp() app2.Name = "app2" app2.Spec.Destination.Namespace = test.FakeArgoCDNamespace - app2.Spec.Destination.Server = argoappv1.KubernetesInternalAPIServerAddr + app2.Spec.Destination.Server = v1alpha1.KubernetesInternalAPIServerAddr proj := defaultProj.DeepCopy() - proj.Spec.OrphanedResources = &argoappv1.OrphanedResourcesMonitorSettings{} + proj.Spec.OrphanedResources = &v1alpha1.OrphanedResourcesMonitorSettings{} ctrl := newFakeController(&fakeData{apps: []runtime.Object{app1, app2, proj}}) @@ -863,16 +862,16 @@ func TestHandleOrphanedResourceUpdated(t *testing.T) { func TestGetResourceTree_HasOrphanedResources(t *testing.T) { app := newFakeApp() proj := defaultProj.DeepCopy() - proj.Spec.OrphanedResources = &argoappv1.OrphanedResourcesMonitorSettings{} + proj.Spec.OrphanedResources = &v1alpha1.OrphanedResourcesMonitorSettings{} - managedDeploy := argoappv1.ResourceNode{ - ResourceRef: argoappv1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "nginx-deployment", Version: "v1"}, + managedDeploy := v1alpha1.ResourceNode{ + ResourceRef: v1alpha1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "nginx-deployment", Version: "v1"}, } - orphanedDeploy1 := argoappv1.ResourceNode{ - ResourceRef: argoappv1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "deploy1"}, + orphanedDeploy1 := v1alpha1.ResourceNode{ + ResourceRef: v1alpha1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "deploy1"}, } - orphanedDeploy2 := argoappv1.ResourceNode{ - ResourceRef: argoappv1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "deploy2"}, + orphanedDeploy2 := v1alpha1.ResourceNode{ + ResourceRef: v1alpha1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "deploy2"}, } ctrl := newFakeController(&fakeData{ @@ -883,7 +882,7 @@ func TestGetResourceTree_HasOrphanedResources(t *testing.T) { kube.NewResourceKey("apps", "Deployment", "default", "deploy2"): {ResourceNode: orphanedDeploy2}, }, }) - tree, err := ctrl.getResourceTree(app, []*argoappv1.ResourceDiff{{ + tree, err := ctrl.getResourceTree(app, []*v1alpha1.ResourceDiff{{ Namespace: "default", Name: "nginx-deployment", Kind: "Deployment", @@ -893,8 +892,8 @@ func TestGetResourceTree_HasOrphanedResources(t *testing.T) { }}) assert.NoError(t, err) - assert.Equal(t, tree.Nodes, []argoappv1.ResourceNode{managedDeploy}) - assert.Equal(t, tree.OrphanedNodes, []argoappv1.ResourceNode{orphanedDeploy1, orphanedDeploy2}) + assert.Equal(t, tree.Nodes, []v1alpha1.ResourceNode{managedDeploy}) + assert.Equal(t, tree.OrphanedNodes, []v1alpha1.ResourceNode{orphanedDeploy1, orphanedDeploy2}) } func TestSetOperationStateOnDeletedApp(t *testing.T) { @@ -906,14 +905,14 @@ func TestSetOperationStateOnDeletedApp(t *testing.T) { patched = true return true, nil, apierr.NewNotFound(schema.GroupResource{}, "my-app") }) - ctrl.setOperationState(newFakeApp(), &argoappv1.OperationState{Phase: synccommon.OperationSucceeded}) + ctrl.setOperationState(newFakeApp(), &v1alpha1.OperationState{Phase: synccommon.OperationSucceeded}) assert.True(t, patched) } func TestNeedRefreshAppStatus(t *testing.T) { testCases := []struct { name string - app *argoappv1.Application + app *v1alpha1.Application }{ { name: "single-source app", @@ -932,9 +931,9 @@ func TestNeedRefreshAppStatus(t *testing.T) { now := metav1.Now() app.Status.ReconciledAt = &now - app.Status.Sync = argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeSynced, - ComparedTo: argoappv1.ComparedTo{ + app.Status.Sync = v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + ComparedTo: v1alpha1.ComparedTo{ Destination: app.Spec.Destination, }, } @@ -955,15 +954,15 @@ func TestNeedRefreshAppStatus(t *testing.T) { needRefresh, refreshType, compareWith := ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithRecent, compareWith) // refresh application which status is not reconciled using latest commit - app.Status.Sync = argoappv1.SyncStatus{Status: argoappv1.SyncStatusCodeUnknown} + app.Status.Sync = v1alpha1.SyncStatus{Status: v1alpha1.SyncStatusCodeUnknown} needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithLatestForceResolve, compareWith) t.Run("refresh app using the 'latest' level if comparison expired", func(t *testing.T) { @@ -973,15 +972,15 @@ func TestNeedRefreshAppStatus(t *testing.T) { app.Status.ReconciledAt = &reconciledAt needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Minute, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithLatestForceResolve, compareWith) }) t.Run("refresh app using the 'latest' level if comparison expired for hard refresh", func(t *testing.T) { app := app.DeepCopy() - app.Status.Sync = argoappv1.SyncStatus{ - Status: argoappv1.SyncStatusCodeSynced, - ComparedTo: argoappv1.ComparedTo{ + app.Status.Sync = v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + ComparedTo: v1alpha1.ComparedTo{ Destination: app.Spec.Destination, }, } @@ -995,7 +994,7 @@ func TestNeedRefreshAppStatus(t *testing.T) { app.Status.ReconciledAt = &reconciledAt needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 2*time.Hour, 1*time.Minute) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeHard, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeHard, refreshType) assert.Equal(t, CompareWithLatest, compareWith) }) @@ -1004,11 +1003,11 @@ func TestNeedRefreshAppStatus(t *testing.T) { reconciledAt := metav1.NewTime(time.Now().UTC().Add(-1 * time.Hour)) app.Status.ReconciledAt = &reconciledAt app.Annotations = map[string]string{ - v1alpha1.AnnotationKeyRefresh: string(argoappv1.RefreshTypeHard), + v1alpha1.AnnotationKeyRefresh: string(v1alpha1.RefreshTypeHard), } needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeHard, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeHard, refreshType) assert.Equal(t, CompareWithLatestForceResolve, compareWith) }) @@ -1017,15 +1016,15 @@ func TestNeedRefreshAppStatus(t *testing.T) { ctrl.requestAppRefresh(app.Name, ComparisonWithNothing.Pointer(), nil) // sample app source change if app.Spec.HasMultipleSources() { - app.Spec.Sources[0].Helm = &argoappv1.ApplicationSourceHelm{ - Parameters: []argoappv1.HelmParameter{{ + app.Spec.Sources[0].Helm = &v1alpha1.ApplicationSourceHelm{ + Parameters: []v1alpha1.HelmParameter{{ Name: "foo", Value: "bar", }}, } } else { - app.Spec.Source.Helm = &argoappv1.ApplicationSourceHelm{ - Parameters: []argoappv1.HelmParameter{{ + app.Spec.Source.Helm = &v1alpha1.ApplicationSourceHelm{ + Parameters: []v1alpha1.HelmParameter{{ Name: "foo", Value: "bar", }}, @@ -1034,7 +1033,7 @@ func TestNeedRefreshAppStatus(t *testing.T) { needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithLatestForceResolve, compareWith) }) }) @@ -1044,7 +1043,7 @@ func TestNeedRefreshAppStatus(t *testing.T) { func TestUpdatedManagedNamespaceMetadata(t *testing.T) { ctrl := newFakeController(&fakeData{apps: []runtime.Object{}}) app := newFakeApp() - app.Spec.SyncPolicy.ManagedNamespaceMetadata = &argoappv1.ManagedNamespaceMetadata{ + app.Spec.SyncPolicy.ManagedNamespaceMetadata = &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{ "foo": "bar", }, @@ -1061,14 +1060,14 @@ func TestUpdatedManagedNamespaceMetadata(t *testing.T) { needRefresh, refreshType, compareWith := ctrl.needRefreshAppStatus(app, 30*time.Minute, 2*time.Hour) assert.True(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithLatest, compareWith) } func TestUnchangedManagedNamespaceMetadata(t *testing.T) { ctrl := newFakeController(&fakeData{apps: []runtime.Object{}}) app := newFakeApp() - app.Spec.SyncPolicy.ManagedNamespaceMetadata = &argoappv1.ManagedNamespaceMetadata{ + app.Spec.SyncPolicy.ManagedNamespaceMetadata = &v1alpha1.ManagedNamespaceMetadata{ Labels: map[string]string{ "foo": "bar", }, @@ -1086,19 +1085,19 @@ func TestUnchangedManagedNamespaceMetadata(t *testing.T) { needRefresh, refreshType, compareWith := ctrl.needRefreshAppStatus(app, 30*time.Minute, 2*time.Hour) assert.False(t, needRefresh) - assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) assert.Equal(t, CompareWithLatest, compareWith) } func TestRefreshAppConditions(t *testing.T) { - defaultProj := argoappv1.AppProject{ + defaultProj := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "default", Namespace: test.FakeArgoCDNamespace, }, - Spec: argoappv1.AppProjectSpec{ + Spec: v1alpha1.AppProjectSpec{ SourceRepos: []string{"*"}, - Destinations: []argoappv1.ApplicationDestination{ + Destinations: []v1alpha1.ApplicationDestination{ { Server: "*", Namespace: "*", @@ -1118,27 +1117,27 @@ func TestRefreshAppConditions(t *testing.T) { t.Run("PreserveExistingWarningCondition", func(t *testing.T) { app := newFakeApp() - app.Status.SetConditions([]argoappv1.ApplicationCondition{{Type: argoappv1.ApplicationConditionExcludedResourceWarning}}, nil) + app.Status.SetConditions([]v1alpha1.ApplicationCondition{{Type: v1alpha1.ApplicationConditionExcludedResourceWarning}}, nil) ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, &defaultProj}}) _, hasErrors := ctrl.refreshAppConditions(app) assert.False(t, hasErrors) assert.Len(t, app.Status.Conditions, 1) - assert.Equal(t, argoappv1.ApplicationConditionExcludedResourceWarning, app.Status.Conditions[0].Type) + assert.Equal(t, v1alpha1.ApplicationConditionExcludedResourceWarning, app.Status.Conditions[0].Type) }) t.Run("ReplacesSpecErrorCondition", func(t *testing.T) { app := newFakeApp() app.Spec.Project = "wrong project" - app.Status.SetConditions([]argoappv1.ApplicationCondition{{Type: argoappv1.ApplicationConditionInvalidSpecError, Message: "old message"}}, nil) + app.Status.SetConditions([]v1alpha1.ApplicationCondition{{Type: v1alpha1.ApplicationConditionInvalidSpecError, Message: "old message"}}, nil) ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, &defaultProj}}) _, hasErrors := ctrl.refreshAppConditions(app) assert.True(t, hasErrors) assert.Len(t, app.Status.Conditions, 1) - assert.Equal(t, argoappv1.ApplicationConditionInvalidSpecError, app.Status.Conditions[0].Type) + assert.Equal(t, v1alpha1.ApplicationConditionInvalidSpecError, app.Status.Conditions[0].Type) assert.Equal(t, "Application referencing project wrong project which does not exist", app.Status.Conditions[0].Message) }) } @@ -1146,8 +1145,8 @@ func TestRefreshAppConditions(t *testing.T) { func TestUpdateReconciledAt(t *testing.T) { app := newFakeApp() reconciledAt := metav1.NewTime(time.Now().Add(-1 * time.Second)) - app.Status = argoappv1.ApplicationStatus{ReconciledAt: &reconciledAt} - app.Status.Sync = argoappv1.SyncStatus{ComparedTo: argoappv1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination}} + app.Status = v1alpha1.ApplicationStatus{ReconciledAt: &reconciledAt} + app.Status.Sync = v1alpha1.SyncStatus{ComparedTo: v1alpha1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination}} ctrl := newFakeController(&fakeData{ apps: []runtime.Object{app, &defaultProj}, manifestResponse: &apiclient.ManifestResponse{ @@ -1225,15 +1224,15 @@ func TestProjectErrorToCondition(t *testing.T) { obj, ok, err := ctrl.appInformer.GetIndexer().GetByKey(key) assert.True(t, ok) assert.NoError(t, err) - updatedApp := obj.(*argoappv1.Application) - assert.Equal(t, argoappv1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) + updatedApp := obj.(*v1alpha1.Application) + assert.Equal(t, v1alpha1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) assert.Equal(t, "Application referencing project wrong project which does not exist", updatedApp.Status.Conditions[0].Message) - assert.Equal(t, argoappv1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) + assert.Equal(t, v1alpha1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) } func TestFinalizeProjectDeletion_HasApplications(t *testing.T) { app := newFakeApp() - proj := &argoappv1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: test.FakeArgoCDNamespace}} + proj := &v1alpha1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: test.FakeArgoCDNamespace}} ctrl := newFakeController(&fakeData{apps: []runtime.Object{app, proj}}) fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -1249,7 +1248,7 @@ func TestFinalizeProjectDeletion_HasApplications(t *testing.T) { } func TestFinalizeProjectDeletion_DoesNotHaveApplications(t *testing.T) { - proj := &argoappv1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: test.FakeArgoCDNamespace}} + proj := &v1alpha1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: test.FakeArgoCDNamespace}} ctrl := newFakeController(&fakeData{apps: []runtime.Object{&defaultProj}}) fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -1273,8 +1272,8 @@ func TestFinalizeProjectDeletion_DoesNotHaveApplications(t *testing.T) { func TestProcessRequestedAppOperation_FailedNoRetries(t *testing.T) { app := newFakeApp() app.Spec.Project = "default" - app.Operation = &argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, } ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -1295,8 +1294,8 @@ func TestProcessRequestedAppOperation_FailedNoRetries(t *testing.T) { func TestProcessRequestedAppOperation_InvalidDestination(t *testing.T) { app := newFakeAppWithDestMismatch() app.Spec.Project = "test-project" - app.Operation = &argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, } proj := defaultProj proj.Name = "test-project" @@ -1326,9 +1325,9 @@ func TestProcessRequestedAppOperation_InvalidDestination(t *testing.T) { func TestProcessRequestedAppOperation_FailedHasRetries(t *testing.T) { app := newFakeApp() app.Spec.Project = "invalid-project" - app.Operation = &argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, - Retry: argoappv1.RetryStrategy{Limit: 1}, + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, + Retry: v1alpha1.RetryStrategy{Limit: 1}, } ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}) fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -1352,12 +1351,12 @@ func TestProcessRequestedAppOperation_FailedHasRetries(t *testing.T) { func TestProcessRequestedAppOperation_RunningPreviouslyFailed(t *testing.T) { app := newFakeApp() - app.Operation = &argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, - Retry: argoappv1.RetryStrategy{Limit: 1}, + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, + Retry: v1alpha1.RetryStrategy{Limit: 1}, } app.Status.OperationState.Phase = synccommon.OperationRunning - app.Status.OperationState.SyncResult.Resources = []*argoappv1.ResourceResult{{ + app.Status.OperationState.SyncResult.Resources = []*v1alpha1.ResourceResult{{ Name: "guestbook", Kind: "Deployment", Group: "apps", @@ -1391,9 +1390,9 @@ func TestProcessRequestedAppOperation_RunningPreviouslyFailed(t *testing.T) { func TestProcessRequestedAppOperation_HasRetriesTerminated(t *testing.T) { app := newFakeApp() - app.Operation = &argoappv1.Operation{ - Sync: &argoappv1.SyncOperation{}, - Retry: argoappv1.RetryStrategy{Limit: 10}, + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, + Retry: v1alpha1.RetryStrategy{Limit: 10}, } app.Status.OperationState.Phase = synccommon.OperationTerminating @@ -1463,19 +1462,19 @@ func TestGetAppHosts(t *testing.T) { })).Return(nil) ctrl.stateCache = mockStateCache - hosts, err := ctrl.getAppHosts(app, []argoappv1.ResourceNode{{ - ResourceRef: argoappv1.ResourceRef{Name: "pod1", Namespace: "default", Kind: kube.PodKind}, - Info: []argoappv1.InfoItem{{ + hosts, err := ctrl.getAppHosts(app, []v1alpha1.ResourceNode{{ + ResourceRef: v1alpha1.ResourceRef{Name: "pod1", Namespace: "default", Kind: kube.PodKind}, + Info: []v1alpha1.InfoItem{{ Name: "Host", Value: "Minikube", }}, }}) assert.NoError(t, err) - assert.Equal(t, []argoappv1.HostInfo{{ + assert.Equal(t, []v1alpha1.HostInfo{{ Name: "minikube", SystemInfo: corev1.NodeSystemInfo{OSImage: "debian"}, - ResourcesInfo: []argoappv1.HostResourceInfo{{ + ResourcesInfo: []v1alpha1.HostResourceInfo{{ ResourceName: corev1.ResourceCPU, Capacity: 5000, RequestedByApp: 1000, RequestedByNeighbors: 2000}, }}}, hosts) } @@ -1525,13 +1524,13 @@ func Test_canProcessApp(t *testing.T) { }) t.Run("with cluster filter, good namespace", func(t *testing.T) { app.Namespace = "good" - ctrl.clusterFilter = func(_ *argoappv1.Cluster) bool { return true } + ctrl.clusterFilter = func(_ *v1alpha1.Cluster) bool { return true } canProcess := ctrl.canProcessApp(app) assert.True(t, canProcess) }) t.Run("with cluster filter, bad namespace", func(t *testing.T) { app.Namespace = "bad" - ctrl.clusterFilter = func(_ *argoappv1.Cluster) bool { return true } + ctrl.clusterFilter = func(_ *v1alpha1.Cluster) bool { return true } canProcess := ctrl.canProcessApp(app) assert.False(t, canProcess) }) @@ -1590,12 +1589,12 @@ func TestAddControllerNamespace(t *testing.T) { t.Run("set controllerNamespace when the app is in the controller namespace", func(t *testing.T) { app := newFakeApp() ctrl := newFakeController(&fakeData{ - apps: []runtime.Object{app, &defaultProj}, + apps: []runtime.Object{app, &defaultProj}, manifestResponse: &apiclient.ManifestResponse{}, }) - + ctrl.processAppRefreshQueueItem() - + updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(ctrl.namespace).Get(context.Background(), app.Name, metav1.GetOptions{}) assert.NoError(t, err) assert.Equal(t, test.FakeArgoCDNamespace, updatedApp.Status.ControllerNamespace) @@ -1608,13 +1607,13 @@ func TestAddControllerNamespace(t *testing.T) { proj := defaultProj proj.Spec.SourceNamespaces = []string{appNamespace} ctrl := newFakeController(&fakeData{ - apps: []runtime.Object{app, &proj}, - manifestResponse: &apiclient.ManifestResponse{}, + apps: []runtime.Object{app, &proj}, + manifestResponse: &apiclient.ManifestResponse{}, applicationNamespaces: []string{appNamespace}, }) - + ctrl.processAppRefreshQueueItem() - + updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(appNamespace).Get(context.Background(), app.Name, metav1.GetOptions{}) assert.NoError(t, err) assert.Equal(t, test.FakeArgoCDNamespace, updatedApp.Status.ControllerNamespace) diff --git a/controller/state.go b/controller/state.go index 1d70dcae1cc30..147e0393ef309 100644 --- a/controller/state.go +++ b/controller/state.go @@ -27,7 +27,6 @@ import ( statecache "github.com/argoproj/argo-cd/v2/controller/cache" "github.com/argoproj/argo-cd/v2/controller/metrics" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/util/argo" @@ -62,7 +61,7 @@ type managedResource struct { // AppStateManager defines methods which allow to compare application spec and actual application state. type AppStateManager interface { - CompareAppState(app *v1alpha1.Application, project *appv1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool) *comparisonResult + CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool) *comparisonResult SyncAppState(app *v1alpha1.Application, state *v1alpha1.OperationState) } @@ -138,7 +137,7 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp return nil, nil, err } ts.AddCheckpoint("plugins_ms") - tools := make([]*appv1.ConfigManagementPlugin, len(plugins)) + tools := make([]*v1alpha1.ConfigManagementPlugin, len(plugins)) for i := range plugins { tools[i] = &plugins[i] } @@ -284,8 +283,8 @@ func DeduplicateTargetObjects( for key, targets := range targetByKey { if len(targets) > 1 { now := metav1.Now() - conditions = append(conditions, appv1.ApplicationCondition{ - Type: appv1.ApplicationConditionRepeatedResourceWarning, + conditions = append(conditions, v1alpha1.ApplicationCondition{ + Type: v1alpha1.ApplicationConditionRepeatedResourceWarning, Message: fmt.Sprintf("Resource %s appeared %d times among application resources.", key.String(), len(targets)), LastTransitionTime: &now, }) @@ -316,9 +315,9 @@ func (m *appStateManager) getComparisonSettings() (string, map[string]v1alpha1.R // verifyGnuPGSignature verifies the result of a GnuPG operation for a given git // revision. -func verifyGnuPGSignature(revision string, project *appv1.AppProject, manifestInfo *apiclient.ManifestResponse) []appv1.ApplicationCondition { +func verifyGnuPGSignature(revision string, project *v1alpha1.AppProject, manifestInfo *apiclient.ManifestResponse) []v1alpha1.ApplicationCondition { now := metav1.Now() - conditions := make([]appv1.ApplicationCondition, 0) + conditions := make([]v1alpha1.ApplicationCondition, 0) // We need to have some data in the verification result to parse, otherwise there was no signature if manifestInfo.VerifyResult != "" { verifyResult := gpg.ParseGitCommitVerification(manifestInfo.VerifyResult) @@ -356,7 +355,7 @@ func verifyGnuPGSignature(revision string, project *appv1.AppProject, manifestIn // CompareAppState compares application git state to the live app state, using the specified // revision and supplied source. If revision or overrides are empty, then compares against // revision and overrides in the app spec. -func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *appv1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string, hasMultipleSources bool) *comparisonResult { +func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string, hasMultipleSources bool) *comparisonResult { ts := stats.NewTimingStats() appLabelKey, resourceOverrides, resFilter, err := m.getComparisonSettings() @@ -367,20 +366,20 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap if hasMultipleSources { return &comparisonResult{ syncStatus: &v1alpha1.SyncStatus{ - ComparedTo: appv1.ComparedTo{Destination: app.Spec.Destination, Sources: sources}, - Status: appv1.SyncStatusCodeUnknown, + ComparedTo: v1alpha1.ComparedTo{Destination: app.Spec.Destination, Sources: sources}, + Status: v1alpha1.SyncStatusCodeUnknown, Revisions: revisions, }, - healthStatus: &appv1.HealthStatus{Status: health.HealthStatusUnknown}, + healthStatus: &v1alpha1.HealthStatus{Status: health.HealthStatusUnknown}, } } else { return &comparisonResult{ syncStatus: &v1alpha1.SyncStatus{ - ComparedTo: appv1.ComparedTo{Source: sources[0], Destination: app.Spec.Destination}, - Status: appv1.SyncStatusCodeUnknown, + ComparedTo: v1alpha1.ComparedTo{Source: sources[0], Destination: app.Spec.Destination}, + Status: v1alpha1.SyncStatusCodeUnknown, Revision: revisions[0], }, - healthStatus: &appv1.HealthStatus{Status: health.HealthStatusUnknown}, + healthStatus: &v1alpha1.HealthStatus{Status: health.HealthStatusUnknown}, } } } @@ -477,7 +476,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap // filter out all resources which are not permitted in the application project for k, v := range liveObjByKey { - permitted, err := project.IsLiveResourcePermitted(v, app.Spec.Destination.Server, app.Spec.Destination.Name, func(project string) ([]*appv1.Cluster, error) { + permitted, err := project.IsLiveResourcePermitted(v, app.Spec.Destination.Server, app.Spec.Destination.Name, func(project string) ([]*v1alpha1.Cluster, error) { return m.db.GetProjectClusters(context.TODO(), project) }) @@ -524,7 +523,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap // restore comparison using cached diff result if previous comparison was performed for the same revision revisionChanged := len(manifestInfoMap) != len(sources) || !reflect.DeepEqual(app.Status.Sync.Revisions, manifestRevisions) - specChanged := !reflect.DeepEqual(app.Status.Sync.ComparedTo, appv1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination, Sources: sources}) + specChanged := !reflect.DeepEqual(app.Status.Sync.ComparedTo, v1alpha1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination, Sources: sources}) _, refreshRequested := app.IsRefreshRequested() noCache = noCache || refreshRequested || app.Status.Expired(m.statusRefreshTimeout) || specChanged || revisionChanged @@ -624,7 +623,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap } if isNamespaced && obj.GetNamespace() == "" { - conditions = append(conditions, appv1.ApplicationCondition{Type: v1alpha1.ApplicationConditionInvalidSpecError, Message: fmt.Sprintf("Namespace for %s %s is missing.", obj.GetName(), gvk.String()), LastTransitionTime: &now}) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionInvalidSpecError, Message: fmt.Sprintf("Namespace for %s %s is missing.", obj.GetName(), gvk.String()), LastTransitionTime: &now}) } // we can't say anything about the status if we were unable to get the target objects @@ -664,7 +663,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap var syncStatus v1alpha1.SyncStatus if hasMultipleSources { syncStatus = v1alpha1.SyncStatus{ - ComparedTo: appv1.ComparedTo{ + ComparedTo: v1alpha1.ComparedTo{ Destination: app.Spec.Destination, Sources: sources, }, @@ -673,7 +672,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap } } else { syncStatus = v1alpha1.SyncStatus{ - ComparedTo: appv1.ComparedTo{ + ComparedTo: v1alpha1.ComparedTo{ Destination: app.Spec.Destination, Source: app.Spec.GetSource(), }, @@ -686,7 +685,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap healthStatus, err := setApplicationHealth(managedResources, resourceSummaries, resourceOverrides, app, m.persistResourceHealth) if err != nil { - conditions = append(conditions, appv1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: fmt.Sprintf("error setting app health: %s", err.Error()), LastTransitionTime: &now}) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: fmt.Sprintf("error setting app health: %s", err.Error()), LastTransitionTime: &now}) } // Git has already performed the signature verification via its GPG interface, and the result is available @@ -710,7 +709,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap if hasMultipleSources { for _, manifestInfo := range manifestInfoMap { - compRes.appSourceTypes = append(compRes.appSourceTypes, appv1.ApplicationSourceType(manifestInfo.SourceType)) + compRes.appSourceTypes = append(compRes.appSourceTypes, v1alpha1.ApplicationSourceType(manifestInfo.SourceType)) } } else { for _, manifestInfo := range manifestInfoMap { @@ -719,11 +718,11 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap } } - app.Status.SetConditions(conditions, map[appv1.ApplicationConditionType]bool{ - appv1.ApplicationConditionComparisonError: true, - appv1.ApplicationConditionSharedResourceWarning: true, - appv1.ApplicationConditionRepeatedResourceWarning: true, - appv1.ApplicationConditionExcludedResourceWarning: true, + app.Status.SetConditions(conditions, map[v1alpha1.ApplicationConditionType]bool{ + v1alpha1.ApplicationConditionComparisonError: true, + v1alpha1.ApplicationConditionSharedResourceWarning: true, + v1alpha1.ApplicationConditionRepeatedResourceWarning: true, + v1alpha1.ApplicationConditionExcludedResourceWarning: true, }) ts.AddCheckpoint("health_ms") compRes.timings = ts.Timings() From 8e8970e2f47cc887a846b79c7cbb296b8e5e834f Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Thu, 1 Jun 2023 14:38:59 -0600 Subject: [PATCH 093/252] docs: redirect old CMP page to new one (#13877) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/user-guide/config-management-plugins.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 docs/user-guide/config-management-plugins.md diff --git a/docs/user-guide/config-management-plugins.md b/docs/user-guide/config-management-plugins.md new file mode 100644 index 0000000000000..652f545d7c4c1 --- /dev/null +++ b/docs/user-guide/config-management-plugins.md @@ -0,0 +1,3 @@ +# Config Management Plugins + +This page has been moved to the [operator manual](../operator-manual/config-management-plugins.md). From ec2340a11f41c0ff646ad635be8d903dcc0a5f7c Mon Sep 17 00:00:00 2001 From: Maxence Laude Date: Fri, 2 Jun 2023 02:19:21 +0200 Subject: [PATCH 094/252] feat(appset): Implement Plugin Generator (#13017) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add internal http package Signed-off-by: Maxence Laude * add services plugin Signed-off-by: Maxence Laude * add generator plugin Signed-off-by: Maxence Laude * adapted matrix && merge generator Signed-off-by: Maxence Laude * adapted plugin to webhook Signed-off-by: Maxence Laude * update applicationset controller and types for plugin Signed-off-by: Maxence Laude * add proposal for applicationset plugin generator Signed-off-by: Maxence Laude * execute codegen Signed-off-by: Maxence Laude * First draft of documentation Signed-off-by: Maxence Laude * Fix wrong expected error on client_test Signed-off-by: Maxence Laude * docs(plugin-generator): minor improvements Signed-off-by: Sébastien Crocquesel <88554524+scrocquesel@users.noreply.github.com> * Improvement * changes Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix docs Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * wrap output Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix test Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix tests Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * nested parameters Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * simplify Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * docs Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Add plugin to GetRequeueAfter function (merge && matrix) Signed-off-by: Maxence Laude * Improvement : renaming * more changes Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * clearer docs Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * abstract Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * naming Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * revert accidental change Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * ugh Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix accidental renames Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Fix typo renaming Signed-off-by: Maxence Laude * Improve docs Signed-off-by: Maxence Laude * Webhook implementation Signed-off-by: Maxence Laude * Typo docs Signed-off-by: Maxence Laude * fix plugin generator nil panic Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Add company to USERS.md Signed-off-by: Maxence Laude * input.parameters * fix plugin generator nil panic Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * input.parameters Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Change param structure * change param structure Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * nest parameters Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Fix conflicts Signed-off-by: Maxence Laude * Fix docs Signed-off-by: Maxence Laude * Fix docs Signed-off-by: Maxence Laude --------- Signed-off-by: Maxence Laude Signed-off-by: Sébastien Crocquesel <88554524+scrocquesel@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Sébastien Crocquesel <88554524+scrocquesel@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- USERS.md | 1 + applicationset/generators/matrix.go | 2 + applicationset/generators/matrix_test.go | 51 +- applicationset/generators/merge.go | 2 + applicationset/generators/plugin.go | 211 + applicationset/generators/plugin_test.go | 705 +++ .../services/internal/http/client.go | 161 + .../services/internal/http/client_options.go | 22 + .../services/internal/http/client_test.go | 163 + .../services/plugin/plugin_service.go | 73 + .../services/plugin/plugin_service_test.go | 52 + applicationset/services/plugin/utils.go | 21 + applicationset/services/plugin/utils_test.go | 17 + applicationset/utils/utils.go | 12 +- applicationset/utils/utils_test.go | 29 + applicationset/webhook/webhook.go | 9 + applicationset/webhook/webhook_test.go | 80 +- assets/swagger.json | 54 + .../commands/applicationset_controller.go | 3 + .../applicationset/Generators-Plugin.md | 341 ++ .../applicationset/Generators.md | 3 +- .../applicationset-plugin-generator.md | 216 + manifests/core-install.yaml | 3793 +++++++++++----- manifests/crds/applicationset-crd.yaml | 3795 ++++++++++++----- manifests/ha/install.yaml | 3793 +++++++++++----- manifests/install.yaml | 3793 +++++++++++----- mkdocs.yml | 1 + .../v1alpha1/applicationset_types.go | 32 + pkg/apis/application/v1alpha1/generated.pb.go | 2595 +++++++---- pkg/apis/application/v1alpha1/generated.proto | 33 + .../application/v1alpha1/openapi_generated.go | 131 +- .../v1alpha1/zz_generated.deepcopy.go | 107 + util/settings/settings.go | 8 +- util/settings/settings_test.go | 15 + 34 files changed, 14980 insertions(+), 5344 deletions(-) create mode 100644 applicationset/generators/plugin.go create mode 100644 applicationset/generators/plugin_test.go create mode 100644 applicationset/services/internal/http/client.go create mode 100644 applicationset/services/internal/http/client_options.go create mode 100644 applicationset/services/internal/http/client_test.go create mode 100644 applicationset/services/plugin/plugin_service.go create mode 100644 applicationset/services/plugin/plugin_service_test.go create mode 100644 applicationset/services/plugin/utils.go create mode 100644 applicationset/services/plugin/utils_test.go create mode 100644 docs/operator-manual/applicationset/Generators-Plugin.md create mode 100644 docs/proposals/applicationset-plugin-generator.md diff --git a/USERS.md b/USERS.md index 7225e11cedf23..f02187afc2fee 100644 --- a/USERS.md +++ b/USERS.md @@ -175,6 +175,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Objective](https://www.objective.com.br/) 1. [OCCMundial](https://occ.com.mx) 1. [Octadesk](https://octadesk.com) +1. [Olfeo](https://www.olfeo.com/) 1. [omegaUp](https://omegaUp.com) 1. [Omni](https://omni.se/) 1. [openEuler](https://openeuler.org) diff --git a/applicationset/generators/matrix.go b/applicationset/generators/matrix.go index 0389e8ad9062a..2e53c95067c72 100644 --- a/applicationset/generators/matrix.go +++ b/applicationset/generators/matrix.go @@ -97,6 +97,7 @@ func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Appli SCMProvider: appSetBaseGenerator.SCMProvider, ClusterDecisionResource: appSetBaseGenerator.ClusterDecisionResource, PullRequest: appSetBaseGenerator.PullRequest, + Plugin: appSetBaseGenerator.Plugin, Matrix: matrixGen, Merge: mergeGen, Selector: appSetBaseGenerator.Selector, @@ -135,6 +136,7 @@ func (m *MatrixGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Ap Clusters: r.Clusters, Git: r.Git, PullRequest: r.PullRequest, + Plugin: r.Plugin, Matrix: matrixGen, Merge: mergeGen, } diff --git a/applicationset/generators/matrix_test.go b/applicationset/generators/matrix_test.go index e2d55dfc28103..902a7b86b2d73 100644 --- a/applicationset/generators/matrix_test.go +++ b/applicationset/generators/matrix_test.go @@ -5,7 +5,6 @@ import ( "testing" "time" - "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -14,6 +13,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" + "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -848,7 +849,7 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) { } listGenerator := &argoprojiov1alpha1.ListGenerator{ - Elements: []apiextensionsv1.JSON{}, + Elements: []apiextensionsv1.JSON{}, ElementsYaml: "{{ .foo.bar | toJson }}", } @@ -870,60 +871,59 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) { }, expected: []map[string]interface{}{ { - "chart": "a", - "version": "1", + "chart": "a", + "version": "1", "foo": map[string]interface{}{ "bar": []interface{}{ map[string]interface{}{ - "chart": "a", + "chart": "a", "version": "1", }, map[string]interface{}{ - "chart": "b", + "chart": "b", "version": "2", }, }, }, "path": map[string]interface{}{ - "basename": "dir", + "basename": "dir", "basenameNormalized": "dir", - "filename": "file_name.yaml", + "filename": "file_name.yaml", "filenameNormalized": "file-name.yaml", - "path": "path/dir", - "segments": []string { + "path": "path/dir", + "segments": []string{ "path", "dir", }, }, }, { - "chart": "b", - "version": "2", + "chart": "b", + "version": "2", "foo": map[string]interface{}{ "bar": []interface{}{ map[string]interface{}{ - "chart": "a", + "chart": "a", "version": "1", }, map[string]interface{}{ - "chart": "b", + "chart": "b", "version": "2", }, }, }, "path": map[string]interface{}{ - "basename": "dir", + "basename": "dir", "basenameNormalized": "dir", - "filename": "file_name.yaml", + "filename": "file_name.yaml", "filenameNormalized": "file-name.yaml", - "path": "path/dir", - "segments": []string { + "path": "path/dir", + "segments": []string{ "path", "dir", }, }, }, - }, }, } @@ -952,27 +952,26 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) { "foo": map[string]interface{}{ "bar": []interface{}{ map[string]interface{}{ - "chart": "a", + "chart": "a", "version": "1", }, map[string]interface{}{ - "chart": "b", + "chart": "b", "version": "2", }, }, }, "path": map[string]interface{}{ - "basename": "dir", + "basename": "dir", "basenameNormalized": "dir", - "filename": "file_name.yaml", + "filename": "file_name.yaml", "filenameNormalized": "file-name.yaml", - "path": "path/dir", - "segments": []string { + "path": "path/dir", + "segments": []string{ "path", "dir", }, }, - }}, nil) genMock.On("GetTemplate", &gitGeneratorSpec). Return(&argoprojiov1alpha1.ApplicationSetTemplate{}) diff --git a/applicationset/generators/merge.go b/applicationset/generators/merge.go index a2827a74ba5f0..5eaea07a8990e 100644 --- a/applicationset/generators/merge.go +++ b/applicationset/generators/merge.go @@ -154,6 +154,7 @@ func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Applic SCMProvider: appSetBaseGenerator.SCMProvider, ClusterDecisionResource: appSetBaseGenerator.ClusterDecisionResource, PullRequest: appSetBaseGenerator.PullRequest, + Plugin: appSetBaseGenerator.Plugin, Matrix: matrixGen, Merge: mergeGen, Selector: appSetBaseGenerator.Selector, @@ -190,6 +191,7 @@ func (m *MergeGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.App Clusters: r.Clusters, Git: r.Git, PullRequest: r.PullRequest, + Plugin: r.Plugin, Matrix: matrixGen, Merge: mergeGen, } diff --git a/applicationset/generators/plugin.go b/applicationset/generators/plugin.go new file mode 100644 index 0000000000000..9876d0ff93a2a --- /dev/null +++ b/applicationset/generators/plugin.go @@ -0,0 +1,211 @@ +package generators + +import ( + "context" + "fmt" + "strconv" + "strings" + "time" + + "github.com/jeremywohl/flatten" + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/kubernetes" + "sigs.k8s.io/controller-runtime/pkg/client" + + argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/settings" + + "github.com/argoproj/argo-cd/v2/applicationset/services/plugin" +) + +const ( + DefaultPluginRequeueAfterSeconds = 30 * time.Minute +) + +var _ Generator = (*PluginGenerator)(nil) + +type PluginGenerator struct { + client client.Client + ctx context.Context + clientset kubernetes.Interface + namespace string +} + +func NewPluginGenerator(client client.Client, ctx context.Context, clientset kubernetes.Interface, namespace string) Generator { + g := &PluginGenerator{ + client: client, + ctx: ctx, + clientset: clientset, + namespace: namespace, + } + return g +} + +func (g *PluginGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration { + // Return a requeue default of 30 minutes, if no default is specified. + + if appSetGenerator.Plugin.RequeueAfterSeconds != nil { + return time.Duration(*appSetGenerator.Plugin.RequeueAfterSeconds) * time.Second + } + + return DefaultPluginRequeueAfterSeconds +} + +func (g *PluginGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) *argoprojiov1alpha1.ApplicationSetTemplate { + return &appSetGenerator.Plugin.Template +} + +func (g *PluginGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { + + if appSetGenerator == nil { + return nil, EmptyAppSetGeneratorError + } + + if appSetGenerator.Plugin == nil { + return nil, EmptyAppSetGeneratorError + } + + ctx := context.Background() + + providerConfig := appSetGenerator.Plugin + + pluginClient, err := g.getPluginFromGenerator(ctx, applicationSetInfo.Name, providerConfig) + if err != nil { + return nil, err + } + + list, err := pluginClient.List(ctx, providerConfig.Input.Parameters) + if err != nil { + return nil, fmt.Errorf("error listing params: %w", err) + } + + res, err := g.generateParams(appSetGenerator, applicationSetInfo, list.Output.Parameters, appSetGenerator.Plugin.Input.Parameters, applicationSetInfo.Spec.GoTemplate) + if err != nil { + return nil, err + } + + return res, nil +} + +func (g *PluginGenerator) getPluginFromGenerator(ctx context.Context, appSetName string, generatorConfig *argoprojiov1alpha1.PluginGenerator) (*plugin.Service, error) { + cm, err := g.getConfigMap(ctx, generatorConfig.ConfigMapRef.Name) + if err != nil { + return nil, fmt.Errorf("error fetching ConfigMap: %w", err) + } + token, err := g.getToken(ctx, cm["token"]) + if err != nil { + return nil, fmt.Errorf("error fetching Secret token: %v", err) + } + + var requestTimeout int + requestTimeoutStr, ok := cm["requestTimeout"] + if ok { + requestTimeout, err = strconv.Atoi(requestTimeoutStr) + if err != nil { + return nil, fmt.Errorf("error set requestTimeout : %w", err) + } + } + + pluginClient, err := plugin.NewPluginService(ctx, appSetName, cm["baseUrl"], token, requestTimeout) + if err != nil { + return nil, err + } + return pluginClient, nil +} + +func (g *PluginGenerator) generateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, objectsFound []map[string]interface{}, pluginParams argoprojiov1alpha1.PluginParameters, useGoTemplate bool) ([]map[string]interface{}, error) { + res := []map[string]interface{}{} + + for _, objectFound := range objectsFound { + + params := map[string]interface{}{} + + if useGoTemplate { + for k, v := range objectFound { + params[k] = v + } + } else { + flat, err := flatten.Flatten(objectFound, "", flatten.DotStyle) + if err != nil { + return nil, err + } + for k, v := range flat { + params[k] = fmt.Sprintf("%v", v) + } + } + + params["generator"] = map[string]interface{}{ + "input": map[string]argoprojiov1alpha1.PluginParameters{ + "parameters": pluginParams, + }, + } + + err := appendTemplatedValues(appSetGenerator.Plugin.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) + if err != nil { + return nil, err + } + + res = append(res, params) + } + + return res, nil +} + +func (g *PluginGenerator) getToken(ctx context.Context, tokenRef string) (string, error) { + + if tokenRef == "" || !strings.HasPrefix(tokenRef, "$") { + return "", fmt.Errorf("token is empty, or does not reference a secret key starting with '$': %v", tokenRef) + } + + secretName, tokenKey := plugin.ParseSecretKey(tokenRef) + + secret := &corev1.Secret{} + err := g.client.Get( + ctx, + client.ObjectKey{ + Name: secretName, + Namespace: g.namespace, + }, + secret) + + if err != nil { + return "", fmt.Errorf("error fetching secret %s/%s: %v", g.namespace, secretName, err) + } + + secretValues := make(map[string]string, len(secret.Data)) + + for k, v := range secret.Data { + secretValues[k] = string(v) + } + + token := settings.ReplaceStringSecret(tokenKey, secretValues) + + return token, err +} + +func (g *PluginGenerator) getConfigMap(ctx context.Context, configMapRef string) (map[string]string, error) { + cm := &corev1.ConfigMap{} + err := g.client.Get( + ctx, + client.ObjectKey{ + Name: configMapRef, + Namespace: g.namespace, + }, + cm) + + if err != nil { + return nil, err + } + + baseUrl, ok := cm.Data["baseUrl"] + if !ok || baseUrl == "" { + return nil, fmt.Errorf("baseUrl not found in ConfigMap") + } + + token, ok := cm.Data["token"] + if !ok || token == "" { + return nil, fmt.Errorf("token not found in ConfigMap") + } + + return cm.Data, nil +} diff --git a/applicationset/generators/plugin_test.go b/applicationset/generators/plugin_test.go new file mode 100644 index 0000000000000..19f53a90b9442 --- /dev/null +++ b/applicationset/generators/plugin_test.go @@ -0,0 +1,705 @@ +package generators + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + v1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + kubefake "k8s.io/client-go/kubernetes/fake" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "github.com/argoproj/argo-cd/v2/applicationset/services/plugin" + argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +func TestPluginGenerateParams(t *testing.T) { + testCases := []struct { + name string + configmap *v1.ConfigMap + secret *v1.Secret + inputParameters map[string]apiextensionsv1.JSON + values map[string]string + gotemplate bool + expected []map[string]interface{} + content []byte + expectedError error + }{ + { + name: "simple case", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "simple case with values", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + values: map[string]string{ + "valuekey1": "valuevalue1", + "valuekey2": "templated-{{key1}}", + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "values.valuekey1": "valuevalue1", + "values.valuekey2": "templated-val1", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "simple case with gotemplate", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: true, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2": map[string]interface{}{ + "key2_1": "val2_1", + "key2_2": map[string]interface{}{ + "key2_2_1": "val2_2_1", + }, + }, + "key3": float64(123), + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "simple case with appended params", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": {"parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123, + "pkey2": "valplugin" + }]}}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "pkey2": "valplugin", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "no params", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: argoprojiov1alpha1.PluginParameters{}, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": map[string]map[string]interface{}{ + "parameters": {}, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "empty return", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{}, + gotemplate: false, + content: []byte(`{"input": {"parameters": []}}`), + expected: []map[string]interface{}{}, + expectedError: nil, + }, + { + name: "wrong return", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{}, + gotemplate: false, + content: []byte(`wrong body ...`), + expected: []map[string]interface{}{}, + expectedError: fmt.Errorf("error listing params: error get api 'set': invalid character 'w' looking for beginning of value: wrong body ..."), + }, + { + name: "external secret", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin-secret:plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "plugin-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": {"parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123, + "pkey2": "valplugin" + }]}}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "pkey2": "valplugin", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: nil, + }, + { + name: "no secret", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{}, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: fmt.Errorf("error fetching Secret token: error fetching secret default/argocd-secret: secrets \"argocd-secret\" not found"), + }, + { + name: "no configmap", + configmap: &v1.ConfigMap{}, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: fmt.Errorf("error fetching ConfigMap: configmaps \"\" not found"), + }, + { + name: "no baseUrl", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "token": "$plugin.token", + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "plugin.token": []byte("my-secret"), + }, + }, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: fmt.Errorf("error fetching ConfigMap: baseUrl not found in ConfigMap"), + }, + { + name: "no token", + configmap: &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "first-plugin-cm", + Namespace: "default", + }, + Data: map[string]string{ + "baseUrl": "http://127.0.0.1", + }, + }, + secret: &v1.Secret{}, + inputParameters: map[string]apiextensionsv1.JSON{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + gotemplate: false, + content: []byte(`{"output": { + "parameters": [{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }] + }}`), + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2.key2_1": "val2_1", + "key2.key2_2.key2_2_1": "val2_2_1", + "key3": "123", + "generator": map[string]interface{}{ + "input": argoprojiov1alpha1.PluginInput{ + Parameters: argoprojiov1alpha1.PluginParameters{ + "pkey1": {Raw: []byte(`"val1"`)}, + "pkey2": {Raw: []byte(`"val2"`)}, + }, + }, + }, + }, + }, + expectedError: fmt.Errorf("error fetching ConfigMap: token not found in ConfigMap"), + }, + } + + ctx := context.Background() + + for _, testCase := range testCases { + + t.Run(testCase.name, func(t *testing.T) { + + generatorConfig := argoprojiov1alpha1.ApplicationSetGenerator{ + Plugin: &argoprojiov1alpha1.PluginGenerator{ + ConfigMapRef: argoprojiov1alpha1.PluginConfigMapRef{Name: testCase.configmap.Name}, + Input: argoprojiov1alpha1.PluginInput{ + Parameters: testCase.inputParameters, + }, + Values: testCase.values, + }, + } + + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + + authHeader := r.Header.Get("Authorization") + _, tokenKey := plugin.ParseSecretKey(testCase.configmap.Data["token"]) + expectedToken := testCase.secret.Data[strings.Replace(tokenKey, "$", "", -1)] + if authHeader != "Bearer "+string(expectedToken) { + w.WriteHeader(http.StatusUnauthorized) + return + } + + w.Header().Set("Content-Type", "application/json") + _, err := w.Write(testCase.content) + if err != nil { + assert.NoError(t, fmt.Errorf("Error Write %v", err)) + } + }) + + fakeServer := httptest.NewServer(handler) + + defer fakeServer.Close() + + if _, ok := testCase.configmap.Data["baseUrl"]; ok { + testCase.configmap.Data["baseUrl"] = fakeServer.URL + } + + fakeClient := kubefake.NewSimpleClientset(append([]runtime.Object{}, testCase.configmap, testCase.secret)...) + + fakeClientWithCache := fake.NewClientBuilder().WithObjects([]client.Object{testCase.configmap, testCase.secret}...).Build() + + var pluginGenerator = NewPluginGenerator(fakeClientWithCache, ctx, fakeClient, "default") + + applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "set", + }, + Spec: argoprojiov1alpha1.ApplicationSetSpec{ + GoTemplate: testCase.gotemplate, + }, + } + + got, err := pluginGenerator.GenerateParams(&generatorConfig, &applicationSetInfo) + + if err != nil { + fmt.Println(err) + } + + if testCase.expectedError != nil { + assert.EqualError(t, err, testCase.expectedError.Error()) + } else { + assert.NoError(t, err) + expectedJson, err := json.Marshal(testCase.expected) + require.NoError(t, err) + gotJson, err := json.Marshal(got) + require.NoError(t, err) + assert.Equal(t, string(expectedJson), string(gotJson)) + } + }) + } +} diff --git a/applicationset/services/internal/http/client.go b/applicationset/services/internal/http/client.go new file mode 100644 index 0000000000000..00bcf32f3204f --- /dev/null +++ b/applicationset/services/internal/http/client.go @@ -0,0 +1,161 @@ +package http + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "strings" + "time" +) + +const ( + userAgent = "argocd-applicationset" + defaultTimeout = 30 +) + +type Client struct { + // URL is the URL used for API requests. + baseURL string + + // UserAgent is the user agent to include in HTTP requests. + UserAgent string + + // Token is used to make authenticated API calls. + token string + + // Client is an HTTP client used to communicate with the API. + client *http.Client +} + +type ErrorResponse struct { + Body []byte + Response *http.Response + Message string +} + +func NewClient(baseURL string, options ...ClientOptionFunc) (*Client, error) { + client, err := newClient(baseURL, options...) + if err != nil { + return nil, err + } + return client, nil +} + +func newClient(baseURL string, options ...ClientOptionFunc) (*Client, error) { + c := &Client{baseURL: baseURL, UserAgent: userAgent} + + // Configure the HTTP client. + c.client = &http.Client{ + Timeout: time.Duration(defaultTimeout) * time.Second, + } + + // Apply any given client options. + for _, fn := range options { + if fn == nil { + continue + } + if err := fn(c); err != nil { + return nil, err + } + } + + return c, nil +} + +func (c *Client) NewRequest(method, path string, body interface{}, options []ClientOptionFunc) (*http.Request, error) { + + // Make sure the given URL end with a slash + if !strings.HasSuffix(c.baseURL, "/") { + c.baseURL += "/" + } + + var buf io.ReadWriter + if body != nil { + buf = &bytes.Buffer{} + enc := json.NewEncoder(buf) + enc.SetEscapeHTML(false) + err := enc.Encode(body) + if err != nil { + return nil, err + } + } + + req, err := http.NewRequest(method, c.baseURL+path, buf) + if err != nil { + return nil, err + } + + if body != nil { + req.Header.Set("Content-Type", "application/json") + } + + if len(c.token) != 0 { + req.Header.Set("Authorization", "Bearer "+c.token) + } + + if c.UserAgent != "" { + req.Header.Set("User-Agent", c.UserAgent) + } + + return req, nil +} + +func (c *Client) Do(ctx context.Context, req *http.Request, v interface{}) (*http.Response, error) { + resp, err := c.client.Do(req) + if err != nil { + return nil, err + } + + defer resp.Body.Close() + + if err := CheckResponse(resp); err != nil { + return resp, err + } + + switch v := v.(type) { + case nil: + case io.Writer: + _, err = io.Copy(v, resp.Body) + default: + buf := new(bytes.Buffer) + teeReader := io.TeeReader(resp.Body, buf) + decErr := json.NewDecoder(teeReader).Decode(v) + if decErr == io.EOF { + decErr = nil // ignore EOF errors caused by empty response body + } + if decErr != nil { + err = fmt.Errorf("%s: %s", decErr.Error(), buf.String()) + } + } + return resp, err +} + +// CheckResponse checks the API response for errors, and returns them if present. +func CheckResponse(resp *http.Response) error { + + if c := resp.StatusCode; 200 <= c && c <= 299 { + return nil + } + + data, err := io.ReadAll(resp.Body) + if err != nil { + return fmt.Errorf("API error with status code %d: %v", resp.StatusCode, err) + } + + var raw map[string]interface{} + if err := json.Unmarshal(data, &raw); err != nil { + return fmt.Errorf("API error with status code %d: %s", resp.StatusCode, string(data)) + } + + message := "" + if value, ok := raw["message"].(string); ok { + message = value + } else if value, ok := raw["error"].(string); ok { + message = value + } + + return fmt.Errorf("API error with status code %d: %s", resp.StatusCode, message) +} diff --git a/applicationset/services/internal/http/client_options.go b/applicationset/services/internal/http/client_options.go new file mode 100644 index 0000000000000..ec388c9a80605 --- /dev/null +++ b/applicationset/services/internal/http/client_options.go @@ -0,0 +1,22 @@ +package http + +import "time" + +// ClientOptionFunc can be used to customize a new Restful API client. +type ClientOptionFunc func(*Client) error + +// WithToken is an option for NewClient to set token +func WithToken(token string) ClientOptionFunc { + return func(c *Client) error { + c.token = token + return nil + } +} + +// WithTimeout can be used to configure a custom timeout for requests. +func WithTimeout(timeout int) ClientOptionFunc { + return func(c *Client) error { + c.client.Timeout = time.Duration(timeout) * time.Second + return nil + } +} diff --git a/applicationset/services/internal/http/client_test.go b/applicationset/services/internal/http/client_test.go new file mode 100644 index 0000000000000..ca2c916177fee --- /dev/null +++ b/applicationset/services/internal/http/client_test.go @@ -0,0 +1,163 @@ +package http + +import ( + "bytes" + "context" + "fmt" + "io" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestClient(t *testing.T) { + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte("Hello, World!")) + if err != nil { + assert.NoError(t, fmt.Errorf("Error Write %v", err)) + } + })) + defer server.Close() + + var clientOptionFns []ClientOptionFunc + _, err := NewClient(server.URL, clientOptionFns...) + + if err != nil { + t.Fatalf("Failed to create client: %v", err) + } +} + +func TestClientDo(t *testing.T) { + ctx := context.Background() + + for _, c := range []struct { + name string + params map[string]string + content []byte + fakeServer *httptest.Server + clientOptionFns []ClientOptionFunc + expected []map[string]interface{} + expectedCode int + expectedError error + }{ + { + name: "Simple", + params: map[string]string{ + "pkey1": "val1", + "pkey2": "val2", + }, + fakeServer: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte(`[{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }]`)) + if err != nil { + assert.NoError(t, fmt.Errorf("Error Write %v", err)) + } + })), + clientOptionFns: nil, + expected: []map[string]interface{}{ + { + "key1": "val1", + "key2": map[string]interface{}{ + "key2_1": "val2_1", + "key2_2": map[string]interface{}{ + "key2_2_1": "val2_2_1", + }, + }, + "key3": float64(123), + }, + }, + expectedCode: 200, + expectedError: nil, + }, + { + name: "With Token", + params: map[string]string{ + "pkey1": "val1", + "pkey2": "val2", + }, + fakeServer: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + authHeader := r.Header.Get("Authorization") + if authHeader != "Bearer "+string("test-token") { + w.WriteHeader(http.StatusUnauthorized) + return + } + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte(`[{ + "key1": "val1", + "key2": { + "key2_1": "val2_1", + "key2_2": { + "key2_2_1": "val2_2_1" + } + }, + "key3": 123 + }]`)) + if err != nil { + assert.NoError(t, fmt.Errorf("Error Write %v", err)) + } + })), + clientOptionFns: nil, + expected: []map[string]interface{}(nil), + expectedCode: 401, + expectedError: fmt.Errorf("API error with status code 401: "), + }, + } { + cc := c + t.Run(cc.name, func(t *testing.T) { + defer cc.fakeServer.Close() + + client, err := NewClient(cc.fakeServer.URL, cc.clientOptionFns...) + + if err != nil { + t.Fatalf("NewClient returned unexpected error: %v", err) + } + + req, err := client.NewRequest("POST", "", cc.params, nil) + + if err != nil { + t.Fatalf("NewRequest returned unexpected error: %v", err) + } + + var data []map[string]interface{} + + resp, err := client.Do(ctx, req, &data) + + if cc.expectedError != nil { + assert.EqualError(t, err, cc.expectedError.Error()) + } else { + assert.Equal(t, resp.StatusCode, cc.expectedCode) + assert.Equal(t, data, cc.expected) + assert.NoError(t, err) + } + }) + } +} + +func TestCheckResponse(t *testing.T) { + resp := &http.Response{ + StatusCode: http.StatusBadRequest, + Body: io.NopCloser(bytes.NewBufferString(`{"error":"invalid_request","description":"Invalid token"}`)), + } + + err := CheckResponse(resp) + if err == nil { + t.Error("Expected an error, got nil") + } + + expected := "API error with status code 400: invalid_request" + if err.Error() != expected { + t.Errorf("Expected error '%s', got '%s'", expected, err.Error()) + } +} diff --git a/applicationset/services/plugin/plugin_service.go b/applicationset/services/plugin/plugin_service.go new file mode 100644 index 0000000000000..95573e0942407 --- /dev/null +++ b/applicationset/services/plugin/plugin_service.go @@ -0,0 +1,73 @@ +package plugin + +import ( + "context" + "fmt" + "net/http" + + internalhttp "github.com/argoproj/argo-cd/v2/applicationset/services/internal/http" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +// ServiceRequest is the request object sent to the plugin service. +type ServiceRequest struct { + // ApplicationSetName is the appSetName of the ApplicationSet for which we're requesting parameters. Useful for logging in + // the plugin service. + ApplicationSetName string `json:"applicationSetName"` + // Input is the map of parameters set in the ApplicationSet spec for this generator. + Input v1alpha1.PluginInput `json:"input"` +} + +type Output struct { + // Parameters is the list of parameter sets returned by the plugin. + Parameters []map[string]interface{} `json:"parameters"` +} + +// ServiceResponse is the response object returned by the plugin service. +type ServiceResponse struct { + // Output is the map of outputs returned by the plugin. + Output Output `json:"output"` +} + +type Service struct { + client *internalhttp.Client + appSetName string +} + +func NewPluginService(ctx context.Context, appSetName string, baseURL string, token string, requestTimeout int) (*Service, error) { + var clientOptionFns []internalhttp.ClientOptionFunc + + clientOptionFns = append(clientOptionFns, internalhttp.WithToken(token)) + + if requestTimeout != 0 { + clientOptionFns = append(clientOptionFns, internalhttp.WithTimeout(requestTimeout)) + } + + client, err := internalhttp.NewClient(baseURL, clientOptionFns...) + if err != nil { + return nil, fmt.Errorf("error creating plugin client: %v", err) + } + + return &Service{ + client: client, + appSetName: appSetName, + }, nil +} + +func (p *Service) List(ctx context.Context, parameters v1alpha1.PluginParameters) (*ServiceResponse, error) { + req, err := p.client.NewRequest(http.MethodPost, "api/v1/getparams.execute", ServiceRequest{ApplicationSetName: p.appSetName, Input: v1alpha1.PluginInput{Parameters: parameters}}, nil) + + if err != nil { + return nil, fmt.Errorf("NewRequest returned unexpected error: %v", err) + } + + var data ServiceResponse + + _, err = p.client.Do(ctx, req, &data) + + if err != nil { + return nil, fmt.Errorf("error get api '%s': %v", p.appSetName, err) + } + + return &data, err +} diff --git a/applicationset/services/plugin/plugin_service_test.go b/applicationset/services/plugin/plugin_service_test.go new file mode 100644 index 0000000000000..6dc81d33df71f --- /dev/null +++ b/applicationset/services/plugin/plugin_service_test.go @@ -0,0 +1,52 @@ +package plugin + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestPlugin(t *testing.T) { + expectedJSON := `{"parameters": [{"number":123,"digest":"sha256:942ae2dfd73088b54d7151a3c3fd5af038a51c50029bfcfd21f1e650d9579967"},{"number":456,"digest":"sha256:224e68cc69566e5cbbb76034b3c42cd2ed57c1a66720396e1c257794cb7d68c1"}]}` + token := "0bc57212c3cbbec69d20b34c507284bd300def5b" + + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + authHeader := r.Header.Get("Authorization") + if authHeader != "Bearer "+token { + w.WriteHeader(http.StatusUnauthorized) + return + } + _, err := w.Write([]byte(expectedJSON)) + + if err != nil { + assert.NoError(t, fmt.Errorf("Error Write %v", err)) + } + }) + ts := httptest.NewServer(handler) + defer ts.Close() + + client, err := NewPluginService(context.Background(), "plugin-test", ts.URL, token, 0) + + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + data, err := client.List(context.Background(), nil) + + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + var expectedData ServiceResponse + err = json.Unmarshal([]byte(expectedJSON), &expectedData) + if err != nil { + t.Fatal(err) + } + assert.Equal(t, &expectedData, data) +} diff --git a/applicationset/services/plugin/utils.go b/applicationset/services/plugin/utils.go new file mode 100644 index 0000000000000..26e38e492200d --- /dev/null +++ b/applicationset/services/plugin/utils.go @@ -0,0 +1,21 @@ +package plugin + +import ( + "fmt" + "strings" + + "github.com/argoproj/argo-cd/v2/common" +) + +// ParseSecretKey retrieves secret appSetName if different from common ArgoCDSecretName. +func ParseSecretKey(key string) (secretName string, tokenKey string) { + if strings.Contains(key, ":") { + parts := strings.Split(key, ":") + secretName = parts[0][1:] + tokenKey = fmt.Sprintf("$%s", parts[1]) + } else { + secretName = common.ArgoCDSecretName + tokenKey = key + } + return secretName, tokenKey +} diff --git a/applicationset/services/plugin/utils_test.go b/applicationset/services/plugin/utils_test.go new file mode 100644 index 0000000000000..c364d606392e4 --- /dev/null +++ b/applicationset/services/plugin/utils_test.go @@ -0,0 +1,17 @@ +package plugin + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestParseSecretKey(t *testing.T) { + secretName, tokenKey := ParseSecretKey("#my-secret:my-token") + assert.Equal(t, "my-secret", secretName) + assert.Equal(t, "$my-token", tokenKey) + + secretName, tokenKey = ParseSecretKey("#my-secret") + assert.Equal(t, "argocd-secret", secretName) + assert.Equal(t, "#my-secret", tokenKey) +} diff --git a/applicationset/utils/utils.go b/applicationset/utils/utils.go index f7ef2e89760ec..ca0e508858375 100644 --- a/applicationset/utils/utils.go +++ b/applicationset/utils/utils.go @@ -143,7 +143,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri } for _, key := range original.MapKeys() { originalValue := original.MapIndex(key) - if originalValue.Kind() != reflect.String && originalValue.IsNil() { + if originalValue.Kind() != reflect.String && isNillable(originalValue) && originalValue.IsNil() { continue } // New gives us a pointer, but again we want the value @@ -191,6 +191,16 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri return nil } +// isNillable returns true if the value is something which may be set to nil. This function is meant to guard against a +// panic from calling IsNil on a non-pointer type. +func isNillable(v reflect.Value) bool { + switch v.Kind() { + case reflect.Map, reflect.Pointer, reflect.UnsafePointer, reflect.Interface, reflect.Slice: + return true + } + return false +} + func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy *argoappsv1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*argoappsv1.Application, error) { if tmpl == nil { return nil, fmt.Errorf("application template is empty") diff --git a/applicationset/utils/utils_test.go b/applicationset/utils/utils_test.go index eca1b44198e49..8e7bfa58d4fa8 100644 --- a/applicationset/utils/utils_test.go +++ b/applicationset/utils/utils_test.go @@ -8,6 +8,7 @@ import ( logtest "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" @@ -484,6 +485,34 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { } } +func TestRenderGeneratorParams_does_not_panic(t *testing.T) { + // This test verifies that the RenderGeneratorParams function does not panic when the value in a map is a non- + // nillable type. This is a regression test. + render := Render{} + params := map[string]interface{}{ + "branch": "master", + } + generator := &argoappsv1.ApplicationSetGenerator{ + Plugin: &argoappsv1.PluginGenerator{ + ConfigMapRef: argoappsv1.PluginConfigMapRef{ + Name: "cm-plugin", + }, + Input: argoappsv1.PluginInput{ + Parameters: map[string]apiextensionsv1.JSON{ + "branch": { + Raw: []byte(`"{{.branch}}"`), + }, + "repo": { + Raw: []byte(`"argo-test"`), + }, + }, + }, + }, + } + _, err := render.RenderGeneratorParams(generator, params, true, []string{}) + assert.NoError(t, err) +} + func TestRenderTemplateKeys(t *testing.T) { t.Run("fasttemplate", func(t *testing.T) { application := &argoappsv1.Application{ diff --git a/applicationset/webhook/webhook.go b/applicationset/webhook/webhook.go index 17e782386f061..f1dd5b5ebb0eb 100644 --- a/applicationset/webhook/webhook.go +++ b/applicationset/webhook/webhook.go @@ -98,6 +98,7 @@ func (h *WebhookHandler) HandleEvent(payload interface{}) { // check if the ApplicationSet uses any generator that is relevant to the payload shouldRefresh = shouldRefreshGitGenerator(gen.Git, gitGenInfo) || shouldRefreshPRGenerator(gen.PullRequest, prGenInfo) || + shouldRefreshPluginGenerator(gen.Plugin) || h.shouldRefreshMatrixGenerator(gen.Matrix, &appSet, gitGenInfo, prGenInfo) || h.shouldRefreshMergeGenerator(gen.Merge, &appSet, gitGenInfo, prGenInfo) if shouldRefresh { @@ -287,6 +288,10 @@ func shouldRefreshGitGenerator(gen *v1alpha1.GitGenerator, info *gitGeneratorInf return true } +func shouldRefreshPluginGenerator(gen *v1alpha1.PluginGenerator) bool { + return gen != nil +} + func genRevisionHasChanged(gen *v1alpha1.GitGenerator, revision string, touchedHead bool) bool { targetRev := parseRevision(gen.Revision) if targetRev == "HEAD" || targetRev == "" { // revision is head @@ -417,6 +422,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera SCMProvider: g0.SCMProvider, ClusterDecisionResource: g0.ClusterDecisionResource, PullRequest: g0.PullRequest, + Plugin: g0.Plugin, Matrix: matrixGenerator0, Merge: mergeGenerator0, } @@ -471,6 +477,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera SCMProvider: g1.SCMProvider, ClusterDecisionResource: g1.ClusterDecisionResource, PullRequest: g1.PullRequest, + Plugin: g1.Plugin, Matrix: matrixGenerator1, Merge: mergeGenerator1, } @@ -488,6 +495,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera // Check all interpolated child generators if shouldRefreshGitGenerator(interpolatedGenerator.Git, gitGenInfo) || shouldRefreshPRGenerator(interpolatedGenerator.PullRequest, prGenInfo) || + shouldRefreshPluginGenerator(interpolatedGenerator.Plugin) || h.shouldRefreshMatrixGenerator(interpolatedGenerator.Matrix, appSet, gitGenInfo, prGenInfo) || h.shouldRefreshMergeGenerator(requestedGenerator1.Merge, appSet, gitGenInfo, prGenInfo) { return true @@ -498,6 +506,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera // First child generator didn't return any params, just check the second child generator return shouldRefreshGitGenerator(requestedGenerator1.Git, gitGenInfo) || shouldRefreshPRGenerator(requestedGenerator1.PullRequest, prGenInfo) || + shouldRefreshPluginGenerator(requestedGenerator1.Plugin) || h.shouldRefreshMatrixGenerator(requestedGenerator1.Matrix, appSet, gitGenInfo, prGenInfo) || h.shouldRefreshMergeGenerator(requestedGenerator1.Merge, appSet, gitGenInfo, prGenInfo) } diff --git a/applicationset/webhook/webhook_test.go b/applicationset/webhook/webhook_test.go index d9b64bee0862c..eb36cc1730193 100644 --- a/applicationset/webhook/webhook_test.go +++ b/applicationset/webhook/webhook_test.go @@ -60,7 +60,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-GitHub-Event", headerValue: "push", payloadFile: "github-commit-event.json", - effectedAppSets: []string{"git-github", "matrix-git-github", "merge-git-github", "matrix-scm-git-github", "matrix-nested-git-github", "merge-nested-git-github"}, + effectedAppSets: []string{"git-github", "matrix-git-github", "merge-git-github", "matrix-scm-git-github", "matrix-nested-git-github", "merge-nested-git-github", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: true, }, @@ -69,7 +69,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-GitHub-Event", headerValue: "push", payloadFile: "github-commit-branch-event.json", - effectedAppSets: []string{"git-github"}, + effectedAppSets: []string{"git-github", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: true, }, @@ -78,7 +78,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-GitHub-Event", headerValue: "ping", payloadFile: "github-ping-event.json", - effectedAppSets: []string{"git-github"}, + effectedAppSets: []string{"git-github", "plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: false, }, @@ -87,7 +87,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-Gitlab-Event", headerValue: "Push Hook", payloadFile: "gitlab-event.json", - effectedAppSets: []string{"git-gitlab"}, + effectedAppSets: []string{"git-gitlab", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: true, }, @@ -96,7 +96,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-Random-Event", headerValue: "Push Hook", payloadFile: "gitlab-event.json", - effectedAppSets: []string{"git-gitlab"}, + effectedAppSets: []string{"git-gitlab", "plugin"}, expectedStatusCode: http.StatusBadRequest, expectedRefresh: false, }, @@ -105,7 +105,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-Random-Event", headerValue: "Push Hook", payloadFile: "invalid-event.json", - effectedAppSets: []string{"git-gitlab"}, + effectedAppSets: []string{"git-gitlab", "plugin"}, expectedStatusCode: http.StatusBadRequest, expectedRefresh: false, }, @@ -114,7 +114,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-GitHub-Event", headerValue: "pull_request", payloadFile: "github-pull-request-opened-event.json", - effectedAppSets: []string{"pull-request-github", "matrix-pull-request-github", "matrix-scm-pull-request-github", "merge-pull-request-github"}, + effectedAppSets: []string{"pull-request-github", "matrix-pull-request-github", "matrix-scm-pull-request-github", "merge-pull-request-github", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: true, }, @@ -123,7 +123,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-GitHub-Event", headerValue: "pull_request", payloadFile: "github-pull-request-assigned-event.json", - effectedAppSets: []string{"pull-request-github", "matrix-pull-request-github", "matrix-scm-pull-request-github", "merge-pull-request-github"}, + effectedAppSets: []string{"pull-request-github", "matrix-pull-request-github", "matrix-scm-pull-request-github", "merge-pull-request-github", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: false, }, @@ -132,7 +132,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-Gitlab-Event", headerValue: "Merge Request Hook", payloadFile: "gitlab-merge-request-open-event.json", - effectedAppSets: []string{"pull-request-gitlab"}, + effectedAppSets: []string{"pull-request-gitlab", "plugin", "matrix-pull-request-github-plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: true, }, @@ -141,7 +141,7 @@ func TestWebhookHandler(t *testing.T) { headerKey: "X-Gitlab-Event", headerValue: "Merge Request Hook", payloadFile: "gitlab-merge-request-approval-event.json", - effectedAppSets: []string{"pull-request-gitlab"}, + effectedAppSets: []string{"pull-request-gitlab", "plugin"}, expectedStatusCode: http.StatusOK, expectedRefresh: false, }, @@ -162,11 +162,13 @@ func TestWebhookHandler(t *testing.T) { fakeAppWithGitGenerator("git-gitlab", namespace, "https://gitlab/group/name"), fakeAppWithGithubPullRequestGenerator("pull-request-github", namespace, "Codertocat", "Hello-World"), fakeAppWithGitlabPullRequestGenerator("pull-request-gitlab", namespace, "100500"), + fakeAppWithPluginGenerator("plugin", namespace), fakeAppWithMatrixAndGitGenerator("matrix-git-github", namespace, "https://github.com/org/repo"), fakeAppWithMatrixAndPullRequestGenerator("matrix-pull-request-github", namespace, "Codertocat", "Hello-World"), fakeAppWithMatrixAndScmWithGitGenerator("matrix-scm-git-github", namespace, "org"), fakeAppWithMatrixAndScmWithPullRequestGenerator("matrix-scm-pull-request-github", namespace, "Codertocat"), fakeAppWithMatrixAndNestedGitGenerator("matrix-nested-git-github", namespace, "https://github.com/org/repo"), + fakeAppWithMatrixAndPullRequestGeneratorWithPluginGenerator("matrix-pull-request-github-plugin", namespace, "Codertocat", "Hello-World", "plugin-cm"), fakeAppWithMergeAndGitGenerator("merge-git-github", namespace, "https://github.com/org/repo"), fakeAppWithMergeAndPullRequestGenerator("merge-pull-request-github", namespace, "Codertocat", "Hello-World"), fakeAppWithMergeAndNestedGitGenerator("merge-nested-git-github", namespace, "https://github.com/org/repo"), @@ -214,6 +216,7 @@ func mockGenerators() map[string]generators.Generator { // generatorMockList := generatorMock{} generatorMockGit := &generatorMock{} generatorMockPR := &generatorMock{} + generatorMockPlugin := &generatorMock{} mockSCMProvider := &scm_provider.MockProvider{ Repos: []*scm_provider.Repository{ { @@ -239,6 +242,7 @@ func mockGenerators() map[string]generators.Generator { "Git": generatorMockGit, "SCMProvider": generatorMockSCM, "PullRequest": generatorMockPR, + "Plugin": generatorMockPlugin, } nestedGenerators := map[string]generators.Generator{ @@ -246,6 +250,7 @@ func mockGenerators() map[string]generators.Generator { "Git": terminalMockGenerators["Git"], "SCMProvider": terminalMockGenerators["SCMProvider"], "PullRequest": terminalMockGenerators["PullRequest"], + "Plugin": terminalMockGenerators["Plugin"], "Matrix": generators.NewMatrixGenerator(terminalMockGenerators), "Merge": generators.NewMergeGenerator(terminalMockGenerators), } @@ -255,6 +260,7 @@ func mockGenerators() map[string]generators.Generator { "Git": terminalMockGenerators["Git"], "SCMProvider": terminalMockGenerators["SCMProvider"], "PullRequest": terminalMockGenerators["PullRequest"], + "Plugin": terminalMockGenerators["Plugin"], "Matrix": generators.NewMatrixGenerator(nestedGenerators), "Merge": generators.NewMergeGenerator(nestedGenerators), } @@ -592,6 +598,60 @@ func fakeAppWithMergeAndNestedGitGenerator(name, namespace, repo string) *v1alph } } +func fakeAppWithPluginGenerator(name, namespace string) *v1alpha1.ApplicationSet { + return &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + { + Plugin: &v1alpha1.PluginGenerator{ + ConfigMapRef: v1alpha1.PluginConfigMapRef{ + Name: "test", + }, + }, + }, + }, + }, + } +} + +func fakeAppWithMatrixAndPullRequestGeneratorWithPluginGenerator(name, namespace, owner, repo, configmapName string) *v1alpha1.ApplicationSet { + return &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + { + Matrix: &v1alpha1.MatrixGenerator{ + Generators: []v1alpha1.ApplicationSetNestedGenerator{ + { + PullRequest: &v1alpha1.PullRequestGenerator{ + Github: &v1alpha1.PullRequestGeneratorGithub{ + Owner: owner, + Repo: repo, + }, + }, + }, + { + Plugin: &v1alpha1.PluginGenerator{ + ConfigMapRef: v1alpha1.PluginConfigMapRef{ + Name: configmapName, + }, + }, + }, + }, + }, + }, + }, + }, + } +} + func newFakeClient(ns string) *kubefake.Clientset { s := runtime.NewScheme() s.AddKnownTypes(v1alpha1.SchemeGroupVersion, &v1alpha1.ApplicationSet{}) diff --git a/assets/swagger.json b/assets/swagger.json index 1383eb156cc5e..1426ed3f713cd 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -5848,6 +5848,9 @@ "merge": { "$ref": "#/definitions/v1alpha1MergeGenerator" }, + "plugin": { + "$ref": "#/definitions/v1alpha1PluginGenerator" + }, "pullRequest": { "$ref": "#/definitions/v1alpha1PullRequestGenerator" }, @@ -5896,6 +5899,9 @@ "merge": { "$ref": "#/definitions/v1JSON" }, + "plugin": { + "$ref": "#/definitions/v1alpha1PluginGenerator" + }, "pullRequest": { "$ref": "#/definitions/v1alpha1PullRequestGenerator" }, @@ -7313,6 +7319,54 @@ } } }, + "v1alpha1PluginConfigMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string", + "title": "Name of the ConfigMap" + } + } + }, + "v1alpha1PluginGenerator": { + "description": "PluginGenerator defines connection info specific to Plugin.", + "type": "object", + "properties": { + "configMapRef": { + "$ref": "#/definitions/v1alpha1PluginConfigMapRef" + }, + "input": { + "$ref": "#/definitions/v1alpha1PluginInput" + }, + "requeueAfterSeconds": { + "description": "RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again.", + "type": "string", + "format": "int64" + }, + "template": { + "$ref": "#/definitions/v1alpha1ApplicationSetTemplate" + }, + "values": { + "description": "Values contains key/value pairs which are passed directly as parameters to the template. These values will not be\nsent as parameters to the plugin.", + "type": "object", + "additionalProperties": { + "type": "string" + } + } + } + }, + "v1alpha1PluginInput": { + "type": "object", + "properties": { + "parameters": { + "description": "Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the\nvalues can be any type.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/v1JSON" + } + } + } + }, "v1alpha1ProjectRole": { "type": "object", "title": "ProjectRole represents a role that has access to a project", diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go index eae22d7907014..69b8d9ab0d57c 100644 --- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go +++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go @@ -152,6 +152,7 @@ func NewCommand() *cobra.Command { "SCMProvider": generators.NewSCMProviderGenerator(mgr.GetClient(), scmAuth), "ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace), "PullRequest": generators.NewPullRequestGenerator(mgr.GetClient(), scmAuth), + "Plugin": generators.NewPluginGenerator(mgr.GetClient(), ctx, k8sClient, namespace), } nestedGenerators := map[string]generators.Generator{ @@ -161,6 +162,7 @@ func NewCommand() *cobra.Command { "SCMProvider": terminalGenerators["SCMProvider"], "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], "PullRequest": terminalGenerators["PullRequest"], + "Plugin": terminalGenerators["Plugin"], "Matrix": generators.NewMatrixGenerator(terminalGenerators), "Merge": generators.NewMergeGenerator(terminalGenerators), } @@ -172,6 +174,7 @@ func NewCommand() *cobra.Command { "SCMProvider": terminalGenerators["SCMProvider"], "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], "PullRequest": terminalGenerators["PullRequest"], + "Plugin": terminalGenerators["Plugin"], "Matrix": generators.NewMatrixGenerator(nestedGenerators), "Merge": generators.NewMergeGenerator(nestedGenerators), } diff --git a/docs/operator-manual/applicationset/Generators-Plugin.md b/docs/operator-manual/applicationset/Generators-Plugin.md new file mode 100644 index 0000000000000..187ec255fc446 --- /dev/null +++ b/docs/operator-manual/applicationset/Generators-Plugin.md @@ -0,0 +1,341 @@ +# Plugin Generator + +Plugins allow you to provide your own generator. + +- You can write in any language +- Simple: a plugin just responds to RPC HTTP requests. +- You can use it in a sidecar, or standalone deployment. +- You can get your plugin running today, no need to wait 3-5 months for review, approval, merge and an Argo software + release. +- You can combine it with Matrix or Merge. + +To start working on your own plugin, you can generate a new repository based on the example +[applicationset-hello-plugin](https://github.com/argoproj-labs/applicationset-hello-plugin). + +## Simple example + +Using a generator plugin without combining it with Matrix or Merge. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: myplugin +spec: + generators: + - plugin: + # Specify the configMap where the plugin configuration is located. + configMapRef: + name: my-plugin + # You can pass arbitrary parameters to the plugin. `input.parameters` is a map, but values may be any type. + # These parameters will also be available on the generator's output under the `generator.input.parameters` key. + input: + parameters: + key1: "value1" + key2: "value2" + list: ["list", "of", "values"] + boolean: true + map: + key1: "value1" + key2: "value2" + key3: "value3" + + # You can also attach arbitrary values to the generator's output under the `values` key. These values will be + # available in templates under the `values` key. + values: + value1: something + + # When using a Plugin generator, the ApplicationSet controller polls every `requeueAfterSeconds` interval (defaulting to every 30 minutes) to detect changes. + requeueAfterSeconds: 30 + template: + metadata: + name: myplugin + annotations: + example.from.input.parameters: "{{ generator.input.parameters.map.key1 }}" + example.from.values: "{{ values.value1 }}" + # The plugin determines what else it produces. + example.from.plugin.output: "{{ something.from.the.plugin }}" +``` + +- `configMapRef.name`: A `ConfigMap` name containing the plugin configuration to use for RPC call. +- `input.parameters`: Input parameters included in the RPC call to the plugin. (Optional) + +!!! note + The concept of the plugin should not undermine the spirit of GitOps by externalizing data outside of Git. The goal is to be complementary in specific contexts. + For example, when using one of the PullRequest generators, it's impossible to retrieve parameters related to the CI (only the commit hash is available), which limits the possibilities. By using a plugin, it's possible to retrieve the necessary parameters from a separate data source and use them to extend the functionality of the generator. + +### Add a ConfigMap to configure the access of the plugin + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-plugin + namespace: argocd +data: + token: "$plugin.myplugin.token" # Alternatively $:plugin.myplugin.token + baseUrl: "http://myplugin.plugin-ns.svc.cluster.local." +``` + +- `token`: Pre-shared token used to authenticate HTTP request (points to the right key you created in the `argocd-secret` Secret) +- `baseUrl`: BaseUrl of the k8s service exposing your plugin in the cluster. + +### Store credentials + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret + namespace: argocd + labels: + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd +type: Opaque +data: + # ... + # The secret value must be base64 encoded **once** + # this value corresponds to: `printf "strong-password" | base64` + plugin.myplugin.token: "c3Ryb25nLXBhc3N3b3Jk" + # ... +``` + +#### Alternative + +If you want to store sensitive data in **another** Kubernetes `Secret`, instead of `argocd-secret`, ArgoCD knows how to check the keys under `data` in your Kubernetes `Secret` for a corresponding key whenever a value in a configmap starts with `$`, then your Kubernetes `Secret` name and `:` (colon) followed by the key name. + +Syntax: `$:` + +> NOTE: Secret must have label `app.kubernetes.io/part-of: argocd` + +##### Example + +`another-secret`: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: another-secret + namespace: argocd + labels: + app.kubernetes.io/part-of: argocd +type: Opaque +data: + # ... + # Store client secret like below. + # Ensure the secret is base64 encoded + plugin.myplugin.token: + # ... +``` + +### HTTP server + +#### A Simple Python Plugin + +You can deploy it either as a sidecar or as a standalone deployment (the latter is recommended). + +In the example, the token is stored in a file at this location : `/var/run/argo/token` + +``` +string-password +``` + +```python +import json +from http.server import BaseHTTPRequestHandler, HTTPServer + +with open("/var/run/argo/token") as f: + plugin_token = f.read().strip() + + +class Plugin(BaseHTTPRequestHandler): + + def args(self): + return json.loads(self.rfile.read(int(self.headers.get('Content-Length')))) + + def reply(self, reply): + self.send_response(200) + self.end_headers() + self.wfile.write(json.dumps(reply).encode("UTF-8")) + + def forbidden(self): + self.send_response(403) + self.end_headers() + + def unsupported(self): + self.send_response(404) + self.end_headers() + + def do_POST(self): + if self.headers.get("Authorization") != "Bearer " + plugin_token: + self.forbidden() + + if self.path == '/api/v1/getparams.execute': + args = self.args() + self.reply({ + "output": { + "parameters": [ + { + "key1": "val1", + "key2": "val2" + }, + { + "key1": "val2", + "key2": "val2" + } + ] + } + }) + else: + self.unsupported() + + +if __name__ == '__main__': + httpd = HTTPServer(('', 4355), Plugin) + httpd.serve_forever() +``` + +Execute getparams with curl : + +``` +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ +'{ + "applicationSetName": "fake-appset", + "input": { + "parameters": { + "param1": "value1" + } + } +}' +``` + +Some things to note here: + +- You only need to implement the calls `/api/v1/getparams.execute` +- You should check that the `Authorization` header contains the same bearer value as `/var/run/argo/token`. Return 403 if not +- The input parameters are included in the request body and can be accessed using the `input.parameters` variable. +- The output must always be a list of object maps nested under the `output.parameters` key in a map. +- `generator.input.parameters` and `values` are reserved keys. If present in the plugin output, these keys will be overwritten by the + contents of the `input.parameters` and `values` keys in the ApplicationSet's plugin generator spec. + +## With matrix and pull request example + +In the following example, the plugin implementation is returning a set of image digests for the given branch. The returned list contains only one item correspondng to the latest builded image for the branch. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: fb-matrix +spec: + goTemplate: true + generators: + - matrix: + generators: + - pullRequest: + github: ... + requeueAfterSeconds: 30 + - plugin: + configMapRef: + name: cm-plugin + input: + parameters: + branch: "{{.branch}}" # provided by generator pull request + values: + branchLink: "https://git.example.com/org/repo/tree/{{.branch}}" + template: + metadata: + name: "fb-matrix-{{.branch}}" + spec: + source: + repoURL: "https://github.com/myorg/myrepo.git" + targetRevision: "HEAD" + path: charts/my-chart + helm: + releaseName: fb-matrix-{{.branch}} + valueFiles: + - values.yaml + values: | + front: + image: myregistry:{{.branch}}@{{ .digestFront }} # digestFront is generated by the plugin + back: + image: myregistry:{{.branch}}@{{ .digestBack }} # digestBack is generated by the plugin + project: default + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + destination: + server: https://kubernetes.default.svc + namespace: "{{.branch}}" + info: + - name: Link to the Application's branch + value: "{{values.branchLink}}" +``` + +To illustrate : + +- The generator pullRequest would return, for example, 2 branches: `feature-branch-1` and `feature-branch-2`. + +- The generator plugin would then perform 2 requests as follows : + +```shell +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ +'{ + "applicationSetName": "fb-matrix", + "input": { + "parameters": { + "branch": "feature-branch-1" + } + } +}' +``` + +Then, + +```shell +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ +'{ + "applicationSetName": "fb-matrix", + "input": { + "parameters": { + "branch": "feature-branch-2" + } + } +}' +``` + +For each call, it would return a unique result such as : + +```json +{ + "output": { + "parameters": [ + { + "digestFront": "sha256:a3f18c17771cc1051b790b453a0217b585723b37f14b413ad7c5b12d4534d411", + "digestBack": "sha256:4411417d614d5b1b479933b7420079671facd434fd42db196dc1f4cc55ba13ce" + } + ] + } +} +``` + +Then, + +```json +{ + "output": { + "parameters": [ + { + "digestFront": "sha256:7c20b927946805124f67a0cb8848a8fb1344d16b4d0425d63aaa3f2427c20497", + "digestBack": "sha256:e55e7e40700bbab9e542aba56c593cb87d680cefdfba3dd2ab9cfcb27ec384c2" + } + ] + } +} +``` + +In this example, by combining the two, you ensure that one or more pull requests are available and that the generated tag has been properly generated. This wouldn't have been possible with just a commit hash because a hash alone does not certify the success of the build. diff --git a/docs/operator-manual/applicationset/Generators.md b/docs/operator-manual/applicationset/Generators.md index 5c162463d6e89..4a2982c740aa7 100644 --- a/docs/operator-manual/applicationset/Generators.md +++ b/docs/operator-manual/applicationset/Generators.md @@ -4,7 +4,7 @@ Generators are responsible for generating *parameters*, which are then rendered Generators are primarily based on the data source that they use to generate the template parameters. For example: the List generator provides a set of parameters from a *literal list*, the Cluster generator uses the *Argo CD cluster list* as a source, the Git generator uses files/directories from a *Git repository*, and so. -As of this writing there are eight generators: +As of this writing there are nine generators: - [List generator](Generators-List.md): The List generator allows you to target Argo CD Applications to clusters based on a fixed list of cluster name/URL values. - [Cluster generator](Generators-Cluster.md): The Cluster generator allows you to target Argo CD Applications to clusters, based on the list of clusters defined within (and managed by) Argo CD (which includes automatically responding to cluster addition/removal events from Argo CD). @@ -14,6 +14,7 @@ As of this writing there are eight generators: - [SCM Provider generator](Generators-SCM-Provider.md): The SCM Provider generator uses the API of an SCM provider (eg GitHub) to automatically discover repositories within an organization. - [Pull Request generator](Generators-Pull-Request.md): The Pull Request generator uses the API of an SCMaaS provider (eg GitHub) to automatically discover open pull requests within an repository. - [Cluster Decision Resource generator](Generators-Cluster-Decision-Resource.md): The Cluster Decision Resource generator is used to interface with Kubernetes custom resources that use custom resource-specific logic to decide which set of Argo CD clusters to deploy to. +- [Plugin generator](Generators-Plugin.md): The Plugin generator make RPC HTTP request to provide parameters. All generators can be filtered by using the [Post Selector](Generators-Post-Selector.md) diff --git a/docs/proposals/applicationset-plugin-generator.md b/docs/proposals/applicationset-plugin-generator.md new file mode 100644 index 0000000000000..6a3b2ec484c8a --- /dev/null +++ b/docs/proposals/applicationset-plugin-generator.md @@ -0,0 +1,216 @@ +--- +title: applicationset-plugin-generator +authors: + - "@binboum" + - "@scrocquesel" +sponsors: + - TBD +reviewers: + - TBD +approvers: + - "@alexmt" + - TBD + +creation-date: 2022-03-21 +last-updated: 2022-03-21 +--- + +# ApplicationSet `plugin` generator + +Provide a generator that request its values through a RPC call. + +## Summary + +ApplicationSet generators are useful for modeling templates using external data sources to deploy applications. + +Today, generators have been developed based on the needs of the community, and when a new need arises, it's necessary to modify the Appset codebase. + +The proposal here is to have a "plugin" generator that would allow extending the codebase according to specific needs, without having to modify it directly. + +## Motivation + +Using the current generators, we sometimes encounter a need that arises, which may or may not be useful for the community. In such cases, several procedures need to be undertaken to make the modification, and sometimes it may be rejected because it's not in everyone's interest. + +The plugin approach also reduces the burden on community developers by externalizing feature requests into plugins that are outside the Appset controller's scope. From a security and scalability perspective, this can be advantageous. + +With this approach, it becomes possible to offer a catalog of plugins and encourage people with specific needs to develop standalone plugins that are independent of the controller's codebase. + +### Goals + +Empowering community developers to develop and use plugins that extend the list of generators can be a significant advantage. It would be possible to offer a page listing plugins maintained by the community, which can help promote the development of a rich ecosystem of plugins for various use cases. This can enhance the overall user experience by providing more options for generating application templates. + +Additionally, allowing developers to create plugins and share them with the community can foster innovation and encourage experimentation with new features and functionalities. It can also reduce the workload on the Appset development team, enabling them to focus on core features and functionalities. + +Overall, giving autonomy to community developers through plugins is a practical way to enhance the Appset platform and provide more value to users. + +### Non-Goals + +The concept of the plugin should not undermine the spirit of GitOps by externalizing data outside of Git. The goal is to be complementary in specific contexts. + +For example, when using one of the PullRequest generators, it's impossible to retrieve parameters related to the CI (only the commit hash is available), which limits the possibilities. By using a plugin, it's possible to retrieve the necessary parameters from a separate data source and use them to extend the functionality of the generator. This approach allows for greater flexibility and can help overcome limitations imposed by GitOps. + +Overall, the use of plugins should be considered as a way to enhance the capabilities of existing tools and processes rather than as a replacement for them. By leveraging plugins, developers can take advantage of the strengths of different tools and technologies, resulting in a more robust and flexible development process. + +## Proposal + +### Add a new `generator` plugin + +``` +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: fb-plugin + namespace: argo-system +spec: + generators: + - plugin: + configMapRef: fb-plugin + name: feature-branch-plugin + params: + repo: "my-repo" + branch: "my-branch" + requeueAfterSeconds: 10 + template: +... +``` + +### Add a configMap to configure the plugin + +The configMap name must match the configMapRef value in the plugin configuration. The configMap must be in the namespace of argo. + +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: fb-plugin + namespace: argo-system +data: + token: $plugin.myplugin.token # Alternatively $:plugin.myplugin.token + baseUrl: http://myplugin.plugin.svc.cluster.local +``` + +- token is used a a bearer token in the RPC request. It could be a [sensitive reference](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets). + +### Reconciliation logic + +Here is a diagram describing what the plugin generator should do to get the params to return: + +```mermaid +sequenceDiagram + alt generator is plugin + Generator->>K8S: Get configmap {configMapRef} + K8S-->>Generator: (url,token) + Generator->>Plugin endpoint: POST {url}/v1/generator.getParams
    Authorization: Bearer {token}
    Content-Type: application/json
    {params} + Plugin endpoint-->>Generator: []map{string}interface{} + end +``` + + +### Use cases + +#### Use case 1: +As a user, I would like to enrich PullRequest generator params with digests of images generated by the pull request CI pipeline. + +I could define a generator matrix like + +```yaml + generators: + - matrix: + generators: + - pullRequest: + github: + owner: binboum + repo: argo-test + labels: + - preview-matrix + tokenRef: + secretName: github-secret + key: token + - plugin: + configMapRef: cm-plugin + name: plugin-matrix + params: + repo: "argo-test" + branch: "{{.branch}}" +``` + +When pullRequest returns a new PR matching my labels, the plugin will be called with the branch name and would return a set of digests like + +```json +[ + { + "digestFront": "xxxxxxxx", + "digestBack": "xxxxxxxx", + } +] +``` + +Values can then be used in the template section : + +```yaml + template: + metadata: + name: "fb-matrix-{{.branch}}" + spec: + source: + repoURL: "git@github.com:binboum/argo-test.git" + targetRevision: "HEAD" + path: charts/app-client + helm: + releaseName: feature-test-matrix-{{.branch}} + valueFiles: + - values.yaml + values: | + front: + image: registry.my/argo-test/front:{{.branch}}@{{ .digestFront }} + back: + image: registry.my/argo-test/back:{{.branch}}@{{ .digestBack }} + destination: + server: https://kubernetes.default.svc + namespace: "{{.branch}}" +``` + +### Detailed examples + +### Security Considerations + +* Plugin server only has access to the params content. When deployed outside of the applicationset controller pod, operator must ensure the communication between applicationset controller and the plugin server is properly secured (https/network policy...). A few authentication mechanism are handled to help the plugin server authenticate the request. +* For now, the response payload is considered trusted and returned params are used as-is upstream + +### Risks and Mitigations + +TBD + +### Upgrade / Downgrade Strategy + +On the evolution of the plugin, and calls : + +The RPC method is standardized with a versioning system, which allows for a version parameter to be included in the API call. This makes it possible to avoid breaking changes in case of architecture changes in the future. + +Thought that the contract interface with the plugin server is kept simple to reduce future changes and breaking changes + +## Drawbacks + +No idea + +## Alternatives + +1. A design similar to Argo Workflow executor plugin : + + ``` + generators: + - plugin: + hello: {} + ``` + + A set of ConfigMaps or a specific CRDs to express configuration of the plugin endpoint would be walk by ApplicationSet server. For each configuration, call the plugin endpoint with the content of plugin until one return a valid response. + + Reconciliation should be fast as fast as possible and trying out every endpoint to figure out which one is able to handle the plugin payload could induce a lot of delay. + + Configuration rely on implicit and weakly typed convention which make the usage of the plugin less self documented. + +2. Plugin server as defacto sidecars + + Some magic could have inject a container image for the plugin in the ApplicationSet controller in a similar way, Argo Workflow does when creating a pod to execute a job. + + Require an external controler or manual configuration. The plugin would not scale independently of the ApplicationSet controller. \ No newline at end of file diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 6f794a470f730..1668aef487445 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -8491,125 +8491,21 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true - pullRequest: + plugin: properties: - bitbucketServer: - properties: - api: - type: string - basicAuth: - properties: - passwordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - username: - type: string - required: - - passwordRef - - username - type: object - project: - type: string - repo: - type: string - required: - - api - - project - - repo - type: object - filters: - items: - properties: - branchMatch: - type: string - targetBranchMatch: - type: string - type: object - type: array - gitea: - properties: - api: - type: string - insecure: - type: boolean - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - api - - owner - - repo - type: object - github: + configMapRef: properties: - api: - type: string - appSecretName: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: + name: type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object required: - - owner - - repo + - name type: object - gitlab: + input: properties: - api: - type: string - labels: - items: - type: string - type: array - project: - type: string - pullRequestState: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true type: object - required: - - project type: object requeueAfterSeconds: format: int64 @@ -9095,81 +8991,17 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef type: object - scmProvider: + pullRequest: properties: - awsCodeCommit: - properties: - allBranches: - type: boolean - region: - type: string - role: - type: string - tagFilters: - items: - properties: - key: - type: string - value: - type: string - required: - - key - type: object - type: array - type: object - azureDevOps: - properties: - accessTokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - allBranches: - type: boolean - api: - type: string - organization: - type: string - teamProject: - type: string - required: - - accessTokenRef - - organization - - teamProject - type: object - bitbucket: - properties: - allBranches: - type: boolean - appPasswordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - owner: - type: string - user: - type: string - required: - - appPasswordRef - - owner - - user - type: object bitbucketServer: properties: - allBranches: - type: boolean api: type: string basicAuth: @@ -9192,41 +9024,32 @@ spec: type: object project: type: string + repo: + type: string required: - api - project + - repo type: object - cloneProtocol: - type: string filters: items: properties: branchMatch: type: string - labelMatch: - type: string - pathsDoNotExist: - items: - type: string - type: array - pathsExist: - items: - type: string - type: array - repositoryMatch: + targetBranchMatch: type: string type: object type: array gitea: properties: - allBranches: - type: boolean api: type: string insecure: type: boolean owner: type: string + repo: + type: string tokenRef: properties: key: @@ -9240,16 +9063,21 @@ spec: required: - api - owner + - repo type: object github: properties: - allBranches: - type: boolean api: type: string appSecretName: type: string - organization: + labels: + items: + type: string + type: array + owner: + type: string + repo: type: string tokenRef: properties: @@ -9262,18 +9090,21 @@ spec: - secretName type: object required: - - organization + - owner + - repo type: object gitlab: properties: - allBranches: - type: boolean api: type: string - group: + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: type: string - includeSubgroups: - type: boolean tokenRef: properties: key: @@ -9285,7 +9116,7 @@ spec: - secretName type: object required: - - group + - project type: object requeueAfterSeconds: format: int64 @@ -9771,368 +9602,1044 @@ spec: - metadata - spec type: object - values: - additionalProperties: - type: string - type: object type: object - selector: + scmProvider: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: + awsCodeCommit: properties: - group: + allBranches: + type: boolean + region: type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: + role: type: string - managedFieldsManagers: + tagFilters: items: - type: string + properties: + key: + type: string + value: + type: string + required: + - key + type: object type: array - name: + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: type: string - namespace: + organization: + type: string + teamProject: type: string required: - - kind + - accessTokenRef + - organization + - teamProject type: object - type: array - info: - items: + bitbucket: properties: - name: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: type: string - value: + user: type: string required: - - name - - value + - appPasswordRef + - owner + - user type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: properties: - name: + key: type: string - path: + secretName: type: string + required: + - key + - secretName type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object + type: string type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: + pathsExist: items: type: string type: array - values: - type: string - version: + repositoryMatch: type: string type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: + secretName: type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - sources: - items: + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: properties: - chart: + allBranches: + type: boolean + api: type: string - directory: + appSecretName: + type: string + organization: + type: string + tokenRef: properties: - exclude: + key: type: string - include: + secretName: type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string type: object - recurse: - type: boolean + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string type: object - helm: + spec: properties: - fileParameters: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: items: properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array name: type: string - path: + namespace: type: string + required: + - kind type: object type: array - ignoreMissingValueFiles: - type: boolean - parameters: + info: items: properties: - forceString: - type: boolean name: type: string value: type: string + required: + - name + - value type: object type: array - passCredentials: - type: boolean - releaseName: + project: type: string - skipCrds: - type: boolean - valueFiles: + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: items: type: string type: array @@ -10161,140 +10668,658 @@ spec: items: type: string type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: items: properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true name: type: string + value: + type: string required: - - count - name + - value type: object type: array - version: + project: type: string - type: object - path: - type: string - plugin: - properties: - env: + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: items: properties: - name: + chart: type: string - value: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object - name: + ref: type: string - string: + repoURL: + type: string + targetRevision: type: string + required: + - repoURL type: object type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - type: object - required: - - metadata - - spec - type: object - required: - - generators - type: object - merge: - properties: - generators: - items: - properties: - clusterDecisionResource: + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: properties: - configMapRef: - type: string - labelSelector: + selector: properties: matchExpressions: items: @@ -10317,11 +11342,6 @@ spec: type: string type: object type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer template: properties: metadata: @@ -10807,34 +11827,38 @@ spec: additionalProperties: type: string type: object - required: - - configMapRef type: object - clusters: + git: properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + directories: + items: + properties: + exclude: + type: boolean + path: type: string - type: object - type: object + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string template: properties: metadata: @@ -11320,37 +12344,17 @@ spec: additionalProperties: type: string type: object + required: + - repoURL + - revision type: object - git: + list: properties: - directories: - items: - properties: - exclude: - type: boolean - path: - type: string - required: - - path - type: object - type: array - files: + elements: items: - properties: - path: - type: string - required: - - path - type: object + x-kubernetes-preserve-unknown-fields: true type: array - pathParamPrefix: - type: string - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: + elementsYaml: type: string template: properties: @@ -11833,22 +12837,32 @@ spec: - metadata - spec type: object - values: - additionalProperties: - type: string - type: object required: - - repoURL - - revision + - elements type: object - list: + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - elementsYaml: - type: string + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -12330,13 +13344,13 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - elements + - configMapRef type: object - matrix: - x-kubernetes-preserve-unknown-fields: true - merge: - x-kubernetes-preserve-unknown-fields: true pullRequest: properties: bitbucketServer: @@ -13163,494 +14177,998 @@ spec: properties: name: type: string - namespace: + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - server: + repoURL: type: string + targetRevision: + type: string + required: + - repoURL type: object - ignoreDifferences: + sources: items: properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: + chart: type: string - managedFieldsManagers: - items: - type: string - type: array - name: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - namespace: + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: + repoURL: type: string - value: + targetRevision: type: string required: - - name - - value + - repoURL type: object type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: + syncPolicy: properties: - chart: - type: string - directory: + automated: properties: - exclude: - type: string - include: - type: string - jsonnet: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string type: object - recurse: - type: boolean + limit: + format: int64 + type: integer type: object - helm: + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: + code: type: boolean - valueFiles: - items: - type: string - type: array - values: + name: type: string - version: + value: type: string + required: + - name + - value type: object - kustomize: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: type: string - repoURL: + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: type: string - targetRevision: + value: type: string required: - - repoURL + - name + - value type: object - sources: - items: - properties: - chart: + type: array + name: + type: string + parameters: + items: + properties: + array: + items: type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: + code: type: boolean - valueFiles: - items: - type: string - type: array - values: + name: type: string - version: + value: type: string + required: + - name + - value type: object - kustomize: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: type: string - repoURL: + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string - targetRevision: + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: type: string required: - - repoURL + - name + - value type: object type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: type: string - type: array - type: object - required: - - destination - - project + string: + type: string + type: object + type: array type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string + - repoURL type: object - type: object - selector: - properties: - matchExpressions: - items: + type: array + syncPolicy: + properties: + automated: properties: - key: - type: string - operator: - type: string - values: - items: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object + labels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - mergeKeys: - items: - type: string - type: array + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -14132,9 +15650,12 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - generators - - mergeKeys + - configMapRef type: object pullRequest: properties: diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index f783ad457f99a..5c88df5dcac2b 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -4127,125 +4127,21 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true - pullRequest: + plugin: properties: - bitbucketServer: - properties: - api: - type: string - basicAuth: - properties: - passwordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - username: - type: string - required: - - passwordRef - - username - type: object - project: - type: string - repo: - type: string - required: - - api - - project - - repo - type: object - filters: - items: - properties: - branchMatch: - type: string - targetBranchMatch: - type: string - type: object - type: array - gitea: - properties: - api: - type: string - insecure: - type: boolean - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - api - - owner - - repo - type: object - github: + configMapRef: properties: - api: - type: string - appSecretName: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: + name: type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object required: - - owner - - repo + - name type: object - gitlab: + input: properties: - api: - type: string - labels: - items: - type: string - type: array - project: - type: string - pullRequestState: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true type: object - required: - - project type: object requeueAfterSeconds: format: int64 @@ -4731,81 +4627,17 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef type: object - scmProvider: + pullRequest: properties: - awsCodeCommit: - properties: - allBranches: - type: boolean - region: - type: string - role: - type: string - tagFilters: - items: - properties: - key: - type: string - value: - type: string - required: - - key - type: object - type: array - type: object - azureDevOps: - properties: - accessTokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - allBranches: - type: boolean - api: - type: string - organization: - type: string - teamProject: - type: string - required: - - accessTokenRef - - organization - - teamProject - type: object - bitbucket: - properties: - allBranches: - type: boolean - appPasswordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - owner: - type: string - user: - type: string - required: - - appPasswordRef - - owner - - user - type: object bitbucketServer: properties: - allBranches: - type: boolean api: type: string basicAuth: @@ -4828,41 +4660,32 @@ spec: type: object project: type: string + repo: + type: string required: - api - project + - repo type: object - cloneProtocol: - type: string filters: items: properties: branchMatch: type: string - labelMatch: - type: string - pathsDoNotExist: - items: - type: string - type: array - pathsExist: - items: - type: string - type: array - repositoryMatch: + targetBranchMatch: type: string type: object type: array gitea: properties: - allBranches: - type: boolean api: type: string insecure: type: boolean owner: type: string + repo: + type: string tokenRef: properties: key: @@ -4876,16 +4699,21 @@ spec: required: - api - owner + - repo type: object github: properties: - allBranches: - type: boolean api: type: string appSecretName: type: string - organization: + labels: + items: + type: string + type: array + owner: + type: string + repo: type: string tokenRef: properties: @@ -4898,18 +4726,21 @@ spec: - secretName type: object required: - - organization + - owner + - repo type: object gitlab: properties: - allBranches: - type: boolean api: type: string - group: + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: type: string - includeSubgroups: - type: boolean tokenRef: properties: key: @@ -4921,7 +4752,7 @@ spec: - secretName type: object required: - - group + - project type: object requeueAfterSeconds: format: int64 @@ -5407,369 +5238,1045 @@ spec: - metadata - spec type: object - values: - additionalProperties: - type: string - type: object type: object - selector: + scmProvider: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: + awsCodeCommit: properties: - group: + allBranches: + type: boolean + region: type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: + role: type: string - managedFieldsManagers: + tagFilters: items: - type: string + properties: + key: + type: string + value: + type: string + required: + - key + type: object type: array - name: + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: type: string - namespace: + organization: + type: string + teamProject: type: string required: - - kind + - accessTokenRef + - organization + - teamProject type: object - type: array - info: - items: + bitbucket: properties: - name: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: type: string - value: + user: type: string required: - - name - - value + - appPasswordRef + - owner + - user type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: properties: - name: + key: type: string - path: + secretName: type: string + required: + - key + - secretName type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object + type: string type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: + pathsExist: items: type: string type: array - values: - type: string - version: + repositoryMatch: type: string type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: + secretName: type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - sources: - items: + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: properties: - chart: + allBranches: + type: boolean + api: type: string - directory: + appSecretName: + type: string + organization: + type: string + tokenRef: properties: - exclude: + key: type: string - include: + secretName: type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string type: object - recurse: - type: boolean + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string type: object - helm: + spec: properties: - fileParameters: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: items: properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array name: type: string - path: + namespace: type: string + required: + - kind type: object type: array - ignoreMissingValueFiles: - type: boolean - parameters: + info: items: properties: - forceString: - type: boolean name: type: string value: type: string + required: + - name + - value type: object type: array - passCredentials: - type: boolean - releaseName: + project: type: string - skipCrds: - type: boolean - valueFiles: - items: + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: type: string type: array values: @@ -5797,140 +6304,658 @@ spec: items: type: string type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: items: properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true name: type: string + value: + type: string required: - - count - name + - value type: object type: array - version: + project: type: string - type: object - path: - type: string - plugin: - properties: - env: + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: items: properties: - name: + chart: type: string - value: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object - name: + ref: type: string - string: + repoURL: + type: string + targetRevision: type: string + required: + - repoURL type: object type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - type: object - required: - - metadata - - spec - type: object - required: - - generators - type: object - merge: - properties: - generators: - items: - properties: - clusterDecisionResource: + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: properties: - configMapRef: - type: string - labelSelector: + selector: properties: matchExpressions: items: @@ -5953,11 +6978,6 @@ spec: type: string type: object type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer template: properties: metadata: @@ -6443,34 +7463,38 @@ spec: additionalProperties: type: string type: object - required: - - configMapRef type: object - clusters: + git: properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + directories: + items: + properties: + exclude: + type: boolean + path: type: string - type: object - type: object + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string template: properties: metadata: @@ -6956,37 +7980,17 @@ spec: additionalProperties: type: string type: object + required: + - repoURL + - revision type: object - git: + list: properties: - directories: - items: - properties: - exclude: - type: boolean - path: - type: string - required: - - path - type: object - type: array - files: + elements: items: - properties: - path: - type: string - required: - - path - type: object + x-kubernetes-preserve-unknown-fields: true type: array - pathParamPrefix: - type: string - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: + elementsYaml: type: string template: properties: @@ -7469,22 +8473,32 @@ spec: - metadata - spec type: object - values: - additionalProperties: - type: string - type: object required: - - repoURL - - revision + - elements type: object - list: + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - elementsYaml: - type: string + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -7966,13 +8980,13 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - elements + - configMapRef type: object - matrix: - x-kubernetes-preserve-unknown-fields: true - merge: - x-kubernetes-preserve-unknown-fields: true pullRequest: properties: bitbucketServer: @@ -8799,494 +9813,998 @@ spec: properties: name: type: string - namespace: + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - server: + repoURL: + type: string + targetRevision: type: string + required: + - repoURL type: object - ignoreDifferences: + sources: items: properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: + chart: type: string - managedFieldsManagers: - items: - type: string - type: array - name: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - namespace: + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: + repoURL: type: string - value: + targetRevision: type: string required: - - name - - value + - repoURL type: object type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: + syncPolicy: properties: - chart: - type: string - directory: + automated: properties: - exclude: - type: string - include: - type: string - jsonnet: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string type: object - recurse: - type: boolean + limit: + format: int64 + type: integer type: object - helm: + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: + code: type: boolean - valueFiles: - items: - type: string - type: array - values: + name: type: string - version: + value: type: string + required: + - name + - value type: object - kustomize: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: type: string - repoURL: + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: type: string - targetRevision: + value: type: string required: - - repoURL + - name + - value type: object - sources: - items: - properties: - chart: + type: array + name: + type: string + parameters: + items: + properties: + array: + items: type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: + code: type: boolean - valueFiles: - items: - type: string - type: array - values: + name: type: string - version: + value: type: string + required: + - name + - value type: object - kustomize: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: type: string - repoURL: + value: type: string - targetRevision: + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string required: - - repoURL + - count + - name type: object type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: type: string - type: array - type: object - required: - - destination - - project + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string + - repoURL type: object - type: object - selector: - properties: - matchExpressions: - items: + type: array + syncPolicy: + properties: + automated: properties: - key: - type: string - operator: - type: string - values: - items: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object + labels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - mergeKeys: - items: - type: string - type: array + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -9768,9 +11286,12 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - generators - - mergeKeys + - configMapRef type: object pullRequest: properties: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index d4ddf0ba213a3..80ad0036798ef 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -8491,125 +8491,21 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true - pullRequest: + plugin: properties: - bitbucketServer: - properties: - api: - type: string - basicAuth: - properties: - passwordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - username: - type: string - required: - - passwordRef - - username - type: object - project: - type: string - repo: - type: string - required: - - api - - project - - repo - type: object - filters: - items: - properties: - branchMatch: - type: string - targetBranchMatch: - type: string - type: object - type: array - gitea: - properties: - api: - type: string - insecure: - type: boolean - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - api - - owner - - repo - type: object - github: + configMapRef: properties: - api: - type: string - appSecretName: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: + name: type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object required: - - owner - - repo + - name type: object - gitlab: + input: properties: - api: - type: string - labels: - items: - type: string - type: array - project: - type: string - pullRequestState: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true type: object - required: - - project type: object requeueAfterSeconds: format: int64 @@ -9095,81 +8991,17 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef type: object - scmProvider: + pullRequest: properties: - awsCodeCommit: - properties: - allBranches: - type: boolean - region: - type: string - role: - type: string - tagFilters: - items: - properties: - key: - type: string - value: - type: string - required: - - key - type: object - type: array - type: object - azureDevOps: - properties: - accessTokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - allBranches: - type: boolean - api: - type: string - organization: - type: string - teamProject: - type: string - required: - - accessTokenRef - - organization - - teamProject - type: object - bitbucket: - properties: - allBranches: - type: boolean - appPasswordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - owner: - type: string - user: - type: string - required: - - appPasswordRef - - owner - - user - type: object bitbucketServer: properties: - allBranches: - type: boolean api: type: string basicAuth: @@ -9192,41 +9024,32 @@ spec: type: object project: type: string + repo: + type: string required: - api - project + - repo type: object - cloneProtocol: - type: string filters: items: properties: branchMatch: type: string - labelMatch: - type: string - pathsDoNotExist: - items: - type: string - type: array - pathsExist: - items: - type: string - type: array - repositoryMatch: + targetBranchMatch: type: string type: object type: array gitea: properties: - allBranches: - type: boolean api: type: string insecure: type: boolean owner: type: string + repo: + type: string tokenRef: properties: key: @@ -9240,16 +9063,21 @@ spec: required: - api - owner + - repo type: object github: properties: - allBranches: - type: boolean api: type: string appSecretName: type: string - organization: + labels: + items: + type: string + type: array + owner: + type: string + repo: type: string tokenRef: properties: @@ -9262,18 +9090,21 @@ spec: - secretName type: object required: - - organization + - owner + - repo type: object gitlab: properties: - allBranches: - type: boolean api: type: string - group: + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: type: string - includeSubgroups: - type: boolean tokenRef: properties: key: @@ -9285,7 +9116,7 @@ spec: - secretName type: object required: - - group + - project type: object requeueAfterSeconds: format: int64 @@ -9771,368 +9602,1044 @@ spec: - metadata - spec type: object - values: - additionalProperties: - type: string - type: object type: object - selector: + scmProvider: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: + awsCodeCommit: properties: - group: + allBranches: + type: boolean + region: type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: + role: type: string - managedFieldsManagers: + tagFilters: items: - type: string + properties: + key: + type: string + value: + type: string + required: + - key + type: object type: array - name: + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: type: string - namespace: + organization: + type: string + teamProject: type: string required: - - kind + - accessTokenRef + - organization + - teamProject type: object - type: array - info: - items: + bitbucket: properties: - name: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: type: string - value: + user: type: string required: - - name - - value + - appPasswordRef + - owner + - user type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: properties: - name: + key: type: string - path: + secretName: type: string + required: + - key + - secretName type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object + type: string type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: + pathsExist: items: type: string type: array - values: - type: string - version: + repositoryMatch: type: string type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: + secretName: type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - sources: - items: + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: properties: - chart: + allBranches: + type: boolean + api: type: string - directory: + appSecretName: + type: string + organization: + type: string + tokenRef: properties: - exclude: + key: type: string - include: + secretName: type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string type: object - recurse: - type: boolean + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string type: object - helm: + spec: properties: - fileParameters: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: items: properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array name: type: string - path: + namespace: type: string + required: + - kind type: object type: array - ignoreMissingValueFiles: - type: boolean - parameters: + info: items: properties: - forceString: - type: boolean name: type: string value: type: string + required: + - name + - value type: object type: array - passCredentials: - type: boolean - releaseName: + project: type: string - skipCrds: - type: boolean - valueFiles: + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: items: type: string type: array @@ -10161,140 +10668,658 @@ spec: items: type: string type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: items: properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true name: type: string + value: + type: string required: - - count - name + - value type: object type: array - version: + project: type: string - type: object - path: - type: string - plugin: - properties: - env: + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: items: properties: - name: + chart: type: string - value: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object - name: + ref: type: string - string: + repoURL: + type: string + targetRevision: type: string + required: + - repoURL type: object type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - type: object - required: - - metadata - - spec - type: object - required: - - generators - type: object - merge: - properties: - generators: - items: - properties: - clusterDecisionResource: + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: properties: - configMapRef: - type: string - labelSelector: + selector: properties: matchExpressions: items: @@ -10317,11 +11342,6 @@ spec: type: string type: object type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer template: properties: metadata: @@ -10807,34 +11827,38 @@ spec: additionalProperties: type: string type: object - required: - - configMapRef type: object - clusters: + git: properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + directories: + items: + properties: + exclude: + type: boolean + path: type: string - type: object - type: object + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string template: properties: metadata: @@ -11320,37 +12344,17 @@ spec: additionalProperties: type: string type: object + required: + - repoURL + - revision type: object - git: + list: properties: - directories: - items: - properties: - exclude: - type: boolean - path: - type: string - required: - - path - type: object - type: array - files: + elements: items: - properties: - path: - type: string - required: - - path - type: object + x-kubernetes-preserve-unknown-fields: true type: array - pathParamPrefix: - type: string - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: + elementsYaml: type: string template: properties: @@ -11833,22 +12837,32 @@ spec: - metadata - spec type: object - values: - additionalProperties: - type: string - type: object required: - - repoURL - - revision + - elements type: object - list: + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - elementsYaml: - type: string + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -12330,13 +13344,13 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - elements + - configMapRef type: object - matrix: - x-kubernetes-preserve-unknown-fields: true - merge: - x-kubernetes-preserve-unknown-fields: true pullRequest: properties: bitbucketServer: @@ -13163,494 +14177,998 @@ spec: properties: name: type: string - namespace: + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - server: + repoURL: type: string + targetRevision: + type: string + required: + - repoURL type: object - ignoreDifferences: + sources: items: properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: + chart: type: string - managedFieldsManagers: - items: - type: string - type: array - name: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - namespace: + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: + repoURL: type: string - value: + targetRevision: type: string required: - - name - - value + - repoURL type: object type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: + syncPolicy: properties: - chart: - type: string - directory: + automated: properties: - exclude: - type: string - include: - type: string - jsonnet: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string type: object - recurse: - type: boolean + limit: + format: int64 + type: integer type: object - helm: + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: + code: type: boolean - valueFiles: - items: - type: string - type: array - values: + name: type: string - version: + value: type: string + required: + - name + - value type: object - kustomize: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: type: string - repoURL: + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: type: string - targetRevision: + value: type: string required: - - repoURL + - name + - value type: object - sources: - items: - properties: - chart: + type: array + name: + type: string + parameters: + items: + properties: + array: + items: type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: + code: type: boolean - valueFiles: - items: - type: string - type: array - values: + name: type: string - version: + value: type: string + required: + - name + - value type: object - kustomize: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: type: string - repoURL: + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string - targetRevision: + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: type: string required: - - repoURL + - name + - value type: object type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: type: string - type: array - type: object - required: - - destination - - project + string: + type: string + type: object + type: array type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string + - repoURL type: object - type: object - selector: - properties: - matchExpressions: - items: + type: array + syncPolicy: + properties: + automated: properties: - key: - type: string - operator: - type: string - values: - items: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object + labels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - mergeKeys: - items: - type: string - type: array + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -14132,9 +15650,12 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - generators - - mergeKeys + - configMapRef type: object pullRequest: properties: diff --git a/manifests/install.yaml b/manifests/install.yaml index 6333264dac44e..f90c3b62ef916 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -8491,125 +8491,21 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true - pullRequest: + plugin: properties: - bitbucketServer: - properties: - api: - type: string - basicAuth: - properties: - passwordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - username: - type: string - required: - - passwordRef - - username - type: object - project: - type: string - repo: - type: string - required: - - api - - project - - repo - type: object - filters: - items: - properties: - branchMatch: - type: string - targetBranchMatch: - type: string - type: object - type: array - gitea: - properties: - api: - type: string - insecure: - type: boolean - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - api - - owner - - repo - type: object - github: + configMapRef: properties: - api: - type: string - appSecretName: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: + name: type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object required: - - owner - - repo + - name type: object - gitlab: + input: properties: - api: - type: string - labels: - items: - type: string - type: array - project: - type: string - pullRequestState: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true type: object - required: - - project type: object requeueAfterSeconds: format: int64 @@ -9095,81 +8991,17 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef type: object - scmProvider: + pullRequest: properties: - awsCodeCommit: - properties: - allBranches: - type: boolean - region: - type: string - role: - type: string - tagFilters: - items: - properties: - key: - type: string - value: - type: string - required: - - key - type: object - type: array - type: object - azureDevOps: - properties: - accessTokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - allBranches: - type: boolean - api: - type: string - organization: - type: string - teamProject: - type: string - required: - - accessTokenRef - - organization - - teamProject - type: object - bitbucket: - properties: - allBranches: - type: boolean - appPasswordRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - owner: - type: string - user: - type: string - required: - - appPasswordRef - - owner - - user - type: object bitbucketServer: properties: - allBranches: - type: boolean api: type: string basicAuth: @@ -9192,41 +9024,32 @@ spec: type: object project: type: string + repo: + type: string required: - api - project + - repo type: object - cloneProtocol: - type: string filters: items: properties: branchMatch: type: string - labelMatch: - type: string - pathsDoNotExist: - items: - type: string - type: array - pathsExist: - items: - type: string - type: array - repositoryMatch: + targetBranchMatch: type: string type: object type: array gitea: properties: - allBranches: - type: boolean api: type: string insecure: type: boolean owner: type: string + repo: + type: string tokenRef: properties: key: @@ -9240,16 +9063,21 @@ spec: required: - api - owner + - repo type: object github: properties: - allBranches: - type: boolean api: type: string appSecretName: type: string - organization: + labels: + items: + type: string + type: array + owner: + type: string + repo: type: string tokenRef: properties: @@ -9262,18 +9090,21 @@ spec: - secretName type: object required: - - organization + - owner + - repo type: object gitlab: properties: - allBranches: - type: boolean api: type: string - group: + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: type: string - includeSubgroups: - type: boolean tokenRef: properties: key: @@ -9285,7 +9116,7 @@ spec: - secretName type: object required: - - group + - project type: object requeueAfterSeconds: format: int64 @@ -9771,368 +9602,1044 @@ spec: - metadata - spec type: object - values: - additionalProperties: - type: string - type: object type: object - selector: + scmProvider: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: + awsCodeCommit: properties: - group: + allBranches: + type: boolean + region: type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: + role: type: string - managedFieldsManagers: + tagFilters: items: - type: string + properties: + key: + type: string + value: + type: string + required: + - key + type: object type: array - name: + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: type: string - namespace: + organization: + type: string + teamProject: type: string required: - - kind + - accessTokenRef + - organization + - teamProject type: object - type: array - info: - items: + bitbucket: properties: - name: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: type: string - value: + user: type: string required: - - name - - value + - appPasswordRef + - owner + - user type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: properties: - name: + key: type: string - path: + secretName: type: string + required: + - key + - secretName type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object + type: string type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: + pathsExist: items: type: string type: array - values: - type: string - version: + repositoryMatch: type: string type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: + secretName: type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - sources: - items: + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: properties: - chart: + allBranches: + type: boolean + api: type: string - directory: + appSecretName: + type: string + organization: + type: string + tokenRef: properties: - exclude: + key: type: string - include: + secretName: type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string type: object - recurse: - type: boolean + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string type: object - helm: + spec: properties: - fileParameters: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: items: properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array name: type: string - path: + namespace: type: string + required: + - kind type: object type: array - ignoreMissingValueFiles: - type: boolean - parameters: + info: items: properties: - forceString: - type: boolean name: type: string value: type: string + required: + - name + - value type: object type: array - passCredentials: - type: boolean - releaseName: + project: type: string - skipCrds: - type: boolean - valueFiles: + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: items: type: string type: array @@ -10161,140 +10668,658 @@ spec: items: type: string type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: - type: string - replicas: + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: items: properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true name: type: string + value: + type: string required: - - count - name + - value type: object type: array - version: + project: type: string - type: object - path: - type: string - plugin: - properties: - env: + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: items: properties: - name: + chart: type: string - value: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object - name: + ref: type: string - string: + repoURL: + type: string + targetRevision: type: string + required: + - repoURL type: object type: array - type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - type: object - required: - - metadata - - spec - type: object - required: - - generators - type: object - merge: - properties: - generators: - items: - properties: - clusterDecisionResource: + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: properties: - configMapRef: - type: string - labelSelector: + selector: properties: matchExpressions: items: @@ -10317,11 +11342,6 @@ spec: type: string type: object type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer template: properties: metadata: @@ -10807,34 +11827,38 @@ spec: additionalProperties: type: string type: object - required: - - configMapRef type: object - clusters: + git: properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + directories: + items: + properties: + exclude: + type: boolean + path: type: string - type: object - type: object + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string template: properties: metadata: @@ -11320,37 +12344,17 @@ spec: additionalProperties: type: string type: object + required: + - repoURL + - revision type: object - git: + list: properties: - directories: - items: - properties: - exclude: - type: boolean - path: - type: string - required: - - path - type: object - type: array - files: + elements: items: - properties: - path: - type: string - required: - - path - type: object + x-kubernetes-preserve-unknown-fields: true type: array - pathParamPrefix: - type: string - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: + elementsYaml: type: string template: properties: @@ -11833,22 +12837,32 @@ spec: - metadata - spec type: object - values: - additionalProperties: - type: string - type: object required: - - repoURL - - revision + - elements type: object - list: + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - elementsYaml: - type: string + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -12330,13 +13344,13 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - elements + - configMapRef type: object - matrix: - x-kubernetes-preserve-unknown-fields: true - merge: - x-kubernetes-preserve-unknown-fields: true pullRequest: properties: bitbucketServer: @@ -13163,494 +14177,998 @@ spec: properties: name: type: string - namespace: + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - server: + repoURL: type: string + targetRevision: + type: string + required: + - repoURL type: object - ignoreDifferences: + sources: items: properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: + chart: type: string - managedFieldsManagers: - items: - type: string - type: array - name: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: type: string - namespace: + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: + repoURL: type: string - value: + targetRevision: type: string required: - - name - - value + - repoURL type: object type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: + syncPolicy: properties: - chart: - type: string - directory: + automated: properties: - exclude: - type: string - include: - type: string - jsonnet: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string type: object - recurse: - type: boolean + limit: + format: int64 + type: integer type: object - helm: + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: + code: type: boolean - valueFiles: - items: - type: string - type: array - values: + name: type: string - version: + value: type: string + required: + - name + - value type: object - kustomize: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: type: string - repoURL: + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: type: string - targetRevision: + value: type: string required: - - repoURL + - name + - value type: object - sources: - items: - properties: - chart: + type: array + name: + type: string + parameters: + items: + properties: + array: + items: type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: + code: type: boolean - valueFiles: - items: - type: string - type: array - values: + name: type: string - version: + value: type: string + required: + - name + - value type: object - kustomize: + type: array + libs: + items: + type: string + type: array + tlas: + items: properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonAnnotationsEnvsubst: - type: boolean - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: + code: type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - namespace: + name: type: string - replicas: - items: - properties: - count: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - name: - type: string - required: - - count - - name - type: object - type: array - version: + value: type: string + required: + - name + - value type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string path: type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - items: - type: string - type: array - map: - additionalProperties: - type: string - type: object - name: - type: string - string: - type: string - type: object - type: array - type: object - ref: + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: type: string - repoURL: + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: type: string - targetRevision: + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: type: string required: - - repoURL + - name + - value type: object type: array - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - managedNamespaceMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: type: string - type: array - type: object - required: - - destination - - project + string: + type: string + type: object + type: array type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string + - repoURL type: object - type: object - selector: - properties: - matchExpressions: - items: + type: array + syncPolicy: + properties: + automated: properties: - key: - type: string - operator: - type: string - values: - items: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object + labels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - type: array - mergeKeys: - items: - type: string - type: array + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer template: properties: metadata: @@ -14132,9 +15650,12 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - - generators - - mergeKeys + - configMapRef type: object pullRequest: properties: diff --git a/mkdocs.yml b/mkdocs.yml index 0fd384bc697b9..5cfb049d867b8 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -101,6 +101,7 @@ nav: - operator-manual/applicationset/Generators-Cluster-Decision-Resource.md - operator-manual/applicationset/Generators-Pull-Request.md - operator-manual/applicationset/Generators-Post-Selector.md + - operator-manual/applicationset/Generators-Plugin.md - Template fields: - operator-manual/applicationset/Template.md - operator-manual/applicationset/GoTemplate.md diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index 37549cfa2b394..e8e64064b2a0b 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -124,6 +124,8 @@ type ApplicationSetGenerator struct { // Selector allows to post-filter all generator. Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,9,name=selector"` + + Plugin *PluginGenerator `json:"plugin,omitempty" protobuf:"bytes,10,name=plugin"` } // ApplicationSetNestedGenerator represents a generator nested within a combination-type generator (MatrixGenerator or @@ -144,6 +146,8 @@ type ApplicationSetNestedGenerator struct { // Selector allows to post-filter all generator. Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,9,name=selector"` + + Plugin *PluginGenerator `json:"plugin,omitempty" protobuf:"bytes,10,name=plugin"` } type ApplicationSetNestedGenerators []ApplicationSetNestedGenerator @@ -159,6 +163,7 @@ type ApplicationSetTerminalGenerator struct { SCMProvider *SCMProviderGenerator `json:"scmProvider,omitempty" protobuf:"bytes,4,name=scmProvider"` ClusterDecisionResource *DuckTypeGenerator `json:"clusterDecisionResource,omitempty" protobuf:"bytes,5,name=clusterDecisionResource"` PullRequest *PullRequestGenerator `json:"pullRequest,omitempty" protobuf:"bytes,6,name=pullRequest"` + Plugin *PluginGenerator `json:"plugin,omitempty" protobuf:"bytes,7,name=pullRequest"` } type ApplicationSetTerminalGenerators []ApplicationSetTerminalGenerator @@ -176,6 +181,7 @@ func (g ApplicationSetTerminalGenerators) toApplicationSetNestedGenerators() []A SCMProvider: terminalGenerator.SCMProvider, ClusterDecisionResource: terminalGenerator.ClusterDecisionResource, PullRequest: terminalGenerator.PullRequest, + Plugin: terminalGenerator.Plugin, } } return nestedGenerators @@ -559,6 +565,32 @@ type PullRequestGeneratorFilter struct { TargetBranchMatch *string `json:"targetBranchMatch,omitempty" protobuf:"bytes,2,opt,name=targetBranchMatch"` } +type PluginConfigMapRef struct { + // Name of the ConfigMap + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` +} + +type PluginParameters map[string]apiextensionsv1.JSON + +type PluginInput struct { + // Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the + // values can be any type. + Parameters PluginParameters `json:"parameters,omitempty" protobuf:"bytes,1,name=parameters"` +} + +// PluginGenerator defines connection info specific to Plugin. +type PluginGenerator struct { + ConfigMapRef PluginConfigMapRef `json:"configMapRef" protobuf:"bytes,1,name=configMapRef"` + Input PluginInput `json:"input,omitempty" protobuf:"bytes,2,name=input"` + // RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again. + RequeueAfterSeconds *int64 `json:"requeueAfterSeconds,omitempty" protobuf:"varint,3,opt,name=requeueAfterSeconds"` + Template ApplicationSetTemplate `json:"template,omitempty" protobuf:"bytes,4,name=template"` + + // Values contains key/value pairs which are passed directly as parameters to the template. These values will not be + // sent as parameters to the plugin. + Values map[string]string `json:"values,omitempty" protobuf:"bytes,5,name=values"` +} + // ApplicationSetStatus defines the observed state of ApplicationSet type ApplicationSetStatus struct { // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index cdbc200ee2c81..d9de0c619ec17 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -2502,10 +2502,94 @@ func (m *OverrideIgnoreDiff) XXX_DiscardUnknown() { var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo +func (m *PluginConfigMapRef) Reset() { *m = PluginConfigMapRef{} } +func (*PluginConfigMapRef) ProtoMessage() {} +func (*PluginConfigMapRef) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{88} +} +func (m *PluginConfigMapRef) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PluginConfigMapRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *PluginConfigMapRef) XXX_Merge(src proto.Message) { + xxx_messageInfo_PluginConfigMapRef.Merge(m, src) +} +func (m *PluginConfigMapRef) XXX_Size() int { + return m.Size() +} +func (m *PluginConfigMapRef) XXX_DiscardUnknown() { + xxx_messageInfo_PluginConfigMapRef.DiscardUnknown(m) +} + +var xxx_messageInfo_PluginConfigMapRef proto.InternalMessageInfo + +func (m *PluginGenerator) Reset() { *m = PluginGenerator{} } +func (*PluginGenerator) ProtoMessage() {} +func (*PluginGenerator) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{89} +} +func (m *PluginGenerator) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PluginGenerator) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *PluginGenerator) XXX_Merge(src proto.Message) { + xxx_messageInfo_PluginGenerator.Merge(m, src) +} +func (m *PluginGenerator) XXX_Size() int { + return m.Size() +} +func (m *PluginGenerator) XXX_DiscardUnknown() { + xxx_messageInfo_PluginGenerator.DiscardUnknown(m) +} + +var xxx_messageInfo_PluginGenerator proto.InternalMessageInfo + +func (m *PluginInput) Reset() { *m = PluginInput{} } +func (*PluginInput) ProtoMessage() {} +func (*PluginInput) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{90} +} +func (m *PluginInput) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PluginInput) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *PluginInput) XXX_Merge(src proto.Message) { + xxx_messageInfo_PluginInput.Merge(m, src) +} +func (m *PluginInput) XXX_Size() int { + return m.Size() +} +func (m *PluginInput) XXX_DiscardUnknown() { + xxx_messageInfo_PluginInput.DiscardUnknown(m) +} + +var xxx_messageInfo_PluginInput proto.InternalMessageInfo + func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{88} + return fileDescriptor_030104ce3b95bcac, []int{91} } func (m *ProjectRole) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2533,7 +2617,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo func (m *PullRequestGenerator) Reset() { *m = PullRequestGenerator{} } func (*PullRequestGenerator) ProtoMessage() {} func (*PullRequestGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{89} + return fileDescriptor_030104ce3b95bcac, []int{92} } func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2561,7 +2645,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucketServer) Reset() { *m = PullRequestGeneratorBitbucketServer{} } func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {} func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{90} + return fileDescriptor_030104ce3b95bcac, []int{93} } func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2589,7 +2673,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf func (m *PullRequestGeneratorFilter) Reset() { *m = PullRequestGeneratorFilter{} } func (*PullRequestGeneratorFilter) ProtoMessage() {} func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{91} + return fileDescriptor_030104ce3b95bcac, []int{94} } func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2617,7 +2701,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo func (m *PullRequestGeneratorGitLab) Reset() { *m = PullRequestGeneratorGitLab{} } func (*PullRequestGeneratorGitLab) ProtoMessage() {} func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{92} + return fileDescriptor_030104ce3b95bcac, []int{95} } func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2645,7 +2729,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo func (m *PullRequestGeneratorGitea) Reset() { *m = PullRequestGeneratorGitea{} } func (*PullRequestGeneratorGitea) ProtoMessage() {} func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{93} + return fileDescriptor_030104ce3b95bcac, []int{96} } func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2673,7 +2757,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo func (m *PullRequestGeneratorGithub) Reset() { *m = PullRequestGeneratorGithub{} } func (*PullRequestGeneratorGithub) ProtoMessage() {} func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{94} + return fileDescriptor_030104ce3b95bcac, []int{97} } func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2701,7 +2785,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo func (m *RefTarget) Reset() { *m = RefTarget{} } func (*RefTarget) ProtoMessage() {} func (*RefTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{95} + return fileDescriptor_030104ce3b95bcac, []int{98} } func (m *RefTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2729,7 +2813,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo func (m *RepoCreds) Reset() { *m = RepoCreds{} } func (*RepoCreds) ProtoMessage() {} func (*RepoCreds) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{96} + return fileDescriptor_030104ce3b95bcac, []int{99} } func (m *RepoCreds) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2757,7 +2841,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo func (m *RepoCredsList) Reset() { *m = RepoCredsList{} } func (*RepoCredsList) ProtoMessage() {} func (*RepoCredsList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{97} + return fileDescriptor_030104ce3b95bcac, []int{100} } func (m *RepoCredsList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2785,7 +2869,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} func (*Repository) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{98} + return fileDescriptor_030104ce3b95bcac, []int{101} } func (m *Repository) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2813,7 +2897,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo func (m *RepositoryCertificate) Reset() { *m = RepositoryCertificate{} } func (*RepositoryCertificate) ProtoMessage() {} func (*RepositoryCertificate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{99} + return fileDescriptor_030104ce3b95bcac, []int{102} } func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2841,7 +2925,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo func (m *RepositoryCertificateList) Reset() { *m = RepositoryCertificateList{} } func (*RepositoryCertificateList) ProtoMessage() {} func (*RepositoryCertificateList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{100} + return fileDescriptor_030104ce3b95bcac, []int{103} } func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2869,7 +2953,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} func (*RepositoryList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{101} + return fileDescriptor_030104ce3b95bcac, []int{104} } func (m *RepositoryList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2897,7 +2981,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo func (m *ResourceAction) Reset() { *m = ResourceAction{} } func (*ResourceAction) ProtoMessage() {} func (*ResourceAction) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{102} + return fileDescriptor_030104ce3b95bcac, []int{105} } func (m *ResourceAction) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2925,7 +3009,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo func (m *ResourceActionDefinition) Reset() { *m = ResourceActionDefinition{} } func (*ResourceActionDefinition) ProtoMessage() {} func (*ResourceActionDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{103} + return fileDescriptor_030104ce3b95bcac, []int{106} } func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2953,7 +3037,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo func (m *ResourceActionParam) Reset() { *m = ResourceActionParam{} } func (*ResourceActionParam) ProtoMessage() {} func (*ResourceActionParam) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{104} + return fileDescriptor_030104ce3b95bcac, []int{107} } func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2981,7 +3065,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo func (m *ResourceActions) Reset() { *m = ResourceActions{} } func (*ResourceActions) ProtoMessage() {} func (*ResourceActions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{105} + return fileDescriptor_030104ce3b95bcac, []int{108} } func (m *ResourceActions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3009,7 +3093,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo func (m *ResourceDiff) Reset() { *m = ResourceDiff{} } func (*ResourceDiff) ProtoMessage() {} func (*ResourceDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{106} + return fileDescriptor_030104ce3b95bcac, []int{109} } func (m *ResourceDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3037,7 +3121,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo func (m *ResourceIgnoreDifferences) Reset() { *m = ResourceIgnoreDifferences{} } func (*ResourceIgnoreDifferences) ProtoMessage() {} func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{107} + return fileDescriptor_030104ce3b95bcac, []int{110} } func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3065,7 +3149,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo func (m *ResourceNetworkingInfo) Reset() { *m = ResourceNetworkingInfo{} } func (*ResourceNetworkingInfo) ProtoMessage() {} func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{108} + return fileDescriptor_030104ce3b95bcac, []int{111} } func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3093,7 +3177,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} func (*ResourceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{109} + return fileDescriptor_030104ce3b95bcac, []int{112} } func (m *ResourceNode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3121,7 +3205,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo func (m *ResourceOverride) Reset() { *m = ResourceOverride{} } func (*ResourceOverride) ProtoMessage() {} func (*ResourceOverride) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{110} + return fileDescriptor_030104ce3b95bcac, []int{113} } func (m *ResourceOverride) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3149,7 +3233,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo func (m *ResourceRef) Reset() { *m = ResourceRef{} } func (*ResourceRef) ProtoMessage() {} func (*ResourceRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{111} + return fileDescriptor_030104ce3b95bcac, []int{114} } func (m *ResourceRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3177,7 +3261,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo func (m *ResourceResult) Reset() { *m = ResourceResult{} } func (*ResourceResult) ProtoMessage() {} func (*ResourceResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{112} + return fileDescriptor_030104ce3b95bcac, []int{115} } func (m *ResourceResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3205,7 +3289,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo func (m *ResourceStatus) Reset() { *m = ResourceStatus{} } func (*ResourceStatus) ProtoMessage() {} func (*ResourceStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{113} + return fileDescriptor_030104ce3b95bcac, []int{116} } func (m *ResourceStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3233,7 +3317,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo func (m *RetryStrategy) Reset() { *m = RetryStrategy{} } func (*RetryStrategy) ProtoMessage() {} func (*RetryStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{114} + return fileDescriptor_030104ce3b95bcac, []int{117} } func (m *RetryStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3261,7 +3345,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo func (m *RevisionHistory) Reset() { *m = RevisionHistory{} } func (*RevisionHistory) ProtoMessage() {} func (*RevisionHistory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{115} + return fileDescriptor_030104ce3b95bcac, []int{118} } func (m *RevisionHistory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3289,7 +3373,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo func (m *RevisionMetadata) Reset() { *m = RevisionMetadata{} } func (*RevisionMetadata) ProtoMessage() {} func (*RevisionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{116} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3317,7 +3401,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo func (m *SCMProviderGenerator) Reset() { *m = SCMProviderGenerator{} } func (*SCMProviderGenerator) ProtoMessage() {} func (*SCMProviderGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{117} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3345,7 +3429,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo func (m *SCMProviderGeneratorAWSCodeCommit) Reset() { *m = SCMProviderGeneratorAWSCodeCommit{} } func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {} func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3373,7 +3457,7 @@ var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3401,7 +3485,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3429,7 +3513,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{124} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3457,7 +3541,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3485,7 +3569,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{126} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3513,7 +3597,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{127} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3541,7 +3625,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{125} + return fileDescriptor_030104ce3b95bcac, []int{128} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3569,7 +3653,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{126} + return fileDescriptor_030104ce3b95bcac, []int{129} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3597,7 +3681,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{127} + return fileDescriptor_030104ce3b95bcac, []int{130} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3625,7 +3709,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{128} + return fileDescriptor_030104ce3b95bcac, []int{131} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3653,7 +3737,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{129} + return fileDescriptor_030104ce3b95bcac, []int{132} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3681,7 +3765,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{130} + return fileDescriptor_030104ce3b95bcac, []int{133} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3709,7 +3793,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{131} + return fileDescriptor_030104ce3b95bcac, []int{134} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3737,7 +3821,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{132} + return fileDescriptor_030104ce3b95bcac, []int{135} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3765,7 +3849,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{133} + return fileDescriptor_030104ce3b95bcac, []int{136} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3793,7 +3877,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{134} + return fileDescriptor_030104ce3b95bcac, []int{137} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3821,7 +3905,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{135} + return fileDescriptor_030104ce3b95bcac, []int{138} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3849,7 +3933,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{136} + return fileDescriptor_030104ce3b95bcac, []int{139} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3877,7 +3961,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{137} + return fileDescriptor_030104ce3b95bcac, []int{140} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3905,7 +3989,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{138} + return fileDescriptor_030104ce3b95bcac, []int{141} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3933,7 +4017,7 @@ var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo func (m *TagFilter) Reset() { *m = TagFilter{} } func (*TagFilter) ProtoMessage() {} func (*TagFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{139} + return fileDescriptor_030104ce3b95bcac, []int{142} } func (m *TagFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4061,6 +4145,11 @@ func init() { proto.RegisterType((*OrphanedResourceKey)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.OrphanedResourceKey") proto.RegisterType((*OrphanedResourcesMonitorSettings)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.OrphanedResourcesMonitorSettings") proto.RegisterType((*OverrideIgnoreDiff)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.OverrideIgnoreDiff") + proto.RegisterType((*PluginConfigMapRef)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PluginConfigMapRef") + proto.RegisterType((*PluginGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PluginGenerator") + proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PluginGenerator.ValuesEntry") + proto.RegisterType((*PluginInput)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PluginInput") + proto.RegisterMapType((PluginParameters)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PluginInput.ParametersEntry") proto.RegisterType((*ProjectRole)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ProjectRole") proto.RegisterType((*PullRequestGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PullRequestGenerator") proto.RegisterType((*PullRequestGeneratorBitbucketServer)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.PullRequestGeneratorBitbucketServer") @@ -4123,641 +4212,652 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 10141 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x7d, 0x70, 0x1c, 0xc9, - 0x75, 0x18, 0xae, 0xd9, 0xc5, 0x02, 0xbb, 0x0f, 0x1f, 0x24, 0x9a, 0xe4, 0x1d, 0x8e, 0xba, 0x23, - 0xe8, 0xb9, 0xf2, 0xe9, 0xf4, 0xd3, 0x1d, 0xe0, 0xa3, 0xee, 0xf4, 0x63, 0x7c, 0xf6, 0xc9, 0x58, - 0x80, 0x04, 0x41, 0x02, 0x04, 0xae, 0x01, 0x92, 0xd2, 0x9d, 0x4f, 0xa7, 0xc1, 0x6c, 0xef, 0x62, - 0x88, 0xd9, 0x99, 0xe5, 0xcc, 0x2c, 0x08, 0x9c, 0x65, 0x59, 0xb2, 0x2d, 0x5b, 0x89, 0x3e, 0x4e, - 0x39, 0xa5, 0xca, 0x72, 0x12, 0x3b, 0x8a, 0xed, 0x72, 0xc5, 0x95, 0x5c, 0xc5, 0xa9, 0xfc, 0x11, - 0xe7, 0xab, 0x5c, 0xb2, 0xf3, 0xc7, 0xa5, 0x94, 0x54, 0x54, 0x15, 0x97, 0xe5, 0xc4, 0x0e, 0x2c, - 0x21, 0x95, 0x4a, 0x2a, 0x55, 0x71, 0x55, 0x3e, 0xfe, 0x09, 0x2b, 0x55, 0x49, 0xf5, 0x77, 0xcf, - 0xec, 0x2e, 0xb1, 0x00, 0x06, 0x24, 0xa5, 0xba, 0xff, 0x76, 0xfb, 0xbd, 0x79, 0xaf, 0xa7, 0xa7, - 0xfb, 0xf5, 0x7b, 0xfd, 0x3e, 0x1a, 0x16, 0x1b, 0x5e, 0xb2, 0xd1, 0x5e, 0x9f, 0x72, 0xc3, 0xe6, - 0xb4, 0x13, 0x35, 0xc2, 0x56, 0x14, 0xde, 0x66, 0x3f, 0x9e, 0x77, 0x6b, 0xd3, 0x5b, 0x17, 0xa6, - 0x5b, 0x9b, 0x8d, 0x69, 0xa7, 0xe5, 0xc5, 0xd3, 0x4e, 0xab, 0xe5, 0x7b, 0xae, 0x93, 0x78, 0x61, - 0x30, 0xbd, 0xf5, 0x82, 0xe3, 0xb7, 0x36, 0x9c, 0x17, 0xa6, 0x1b, 0x24, 0x20, 0x91, 0x93, 0x90, - 0xda, 0x54, 0x2b, 0x0a, 0x93, 0x10, 0xfd, 0x84, 0xa6, 0x36, 0x25, 0xa9, 0xb1, 0x1f, 0x6f, 0xba, - 0xb5, 0xa9, 0xad, 0x0b, 0x53, 0xad, 0xcd, 0xc6, 0x14, 0xa5, 0x36, 0x65, 0x50, 0x9b, 0x92, 0xd4, - 0xce, 0x3e, 0x6f, 0xf4, 0xa5, 0x11, 0x36, 0xc2, 0x69, 0x46, 0x74, 0xbd, 0x5d, 0x67, 0xff, 0xd8, - 0x1f, 0xf6, 0x8b, 0x33, 0x3b, 0x6b, 0x6f, 0x5e, 0x8c, 0xa7, 0xbc, 0x90, 0x76, 0x6f, 0xda, 0x0d, - 0x23, 0x32, 0xbd, 0xd5, 0xd1, 0xa1, 0xb3, 0x57, 0x34, 0x0e, 0xd9, 0x4e, 0x48, 0x10, 0x7b, 0x61, - 0x10, 0x3f, 0x4f, 0xbb, 0x40, 0xa2, 0x2d, 0x12, 0x99, 0xaf, 0x67, 0x20, 0x74, 0xa3, 0xf4, 0xa2, - 0xa6, 0xd4, 0x74, 0xdc, 0x0d, 0x2f, 0x20, 0xd1, 0x8e, 0x7e, 0xbc, 0x49, 0x12, 0xa7, 0xdb, 0x53, - 0xd3, 0xbd, 0x9e, 0x8a, 0xda, 0x41, 0xe2, 0x35, 0x49, 0xc7, 0x03, 0x1f, 0xdb, 0xef, 0x81, 0xd8, - 0xdd, 0x20, 0x4d, 0xa7, 0xe3, 0xb9, 0x8f, 0xf6, 0x7a, 0xae, 0x9d, 0x78, 0xfe, 0xb4, 0x17, 0x24, - 0x71, 0x12, 0x65, 0x1f, 0xb2, 0xef, 0xc0, 0xe8, 0xcc, 0xad, 0xd5, 0x99, 0x76, 0xb2, 0x31, 0x1b, - 0x06, 0x75, 0xaf, 0x81, 0x5e, 0x82, 0x61, 0xd7, 0x6f, 0xc7, 0x09, 0x89, 0xae, 0x3b, 0x4d, 0x32, - 0x61, 0x9d, 0xb7, 0x9e, 0xad, 0x54, 0x4f, 0xbd, 0xb7, 0x3b, 0xf9, 0x81, 0xbd, 0xdd, 0xc9, 0xe1, - 0x59, 0x0d, 0xc2, 0x26, 0x1e, 0xfa, 0x30, 0x0c, 0x45, 0xa1, 0x4f, 0x66, 0xf0, 0xf5, 0x89, 0x02, - 0x7b, 0xe4, 0x84, 0x78, 0x64, 0x08, 0xf3, 0x66, 0x2c, 0xe1, 0xf6, 0x1f, 0x17, 0x00, 0x66, 0x5a, - 0xad, 0x95, 0x28, 0xbc, 0x4d, 0xdc, 0x04, 0x7d, 0x1a, 0xca, 0x74, 0xe8, 0x6a, 0x4e, 0xe2, 0x30, - 0x6e, 0xc3, 0x17, 0x7e, 0x6c, 0x8a, 0xbf, 0xc9, 0x94, 0xf9, 0x26, 0x7a, 0xe2, 0x50, 0xec, 0xa9, - 0xad, 0x17, 0xa6, 0x96, 0xd7, 0xe9, 0xf3, 0x4b, 0x24, 0x71, 0xaa, 0x48, 0x30, 0x03, 0xdd, 0x86, - 0x15, 0x55, 0x14, 0xc0, 0x40, 0xdc, 0x22, 0x2e, 0xeb, 0xd8, 0xf0, 0x85, 0xc5, 0xa9, 0xa3, 0xcc, - 0xd0, 0x29, 0xdd, 0xf3, 0xd5, 0x16, 0x71, 0xab, 0x23, 0x82, 0xf3, 0x00, 0xfd, 0x87, 0x19, 0x1f, - 0xb4, 0x05, 0x83, 0x71, 0xe2, 0x24, 0xed, 0x78, 0xa2, 0xc8, 0x38, 0x5e, 0xcf, 0x8d, 0x23, 0xa3, - 0x5a, 0x1d, 0x13, 0x3c, 0x07, 0xf9, 0x7f, 0x2c, 0xb8, 0xd9, 0xff, 0xc1, 0x82, 0x31, 0x8d, 0xbc, - 0xe8, 0xc5, 0x09, 0xfa, 0xe9, 0x8e, 0xc1, 0x9d, 0xea, 0x6f, 0x70, 0xe9, 0xd3, 0x6c, 0x68, 0x4f, - 0x0a, 0x66, 0x65, 0xd9, 0x62, 0x0c, 0x6c, 0x13, 0x4a, 0x5e, 0x42, 0x9a, 0xf1, 0x44, 0xe1, 0x7c, - 0xf1, 0xd9, 0xe1, 0x0b, 0x57, 0xf2, 0x7a, 0xcf, 0xea, 0xa8, 0x60, 0x5a, 0x5a, 0xa0, 0xe4, 0x31, - 0xe7, 0x62, 0xff, 0xce, 0x88, 0xf9, 0x7e, 0x74, 0xc0, 0xd1, 0x0b, 0x30, 0x1c, 0x87, 0xed, 0xc8, - 0x25, 0x98, 0xb4, 0xc2, 0x78, 0xc2, 0x3a, 0x5f, 0xa4, 0x53, 0x8f, 0xce, 0xd4, 0x55, 0xdd, 0x8c, - 0x4d, 0x1c, 0xf4, 0x55, 0x0b, 0x46, 0x6a, 0x24, 0x4e, 0xbc, 0x80, 0xf1, 0x97, 0x9d, 0x5f, 0x3b, - 0x72, 0xe7, 0x65, 0xe3, 0x9c, 0x26, 0x5e, 0x3d, 0x2d, 0x5e, 0x64, 0xc4, 0x68, 0x8c, 0x71, 0x8a, - 0x3f, 0x5d, 0x71, 0x35, 0x12, 0xbb, 0x91, 0xd7, 0xa2, 0xff, 0xd9, 0x9c, 0x31, 0x56, 0xdc, 0x9c, - 0x06, 0x61, 0x13, 0x0f, 0x05, 0x50, 0xa2, 0x2b, 0x2a, 0x9e, 0x18, 0x60, 0xfd, 0x5f, 0x38, 0x5a, - 0xff, 0xc5, 0xa0, 0xd2, 0xc5, 0xaa, 0x47, 0x9f, 0xfe, 0x8b, 0x31, 0x67, 0x83, 0xbe, 0x62, 0xc1, - 0x84, 0x58, 0xf1, 0x98, 0xf0, 0x01, 0xbd, 0xb5, 0xe1, 0x25, 0xc4, 0xf7, 0xe2, 0x64, 0xa2, 0xc4, - 0xfa, 0x30, 0xdd, 0xdf, 0xdc, 0x9a, 0x8f, 0xc2, 0x76, 0xeb, 0x9a, 0x17, 0xd4, 0xaa, 0xe7, 0x05, - 0xa7, 0x89, 0xd9, 0x1e, 0x84, 0x71, 0x4f, 0x96, 0xe8, 0xeb, 0x16, 0x9c, 0x0d, 0x9c, 0x26, 0x89, - 0x5b, 0x0e, 0xfd, 0xb4, 0x1c, 0x5c, 0xf5, 0x1d, 0x77, 0x93, 0xf5, 0x68, 0xf0, 0x70, 0x3d, 0xb2, - 0x45, 0x8f, 0xce, 0x5e, 0xef, 0x49, 0x1a, 0xdf, 0x87, 0x2d, 0xfa, 0x4d, 0x0b, 0xc6, 0xc3, 0xa8, - 0xb5, 0xe1, 0x04, 0xa4, 0x26, 0xa1, 0xf1, 0xc4, 0x10, 0x5b, 0x7a, 0x9f, 0x3a, 0xda, 0x27, 0x5a, - 0xce, 0x92, 0x5d, 0x0a, 0x03, 0x2f, 0x09, 0xa3, 0x55, 0x92, 0x24, 0x5e, 0xd0, 0x88, 0xab, 0x67, - 0xf6, 0x76, 0x27, 0xc7, 0x3b, 0xb0, 0x70, 0x67, 0x7f, 0xd0, 0xcf, 0xc0, 0x70, 0xbc, 0x13, 0xb8, - 0xb7, 0xbc, 0xa0, 0x16, 0xde, 0x8d, 0x27, 0xca, 0x79, 0x2c, 0xdf, 0x55, 0x45, 0x50, 0x2c, 0x40, - 0xcd, 0x00, 0x9b, 0xdc, 0xba, 0x7f, 0x38, 0x3d, 0x95, 0x2a, 0x79, 0x7f, 0x38, 0x3d, 0x99, 0xee, - 0xc3, 0x16, 0xfd, 0xb2, 0x05, 0xa3, 0xb1, 0xd7, 0x08, 0x9c, 0xa4, 0x1d, 0x91, 0x6b, 0x64, 0x27, - 0x9e, 0x00, 0xd6, 0x91, 0xab, 0x47, 0x1c, 0x15, 0x83, 0x64, 0xf5, 0x8c, 0xe8, 0xe3, 0xa8, 0xd9, - 0x1a, 0xe3, 0x34, 0xdf, 0x6e, 0x0b, 0x4d, 0x4f, 0xeb, 0xe1, 0x7c, 0x17, 0x9a, 0x9e, 0xd4, 0x3d, - 0x59, 0xa2, 0x9f, 0x82, 0x93, 0xbc, 0x49, 0x8d, 0x6c, 0x3c, 0x31, 0xc2, 0x04, 0xed, 0xe9, 0xbd, - 0xdd, 0xc9, 0x93, 0xab, 0x19, 0x18, 0xee, 0xc0, 0x46, 0x77, 0x60, 0xb2, 0x45, 0xa2, 0xa6, 0x97, - 0x2c, 0x07, 0xfe, 0x8e, 0x14, 0xdf, 0x6e, 0xd8, 0x22, 0x35, 0xd1, 0x9d, 0x78, 0x62, 0xf4, 0xbc, - 0xf5, 0x6c, 0xb9, 0xfa, 0x21, 0xd1, 0xcd, 0xc9, 0x95, 0xfb, 0xa3, 0xe3, 0xfd, 0xe8, 0xd9, 0xff, - 0xb2, 0x00, 0x27, 0xb3, 0x1b, 0x27, 0xfa, 0x6d, 0x0b, 0x4e, 0xdc, 0xbe, 0x9b, 0xac, 0x85, 0x9b, - 0x24, 0x88, 0xab, 0x3b, 0x54, 0xbc, 0xb1, 0x2d, 0x63, 0xf8, 0x82, 0x9b, 0xef, 0x16, 0x3d, 0x75, - 0x35, 0xcd, 0xe5, 0x52, 0x90, 0x44, 0x3b, 0xd5, 0xc7, 0xc5, 0xdb, 0x9d, 0xb8, 0x7a, 0x6b, 0xcd, - 0x84, 0xe2, 0x6c, 0xa7, 0xce, 0x7e, 0xc9, 0x82, 0xd3, 0xdd, 0x48, 0xa0, 0x93, 0x50, 0xdc, 0x24, - 0x3b, 0x5c, 0x2b, 0xc3, 0xf4, 0x27, 0x7a, 0x03, 0x4a, 0x5b, 0x8e, 0xdf, 0x26, 0x42, 0xbb, 0x99, - 0x3f, 0xda, 0x8b, 0xa8, 0x9e, 0x61, 0x4e, 0xf5, 0xc7, 0x0b, 0x17, 0x2d, 0xfb, 0xdf, 0x14, 0x61, - 0xd8, 0xd8, 0xdf, 0x1e, 0x80, 0xc6, 0x16, 0xa6, 0x34, 0xb6, 0xa5, 0xdc, 0xb6, 0xe6, 0x9e, 0x2a, - 0xdb, 0xdd, 0x8c, 0xca, 0xb6, 0x9c, 0x1f, 0xcb, 0xfb, 0xea, 0x6c, 0x28, 0x81, 0x4a, 0xd8, 0xa2, - 0x1a, 0x39, 0xdd, 0xfa, 0x07, 0xf2, 0xf8, 0x84, 0xcb, 0x92, 0x5c, 0x75, 0x74, 0x6f, 0x77, 0xb2, - 0xa2, 0xfe, 0x62, 0xcd, 0xc8, 0xfe, 0xae, 0x05, 0xa7, 0x8d, 0x3e, 0xce, 0x86, 0x41, 0xcd, 0x63, - 0x9f, 0xf6, 0x3c, 0x0c, 0x24, 0x3b, 0x2d, 0xa9, 0xf6, 0xab, 0x91, 0x5a, 0xdb, 0x69, 0x11, 0xcc, - 0x20, 0x54, 0xd1, 0x6f, 0x92, 0x38, 0x76, 0x1a, 0x24, 0xab, 0xe8, 0x2f, 0xf1, 0x66, 0x2c, 0xe1, - 0x28, 0x02, 0xe4, 0x3b, 0x71, 0xb2, 0x16, 0x39, 0x41, 0xcc, 0xc8, 0xaf, 0x79, 0x4d, 0x22, 0x06, - 0xf8, 0xff, 0xeb, 0x6f, 0xc6, 0xd0, 0x27, 0xaa, 0x8f, 0xed, 0xed, 0x4e, 0xa2, 0xc5, 0x0e, 0x4a, - 0xb8, 0x0b, 0x75, 0xfb, 0xeb, 0x16, 0x3c, 0xd6, 0x5d, 0x17, 0x43, 0xcf, 0xc0, 0x20, 0x37, 0xf9, - 0xc4, 0xdb, 0xe9, 0x4f, 0xc2, 0x5a, 0xb1, 0x80, 0xa2, 0x69, 0xa8, 0xa8, 0x7d, 0x42, 0xbc, 0xe3, - 0xb8, 0x40, 0xad, 0xe8, 0xcd, 0x45, 0xe3, 0xd0, 0x41, 0xa3, 0x7f, 0x84, 0xe6, 0xa6, 0x06, 0x8d, - 0x19, 0x49, 0x0c, 0x62, 0xff, 0xb9, 0x05, 0x27, 0x8c, 0x5e, 0x3d, 0x00, 0xd5, 0x3c, 0x48, 0xab, - 0xe6, 0x0b, 0xb9, 0xcd, 0xe7, 0x1e, 0xba, 0xf9, 0x57, 0x2c, 0x38, 0x6b, 0x60, 0x2d, 0x39, 0x89, - 0xbb, 0x71, 0x69, 0xbb, 0x15, 0x91, 0x98, 0x9a, 0xd3, 0xe8, 0x29, 0x43, 0x6e, 0x55, 0x87, 0x05, - 0x85, 0xe2, 0x35, 0xb2, 0xc3, 0x85, 0xd8, 0x73, 0x50, 0xe6, 0x93, 0x33, 0x8c, 0xc4, 0x88, 0xab, - 0x77, 0x5b, 0x16, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0x70, 0xa2, 0x8b, 0x95, 0x6e, 0x43, - 0x40, 0x3f, 0xe2, 0x4d, 0xd6, 0x82, 0x05, 0xc4, 0x5e, 0x4e, 0x75, 0x67, 0x25, 0x22, 0xec, 0xe3, - 0xd6, 0x2e, 0x7b, 0xc4, 0xaf, 0xc5, 0xd4, 0x6c, 0x70, 0x82, 0x20, 0x4c, 0x84, 0x05, 0x60, 0x98, - 0x0d, 0x33, 0xba, 0x19, 0x9b, 0x38, 0xf6, 0x5e, 0x81, 0x19, 0x1f, 0x6a, 0x59, 0x93, 0x07, 0x61, - 0xb9, 0x46, 0x29, 0x39, 0xb8, 0x92, 0x9f, 0x50, 0x22, 0xbd, 0xad, 0xd7, 0xb7, 0x32, 0xa2, 0x10, - 0xe7, 0xca, 0xf5, 0xfe, 0x16, 0xec, 0xb7, 0x0a, 0x30, 0x99, 0x7e, 0xa0, 0x43, 0x92, 0x52, 0x73, - 0xc9, 0x60, 0x94, 0x3d, 0xa0, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x18, 0x15, 0x8e, 0x53, 0x18, - 0x99, 0xb2, 0xb2, 0xb8, 0x8f, 0xac, 0x7c, 0x46, 0x8d, 0xfa, 0x40, 0x46, 0x38, 0xa5, 0xf7, 0x8b, - 0xf3, 0x30, 0x10, 0x27, 0xa4, 0x35, 0x51, 0x4a, 0xcb, 0x9a, 0xd5, 0x84, 0xb4, 0x30, 0x83, 0xd8, - 0xff, 0xb5, 0x00, 0x8f, 0xa7, 0xc7, 0x50, 0x8b, 0xf7, 0x8f, 0xa7, 0xc4, 0xfb, 0x47, 0x4c, 0xf1, - 0x7e, 0x6f, 0x77, 0xf2, 0x83, 0x3d, 0x1e, 0xfb, 0x81, 0x91, 0xfe, 0x68, 0x3e, 0x33, 0x8a, 0xd3, - 0xe9, 0x51, 0xbc, 0xb7, 0x3b, 0xf9, 0x54, 0x8f, 0x77, 0xcc, 0x0c, 0xf3, 0x33, 0x30, 0x18, 0x11, - 0x27, 0x0e, 0x03, 0x31, 0xd0, 0xea, 0x73, 0x60, 0xd6, 0x8a, 0x05, 0xd4, 0xfe, 0xf3, 0x72, 0x76, - 0xb0, 0xe7, 0xf9, 0x01, 0x5b, 0x18, 0x21, 0x0f, 0x06, 0x98, 0xca, 0xce, 0x45, 0xc3, 0xb5, 0xa3, - 0x2d, 0x23, 0x2a, 0xe2, 0x15, 0xe9, 0x6a, 0x99, 0x7e, 0x35, 0xda, 0x84, 0x19, 0x0b, 0xb4, 0x0d, - 0x65, 0x57, 0x6a, 0xd2, 0x85, 0x3c, 0xce, 0x9c, 0x84, 0x1e, 0xad, 0x39, 0x8e, 0x50, 0x59, 0xac, - 0xd4, 0x6f, 0xc5, 0x0d, 0x11, 0x28, 0x36, 0xbc, 0x44, 0x7c, 0xd6, 0x23, 0xda, 0x4a, 0xf3, 0x9e, - 0xf1, 0x8a, 0x43, 0x74, 0x83, 0x98, 0xf7, 0x12, 0x4c, 0xe9, 0xa3, 0x2f, 0x58, 0x30, 0x1c, 0xbb, - 0xcd, 0x95, 0x28, 0xdc, 0xf2, 0x6a, 0x24, 0x12, 0x9a, 0xd2, 0x11, 0x45, 0xd3, 0xea, 0xec, 0x92, - 0x24, 0xa8, 0xf9, 0x72, 0xdb, 0x55, 0x43, 0xb0, 0xc9, 0x97, 0x5a, 0x10, 0x8f, 0x8b, 0x77, 0x9f, - 0x23, 0xae, 0x47, 0xf7, 0x36, 0x69, 0x30, 0xb1, 0x99, 0x72, 0x64, 0xcd, 0x71, 0xae, 0xed, 0x6e, - 0xd2, 0xf5, 0xa6, 0x3b, 0xf4, 0xc1, 0xbd, 0xdd, 0xc9, 0xc7, 0x67, 0xbb, 0xf3, 0xc4, 0xbd, 0x3a, - 0xc3, 0x06, 0xac, 0xd5, 0xf6, 0x7d, 0x4c, 0xee, 0xb4, 0x09, 0x3b, 0x0e, 0xc9, 0x61, 0xc0, 0x56, - 0x34, 0xc1, 0xcc, 0x80, 0x19, 0x10, 0x6c, 0xf2, 0x45, 0x77, 0x60, 0xb0, 0xe9, 0x24, 0x91, 0xb7, - 0x2d, 0xce, 0x40, 0x8e, 0xa8, 0xcb, 0x2f, 0x31, 0x5a, 0x9a, 0x39, 0xdb, 0xfa, 0x79, 0x23, 0x16, - 0x8c, 0x50, 0x13, 0x4a, 0x4d, 0x12, 0x35, 0xc8, 0x44, 0x39, 0x8f, 0xf3, 0xde, 0x25, 0x4a, 0x4a, - 0x33, 0xac, 0x50, 0xcd, 0x87, 0xb5, 0x61, 0xce, 0x05, 0xbd, 0x01, 0xe5, 0x98, 0xf8, 0xc4, 0xa5, - 0xba, 0x4b, 0x85, 0x71, 0xfc, 0x68, 0x9f, 0x7a, 0x9c, 0xb3, 0x4e, 0xfc, 0x55, 0xf1, 0x28, 0x5f, - 0x60, 0xf2, 0x1f, 0x56, 0x24, 0xed, 0xff, 0x64, 0x01, 0x4a, 0x4b, 0x98, 0x07, 0xa0, 0x3d, 0xde, - 0x49, 0x6b, 0x8f, 0x8b, 0x79, 0xaa, 0x00, 0x3d, 0x14, 0xc8, 0xf7, 0xca, 0x90, 0x91, 0xcd, 0xd7, - 0x49, 0x9c, 0x90, 0xda, 0xfb, 0xf2, 0xf4, 0x7d, 0x79, 0xfa, 0xbe, 0x3c, 0x55, 0xf2, 0x74, 0x3d, - 0x23, 0x4f, 0x5f, 0x31, 0x56, 0xbd, 0xf6, 0x5e, 0xbe, 0xa9, 0xdc, 0x9b, 0x66, 0x0f, 0x0c, 0x04, - 0x2a, 0x09, 0xae, 0xae, 0x2e, 0x5f, 0xef, 0x2a, 0x40, 0xdf, 0x4c, 0x0b, 0xd0, 0xa3, 0xb2, 0x78, - 0xe0, 0x22, 0xf3, 0x6f, 0x14, 0xe0, 0x89, 0xb4, 0x28, 0xc1, 0xa1, 0xef, 0x87, 0xed, 0x84, 0x6a, - 0xc9, 0xe8, 0xd7, 0x2d, 0x38, 0xd9, 0x4c, 0x9b, 0xa7, 0xb1, 0x38, 0x05, 0xfc, 0x44, 0x6e, 0x72, - 0x2e, 0x63, 0xff, 0x56, 0x27, 0x84, 0xcc, 0x3b, 0x99, 0x01, 0xc4, 0xb8, 0xa3, 0x2f, 0xe8, 0x0d, - 0xa8, 0x34, 0x9d, 0xed, 0x1b, 0xad, 0x9a, 0x93, 0x48, 0x03, 0xa5, 0xb7, 0x5d, 0xd9, 0x4e, 0x3c, - 0x7f, 0x8a, 0xfb, 0x76, 0xa7, 0x16, 0x82, 0x64, 0x39, 0x5a, 0x4d, 0x22, 0x2f, 0x68, 0xf0, 0xb3, - 0x9f, 0x25, 0x49, 0x06, 0x6b, 0x8a, 0xf6, 0xaf, 0x59, 0x59, 0x41, 0xab, 0x46, 0x27, 0x72, 0x12, - 0xd2, 0xd8, 0x41, 0x9f, 0x81, 0x12, 0xb5, 0x24, 0xe4, 0xa8, 0xdc, 0xca, 0x53, 0xfa, 0x1b, 0x5f, - 0x42, 0x6f, 0x04, 0xf4, 0x5f, 0x8c, 0x39, 0x53, 0xfb, 0x5b, 0x83, 0xd9, 0x0d, 0x8f, 0x79, 0xfa, - 0x2e, 0x00, 0x34, 0xc2, 0x35, 0xd2, 0x6c, 0xf9, 0x74, 0x58, 0x2c, 0x76, 0x5c, 0xac, 0x8c, 0xe7, - 0x79, 0x05, 0xc1, 0x06, 0x16, 0xfa, 0xcb, 0x16, 0x40, 0x43, 0x2e, 0x2c, 0xb9, 0x99, 0xdd, 0xc8, - 0xf3, 0x75, 0xf4, 0xb2, 0xd5, 0x7d, 0x51, 0x0c, 0xb1, 0xc1, 0x1c, 0xfd, 0xbc, 0x05, 0xe5, 0x44, - 0x76, 0x9f, 0x8b, 0xf7, 0xb5, 0x3c, 0x7b, 0x22, 0x5f, 0x5a, 0xef, 0xeb, 0x6a, 0x48, 0x14, 0x5f, - 0xf4, 0x4b, 0x16, 0x40, 0xbc, 0x13, 0xb8, 0x2b, 0xa1, 0xef, 0xb9, 0x3b, 0x42, 0xea, 0xdf, 0xcc, - 0xd5, 0xc0, 0x57, 0xd4, 0xab, 0x63, 0x74, 0x34, 0xf4, 0x7f, 0x6c, 0x70, 0x46, 0x9f, 0x85, 0x72, - 0x2c, 0xa6, 0x9b, 0x90, 0xf3, 0x6b, 0xf9, 0x1e, 0x33, 0x70, 0xda, 0x42, 0x44, 0x88, 0x7f, 0x58, - 0xf1, 0x44, 0xbf, 0x62, 0xc1, 0x89, 0x56, 0xfa, 0x50, 0x48, 0x88, 0xf4, 0xfc, 0x64, 0x40, 0xe6, - 0xd0, 0xa9, 0x7a, 0x6a, 0x6f, 0x77, 0xf2, 0x44, 0xa6, 0x11, 0x67, 0x7b, 0x81, 0x66, 0x61, 0x5c, - 0xcf, 0xe0, 0xe5, 0x16, 0x3f, 0xa0, 0x1a, 0x62, 0x07, 0x54, 0xcc, 0xbf, 0x37, 0x9f, 0x05, 0xe2, - 0x4e, 0x7c, 0xfb, 0xdb, 0x85, 0xd4, 0xf9, 0xae, 0x3a, 0x78, 0x61, 0x2b, 0xc2, 0x95, 0x36, 0xaf, - 0x5c, 0xe0, 0xb9, 0xae, 0x08, 0x65, 0x51, 0xeb, 0x15, 0xa1, 0x9a, 0x62, 0x6c, 0x30, 0xa7, 0x7b, - 0xff, 0xb8, 0x93, 0x3d, 0xde, 0x11, 0x8b, 0xf4, 0x8d, 0x3c, 0xbb, 0xd4, 0x79, 0x1a, 0xff, 0x84, - 0xe8, 0xda, 0x78, 0x07, 0x08, 0x77, 0x76, 0xc9, 0xfe, 0x76, 0xfa, 0x4c, 0xd9, 0x98, 0x5f, 0x7d, - 0x9c, 0x97, 0x7f, 0xd5, 0x82, 0xe1, 0x28, 0xf4, 0x7d, 0x2f, 0x68, 0xd0, 0xb5, 0x20, 0x04, 0xfa, - 0xeb, 0xc7, 0x22, 0x53, 0xc5, 0xa4, 0x67, 0x1a, 0x04, 0xd6, 0x3c, 0xb1, 0xd9, 0x01, 0xfb, 0xf3, - 0x16, 0x4c, 0xf4, 0x5a, 0xb3, 0x88, 0xc0, 0x07, 0xe5, 0x84, 0x54, 0xde, 0xe2, 0xe5, 0x60, 0x8e, - 0xf8, 0x44, 0x1d, 0xb6, 0x95, 0xab, 0x4f, 0x8b, 0xd7, 0xfc, 0xe0, 0x4a, 0x6f, 0x54, 0x7c, 0x3f, - 0x3a, 0xf6, 0x6f, 0x15, 0xb2, 0x23, 0xaa, 0x64, 0xf6, 0x37, 0xac, 0x0e, 0xcb, 0xe6, 0x13, 0xc7, - 0x21, 0x27, 0x99, 0x0d, 0xa4, 0x9c, 0xc6, 0xbd, 0x71, 0x1e, 0xa2, 0x57, 0xca, 0xfe, 0x57, 0x03, - 0x70, 0x9f, 0x9e, 0x29, 0xbf, 0x83, 0xd5, 0xcb, 0xef, 0x70, 0x70, 0x57, 0xc6, 0x97, 0x2d, 0x18, - 0xf4, 0xa9, 0x92, 0xc5, 0xcf, 0xd6, 0x87, 0x2f, 0xd4, 0x8e, 0x6b, 0xec, 0xb9, 0x2e, 0x17, 0x73, - 0xcf, 0xa8, 0x3a, 0x5e, 0xe3, 0x8d, 0x58, 0xf4, 0x01, 0x7d, 0xd3, 0x4a, 0x1f, 0xd4, 0xf3, 0x50, - 0x17, 0xef, 0xd8, 0xfa, 0x64, 0x9c, 0xfe, 0xf3, 0x8e, 0xe9, 0x73, 0xe5, 0x1e, 0x7e, 0x01, 0x34, - 0x05, 0x50, 0xf7, 0x02, 0xc7, 0xf7, 0xde, 0xa2, 0xc6, 0x62, 0x89, 0x09, 0x6a, 0xb6, 0xf3, 0x5d, - 0x56, 0xad, 0xd8, 0xc0, 0x38, 0xfb, 0x97, 0x60, 0xd8, 0x78, 0xf3, 0x2e, 0x0e, 0xdd, 0xd3, 0xa6, - 0x43, 0xb7, 0x62, 0xf8, 0x61, 0xcf, 0xbe, 0x02, 0x27, 0xb3, 0x1d, 0x3c, 0xc8, 0xf3, 0xf6, 0x6f, - 0x0f, 0x66, 0x4f, 0xd7, 0xd7, 0x48, 0xd4, 0xa4, 0x5d, 0x7b, 0xdf, 0xc8, 0x7e, 0xdf, 0xc8, 0x7e, - 0xdf, 0xc8, 0x96, 0x7f, 0xec, 0xbd, 0x12, 0xa4, 0x34, 0x03, 0xde, 0xbb, 0x0f, 0xc3, 0x50, 0x44, - 0x5a, 0xe1, 0x0d, 0xbc, 0x28, 0x24, 0xae, 0x0e, 0x71, 0xe5, 0xcd, 0x58, 0xc2, 0xa9, 0x64, 0x6e, - 0x39, 0xc9, 0x86, 0x10, 0xb9, 0x4a, 0x32, 0xaf, 0x38, 0xc9, 0x06, 0x66, 0x10, 0xf4, 0x0a, 0x8c, - 0x25, 0x4e, 0xd4, 0x20, 0x09, 0x26, 0x5b, 0x6c, 0x10, 0x84, 0xc7, 0xe2, 0x31, 0x81, 0x3b, 0xb6, - 0x96, 0x82, 0xe2, 0x0c, 0x36, 0xba, 0x03, 0x03, 0x1b, 0xc4, 0x6f, 0x8a, 0x53, 0x80, 0xd5, 0xfc, - 0x24, 0x22, 0x7b, 0xd7, 0x2b, 0xc4, 0x6f, 0xf2, 0xf5, 0x4a, 0x7f, 0x61, 0xc6, 0x8a, 0x7e, 0x9d, - 0xca, 0x66, 0x3b, 0x4e, 0xc2, 0xa6, 0xf7, 0x96, 0x3c, 0x1b, 0xf8, 0x44, 0xce, 0x8c, 0xaf, 0x49, - 0xfa, 0xdc, 0x80, 0x55, 0x7f, 0xb1, 0xe6, 0xcc, 0xfa, 0x51, 0xf3, 0x22, 0x66, 0xeb, 0xef, 0x4c, - 0xc0, 0xb1, 0xf4, 0x63, 0x4e, 0xd2, 0xe7, 0xfd, 0x50, 0x7f, 0xb1, 0xe6, 0x8c, 0x76, 0x60, 0xb0, - 0xe5, 0xb7, 0x1b, 0x5e, 0x30, 0x31, 0xcc, 0xfa, 0x70, 0x23, 0xe7, 0x3e, 0xac, 0x30, 0xe2, 0xfc, - 0x84, 0x86, 0xff, 0xc6, 0x82, 0x21, 0x7a, 0x1a, 0x4a, 0xee, 0x86, 0x13, 0x25, 0x13, 0x23, 0x6c, - 0xd2, 0x28, 0x43, 0x7a, 0x96, 0x36, 0x62, 0x0e, 0x43, 0x4f, 0x41, 0x31, 0x22, 0x75, 0x16, 0x59, - 0x65, 0xf8, 0xdc, 0x31, 0xa9, 0x63, 0xda, 0x6e, 0xff, 0xed, 0x42, 0x5a, 0xb9, 0x48, 0xbf, 0x37, - 0x9f, 0xed, 0x6e, 0x3b, 0x8a, 0xa5, 0xb1, 0x6d, 0xcc, 0x76, 0xd6, 0x8c, 0x25, 0x1c, 0x7d, 0xde, - 0x82, 0xa1, 0xdb, 0x71, 0x18, 0x04, 0x24, 0x11, 0x82, 0xfc, 0x66, 0xce, 0x43, 0x71, 0x95, 0x53, - 0xd7, 0x7d, 0x10, 0x0d, 0x58, 0xf2, 0xa5, 0xdd, 0x25, 0xdb, 0xae, 0xdf, 0xae, 0x75, 0xb8, 0x5a, - 0x2f, 0xf1, 0x66, 0x2c, 0xe1, 0x14, 0xd5, 0x0b, 0x38, 0xea, 0x40, 0x1a, 0x75, 0x21, 0x10, 0xa8, - 0x02, 0x6e, 0xff, 0x6e, 0x09, 0xce, 0x74, 0x5d, 0x1c, 0x74, 0xdb, 0x67, 0x1b, 0xeb, 0x65, 0xcf, - 0x27, 0x32, 0x80, 0x80, 0x6d, 0xfb, 0x37, 0x55, 0x2b, 0x36, 0x30, 0xd0, 0xcf, 0x01, 0xb4, 0x9c, - 0xc8, 0x69, 0x12, 0xb1, 0xdd, 0x15, 0x8f, 0xbe, 0xbb, 0xd2, 0x7e, 0xac, 0x48, 0x9a, 0xda, 0xda, - 0x52, 0x4d, 0x31, 0x36, 0x58, 0xa2, 0x97, 0x60, 0x38, 0x22, 0x3e, 0x71, 0x62, 0x16, 0x98, 0x97, - 0x8d, 0x32, 0xc6, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0x8c, 0x8a, 0xb5, 0xc8, 0xf8, 0xa5, 0xd3, 0xf1, - 0x16, 0xe8, 0x6d, 0x0b, 0xc6, 0xea, 0x9e, 0x4f, 0x34, 0x77, 0x11, 0x13, 0xbc, 0x7c, 0xf4, 0x97, - 0xbc, 0x6c, 0xd2, 0xd5, 0x12, 0x32, 0xd5, 0x1c, 0xe3, 0x0c, 0x7b, 0xfa, 0x99, 0xb7, 0x48, 0xc4, - 0x44, 0xeb, 0x60, 0xfa, 0x33, 0xdf, 0xe4, 0xcd, 0x58, 0xc2, 0xd1, 0x0c, 0x9c, 0x68, 0x39, 0x71, - 0x3c, 0x1b, 0x91, 0x1a, 0x09, 0x12, 0xcf, 0xf1, 0x79, 0xc4, 0x6e, 0x59, 0x47, 0xec, 0xad, 0xa4, - 0xc1, 0x38, 0x8b, 0x8f, 0x3e, 0x09, 0x8f, 0x7b, 0x8d, 0x20, 0x8c, 0xc8, 0x92, 0x17, 0xc7, 0x5e, - 0xd0, 0xd0, 0xd3, 0x80, 0x49, 0xca, 0x72, 0x75, 0x52, 0x90, 0x7a, 0x7c, 0xa1, 0x3b, 0x1a, 0xee, - 0xf5, 0x3c, 0x7a, 0x0e, 0xca, 0xf1, 0xa6, 0xd7, 0x9a, 0x8d, 0x6a, 0x31, 0x3b, 0x2d, 0x2d, 0xeb, - 0x23, 0x9e, 0x55, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0xab, 0x85, 0xb4, 0x79, 0x67, 0xae, 0x1f, 0x14, - 0xd3, 0x55, 0x92, 0xdc, 0x74, 0x22, 0x69, 0xfa, 0x1f, 0x31, 0xe6, 0x57, 0xd0, 0xbd, 0xe9, 0x44, - 0xe6, 0x7a, 0x63, 0x0c, 0xb0, 0xe4, 0x84, 0x6e, 0xc3, 0x40, 0xe2, 0x3b, 0x39, 0x25, 0x09, 0x18, - 0x1c, 0xb5, 0xb5, 0xbd, 0x38, 0x13, 0x63, 0xc6, 0x03, 0x3d, 0x49, 0xd5, 0xd7, 0x75, 0x19, 0x18, - 0x24, 0x34, 0xce, 0xf5, 0x18, 0xb3, 0x56, 0xfb, 0xff, 0x96, 0xbb, 0x88, 0x3c, 0xb5, 0xc7, 0xa0, - 0x0b, 0x00, 0xd4, 0x12, 0x5a, 0x89, 0x48, 0xdd, 0xdb, 0x16, 0x7b, 0xbc, 0x5a, 0x56, 0xd7, 0x15, - 0x04, 0x1b, 0x58, 0xf2, 0x99, 0xd5, 0x76, 0x9d, 0x3e, 0x53, 0xe8, 0x7c, 0x86, 0x43, 0xb0, 0x81, - 0x85, 0x5e, 0x84, 0x41, 0xaf, 0xe9, 0x34, 0x54, 0xfc, 0xd2, 0x93, 0x74, 0x3d, 0x2d, 0xb0, 0x96, - 0x7b, 0xbb, 0x93, 0x63, 0xaa, 0x43, 0xac, 0x09, 0x0b, 0x5c, 0xf4, 0x5b, 0x16, 0x8c, 0xb8, 0x61, - 0xb3, 0x19, 0x06, 0xdc, 0x7e, 0x10, 0xc6, 0xd0, 0xed, 0xe3, 0xda, 0x81, 0xa7, 0x66, 0x0d, 0x66, - 0xdc, 0x1a, 0x52, 0xd9, 0x0c, 0x26, 0x08, 0xa7, 0x7a, 0x65, 0x2e, 0xbb, 0xd2, 0x3e, 0xcb, 0xee, - 0xf7, 0x2c, 0x18, 0xe7, 0xcf, 0x1a, 0x66, 0x8d, 0x08, 0xdc, 0x0f, 0x8f, 0xf9, 0xb5, 0x3a, 0x2c, - 0x3d, 0x75, 0x24, 0xd4, 0x01, 0xc7, 0x9d, 0x9d, 0x44, 0xf3, 0x30, 0x5e, 0x0f, 0x23, 0x97, 0x98, - 0x03, 0x21, 0x64, 0x86, 0x22, 0x74, 0x39, 0x8b, 0x80, 0x3b, 0x9f, 0x41, 0x37, 0xe1, 0x31, 0xa3, - 0xd1, 0x1c, 0x07, 0x2e, 0x36, 0xce, 0x09, 0x6a, 0x8f, 0x5d, 0xee, 0x8a, 0x85, 0x7b, 0x3c, 0x9d, - 0xb6, 0xfc, 0x2b, 0x7d, 0x58, 0xfe, 0x6f, 0xc2, 0x13, 0x6e, 0xe7, 0xc8, 0x6c, 0xc5, 0xed, 0xf5, - 0x38, 0x61, 0x4a, 0x56, 0xb9, 0xfa, 0x23, 0x82, 0xc0, 0x13, 0xb3, 0xbd, 0x10, 0x71, 0x6f, 0x1a, - 0xe8, 0x33, 0x50, 0x8e, 0x08, 0xfb, 0x2a, 0xb1, 0x88, 0x62, 0x3f, 0xa2, 0xb9, 0xa7, 0x95, 0x43, - 0x4e, 0x56, 0x8b, 0x45, 0xd1, 0x10, 0x63, 0xc5, 0xf1, 0xec, 0xc7, 0x61, 0xbc, 0x63, 0x3e, 0x1f, - 0xc8, 0xf8, 0x9e, 0x83, 0xc7, 0xba, 0xcf, 0x9c, 0x03, 0x99, 0xe0, 0xff, 0x30, 0x13, 0x9c, 0x65, - 0x28, 0x7a, 0x7d, 0x1c, 0xe7, 0x38, 0x50, 0x24, 0xc1, 0x96, 0x10, 0xa4, 0x97, 0x8f, 0x36, 0x7a, - 0x97, 0x82, 0x2d, 0x3e, 0xf1, 0x99, 0xcd, 0x7a, 0x29, 0xd8, 0xc2, 0x94, 0x36, 0x7a, 0xc7, 0x4a, - 0x29, 0x2a, 0xfc, 0x10, 0xe8, 0x53, 0xc7, 0xa2, 0xd9, 0xf6, 0xad, 0xbb, 0xd8, 0xff, 0xba, 0x00, - 0xe7, 0xf7, 0x23, 0xd2, 0xc7, 0xf0, 0x3d, 0x0d, 0x83, 0x31, 0xf3, 0x8e, 0x09, 0xc9, 0x34, 0x4c, - 0xa5, 0x12, 0xf7, 0x97, 0xbd, 0x89, 0x05, 0x08, 0xf9, 0x50, 0x6c, 0x3a, 0x2d, 0x71, 0x36, 0xb0, - 0x70, 0xd4, 0x50, 0x6c, 0xfa, 0xdf, 0xf1, 0x97, 0x9c, 0x16, 0xb7, 0x38, 0x8d, 0x06, 0x4c, 0xd9, - 0xa0, 0x04, 0x4a, 0x4e, 0x14, 0x39, 0xd2, 0x15, 0x73, 0x2d, 0x1f, 0x7e, 0x33, 0x94, 0x64, 0x75, - 0x7c, 0x6f, 0x77, 0x72, 0x34, 0xd5, 0x84, 0x39, 0x33, 0xfb, 0xcb, 0x43, 0xa9, 0x70, 0x64, 0xe6, - 0x5f, 0x8b, 0x61, 0x50, 0x1c, 0x09, 0x58, 0x79, 0x47, 0xc0, 0xf3, 0x7c, 0x12, 0x66, 0xc7, 0x88, - 0xac, 0x3c, 0xc1, 0x0a, 0x7d, 0xc9, 0x62, 0xb9, 0x6f, 0x32, 0x44, 0x5b, 0x58, 0x0f, 0xc7, 0x93, - 0x8a, 0x67, 0x66, 0xd4, 0xc9, 0x46, 0x6c, 0x72, 0xa7, 0x5b, 0x57, 0x8b, 0x67, 0x71, 0x64, 0x6d, - 0x08, 0x99, 0x1d, 0x27, 0xe1, 0x68, 0xbb, 0x8b, 0x1f, 0x2d, 0x87, 0xfc, 0xa9, 0x3e, 0x3c, 0x67, - 0xdf, 0xb4, 0x60, 0x9c, 0x6b, 0x8a, 0x73, 0x5e, 0xbd, 0x4e, 0x22, 0x12, 0xb8, 0x44, 0xea, 0xda, - 0x47, 0xf4, 0xd4, 0xca, 0x73, 0x98, 0x85, 0x2c, 0x79, 0xbd, 0xa7, 0x75, 0x80, 0x70, 0x67, 0x67, - 0x50, 0x0d, 0x06, 0xbc, 0xa0, 0x1e, 0x8a, 0x9d, 0xbc, 0x7a, 0xb4, 0x4e, 0x2d, 0x04, 0xf5, 0x50, - 0xaf, 0x66, 0xfa, 0x0f, 0x33, 0xea, 0x68, 0x11, 0x4e, 0x47, 0xe2, 0x34, 0xe4, 0x8a, 0x17, 0x53, - 0x9b, 0x75, 0xd1, 0x6b, 0x7a, 0x09, 0xdb, 0x85, 0x8b, 0xd5, 0x89, 0xbd, 0xdd, 0xc9, 0xd3, 0xb8, - 0x0b, 0x1c, 0x77, 0x7d, 0x0a, 0xbd, 0x05, 0x43, 0x32, 0x59, 0xaf, 0x9c, 0x87, 0xdd, 0xd2, 0x39, - 0xff, 0xd5, 0x64, 0x5a, 0x15, 0x79, 0x79, 0x92, 0xa1, 0xfd, 0xf6, 0x30, 0x74, 0x3a, 0xa2, 0xd0, - 0xcf, 0x42, 0x25, 0x52, 0x09, 0x84, 0x56, 0x1e, 0x71, 0x58, 0xf2, 0xfb, 0x0a, 0x27, 0x98, 0xd2, - 0x07, 0x74, 0xaa, 0xa0, 0xe6, 0x48, 0xb5, 0xf6, 0x58, 0xfb, 0xab, 0x72, 0x98, 0xdb, 0x82, 0xab, - 0xf6, 0x73, 0xec, 0x04, 0x2e, 0x66, 0x3c, 0x50, 0x04, 0x83, 0x1b, 0xc4, 0xf1, 0x93, 0x8d, 0x7c, - 0x8e, 0x64, 0xaf, 0x30, 0x5a, 0xd9, 0x50, 0x73, 0xde, 0x8a, 0x05, 0x27, 0xb4, 0x0d, 0x43, 0x1b, - 0x7c, 0x02, 0x08, 0x45, 0x7a, 0xe9, 0xa8, 0x83, 0x9b, 0x9a, 0x55, 0xfa, 0x73, 0x8b, 0x06, 0x2c, - 0xd9, 0x31, 0x27, 0xbc, 0xe1, 0x83, 0xe5, 0x4b, 0x37, 0xbf, 0x28, 0xfb, 0xfe, 0x1d, 0xb0, 0x9f, - 0x86, 0x91, 0x88, 0xb8, 0x61, 0xe0, 0x7a, 0x3e, 0xa9, 0xcd, 0xc8, 0xe3, 0xd6, 0x83, 0xc4, 0x66, - 0x9f, 0xa4, 0xc6, 0x00, 0x36, 0x68, 0xe0, 0x14, 0x45, 0xf4, 0x45, 0x0b, 0xc6, 0x54, 0xd6, 0x11, - 0xfd, 0x20, 0x44, 0x1c, 0x58, 0x2e, 0xe6, 0x94, 0xe3, 0xc4, 0x68, 0x56, 0xd1, 0xde, 0xee, 0xe4, - 0x58, 0xba, 0x0d, 0x67, 0xf8, 0xa2, 0xd7, 0x00, 0xc2, 0x75, 0xee, 0x69, 0x9f, 0x49, 0xc4, 0xe9, - 0xe5, 0x41, 0x5e, 0x75, 0x8c, 0x27, 0x69, 0x48, 0x0a, 0xd8, 0xa0, 0x86, 0xae, 0x01, 0xf0, 0x65, - 0xb3, 0xb6, 0xd3, 0x92, 0xda, 0xb6, 0x0c, 0xae, 0x87, 0x55, 0x05, 0xb9, 0xb7, 0x3b, 0xd9, 0x79, - 0x9a, 0xc4, 0x5c, 0xc5, 0xc6, 0xe3, 0xe8, 0x67, 0x60, 0x28, 0x6e, 0x37, 0x9b, 0x8e, 0x3a, 0xdb, - 0xcc, 0x31, 0xed, 0x83, 0xd3, 0x35, 0x44, 0x11, 0x6f, 0xc0, 0x92, 0x23, 0xba, 0x4d, 0x85, 0x6a, - 0x2c, 0x8e, 0xb9, 0xd8, 0x2a, 0xe2, 0x3a, 0xc1, 0x30, 0x7b, 0xa7, 0x8f, 0x89, 0xe7, 0x4e, 0xe3, - 0x2e, 0x38, 0xf7, 0x76, 0x27, 0x1f, 0x4b, 0xb7, 0x2f, 0x86, 0x22, 0x11, 0xa3, 0x2b, 0x4d, 0x74, - 0x55, 0xe6, 0xee, 0xd3, 0xd7, 0x96, 0x29, 0xa5, 0xcf, 0xea, 0xdc, 0x7d, 0xd6, 0xdc, 0x7b, 0xcc, - 0xcc, 0x87, 0xd1, 0x12, 0x9c, 0x72, 0xc3, 0x20, 0x89, 0x42, 0xdf, 0xe7, 0x05, 0x29, 0xb8, 0xe1, - 0xc3, 0xcf, 0x3e, 0x3f, 0x28, 0xba, 0x7d, 0x6a, 0xb6, 0x13, 0x05, 0x77, 0x7b, 0xce, 0x0e, 0xd2, - 0x21, 0x48, 0x62, 0x70, 0x5e, 0x84, 0x11, 0xb2, 0x9d, 0x90, 0x28, 0x70, 0xfc, 0x1b, 0x78, 0x51, - 0x9e, 0xfa, 0xb1, 0x35, 0x70, 0xc9, 0x68, 0xc7, 0x29, 0x2c, 0x64, 0x2b, 0x6b, 0xbf, 0xa0, 0xb3, - 0x95, 0xb8, 0xb5, 0x2f, 0x6d, 0x7b, 0xfb, 0x7f, 0x17, 0x52, 0x0a, 0xd9, 0x5a, 0x44, 0x08, 0x0a, - 0xa1, 0x14, 0x84, 0x35, 0x25, 0xfb, 0xaf, 0xe6, 0x23, 0xfb, 0xaf, 0x87, 0x35, 0x23, 0xc1, 0x9f, - 0xfe, 0x8b, 0x31, 0xe7, 0xc3, 0x32, 0xa0, 0x65, 0xaa, 0x38, 0x03, 0x08, 0x43, 0x23, 0x4f, 0xce, - 0x2a, 0x03, 0x7a, 0xd9, 0x64, 0x84, 0xd3, 0x7c, 0xd1, 0x26, 0x94, 0x36, 0xc2, 0x38, 0x91, 0xe6, - 0xc7, 0x11, 0x2d, 0x9d, 0x2b, 0x61, 0x9c, 0x30, 0x2d, 0x42, 0xbd, 0x36, 0x6d, 0x89, 0x31, 0xe7, - 0x61, 0xff, 0x67, 0x2b, 0x75, 0xc6, 0x7b, 0x8b, 0x85, 0xe3, 0x6d, 0x91, 0x80, 0x2e, 0x6b, 0x33, - 0xb8, 0xe3, 0xff, 0xcf, 0x64, 0xcb, 0x7c, 0xa8, 0x57, 0xb9, 0x95, 0xbb, 0x94, 0xc2, 0x14, 0x23, - 0x61, 0xc4, 0x81, 0x7c, 0xce, 0x4a, 0xe7, 0x2d, 0x15, 0xf2, 0x30, 0x30, 0xcc, 0xbc, 0xbc, 0x7d, - 0x53, 0xa0, 0xec, 0x77, 0x2c, 0x18, 0xaa, 0x3a, 0xee, 0x66, 0x58, 0xaf, 0xa3, 0xe7, 0xa0, 0x5c, - 0x6b, 0x47, 0x66, 0x0a, 0x95, 0xb2, 0x9e, 0xe7, 0x44, 0x3b, 0x56, 0x18, 0x74, 0x0e, 0xd7, 0x1d, - 0x57, 0x66, 0xe7, 0x15, 0xf9, 0x1c, 0xbe, 0xcc, 0x5a, 0xb0, 0x80, 0xa0, 0x97, 0x60, 0xb8, 0xe9, - 0x6c, 0xcb, 0x87, 0xb3, 0x07, 0xcc, 0x4b, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x5f, 0x58, 0x30, 0x51, - 0x75, 0x62, 0xcf, 0x9d, 0x69, 0x27, 0x1b, 0x55, 0x2f, 0x59, 0x6f, 0xbb, 0x9b, 0x24, 0xe1, 0x29, - 0x99, 0xb4, 0x97, 0xed, 0x98, 0x2e, 0x25, 0x65, 0xd7, 0xa9, 0x5e, 0xde, 0x10, 0xed, 0x58, 0x61, - 0xa0, 0xb7, 0x60, 0xb8, 0xe5, 0xc4, 0xf1, 0xdd, 0x30, 0xaa, 0x61, 0x52, 0xcf, 0x27, 0x21, 0x7a, - 0x95, 0xb8, 0x11, 0x49, 0x30, 0xa9, 0x0b, 0x97, 0xa1, 0xa6, 0x8f, 0x4d, 0x66, 0xf6, 0x5f, 0xb7, - 0x60, 0x84, 0x79, 0x5f, 0xe6, 0x48, 0xe2, 0x78, 0x7e, 0x47, 0x55, 0x0f, 0xab, 0xcf, 0xaa, 0x1e, - 0xe7, 0x61, 0x60, 0x23, 0x6c, 0x92, 0xac, 0xe7, 0xf0, 0x4a, 0x48, 0xad, 0x58, 0x0a, 0x41, 0x2f, - 0xd0, 0x71, 0xf6, 0x82, 0xc4, 0xa1, 0x33, 0x4e, 0x1e, 0x21, 0x9e, 0xe0, 0x63, 0xac, 0x9a, 0xb1, - 0x89, 0x63, 0x7f, 0xab, 0x02, 0x43, 0xc2, 0x19, 0xdb, 0x77, 0x16, 0xac, 0x34, 0xa7, 0x0b, 0x3d, - 0xcd, 0xe9, 0x18, 0x06, 0x5d, 0x56, 0x33, 0x48, 0x68, 0x6d, 0xd7, 0x72, 0xf1, 0xde, 0xf3, 0x32, - 0x44, 0xba, 0x5b, 0xfc, 0x3f, 0x16, 0xac, 0xd0, 0xd7, 0x2c, 0x38, 0xe1, 0x86, 0x41, 0x40, 0x5c, - 0xad, 0x52, 0x0c, 0xe4, 0x11, 0x8f, 0x33, 0x9b, 0x26, 0xaa, 0x8f, 0xfe, 0x33, 0x00, 0x9c, 0x65, - 0x8f, 0x5e, 0x86, 0x51, 0x3e, 0x66, 0x37, 0x53, 0xe7, 0x9e, 0xba, 0xd8, 0x83, 0x09, 0xc4, 0x69, - 0x5c, 0x34, 0xc5, 0xcf, 0x8f, 0x45, 0x59, 0x85, 0x41, 0xed, 0x47, 0x32, 0x0a, 0x2a, 0x18, 0x18, - 0x28, 0x02, 0x14, 0x91, 0x7a, 0x44, 0xe2, 0x0d, 0xe1, 0xac, 0x66, 0xea, 0xcc, 0xd0, 0xe1, 0xb2, - 0xea, 0x70, 0x07, 0x25, 0xdc, 0x85, 0x3a, 0xda, 0x14, 0xf6, 0x5c, 0x39, 0x0f, 0x91, 0x25, 0x3e, - 0x73, 0x4f, 0xb3, 0x6e, 0x12, 0x4a, 0xf1, 0x86, 0x13, 0xd5, 0x98, 0x1a, 0x55, 0xe4, 0xc1, 0xe3, - 0xab, 0xb4, 0x01, 0xf3, 0x76, 0x34, 0x07, 0x27, 0x33, 0xa5, 0x2a, 0x62, 0x71, 0x3e, 0xa9, 0x82, - 0xac, 0x33, 0x45, 0x2e, 0x62, 0xdc, 0xf1, 0x84, 0x69, 0xeb, 0x0f, 0xef, 0x63, 0xeb, 0xef, 0xa8, - 0x90, 0xa8, 0x11, 0xb6, 0x1d, 0xbd, 0x9a, 0xcb, 0x00, 0xf4, 0x15, 0xff, 0xf4, 0x95, 0x4c, 0xfc, - 0xd3, 0x28, 0xeb, 0xc0, 0xcd, 0x7c, 0x3a, 0x70, 0xf0, 0x60, 0xa7, 0x87, 0x19, 0xbc, 0xf4, 0xbf, - 0x2c, 0x90, 0xdf, 0x75, 0xd6, 0x71, 0x37, 0x08, 0x9d, 0x32, 0xe8, 0x15, 0x18, 0x53, 0x16, 0xeb, - 0x6c, 0xd8, 0x0e, 0x78, 0xdc, 0x52, 0x51, 0xfb, 0x08, 0x71, 0x0a, 0x8a, 0x33, 0xd8, 0x68, 0x1a, - 0x2a, 0x74, 0x9c, 0xf8, 0xa3, 0x7c, 0x6b, 0x53, 0x56, 0xf1, 0xcc, 0xca, 0x82, 0x78, 0x4a, 0xe3, - 0xa0, 0x10, 0xc6, 0x7d, 0x27, 0x4e, 0x58, 0x0f, 0xa8, 0x01, 0x7b, 0xc8, 0x9c, 0x56, 0x16, 0xc9, - 0xbb, 0x98, 0x25, 0x84, 0x3b, 0x69, 0xdb, 0xdf, 0x1d, 0x80, 0xd1, 0x94, 0x64, 0x3c, 0xe0, 0x9e, - 0xf8, 0x1c, 0x94, 0xe5, 0x36, 0x95, 0xcd, 0xac, 0x57, 0x7b, 0x99, 0xc2, 0xa0, 0x9b, 0xd6, 0x3a, - 0x71, 0x22, 0x12, 0xb1, 0x22, 0x20, 0xd9, 0x3d, 0xbc, 0xaa, 0x41, 0xd8, 0xc4, 0x63, 0x42, 0x39, - 0xf1, 0xe3, 0x59, 0xdf, 0x23, 0x41, 0xc2, 0xbb, 0x99, 0x8f, 0x50, 0x5e, 0x5b, 0x5c, 0x35, 0x89, - 0x6a, 0xa1, 0x9c, 0x01, 0xe0, 0x2c, 0x7b, 0xf4, 0x8b, 0x16, 0x8c, 0x3a, 0x77, 0x63, 0x5d, 0xd8, - 0x4e, 0x44, 0x3a, 0x1d, 0x71, 0x93, 0x4a, 0xd5, 0xca, 0xe3, 0x27, 0xac, 0xa9, 0x26, 0x9c, 0x66, - 0x8a, 0xbe, 0x61, 0x01, 0x22, 0xdb, 0xc4, 0x95, 0xb1, 0x58, 0xa2, 0x2f, 0x83, 0x79, 0x18, 0x76, - 0x97, 0x3a, 0xe8, 0x72, 0xa9, 0xde, 0xd9, 0x8e, 0xbb, 0xf4, 0xc1, 0xfe, 0x27, 0x45, 0xb5, 0xa0, - 0x74, 0xf8, 0x9f, 0x63, 0x64, 0xe6, 0x58, 0x87, 0xcf, 0xcc, 0xd1, 0x0e, 0xea, 0x8e, 0xec, 0x9c, - 0x74, 0x22, 0x44, 0xe1, 0x21, 0x25, 0x42, 0xfc, 0xbc, 0x95, 0xaa, 0x21, 0x31, 0x7c, 0xe1, 0xb5, - 0x7c, 0x43, 0x0f, 0xa7, 0x78, 0x78, 0x44, 0x46, 0xba, 0xa7, 0x63, 0x26, 0xa8, 0x34, 0x35, 0xd0, - 0x0e, 0x24, 0x0d, 0xff, 0x7d, 0x11, 0x86, 0x8d, 0x9d, 0xb4, 0xab, 0x5a, 0x64, 0x3d, 0x62, 0x6a, - 0x51, 0xe1, 0x00, 0x6a, 0xd1, 0xcf, 0x41, 0xc5, 0x95, 0x52, 0x3e, 0x9f, 0x2a, 0x8a, 0xd9, 0xbd, - 0x43, 0x0b, 0x7a, 0xd5, 0x84, 0x35, 0x4f, 0x34, 0x9f, 0xca, 0x4d, 0x10, 0x3b, 0xc4, 0x00, 0xdb, - 0x21, 0xba, 0x25, 0x0f, 0x88, 0x9d, 0xa2, 0xf3, 0x19, 0x56, 0x6a, 0xa4, 0xe5, 0x89, 0xf7, 0x92, - 0x01, 0xc2, 0xbc, 0xd4, 0xc8, 0xca, 0x82, 0x6c, 0xc6, 0x26, 0x8e, 0xfd, 0x5d, 0x4b, 0x7d, 0xdc, - 0x07, 0x90, 0xeb, 0x7b, 0x3b, 0x9d, 0xeb, 0x7b, 0x29, 0x97, 0x61, 0xee, 0x91, 0xe4, 0x7b, 0x1d, - 0x86, 0x66, 0xc3, 0x66, 0xd3, 0x09, 0x6a, 0xe8, 0x47, 0x61, 0xc8, 0xe5, 0x3f, 0xc5, 0x39, 0x0a, - 0xf3, 0xc6, 0x09, 0x28, 0x96, 0x30, 0xf4, 0x24, 0x0c, 0x38, 0x51, 0x43, 0x9e, 0x9d, 0xb0, 0x80, - 0x8e, 0x99, 0xa8, 0x11, 0x63, 0xd6, 0x6a, 0xbf, 0x5d, 0x04, 0x98, 0x0d, 0x9b, 0x2d, 0x27, 0x22, - 0xb5, 0xb5, 0x90, 0x55, 0x71, 0x3a, 0x56, 0x1f, 0x96, 0x36, 0x96, 0x1e, 0x65, 0x3f, 0x96, 0xe1, - 0xcb, 0x28, 0x3e, 0x68, 0x5f, 0xc6, 0x97, 0x2d, 0x40, 0xf4, 0x8b, 0x84, 0x01, 0x09, 0x12, 0xed, - 0x9c, 0x9d, 0x86, 0x8a, 0x2b, 0x5b, 0x85, 0xd6, 0xa2, 0xd7, 0x9f, 0x04, 0x60, 0x8d, 0xd3, 0x87, - 0xf9, 0xf9, 0xb4, 0x14, 0x8e, 0xc5, 0x74, 0x0c, 0x24, 0x13, 0xa9, 0x42, 0x56, 0xda, 0x7f, 0x50, - 0x80, 0xc7, 0xf8, 0x7e, 0xb7, 0xe4, 0x04, 0x4e, 0x83, 0x34, 0x69, 0xaf, 0xfa, 0x75, 0xb7, 0xbb, - 0xd4, 0xee, 0xf1, 0x64, 0x4c, 0xe3, 0x51, 0x17, 0x06, 0x9f, 0xd0, 0x7c, 0x0a, 0x2f, 0x04, 0x5e, - 0x82, 0x19, 0x71, 0x14, 0x43, 0x59, 0xd6, 0xe4, 0x15, 0x82, 0x2e, 0x27, 0x46, 0x6a, 0xcd, 0x8b, - 0x4d, 0x89, 0x60, 0xc5, 0x88, 0x6a, 0x85, 0x7e, 0xe8, 0x6e, 0x62, 0xd2, 0x0a, 0x99, 0x50, 0x33, - 0x42, 0xca, 0x16, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0x1f, 0x58, 0x90, 0x15, 0xf7, 0x46, 0xbd, 0x1a, - 0xeb, 0xbe, 0xf5, 0x6a, 0x0e, 0x50, 0x30, 0xe6, 0xa7, 0x61, 0xd8, 0x49, 0xe8, 0x0e, 0xcd, 0x6d, - 0xda, 0xe2, 0xe1, 0x8e, 0xe8, 0x97, 0xc2, 0x9a, 0x57, 0xf7, 0x98, 0x2d, 0x6b, 0x92, 0xb3, 0xff, - 0xc7, 0x00, 0x8c, 0x77, 0xc4, 0xa9, 0xa3, 0x8b, 0x30, 0xe2, 0x8a, 0xe9, 0xd1, 0xc2, 0xa4, 0x2e, - 0x5e, 0xc6, 0x88, 0x73, 0xd2, 0x30, 0x9c, 0xc2, 0xec, 0x63, 0x82, 0x2e, 0xc0, 0xa9, 0x88, 0x5a, - 0xd1, 0x6d, 0x32, 0x53, 0x4f, 0x48, 0xb4, 0x4a, 0xdc, 0x30, 0xa8, 0xf1, 0xaa, 0x4a, 0xc5, 0xea, - 0xe3, 0x7b, 0xbb, 0x93, 0xa7, 0x70, 0x27, 0x18, 0x77, 0x7b, 0x06, 0xb5, 0x60, 0xd4, 0x37, 0x15, - 0x2c, 0xa1, 0x5d, 0x1f, 0x4a, 0x37, 0x53, 0x1b, 0x70, 0xaa, 0x19, 0xa7, 0x19, 0xa4, 0xb5, 0xb4, - 0xd2, 0x43, 0xd2, 0xd2, 0x7e, 0x41, 0x6b, 0x69, 0xdc, 0x97, 0xfc, 0x7a, 0xce, 0x79, 0x0a, 0xc7, - 0xad, 0xa6, 0xbd, 0x0a, 0x65, 0x19, 0x67, 0xd3, 0x57, 0x7c, 0x8a, 0x49, 0xa7, 0x87, 0x44, 0xbb, - 0x57, 0x80, 0x2e, 0x1a, 0x3e, 0x5d, 0x67, 0x7a, 0x3b, 0x4d, 0xad, 0xb3, 0x83, 0x6d, 0xa9, 0x68, - 0x9b, 0xc7, 0x18, 0xf1, 0x8d, 0xe3, 0x93, 0x79, 0x5b, 0x28, 0x3a, 0xec, 0x48, 0x05, 0xa4, 0xab, - 0xd0, 0xa3, 0x0b, 0x00, 0x5a, 0x0b, 0x12, 0xe1, 0xc6, 0xca, 0x85, 0xa9, 0x95, 0x25, 0x6c, 0x60, - 0x51, 0x83, 0xd5, 0x0b, 0xe2, 0xc4, 0xf1, 0xfd, 0x2b, 0x5e, 0x90, 0x88, 0x93, 0x37, 0xb5, 0x43, - 0x2e, 0x68, 0x10, 0x36, 0xf1, 0xce, 0x7e, 0xcc, 0xf8, 0x2e, 0x07, 0xf9, 0x9e, 0x1b, 0xf0, 0xc4, - 0xbc, 0x97, 0xa8, 0x20, 0x79, 0x35, 0x8f, 0xa8, 0x92, 0xa3, 0x92, 0x3e, 0xac, 0x9e, 0x49, 0x1f, - 0x46, 0x90, 0x7a, 0x21, 0x1d, 0x53, 0x9f, 0x0d, 0x52, 0xb7, 0x2f, 0xc2, 0xe9, 0x79, 0x2f, 0xb9, - 0xec, 0xf9, 0xe4, 0x80, 0x4c, 0xec, 0xdf, 0x1f, 0x84, 0x11, 0x33, 0x29, 0xe9, 0x20, 0x79, 0x2b, - 0x5f, 0xa5, 0x7a, 0x8c, 0x78, 0x3b, 0x4f, 0x39, 0x80, 0x6e, 0x1d, 0x39, 0x43, 0xaa, 0xfb, 0x88, - 0x19, 0xaa, 0x8c, 0xe6, 0x89, 0xcd, 0x0e, 0xa0, 0xbb, 0x50, 0xaa, 0xb3, 0x20, 0xea, 0x62, 0x1e, - 0x5e, 0xf2, 0x6e, 0x23, 0xaa, 0x97, 0x19, 0x0f, 0xc3, 0xe6, 0xfc, 0xe8, 0x0e, 0x19, 0xa5, 0x33, - 0x73, 0x8c, 0xe8, 0x42, 0x91, 0x93, 0xa3, 0x30, 0x7a, 0x89, 0xfa, 0xd2, 0x21, 0x44, 0x7d, 0x4a, - 0xf0, 0x0e, 0x3e, 0x24, 0xc1, 0xcb, 0x02, 0xe2, 0x93, 0x0d, 0xa6, 0xbf, 0x89, 0x70, 0xe8, 0x21, - 0x36, 0x08, 0x46, 0x40, 0x7c, 0x0a, 0x8c, 0xb3, 0xf8, 0xe8, 0xb3, 0x4a, 0x74, 0x97, 0xf3, 0x38, - 0xb4, 0x34, 0x67, 0xf4, 0x71, 0x4b, 0xed, 0x2f, 0x17, 0x60, 0x6c, 0x3e, 0x68, 0xaf, 0xcc, 0xaf, - 0xb4, 0xd7, 0x7d, 0xcf, 0xbd, 0x46, 0x76, 0xa8, 0x68, 0xde, 0x24, 0x3b, 0x0b, 0x73, 0x62, 0x05, - 0xa9, 0x39, 0x73, 0x8d, 0x36, 0x62, 0x0e, 0xa3, 0xc2, 0xa8, 0xee, 0x05, 0x0d, 0x12, 0xb5, 0x22, - 0x4f, 0x9c, 0x27, 0x1a, 0xc2, 0xe8, 0xb2, 0x06, 0x61, 0x13, 0x8f, 0xd2, 0x0e, 0xef, 0x06, 0x24, - 0xca, 0x2a, 0xb2, 0xcb, 0xb4, 0x11, 0x73, 0x18, 0x45, 0x4a, 0xa2, 0x76, 0x9c, 0x88, 0xc9, 0xa8, - 0x90, 0xd6, 0x68, 0x23, 0xe6, 0x30, 0xba, 0xd2, 0xe3, 0xf6, 0x3a, 0x0b, 0x42, 0xc8, 0xc4, 0x5e, - 0xaf, 0xf2, 0x66, 0x2c, 0xe1, 0x14, 0x75, 0x93, 0xec, 0xcc, 0x51, 0x93, 0x32, 0x93, 0x1d, 0x71, - 0x8d, 0x37, 0x63, 0x09, 0x67, 0x15, 0xa8, 0xd2, 0xc3, 0xf1, 0x03, 0x57, 0x81, 0x2a, 0xdd, 0xfd, - 0x1e, 0xc6, 0xe9, 0x6f, 0x58, 0x30, 0x62, 0x86, 0x0e, 0xa1, 0x46, 0x46, 0xc7, 0x5d, 0xee, 0xa8, - 0x26, 0xf8, 0x93, 0xdd, 0xae, 0x4e, 0x69, 0x78, 0x49, 0xd8, 0x8a, 0x9f, 0x27, 0x41, 0xc3, 0x0b, - 0x08, 0xf3, 0x08, 0xf3, 0x90, 0xa3, 0x54, 0x5c, 0xd2, 0x6c, 0x58, 0x23, 0x87, 0x50, 0x92, 0xed, - 0x5b, 0x30, 0xde, 0x91, 0x12, 0xd3, 0x87, 0x6a, 0xb1, 0x6f, 0x42, 0xa2, 0x8d, 0x61, 0x98, 0x12, - 0x16, 0x15, 0x24, 0xd0, 0x2c, 0x8c, 0xf3, 0x85, 0x44, 0x39, 0xad, 0xba, 0x1b, 0xa4, 0xa9, 0xd2, - 0x9c, 0xd8, 0xe1, 0xf5, 0xcd, 0x2c, 0x10, 0x77, 0xe2, 0xdb, 0x5f, 0xb1, 0x60, 0x34, 0x95, 0xa5, - 0x94, 0x93, 0x12, 0xc4, 0x56, 0x5a, 0xc8, 0x22, 0xd9, 0x58, 0x38, 0x6f, 0x91, 0x6d, 0xa6, 0x7a, - 0xa5, 0x69, 0x10, 0x36, 0xf1, 0xec, 0x77, 0x0a, 0x50, 0x96, 0xd1, 0x00, 0x7d, 0x74, 0xe5, 0x4b, - 0x16, 0x8c, 0x2a, 0x87, 0x01, 0x3b, 0x89, 0x2a, 0xe4, 0x11, 0xb7, 0x4e, 0x7b, 0xa0, 0x42, 0x2d, - 0x83, 0x7a, 0xa8, 0x35, 0x72, 0x6c, 0x32, 0xc3, 0x69, 0xde, 0xe8, 0x26, 0x40, 0xbc, 0x13, 0x27, - 0xa4, 0x69, 0x9c, 0x89, 0xd9, 0xc6, 0x8a, 0x9b, 0x72, 0xc3, 0x88, 0xd0, 0xf5, 0x75, 0x3d, 0xac, - 0x91, 0x55, 0x85, 0xa9, 0x55, 0x28, 0xdd, 0x86, 0x0d, 0x4a, 0xf6, 0xdf, 0x2f, 0xc0, 0xc9, 0x6c, - 0x97, 0xd0, 0xeb, 0x30, 0x22, 0xb9, 0x1b, 0xd7, 0xc0, 0xc8, 0x10, 0x88, 0x11, 0x6c, 0xc0, 0xee, - 0xed, 0x4e, 0x4e, 0x76, 0x5e, 0xc3, 0x33, 0x65, 0xa2, 0xe0, 0x14, 0x31, 0xee, 0xb5, 0x11, 0xee, - 0xc5, 0xea, 0xce, 0x4c, 0xab, 0x25, 0x5c, 0x2f, 0x86, 0xd7, 0xc6, 0x84, 0xe2, 0x0c, 0x36, 0x5a, - 0x81, 0xd3, 0x46, 0xcb, 0x75, 0xe2, 0x35, 0x36, 0xd6, 0xc3, 0x48, 0x5a, 0x56, 0x4f, 0xea, 0x20, - 0xa5, 0x4e, 0x1c, 0xdc, 0xf5, 0x49, 0xba, 0xdb, 0xbb, 0x4e, 0xcb, 0x71, 0xbd, 0x64, 0x47, 0x1c, - 0xf2, 0x29, 0xd9, 0x34, 0x2b, 0xda, 0xb1, 0xc2, 0xb0, 0x97, 0x60, 0xa0, 0xcf, 0x19, 0xd4, 0x97, - 0x46, 0xff, 0x2a, 0x94, 0x29, 0x39, 0xa9, 0xde, 0xe5, 0x41, 0x32, 0x84, 0xb2, 0xac, 0xe4, 0x8e, - 0x6c, 0x28, 0x7a, 0x8e, 0x74, 0x8c, 0xa9, 0xd7, 0x5a, 0x88, 0xe3, 0x36, 0x33, 0x92, 0x29, 0x10, - 0x3d, 0x0d, 0x45, 0xb2, 0xdd, 0xca, 0x7a, 0xc0, 0x2e, 0x6d, 0xb7, 0xbc, 0x88, 0xc4, 0x14, 0x89, - 0x6c, 0xb7, 0xd0, 0x59, 0x28, 0x78, 0x35, 0xb1, 0x49, 0x81, 0xc0, 0x29, 0x2c, 0xcc, 0xe1, 0x82, - 0x57, 0xb3, 0xb7, 0xa1, 0xa2, 0x4a, 0xc7, 0xa3, 0x4d, 0x29, 0xbb, 0xad, 0x3c, 0xc2, 0x77, 0x24, - 0xdd, 0x1e, 0x52, 0xbb, 0x0d, 0xa0, 0x73, 0xc2, 0xf2, 0x92, 0x2f, 0xe7, 0x61, 0xc0, 0x0d, 0x45, - 0x2a, 0x69, 0x59, 0x93, 0x61, 0x42, 0x9b, 0x41, 0xec, 0x5b, 0x30, 0x76, 0x2d, 0x08, 0xef, 0xb2, - 0xda, 0xb8, 0xac, 0x72, 0x0f, 0x25, 0x5c, 0xa7, 0x3f, 0xb2, 0x2a, 0x02, 0x83, 0x62, 0x0e, 0x53, - 0xf5, 0x62, 0x0a, 0xbd, 0xea, 0xc5, 0xd8, 0x9f, 0xb3, 0xe0, 0xa4, 0xca, 0x6c, 0x91, 0xd2, 0xf8, - 0x22, 0x8c, 0xac, 0xb7, 0x3d, 0xbf, 0x26, 0xeb, 0x01, 0x65, 0x8e, 0x29, 0xaa, 0x06, 0x0c, 0xa7, - 0x30, 0xa9, 0x51, 0xb5, 0xee, 0x05, 0x4e, 0xb4, 0xb3, 0xa2, 0xc5, 0xbf, 0x92, 0x08, 0x55, 0x05, - 0xc1, 0x06, 0x96, 0xfd, 0x25, 0xb3, 0x0b, 0x22, 0x97, 0xa6, 0x8f, 0x91, 0xbd, 0x01, 0x25, 0x57, - 0x39, 0x52, 0x0f, 0x55, 0xb3, 0x4c, 0xa5, 0x31, 0xb3, 0xc3, 0x74, 0x4e, 0xcd, 0xfe, 0x67, 0x05, - 0x18, 0x4d, 0x15, 0x92, 0x40, 0x3e, 0x94, 0x89, 0xcf, 0x8e, 0xf2, 0xe4, 0x14, 0x3b, 0x6a, 0x89, - 0x3a, 0xb5, 0x2c, 0x2e, 0x09, 0xba, 0x58, 0x71, 0x78, 0x34, 0xfc, 0x55, 0x17, 0x61, 0x44, 0x76, - 0xe8, 0x93, 0x4e, 0xd3, 0x17, 0xab, 0x50, 0x4d, 0x80, 0x4b, 0x06, 0x0c, 0xa7, 0x30, 0xed, 0x3f, - 0x2c, 0xc2, 0x04, 0x3f, 0xfb, 0xac, 0xa9, 0x90, 0x92, 0x25, 0xa9, 0x65, 0xfd, 0x15, 0x5d, 0xee, - 0x85, 0x0f, 0xe4, 0xfa, 0x51, 0xcb, 0xb3, 0x76, 0x67, 0xd4, 0x57, 0xb0, 0xc3, 0xaf, 0x67, 0x82, - 0x1d, 0xf8, 0x66, 0xdb, 0x38, 0xa6, 0x1e, 0xfd, 0x60, 0x45, 0x3f, 0xfc, 0x9d, 0x02, 0x9c, 0xc8, - 0xd4, 0xbe, 0x45, 0x6f, 0xa7, 0xab, 0xdb, 0x59, 0x79, 0x9c, 0x90, 0xdd, 0xb7, 0x02, 0xeb, 0xc1, - 0x6a, 0xdc, 0x3d, 0xa4, 0xa5, 0x62, 0xff, 0x51, 0x01, 0xc6, 0xd2, 0x45, 0x7b, 0x1f, 0xc1, 0x91, - 0xfa, 0x08, 0x54, 0x58, 0x29, 0x4c, 0x76, 0xd1, 0x10, 0x3f, 0x88, 0xe3, 0x15, 0x1b, 0x65, 0x23, - 0xd6, 0xf0, 0x47, 0xa2, 0x74, 0xa0, 0xfd, 0x77, 0x2d, 0x38, 0xc3, 0xdf, 0x32, 0x3b, 0x0f, 0xff, - 0x6a, 0xb7, 0xd1, 0x7d, 0x23, 0xdf, 0x0e, 0x66, 0xca, 0x14, 0xed, 0x37, 0xbe, 0xec, 0x82, 0x13, - 0xd1, 0xdb, 0xf4, 0x54, 0x78, 0x04, 0x3b, 0x7b, 0xa0, 0xc9, 0x60, 0xff, 0x51, 0x11, 0xf4, 0x9d, - 0x2e, 0xc8, 0x13, 0x59, 0x3a, 0xb9, 0x94, 0x6b, 0x5a, 0xdd, 0x09, 0x5c, 0x7d, 0x7b, 0x4c, 0x39, - 0x93, 0xa4, 0xf3, 0xcb, 0x16, 0x0c, 0x7b, 0x81, 0x97, 0x78, 0x0e, 0x53, 0x9e, 0xf3, 0xb9, 0x93, - 0x42, 0xb1, 0x5b, 0xe0, 0x94, 0xc3, 0xc8, 0x3c, 0xbd, 0x55, 0xcc, 0xb0, 0xc9, 0x19, 0x7d, 0x5a, - 0xc4, 0x23, 0x16, 0x73, 0xcb, 0x2f, 0x2b, 0x67, 0x82, 0x10, 0x5b, 0x50, 0x8a, 0x48, 0x12, 0xe5, - 0x94, 0x96, 0x89, 0x29, 0x29, 0x55, 0x9d, 0x4f, 0xdf, 0xae, 0x47, 0x9b, 0x31, 0x67, 0x64, 0xc7, - 0x80, 0x3a, 0xc7, 0xe2, 0x80, 0xb1, 0x5e, 0xd3, 0x50, 0x71, 0xda, 0x49, 0xd8, 0xa4, 0xc3, 0x24, - 0x0e, 0x98, 0x75, 0x34, 0x9b, 0x04, 0x60, 0x8d, 0x63, 0xbf, 0x5d, 0x82, 0x4c, 0xda, 0x0c, 0xda, - 0x36, 0xef, 0x23, 0xb2, 0xf2, 0xbd, 0x8f, 0x48, 0x75, 0xa6, 0xdb, 0x9d, 0x44, 0xa8, 0x01, 0xa5, - 0xd6, 0x86, 0x13, 0x4b, 0xdd, 0xf8, 0x55, 0x39, 0x4c, 0x2b, 0xb4, 0xf1, 0xde, 0xee, 0xe4, 0x4f, - 0xf5, 0x77, 0xd6, 0x42, 0xe7, 0xea, 0x34, 0xcf, 0x42, 0xd7, 0xac, 0x19, 0x0d, 0xcc, 0xe9, 0x1f, - 0xe4, 0x56, 0x8e, 0xcf, 0x8b, 0x7a, 0xa9, 0x98, 0xc4, 0x6d, 0x3f, 0x11, 0xb3, 0xe1, 0xd5, 0x1c, - 0x57, 0x19, 0x27, 0xac, 0x13, 0x3e, 0xf9, 0x7f, 0x6c, 0x30, 0x45, 0xaf, 0x43, 0x25, 0x4e, 0x9c, - 0x28, 0x39, 0x64, 0x8a, 0x96, 0x1a, 0xf4, 0x55, 0x49, 0x04, 0x6b, 0x7a, 0xe8, 0x35, 0x56, 0xbd, - 0xce, 0x8b, 0x37, 0x0e, 0x19, 0x46, 0x2c, 0x2b, 0xdd, 0x09, 0x0a, 0xd8, 0xa0, 0x46, 0x4d, 0x0f, - 0x36, 0xb7, 0x79, 0xec, 0x4c, 0x99, 0xd9, 0x96, 0x4a, 0x14, 0x62, 0x05, 0xc1, 0x06, 0x96, 0xfd, - 0x63, 0x90, 0xce, 0x58, 0x46, 0x93, 0x32, 0x41, 0x9a, 0x9f, 0x3d, 0xb1, 0x70, 0xe0, 0x54, 0x2e, - 0xf3, 0xef, 0x59, 0x60, 0xa6, 0x55, 0xa3, 0x3b, 0x3c, 0x7f, 0xdb, 0xca, 0xc3, 0x5f, 0x60, 0xd0, - 0x9d, 0x5a, 0x72, 0x5a, 0x19, 0xc7, 0x95, 0x4c, 0xe2, 0x3e, 0xfb, 0x31, 0x28, 0x4b, 0xe8, 0x81, - 0x94, 0xba, 0xcf, 0xc2, 0xa9, 0xec, 0x6d, 0x8d, 0xe2, 0xac, 0xb9, 0x11, 0x85, 0xed, 0x56, 0xd6, - 0x90, 0x64, 0xb7, 0xf9, 0x61, 0x0e, 0xa3, 0xe6, 0xd8, 0xa6, 0x17, 0xd4, 0xb2, 0x86, 0xe4, 0x35, - 0x2f, 0xa8, 0x61, 0x06, 0xe9, 0xe3, 0x56, 0xaa, 0x7f, 0x6a, 0xc1, 0xf9, 0xfd, 0x2e, 0x95, 0x44, - 0x4f, 0xc2, 0xc0, 0x5d, 0x27, 0x92, 0xa5, 0x3f, 0x99, 0xa0, 0xbc, 0xe5, 0x44, 0x01, 0x66, 0xad, - 0x68, 0x07, 0x06, 0x79, 0xfe, 0xaf, 0xd0, 0xd6, 0x5f, 0xcd, 0xf7, 0x8a, 0xcb, 0x6b, 0xc4, 0x30, - 0x17, 0x78, 0xee, 0x31, 0x16, 0x0c, 0xed, 0xef, 0x59, 0x80, 0x96, 0xb7, 0x48, 0x14, 0x79, 0x35, - 0x23, 0x63, 0x19, 0xbd, 0x08, 0x23, 0xb7, 0x57, 0x97, 0xaf, 0xaf, 0x84, 0x5e, 0xc0, 0x2a, 0x18, - 0x18, 0x49, 0x5a, 0x57, 0x8d, 0x76, 0x9c, 0xc2, 0x42, 0xb3, 0x30, 0x7e, 0xfb, 0x0e, 0x35, 0x7e, - 0xcd, 0xa2, 0xe0, 0x05, 0x7d, 0xdc, 0x79, 0xf5, 0xd5, 0x0c, 0x10, 0x77, 0xe2, 0xa3, 0x65, 0x38, - 0xd3, 0xe4, 0xe6, 0x06, 0xaf, 0xe5, 0xcb, 0x6d, 0x0f, 0x95, 0xa3, 0xf1, 0xc4, 0xde, 0xee, 0xe4, - 0x99, 0xa5, 0x6e, 0x08, 0xb8, 0xfb, 0x73, 0xf6, 0xbb, 0x05, 0x18, 0x36, 0x2e, 0x66, 0xed, 0xc3, - 0x06, 0xcf, 0x64, 0x9d, 0x14, 0xfa, 0xcc, 0x3a, 0x79, 0x16, 0xca, 0xad, 0xd0, 0xf7, 0x5c, 0x4f, - 0xd5, 0xa4, 0x61, 0xa5, 0x13, 0x57, 0x44, 0x1b, 0x56, 0x50, 0x74, 0x17, 0x2a, 0xea, 0xb2, 0x42, - 0x91, 0x38, 0x9b, 0xd7, 0xf9, 0x8e, 0x92, 0x54, 0xfa, 0x12, 0x42, 0xcd, 0x0b, 0xd9, 0x30, 0xc8, - 0x66, 0xbe, 0x0c, 0xa1, 0x63, 0x29, 0x48, 0x6c, 0x49, 0xc4, 0x58, 0x40, 0xec, 0x2f, 0x0c, 0xc1, - 0xe9, 0x6e, 0xe5, 0xfe, 0xd0, 0x67, 0x60, 0x90, 0xf7, 0x31, 0x9f, 0x8a, 0xb2, 0xdd, 0x78, 0xcc, - 0x33, 0x82, 0xa2, 0x5b, 0xec, 0x37, 0x16, 0x3c, 0x05, 0x77, 0xdf, 0x59, 0x17, 0x3a, 0xd3, 0xf1, - 0x70, 0x5f, 0x74, 0x34, 0xf7, 0x45, 0x87, 0x73, 0xf7, 0x9d, 0x75, 0xb4, 0x0d, 0xa5, 0x86, 0x97, - 0x10, 0x47, 0x58, 0x0e, 0xb7, 0x8e, 0x85, 0x39, 0x71, 0xb8, 0x68, 0x66, 0x3f, 0x31, 0x67, 0x88, - 0xbe, 0x69, 0xc1, 0x89, 0xf5, 0x74, 0x46, 0x97, 0xd8, 0x42, 0x9d, 0x63, 0x28, 0xe9, 0x98, 0x66, - 0xc4, 0xab, 0x6d, 0x67, 0x1a, 0x71, 0xb6, 0x3b, 0xe8, 0x17, 0x2c, 0x18, 0xaa, 0x7b, 0xbe, 0x51, - 0xaf, 0xec, 0x18, 0x3e, 0xce, 0x65, 0xc6, 0x40, 0xab, 0x19, 0xfc, 0x7f, 0x8c, 0x25, 0xe7, 0x5e, - 0xee, 0xe3, 0xc1, 0xa3, 0xba, 0x8f, 0x87, 0x1e, 0x92, 0xad, 0xf8, 0x2b, 0x05, 0x78, 0xba, 0x8f, - 0x6f, 0x64, 0x26, 0xe1, 0x58, 0xfb, 0x24, 0xe1, 0x9c, 0x87, 0x81, 0x88, 0xb4, 0xc2, 0xec, 0x7e, - 0xc7, 0x22, 0xd5, 0x18, 0x04, 0x3d, 0x05, 0x45, 0xa7, 0xe5, 0x89, 0xed, 0x4e, 0x6d, 0xd2, 0x33, - 0x2b, 0x0b, 0x98, 0xb6, 0xd3, 0x2f, 0x5d, 0x59, 0x97, 0x79, 0x86, 0xf9, 0x54, 0xbe, 0xef, 0x95, - 0xb6, 0xc8, 0xad, 0x37, 0x05, 0xc5, 0x9a, 0xaf, 0xfd, 0xd7, 0x2c, 0x38, 0xdb, 0x7b, 0x8a, 0xa0, - 0x17, 0x60, 0x78, 0x3d, 0x72, 0x02, 0x77, 0x83, 0x5d, 0x13, 0x21, 0x07, 0x85, 0xe5, 0x5e, 0xe8, - 0x66, 0x6c, 0xe2, 0xd0, 0x9d, 0x8b, 0x97, 0x06, 0x35, 0x30, 0x64, 0xa8, 0x35, 0xdd, 0xb9, 0xd6, - 0xb2, 0x40, 0xdc, 0x89, 0x6f, 0xff, 0x61, 0xa1, 0x7b, 0xb7, 0xb8, 0x28, 0x39, 0xc8, 0x77, 0x12, - 0x5f, 0xa1, 0xd0, 0xe3, 0x2b, 0xdc, 0x81, 0x72, 0xc2, 0xf2, 0x47, 0x48, 0x5d, 0xc8, 0xa3, 0xdc, - 0xf2, 0x33, 0xd9, 0x8e, 0xb5, 0x26, 0x88, 0x63, 0xc5, 0x86, 0x6e, 0x1c, 0xbe, 0x2e, 0x98, 0x26, - 0x36, 0x8e, 0xcc, 0xd1, 0xe3, 0x1c, 0x9c, 0x34, 0xea, 0xbf, 0xf2, 0xf0, 0x79, 0xee, 0x41, 0x57, - 0x39, 0x65, 0x2b, 0x19, 0x38, 0xee, 0x78, 0xc2, 0xfe, 0x8d, 0x02, 0x3c, 0xd1, 0x53, 0x3e, 0x6a, - 0x37, 0xbf, 0x75, 0x1f, 0x37, 0xff, 0x91, 0xa7, 0xb9, 0x39, 0xc0, 0x03, 0x0f, 0x66, 0x80, 0x9f, - 0x83, 0xb2, 0x17, 0xc4, 0xc4, 0x6d, 0x47, 0x7c, 0xd0, 0x8c, 0x60, 0xd2, 0x05, 0xd1, 0x8e, 0x15, - 0x86, 0xfd, 0xc7, 0xbd, 0xa7, 0x1a, 0xdd, 0x2b, 0x7f, 0x68, 0x47, 0xe9, 0x65, 0x18, 0x75, 0x5a, - 0x2d, 0x8e, 0xc7, 0x5c, 0xaa, 0x99, 0x2c, 0xd1, 0x19, 0x13, 0x88, 0xd3, 0xb8, 0xc6, 0x1c, 0x1e, - 0xec, 0x35, 0x87, 0xed, 0x3f, 0xb3, 0xa0, 0x82, 0x49, 0x9d, 0xaf, 0x77, 0x74, 0x5b, 0x0c, 0x91, - 0x95, 0x47, 0xf9, 0x16, 0x3a, 0xb0, 0xb1, 0xc7, 0xca, 0x9a, 0x74, 0x1b, 0xec, 0xce, 0x5a, 0xc6, - 0x85, 0x03, 0xd5, 0x32, 0x56, 0xd5, 0x6c, 0x8b, 0xbd, 0xab, 0xd9, 0xda, 0xef, 0x0e, 0xd1, 0xd7, - 0x6b, 0x85, 0xb3, 0x11, 0xa9, 0xc5, 0xf4, 0xfb, 0xb6, 0x23, 0x3f, 0x7b, 0x9f, 0xec, 0x0d, 0xbc, - 0x88, 0x69, 0x7b, 0xea, 0xdc, 0xa4, 0x70, 0xa0, 0x1c, 0xb9, 0xe2, 0xbe, 0x39, 0x72, 0x2f, 0xc3, - 0x68, 0x1c, 0x6f, 0xac, 0x44, 0xde, 0x96, 0x93, 0x50, 0x03, 0x45, 0x44, 0xe4, 0xe8, 0xbc, 0x96, - 0xd5, 0x2b, 0x1a, 0x88, 0xd3, 0xb8, 0x68, 0x1e, 0xc6, 0x75, 0xa6, 0x1a, 0x89, 0x12, 0x16, 0x80, - 0xc3, 0x67, 0x82, 0x4a, 0x2b, 0xd1, 0xb9, 0x6d, 0x02, 0x01, 0x77, 0x3e, 0x43, 0x25, 0x56, 0xaa, - 0x91, 0x76, 0x64, 0x30, 0x2d, 0xb1, 0x52, 0x74, 0x68, 0x5f, 0x3a, 0x9e, 0x40, 0x4b, 0x70, 0x8a, - 0x4f, 0x0c, 0x76, 0x81, 0xb9, 0x7a, 0xa3, 0xa1, 0x74, 0xd9, 0x8c, 0xf9, 0x4e, 0x14, 0xdc, 0xed, - 0x39, 0x6a, 0x7d, 0xa8, 0xe6, 0x85, 0x39, 0x61, 0xf2, 0x2b, 0xeb, 0x43, 0x91, 0x59, 0xa8, 0x61, - 0x13, 0x0f, 0x7d, 0x12, 0x1e, 0xd7, 0x7f, 0x79, 0x94, 0x26, 0x3f, 0x07, 0x9b, 0x13, 0x49, 0xc0, - 0xaa, 0x76, 0xea, 0x7c, 0x57, 0xb4, 0x1a, 0xee, 0xf5, 0x3c, 0x5a, 0x87, 0xb3, 0x0a, 0x74, 0x89, - 0x9a, 0x7a, 0xad, 0xc8, 0x8b, 0x49, 0xd5, 0x89, 0xc9, 0x8d, 0xc8, 0x67, 0x69, 0xc3, 0x15, 0x7d, - 0x09, 0xc4, 0xbc, 0x97, 0x5c, 0xe9, 0x86, 0x89, 0x17, 0xf1, 0x7d, 0xa8, 0xa0, 0x69, 0xa8, 0x90, - 0xc0, 0x59, 0xf7, 0xc9, 0xf2, 0xec, 0x02, 0x4b, 0x26, 0x36, 0x8e, 0xdd, 0x2e, 0x49, 0x00, 0xd6, - 0x38, 0xca, 0x09, 0x3c, 0xd2, 0xf3, 0xd2, 0x90, 0x15, 0x38, 0xdd, 0x70, 0x5b, 0x54, 0x9b, 0xf0, - 0x5c, 0x32, 0xe3, 0x32, 0x47, 0x28, 0xfd, 0x30, 0xbc, 0x9e, 0x89, 0x8a, 0x70, 0x98, 0x9f, 0x5d, - 0xe9, 0xc0, 0xc1, 0x5d, 0x9f, 0xa4, 0x6b, 0xac, 0x15, 0x85, 0xdb, 0x3b, 0x13, 0xa7, 0xd2, 0x6b, - 0x6c, 0x85, 0x36, 0x62, 0x0e, 0x43, 0x57, 0x01, 0xb1, 0x70, 0x99, 0x2b, 0x49, 0xd2, 0x52, 0xea, - 0xcb, 0xc4, 0x69, 0xf6, 0x4a, 0x67, 0xc5, 0x13, 0xe8, 0x72, 0x07, 0x06, 0xee, 0xf2, 0x94, 0xfd, - 0xa7, 0x16, 0x8c, 0xaa, 0xf5, 0xfa, 0x00, 0x02, 0xc6, 0xfc, 0x74, 0xc0, 0xd8, 0xfc, 0xd1, 0x25, - 0x1e, 0xeb, 0x79, 0x8f, 0xa8, 0x83, 0x2f, 0x0c, 0x03, 0x68, 0xa9, 0xa8, 0x36, 0x24, 0xab, 0xe7, - 0x86, 0xf4, 0xc8, 0x4a, 0xa4, 0x6e, 0x99, 0x83, 0xa5, 0x87, 0x9b, 0x39, 0xb8, 0x0a, 0x67, 0xa4, - 0xba, 0xc0, 0x0f, 0x76, 0xae, 0x84, 0xb1, 0x12, 0x70, 0xe5, 0xea, 0x53, 0x82, 0xd0, 0x99, 0x85, - 0x6e, 0x48, 0xb8, 0xfb, 0xb3, 0x29, 0x2d, 0x65, 0x68, 0x3f, 0x2d, 0x45, 0xaf, 0xe9, 0xc5, 0xba, - 0xac, 0xc4, 0x9a, 0x59, 0xd3, 0x8b, 0x97, 0x57, 0xb1, 0xc6, 0xe9, 0x2e, 0xd8, 0x2b, 0x39, 0x09, - 0x76, 0x38, 0xb0, 0x60, 0x97, 0x22, 0x66, 0xb8, 0xa7, 0x88, 0x91, 0x67, 0x49, 0x23, 0x3d, 0xcf, - 0x92, 0x5e, 0x81, 0x31, 0x2f, 0xd8, 0x20, 0x91, 0x97, 0x90, 0x1a, 0x5b, 0x0b, 0x4c, 0xfc, 0x94, - 0xf5, 0xb6, 0xbe, 0x90, 0x82, 0xe2, 0x0c, 0x76, 0x5a, 0x2e, 0x8e, 0xf5, 0x21, 0x17, 0x7b, 0xec, - 0x46, 0x27, 0xf2, 0xd9, 0x8d, 0x4e, 0x1e, 0x7d, 0x37, 0x1a, 0x3f, 0xd6, 0xdd, 0x08, 0xe5, 0xb2, - 0x1b, 0xf5, 0x25, 0xe8, 0x0d, 0x83, 0xee, 0xf4, 0x3e, 0x06, 0x5d, 0xaf, 0xad, 0xe8, 0xcc, 0xa1, - 0xb7, 0xa2, 0xee, 0xbb, 0xcc, 0x63, 0x87, 0xda, 0x65, 0xbe, 0x58, 0x80, 0x33, 0x5a, 0x0e, 0xd3, - 0xd9, 0xef, 0xd5, 0xa9, 0x24, 0x62, 0xc5, 0xbc, 0x79, 0xec, 0x8f, 0x11, 0xbf, 0xa8, 0x43, 0x21, - 0x15, 0x04, 0x1b, 0x58, 0x2c, 0x0c, 0x90, 0x44, 0xac, 0x6a, 0x53, 0x56, 0x48, 0xcf, 0x8a, 0x76, - 0xac, 0x30, 0xe8, 0xfc, 0xa2, 0xbf, 0x45, 0x68, 0x75, 0xb6, 0x58, 0xc2, 0xac, 0x06, 0x61, 0x13, - 0x0f, 0x3d, 0xcb, 0x99, 0x30, 0x01, 0x41, 0x05, 0xf5, 0x88, 0xb8, 0xa6, 0x46, 0xca, 0x04, 0x05, - 0x95, 0xdd, 0x61, 0xf1, 0x9e, 0xa5, 0xce, 0xee, 0x30, 0x7f, 0xa5, 0xc2, 0xb0, 0xff, 0xa7, 0x05, - 0x4f, 0x74, 0x1d, 0x8a, 0x07, 0xb0, 0xf9, 0x6e, 0xa7, 0x37, 0xdf, 0xd5, 0xbc, 0xcc, 0x0d, 0xe3, - 0x2d, 0x7a, 0x6c, 0xc4, 0xff, 0xce, 0x82, 0x31, 0x8d, 0xff, 0x00, 0x5e, 0xd5, 0x4b, 0xbf, 0x6a, - 0x7e, 0x96, 0x55, 0xa5, 0xe3, 0xdd, 0xfe, 0x94, 0xbd, 0x1b, 0xf7, 0x84, 0xcc, 0xb8, 0xb2, 0x3c, - 0xd4, 0x3e, 0x1e, 0x80, 0x1d, 0x18, 0x64, 0x95, 0x93, 0xe3, 0x7c, 0x3c, 0x32, 0x69, 0xfe, 0x2c, - 0x90, 0x5b, 0x7b, 0x64, 0xd8, 0xdf, 0x18, 0x0b, 0x86, 0xac, 0xa6, 0x98, 0x17, 0x53, 0x69, 0x5e, - 0x13, 0x91, 0x93, 0xba, 0xa6, 0x98, 0x68, 0xc7, 0x0a, 0xc3, 0x6e, 0xc2, 0x44, 0x9a, 0xf8, 0x1c, - 0xa9, 0x33, 0x2f, 0x7f, 0x5f, 0xaf, 0x39, 0x0d, 0x15, 0x87, 0x3d, 0xb5, 0xd8, 0x76, 0xb2, 0x37, - 0x9b, 0xcd, 0x48, 0x00, 0xd6, 0x38, 0xf6, 0xef, 0x58, 0x70, 0xaa, 0xcb, 0xcb, 0xe4, 0x18, 0x31, - 0x9a, 0x68, 0x29, 0xd0, 0x6d, 0xc3, 0xfd, 0x30, 0x0c, 0xd5, 0x48, 0xdd, 0x91, 0x7e, 0x64, 0x43, - 0xe6, 0xce, 0xf1, 0x66, 0x2c, 0xe1, 0xf6, 0x7f, 0xb3, 0xe0, 0x44, 0xba, 0xaf, 0x31, 0x95, 0x9a, - 0xfc, 0x65, 0xe6, 0xbc, 0xd8, 0x0d, 0xb7, 0x48, 0xb4, 0x43, 0xdf, 0x9c, 0xf7, 0x5a, 0x49, 0xcd, - 0x99, 0x0e, 0x0c, 0xdc, 0xe5, 0x29, 0x56, 0x56, 0xa8, 0xa6, 0x46, 0x5b, 0xce, 0x94, 0x9b, 0x79, - 0xce, 0x14, 0xfd, 0x31, 0x4d, 0xf7, 0x93, 0x62, 0x89, 0x4d, 0xfe, 0xf6, 0xf7, 0x06, 0x40, 0x85, - 0x94, 0x33, 0x27, 0x5e, 0x4e, 0x2e, 0xd0, 0x54, 0x11, 0xfc, 0x62, 0x1f, 0x45, 0xf0, 0xe5, 0x64, - 0x18, 0xb8, 0x9f, 0x83, 0x8d, 0x9f, 0x5e, 0x98, 0x87, 0x84, 0xea, 0x0d, 0xd7, 0x34, 0x08, 0x9b, - 0x78, 0xb4, 0x27, 0xbe, 0xb7, 0x45, 0xf8, 0x43, 0x83, 0xe9, 0x9e, 0x2c, 0x4a, 0x00, 0xd6, 0x38, - 0xb4, 0x27, 0x35, 0xaf, 0x5e, 0x17, 0xa6, 0xb8, 0xea, 0x09, 0x1d, 0x1d, 0xcc, 0x20, 0xbc, 0x52, - 0x5c, 0xb8, 0x29, 0xb4, 0x53, 0xa3, 0x52, 0x5c, 0xb8, 0x89, 0x19, 0x84, 0xea, 0x53, 0x41, 0x18, - 0x35, 0xd9, 0xcd, 0x73, 0x35, 0xc5, 0x45, 0x68, 0xa5, 0x4a, 0x9f, 0xba, 0xde, 0x89, 0x82, 0xbb, - 0x3d, 0x47, 0x67, 0x60, 0x2b, 0x22, 0x35, 0xcf, 0x4d, 0x4c, 0x6a, 0x90, 0x9e, 0x81, 0x2b, 0x1d, - 0x18, 0xb8, 0xcb, 0x53, 0x68, 0x06, 0x4e, 0xc8, 0x94, 0x00, 0x99, 0xf0, 0x39, 0x9c, 0x4e, 0x30, - 0xc3, 0x69, 0x30, 0xce, 0xe2, 0x53, 0x69, 0xd3, 0x14, 0xb9, 0xde, 0x4c, 0x89, 0x35, 0xa4, 0x8d, - 0xcc, 0x01, 0xc7, 0x0a, 0xc3, 0xfe, 0x7c, 0x91, 0xee, 0x8e, 0x3d, 0xea, 0x5b, 0x3f, 0x30, 0x97, - 0x7b, 0x7a, 0x46, 0x0e, 0xf4, 0x31, 0x23, 0x5f, 0x84, 0x91, 0xdb, 0x71, 0x18, 0x28, 0x77, 0x76, - 0xa9, 0xa7, 0x3b, 0xdb, 0xc0, 0xea, 0xee, 0xce, 0x1e, 0xcc, 0xcb, 0x9d, 0x3d, 0x74, 0x48, 0x77, - 0xf6, 0xb7, 0x4b, 0xa0, 0x2a, 0xc4, 0x5e, 0x27, 0xc9, 0xdd, 0x30, 0xda, 0xf4, 0x82, 0x06, 0x4b, - 0xa5, 0xf8, 0xa6, 0x05, 0x23, 0x7c, 0xbd, 0x2c, 0x9a, 0xe1, 0xc8, 0xf5, 0x9c, 0x4a, 0x8f, 0xa6, - 0x98, 0x4d, 0xad, 0x19, 0x8c, 0x32, 0x17, 0x9b, 0x98, 0x20, 0x9c, 0xea, 0x11, 0xfa, 0x59, 0x00, - 0x79, 0x6e, 0x59, 0x97, 0x22, 0x73, 0x21, 0x9f, 0xfe, 0x61, 0x52, 0xd7, 0xba, 0xe9, 0x9a, 0x62, - 0x82, 0x0d, 0x86, 0xe8, 0x8b, 0xd9, 0x9b, 0x39, 0x3f, 0x7d, 0x2c, 0x63, 0xd3, 0x4f, 0xa0, 0x36, - 0x86, 0x21, 0x2f, 0x68, 0xd0, 0x79, 0x22, 0x22, 0x00, 0x3e, 0xd4, 0x2d, 0x0d, 0x69, 0x31, 0x74, - 0x6a, 0x55, 0xc7, 0x77, 0x02, 0x97, 0x44, 0x0b, 0x1c, 0xdd, 0xbc, 0x69, 0x8b, 0x35, 0x60, 0x49, - 0xa8, 0xa3, 0xb6, 0x6e, 0xa9, 0x9f, 0xda, 0xba, 0x67, 0x3f, 0x0e, 0xe3, 0x1d, 0x1f, 0xf3, 0x40, - 0x71, 0xd9, 0x87, 0x0f, 0xe9, 0xb6, 0xff, 0xf9, 0xa0, 0xde, 0xb4, 0xae, 0x87, 0x35, 0x5e, 0xe1, - 0x35, 0xd2, 0x5f, 0x54, 0xe8, 0x9e, 0x39, 0x4e, 0x11, 0xe3, 0xb6, 0x2e, 0xd5, 0x88, 0x4d, 0x96, - 0x74, 0x8e, 0xb6, 0x9c, 0x88, 0x04, 0xc7, 0x3d, 0x47, 0x57, 0x14, 0x13, 0x6c, 0x30, 0x44, 0x1b, - 0xa9, 0xc0, 0xcc, 0xcb, 0x47, 0x0f, 0xcc, 0x64, 0x09, 0xda, 0xdd, 0xaa, 0x44, 0x7e, 0xcd, 0x82, - 0xb1, 0x20, 0x35, 0x73, 0x85, 0x1f, 0x67, 0xed, 0x38, 0x56, 0x05, 0x2f, 0x30, 0x9e, 0x6e, 0xc3, - 0x19, 0xfe, 0xdd, 0xb6, 0xb4, 0xd2, 0x01, 0xb7, 0x34, 0x5d, 0x2a, 0x7a, 0xb0, 0x57, 0xa9, 0x68, - 0x14, 0xa8, 0x5a, 0xf9, 0x43, 0xb9, 0xd7, 0xca, 0x87, 0x2e, 0x75, 0xf2, 0x6f, 0x41, 0xc5, 0x8d, - 0x88, 0x93, 0x1c, 0xb2, 0x6c, 0x3a, 0x73, 0x85, 0xcf, 0x4a, 0x02, 0x58, 0xd3, 0xb2, 0xff, 0x6d, - 0x11, 0x4e, 0xca, 0x11, 0x91, 0x71, 0x5c, 0x74, 0x7f, 0xe4, 0x7c, 0xb5, 0x72, 0xab, 0xf6, 0xc7, - 0x2b, 0x12, 0x80, 0x35, 0x0e, 0xd5, 0xc7, 0xda, 0x31, 0x59, 0x6e, 0x91, 0x60, 0xd1, 0x5b, 0x8f, - 0x85, 0xff, 0x51, 0x2d, 0x94, 0x1b, 0x1a, 0x84, 0x4d, 0x3c, 0xaa, 0x8c, 0x73, 0xbd, 0x38, 0xce, - 0xc6, 0x80, 0x0a, 0x7d, 0x1b, 0x4b, 0x38, 0xfa, 0xd5, 0xae, 0x17, 0x6e, 0xe4, 0x13, 0xfd, 0xdc, - 0x11, 0xbe, 0x76, 0xc0, 0x9b, 0x36, 0xde, 0xb6, 0xe0, 0xc4, 0x66, 0x2a, 0x0d, 0x4d, 0x8a, 0xe4, - 0x23, 0x26, 0x4c, 0xa7, 0x73, 0xdb, 0xf4, 0x14, 0x4e, 0xb7, 0xc7, 0x38, 0xcb, 0xdd, 0xfe, 0xef, - 0x16, 0x98, 0xe2, 0xa9, 0x3f, 0xcd, 0xca, 0xb8, 0x33, 0xac, 0xb0, 0xcf, 0x9d, 0x61, 0x52, 0x09, - 0x2b, 0xf6, 0xa7, 0xf4, 0x0f, 0x1c, 0x40, 0xe9, 0x2f, 0xf5, 0xd4, 0xda, 0x9e, 0x82, 0x62, 0xdb, - 0xab, 0x09, 0xbd, 0x5d, 0x7b, 0x1b, 0x17, 0xe6, 0x30, 0x6d, 0xb7, 0xff, 0x71, 0x49, 0xdb, 0xe9, - 0x22, 0x68, 0xf7, 0x87, 0xe2, 0xb5, 0xeb, 0x2a, 0xff, 0x9d, 0xbf, 0xf9, 0xf5, 0x8e, 0xfc, 0xf7, - 0x9f, 0x38, 0x78, 0x4c, 0x36, 0x1f, 0xa0, 0x5e, 0xe9, 0xef, 0x43, 0xfb, 0x04, 0x64, 0xdf, 0x86, - 0x32, 0x35, 0x6d, 0xd8, 0x81, 0x5b, 0x39, 0xd5, 0xa9, 0xf2, 0x15, 0xd1, 0x7e, 0x6f, 0x77, 0xf2, - 0xc7, 0x0f, 0xde, 0x2d, 0xf9, 0x34, 0x56, 0xf4, 0x51, 0x0c, 0x15, 0xfa, 0x9b, 0xc5, 0x8e, 0x0b, - 0xa3, 0xe9, 0x86, 0x92, 0x45, 0x12, 0x90, 0x4b, 0x60, 0xba, 0xe6, 0x83, 0x02, 0xa8, 0xb0, 0xcb, - 0x7e, 0x18, 0x53, 0x6e, 0x5b, 0xad, 0xa8, 0x08, 0x6e, 0x09, 0xb8, 0xb7, 0x3b, 0xf9, 0xf2, 0xc1, - 0x99, 0xaa, 0xc7, 0xb1, 0x66, 0x61, 0xbf, 0x33, 0xa0, 0xe7, 0xae, 0x28, 0x7b, 0xf0, 0x43, 0x31, - 0x77, 0x2f, 0x66, 0xe6, 0xee, 0xf9, 0x8e, 0xb9, 0x3b, 0xa6, 0x2f, 0xa5, 0x49, 0xcd, 0xc6, 0x07, - 0xbd, 0xc1, 0xee, 0x6f, 0xc7, 0x33, 0xcd, 0xe2, 0x4e, 0xdb, 0x8b, 0x48, 0xbc, 0x12, 0xb5, 0x03, - 0x2f, 0x68, 0x88, 0x7b, 0x40, 0x0d, 0xcd, 0x22, 0x05, 0xc6, 0x59, 0x7c, 0x76, 0x87, 0xe8, 0x4e, - 0xe0, 0xde, 0x72, 0xb6, 0xf8, 0xac, 0x32, 0x32, 0xc1, 0x57, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0xbb, - 0xcc, 0x77, 0x6b, 0x24, 0xad, 0xd0, 0x39, 0xe1, 0xb3, 0xdb, 0x95, 0x78, 0x1a, 0xb9, 0x9a, 0x13, - 0xfc, 0x4a, 0x25, 0x0e, 0x43, 0x77, 0x61, 0x68, 0x9d, 0x5f, 0x2f, 0x90, 0x4f, 0xc9, 0x3c, 0x71, - 0x57, 0x01, 0xab, 0x6a, 0x2b, 0x2f, 0x2e, 0xb8, 0xa7, 0x7f, 0x62, 0xc9, 0xcd, 0x7e, 0x6f, 0x00, - 0x4e, 0x64, 0xee, 0xdf, 0x49, 0x15, 0xf0, 0x29, 0xec, 0x5b, 0xc0, 0xe7, 0x53, 0x00, 0x35, 0xd2, - 0xf2, 0xc3, 0x1d, 0xa6, 0xe6, 0x0c, 0x1c, 0x58, 0xcd, 0x51, 0x9a, 0xf1, 0x9c, 0xa2, 0x82, 0x0d, - 0x8a, 0x22, 0x77, 0x9e, 0xd7, 0x03, 0xca, 0xe4, 0xce, 0x1b, 0x55, 0x2b, 0x07, 0x1f, 0x6c, 0xd5, - 0x4a, 0x0f, 0x4e, 0xf0, 0x2e, 0xaa, 0xd4, 0x90, 0x43, 0x64, 0x80, 0xb0, 0x38, 0xdb, 0xb9, 0x34, - 0x19, 0x9c, 0xa5, 0xfb, 0x30, 0xaf, 0xd7, 0x42, 0x1f, 0x81, 0x8a, 0xfc, 0xce, 0xf1, 0x44, 0x45, - 0xa7, 0xd7, 0xc9, 0x69, 0xc0, 0xae, 0xbd, 0x12, 0x3f, 0xed, 0xaf, 0x16, 0xa8, 0x56, 0xca, 0xff, - 0xa9, 0x34, 0xe9, 0x67, 0x60, 0xd0, 0x69, 0x27, 0x1b, 0x61, 0xc7, 0x9d, 0x09, 0x33, 0xac, 0x15, - 0x0b, 0x28, 0x5a, 0x84, 0x81, 0x9a, 0x4e, 0x7d, 0x3d, 0xc8, 0x28, 0xea, 0x03, 0x3e, 0x27, 0x21, - 0x98, 0x51, 0x41, 0x4f, 0xc2, 0x40, 0xe2, 0x34, 0x52, 0x77, 0xd9, 0xae, 0x39, 0x8d, 0x18, 0xb3, - 0x56, 0x73, 0xd3, 0x1c, 0xd8, 0x67, 0xd3, 0x7c, 0x19, 0x46, 0x63, 0xaf, 0x11, 0x38, 0x49, 0x3b, - 0x22, 0x86, 0x33, 0x49, 0xc7, 0x07, 0x98, 0x40, 0x9c, 0xc6, 0xb5, 0x7f, 0x7f, 0x04, 0x4e, 0xaf, - 0xce, 0x2e, 0xc9, 0x32, 0x6e, 0xc7, 0x16, 0x53, 0xdf, 0x8d, 0xc7, 0x83, 0x8b, 0xa9, 0xef, 0xc1, - 0xdd, 0x37, 0x62, 0xea, 0x7d, 0x23, 0xa6, 0xfe, 0x8b, 0x16, 0x54, 0x54, 0x28, 0xb9, 0x08, 0x64, - 0x7d, 0x3d, 0xff, 0x1e, 0xa8, 0xb8, 0x62, 0x11, 0x51, 0x2c, 0xff, 0x62, 0xcd, 0xfc, 0xf8, 0x82, - 0xec, 0xef, 0xdb, 0xa1, 0x03, 0x05, 0xd9, 0xab, 0x0c, 0x84, 0x52, 0x1e, 0x19, 0x08, 0x3d, 0x3e, - 0x55, 0xd7, 0x0c, 0x84, 0xaf, 0x59, 0x30, 0xec, 0xbc, 0xd5, 0x8e, 0xc8, 0x1c, 0xd9, 0x5a, 0x6e, - 0xc5, 0x42, 0xc0, 0xbe, 0x91, 0x7f, 0x07, 0x66, 0x34, 0x13, 0x51, 0xdc, 0x59, 0x37, 0x60, 0xb3, - 0x0b, 0xa9, 0x8c, 0x83, 0xa1, 0x3c, 0x32, 0x0e, 0xba, 0x75, 0x67, 0xdf, 0x8c, 0x83, 0x97, 0x61, - 0xd4, 0xf5, 0xc3, 0x80, 0xac, 0x44, 0x61, 0x12, 0xba, 0xa1, 0x2f, 0x94, 0x69, 0x25, 0x12, 0x66, - 0x4d, 0x20, 0x4e, 0xe3, 0xf6, 0x4a, 0x57, 0xa8, 0x1c, 0x35, 0x5d, 0x01, 0x1e, 0x52, 0x71, 0x8d, - 0x5f, 0xd2, 0x65, 0x46, 0x87, 0xf3, 0xb8, 0xef, 0xb6, 0xdb, 0x17, 0xe9, 0xa7, 0x66, 0x1d, 0xfa, - 0x06, 0xbf, 0xb4, 0x80, 0xaa, 0xa3, 0xb3, 0x61, 0x93, 0xaa, 0x5b, 0x23, 0x6c, 0x48, 0xde, 0x3c, - 0x86, 0x09, 0x7b, 0x6b, 0x55, 0xb3, 0x51, 0x17, 0x19, 0xe8, 0x26, 0x9c, 0xee, 0xc8, 0x51, 0xca, - 0xe9, 0xfd, 0x5a, 0x01, 0x7e, 0x64, 0xdf, 0x2e, 0xa0, 0xbb, 0x00, 0x89, 0xd3, 0x10, 0x13, 0x55, - 0x1c, 0xff, 0x1f, 0x31, 0x88, 0x6f, 0x4d, 0xd2, 0xe3, 0x69, 0xaa, 0xea, 0x2f, 0x3b, 0x58, 0x97, - 0xbf, 0x59, 0xec, 0x5e, 0xe8, 0x77, 0x94, 0xe4, 0xc1, 0xa1, 0x4f, 0x30, 0x83, 0xd0, 0xed, 0x3f, - 0x22, 0x0d, 0x7d, 0xa9, 0x95, 0xfa, 0x7c, 0x98, 0xb5, 0x62, 0x01, 0x45, 0x2f, 0xc1, 0xb0, 0xe3, - 0xfb, 0x3c, 0xaf, 0x82, 0xc4, 0xa2, 0xb0, 0xb2, 0x2e, 0x2b, 0xa2, 0x41, 0xd8, 0xc4, 0xb3, 0xff, - 0xa2, 0x00, 0x93, 0xfb, 0xc8, 0x14, 0x74, 0x11, 0x46, 0xc2, 0xa8, 0xe1, 0x04, 0xde, 0x5b, 0x3c, - 0x33, 0xbb, 0x94, 0xae, 0xff, 0xb2, 0x6c, 0xc0, 0x70, 0x0a, 0x53, 0x46, 0xc2, 0x0f, 0xf6, 0x88, - 0x84, 0x7f, 0x09, 0x86, 0x13, 0xe2, 0x34, 0x45, 0xd8, 0x8f, 0xb0, 0xbf, 0xb5, 0x3f, 0x53, 0x83, - 0xb0, 0x89, 0x47, 0xa5, 0xd8, 0x98, 0xe3, 0xba, 0x24, 0x8e, 0x65, 0xa8, 0xbb, 0x38, 0x1b, 0xcc, - 0x2d, 0x8e, 0x9e, 0x1d, 0xb9, 0xce, 0xa4, 0x58, 0xe0, 0x0c, 0xcb, 0xec, 0x80, 0x57, 0xfa, 0x1c, - 0xf0, 0xdf, 0x2c, 0xc0, 0x53, 0xf7, 0xdd, 0xdd, 0xfa, 0xce, 0x42, 0x68, 0xc7, 0x24, 0xca, 0x4e, - 0x9c, 0x1b, 0x31, 0x89, 0x30, 0x83, 0xf0, 0x51, 0x6a, 0xb5, 0x8c, 0x4b, 0xc3, 0xf2, 0x4e, 0x7a, - 0xe1, 0xa3, 0x94, 0x62, 0x81, 0x33, 0x2c, 0x0f, 0x3b, 0x2d, 0xff, 0x5e, 0x01, 0x9e, 0xee, 0x43, - 0x07, 0xc8, 0x31, 0x39, 0x28, 0x9d, 0xa2, 0x55, 0x7c, 0x38, 0x29, 0x5a, 0x87, 0x1d, 0xae, 0x77, - 0x0b, 0x70, 0xb6, 0xf7, 0x56, 0x8c, 0x7e, 0x92, 0xda, 0xf0, 0x32, 0xd6, 0xc7, 0xcc, 0xee, 0x3a, - 0xc5, 0xed, 0xf7, 0x14, 0x08, 0x67, 0x71, 0xd1, 0x14, 0x40, 0xcb, 0x49, 0x36, 0xe2, 0x4b, 0xdb, - 0x5e, 0x9c, 0x88, 0xc4, 0xe4, 0x31, 0xee, 0x89, 0x91, 0xad, 0xd8, 0xc0, 0xa0, 0xec, 0xd8, 0xbf, - 0xb9, 0xf0, 0x7a, 0x98, 0xf0, 0x87, 0xb8, 0x19, 0x71, 0x4a, 0x16, 0x6f, 0x35, 0x40, 0x38, 0x8b, - 0x4b, 0xd9, 0x31, 0x5f, 0x1f, 0xef, 0x28, 0xb7, 0x2f, 0x18, 0xbb, 0x45, 0xd5, 0x8a, 0x0d, 0x8c, - 0x6c, 0xde, 0x5a, 0x69, 0xff, 0xbc, 0x35, 0xfb, 0x1f, 0x15, 0xe0, 0x89, 0x9e, 0xaa, 0x5c, 0x7f, - 0x0b, 0xf0, 0xd1, 0xcb, 0x35, 0x3b, 0xdc, 0xdc, 0x39, 0x60, 0x06, 0xd5, 0x9f, 0xf5, 0x98, 0x69, - 0x22, 0x83, 0x2a, 0xbb, 0x55, 0x58, 0x07, 0xdd, 0x2a, 0x1e, 0xa1, 0xf1, 0xec, 0x48, 0x9a, 0x1a, - 0x38, 0x40, 0xd2, 0x54, 0xe6, 0x63, 0x94, 0xfa, 0x5c, 0xc8, 0xdf, 0xe9, 0x3d, 0xbc, 0xd4, 0xf4, - 0xeb, 0xeb, 0x74, 0x74, 0x0e, 0x4e, 0x7a, 0x01, 0x2b, 0xe4, 0xbd, 0xda, 0x5e, 0x17, 0x69, 0xeb, - 0x85, 0xf4, 0x1d, 0x75, 0x0b, 0x19, 0x38, 0xee, 0x78, 0xe2, 0x11, 0x4c, 0x62, 0x3b, 0xe4, 0x90, - 0x7e, 0x0a, 0x2a, 0x8a, 0x36, 0x0f, 0xcc, 0x55, 0x1f, 0xb4, 0x23, 0x30, 0x57, 0x7d, 0x4d, 0x03, - 0x8b, 0x8e, 0x04, 0x55, 0x37, 0x33, 0x33, 0xf3, 0x1a, 0xd9, 0x61, 0xba, 0xa7, 0xfd, 0x51, 0x18, - 0x51, 0x67, 0x18, 0xfd, 0x56, 0x6b, 0xb6, 0xdf, 0x19, 0x84, 0xd1, 0x54, 0x2d, 0x96, 0xd4, 0x91, - 0xa1, 0xb5, 0xef, 0x91, 0x21, 0x0b, 0xb4, 0x6e, 0x07, 0xb2, 0x94, 0xbb, 0x11, 0x68, 0xdd, 0x0e, - 0x08, 0xe6, 0x30, 0xaa, 0x3a, 0xd6, 0xa2, 0x1d, 0xdc, 0x0e, 0x44, 0x40, 0xa4, 0x52, 0x1d, 0xe7, - 0x58, 0x2b, 0x16, 0x50, 0xf4, 0x39, 0x0b, 0x46, 0x62, 0x76, 0x1e, 0xcd, 0x0f, 0x5c, 0xc5, 0x07, - 0xbd, 0x9a, 0xc7, 0xb5, 0xeb, 0xa2, 0xee, 0x10, 0x8b, 0xa5, 0x30, 0x5b, 0x70, 0x8a, 0x23, 0xfa, - 0x45, 0xcb, 0xbc, 0x70, 0x7e, 0x30, 0x8f, 0x40, 0xde, 0x6c, 0xa9, 0x1b, 0x7e, 0x52, 0x77, 0xff, - 0x7b, 0xe7, 0x63, 0x75, 0x1a, 0x3a, 0x74, 0x3c, 0xa7, 0xa1, 0xd0, 0xe5, 0x24, 0xf4, 0x23, 0x50, - 0x69, 0x3a, 0x81, 0x57, 0x27, 0x71, 0xc2, 0x0f, 0x28, 0x65, 0x05, 0x2e, 0xd9, 0x88, 0x35, 0x9c, - 0x6e, 0x76, 0x31, 0x7b, 0xb1, 0xc4, 0x38, 0x51, 0x64, 0x9b, 0xdd, 0xaa, 0x6e, 0xc6, 0x26, 0x8e, - 0x79, 0xfc, 0x09, 0x0f, 0xf5, 0xf8, 0x73, 0x78, 0x9f, 0xe3, 0xcf, 0x7f, 0x60, 0xc1, 0x99, 0xae, - 0x5f, 0xed, 0xd1, 0x0d, 0x91, 0xb3, 0xbf, 0x5e, 0x82, 0x53, 0x5d, 0x8a, 0x2a, 0xa1, 0x1d, 0x73, - 0x3e, 0x5b, 0x79, 0x78, 0xc5, 0xd3, 0x4e, 0x5e, 0x39, 0x8c, 0x5d, 0x26, 0xf1, 0xc1, 0x9c, 0x0f, - 0xda, 0x01, 0x50, 0x7c, 0xb0, 0x0e, 0x00, 0x63, 0x5a, 0x0e, 0x3c, 0xd4, 0x69, 0x59, 0xba, 0xff, - 0xb4, 0x44, 0xbf, 0x6b, 0xc1, 0x44, 0xb3, 0x47, 0x25, 0x4f, 0x71, 0xa8, 0x77, 0xf3, 0x78, 0xea, - 0x84, 0x56, 0x9f, 0xdc, 0xdb, 0x9d, 0xec, 0x59, 0x40, 0x15, 0xf7, 0xec, 0x95, 0xfd, 0xbd, 0x22, - 0xb0, 0x8a, 0x5e, 0xac, 0x86, 0xce, 0x0e, 0xfa, 0xac, 0x59, 0x9b, 0xcd, 0xca, 0xab, 0x8e, 0x18, - 0x27, 0xae, 0x6a, 0xbb, 0xf1, 0x11, 0xec, 0x56, 0xea, 0x2d, 0x2b, 0xb4, 0x0a, 0x7d, 0x08, 0x2d, - 0x5f, 0x16, 0xc1, 0x2b, 0xe6, 0x5f, 0x04, 0xaf, 0x92, 0x2d, 0x80, 0x77, 0xff, 0x4f, 0x3c, 0xf0, - 0x48, 0x7e, 0xe2, 0xbf, 0x69, 0x71, 0xc1, 0x93, 0xf9, 0x0a, 0x5a, 0x33, 0xb0, 0xee, 0xa3, 0x19, - 0x3c, 0xc7, 0x6e, 0xda, 0xac, 0x5f, 0x21, 0x8e, 0x2f, 0x34, 0x08, 0xf3, 0xd2, 0x4c, 0xd6, 0x8e, - 0x15, 0x06, 0xbb, 0x1b, 0xc7, 0xf7, 0xc3, 0xbb, 0x97, 0x9a, 0xad, 0x64, 0x47, 0xe8, 0x12, 0xfa, - 0x6e, 0x1c, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0xb7, 0x0a, 0x7c, 0x06, 0x0a, 0xb7, 0xfe, 0xc5, 0xcc, - 0x6d, 0x06, 0xfd, 0x7b, 0xc4, 0x3f, 0x03, 0xe0, 0xaa, 0x4b, 0xf6, 0x84, 0xbf, 0xe5, 0xca, 0x91, - 0x2f, 0x29, 0x13, 0xf4, 0xf4, 0x6b, 0xe8, 0x36, 0x6c, 0xf0, 0x4b, 0xc9, 0xd2, 0xe2, 0xbe, 0xb2, - 0x34, 0x25, 0x56, 0x06, 0xf6, 0xd9, 0xed, 0xfe, 0xc2, 0x82, 0x94, 0x46, 0x84, 0x5a, 0x50, 0xa2, - 0xdd, 0xdd, 0xc9, 0xe7, 0xfe, 0x40, 0x93, 0x34, 0x15, 0x8d, 0x62, 0xda, 0xb3, 0x9f, 0x98, 0x33, - 0x42, 0xbe, 0xf0, 0xfe, 0x17, 0xf2, 0xb8, 0xe3, 0xd2, 0x64, 0x78, 0x25, 0x0c, 0x37, 0xb9, 0xd3, - 0x50, 0x47, 0x12, 0xd8, 0x17, 0x61, 0xbc, 0xa3, 0x53, 0xac, 0x70, 0x79, 0x28, 0x2f, 0x4d, 0x34, - 0xa6, 0x2b, 0x4b, 0xc1, 0xc3, 0x1c, 0x66, 0xbf, 0x6b, 0xc1, 0xc9, 0x2c, 0x79, 0xf4, 0x0d, 0x0b, - 0xc6, 0xe3, 0x2c, 0xbd, 0xe3, 0x1a, 0x3b, 0x15, 0x19, 0xd7, 0x01, 0xc2, 0x9d, 0x9d, 0xb0, 0xff, - 0x8f, 0x98, 0xfc, 0xb7, 0xbc, 0xa0, 0x16, 0xde, 0x55, 0x8a, 0x89, 0xd5, 0x53, 0x31, 0xa1, 0xeb, - 0xd1, 0xdd, 0x20, 0xb5, 0xb6, 0xdf, 0x91, 0xfb, 0xb7, 0x2a, 0xda, 0xb1, 0xc2, 0x60, 0xa9, 0x4e, - 0x6d, 0x51, 0x25, 0x33, 0x33, 0x29, 0xe7, 0x44, 0x3b, 0x56, 0x18, 0xe8, 0x45, 0x18, 0x31, 0x2f, - 0x06, 0x15, 0xf3, 0x92, 0x29, 0xe4, 0xe6, 0x1d, 0xa2, 0x38, 0x85, 0x95, 0xb9, 0x1a, 0xbe, 0xb4, - 0xef, 0xd5, 0xf0, 0xcf, 0x42, 0x59, 0x5c, 0x73, 0x2e, 0xe3, 0x47, 0x79, 0x62, 0xa1, 0x68, 0xc3, - 0x0a, 0x4a, 0xa5, 0x49, 0xd3, 0x09, 0xda, 0x8e, 0x4f, 0x47, 0x48, 0x64, 0x43, 0xab, 0x65, 0xb8, - 0xa4, 0x20, 0xd8, 0xc0, 0xa2, 0x6f, 0x9c, 0x78, 0x4d, 0xf2, 0x5a, 0x18, 0xc8, 0xc8, 0x2b, 0xed, - 0x52, 0x11, 0xed, 0x58, 0x61, 0xd8, 0xff, 0xc5, 0x82, 0xec, 0x1d, 0xcd, 0xa9, 0x53, 0x0e, 0x6b, - 0xdf, 0x0c, 0xec, 0x74, 0xfe, 0x66, 0xa1, 0xaf, 0xfc, 0x4d, 0x33, 0xb5, 0xb2, 0x78, 0xdf, 0xd4, - 0xca, 0x1f, 0xd5, 0xd7, 0xdf, 0xf0, 0x1c, 0xcc, 0xe1, 0x6e, 0x57, 0xdf, 0x20, 0x1b, 0x06, 0x5d, - 0x47, 0xd5, 0xe8, 0x18, 0xe1, 0xb6, 0xc3, 0xec, 0x0c, 0x43, 0x12, 0x10, 0x7b, 0x19, 0x2a, 0xca, - 0xb3, 0x20, 0x0d, 0x55, 0xab, 0xbb, 0xa1, 0xda, 0x57, 0x2a, 0x59, 0x75, 0xfd, 0xbd, 0xef, 0x9f, - 0xfb, 0xc0, 0x77, 0xbe, 0x7f, 0xee, 0x03, 0x7f, 0xf2, 0xfd, 0x73, 0x1f, 0xf8, 0xdc, 0xde, 0x39, - 0xeb, 0xbd, 0xbd, 0x73, 0xd6, 0x77, 0xf6, 0xce, 0x59, 0x7f, 0xb2, 0x77, 0xce, 0xfa, 0xde, 0xde, - 0x39, 0xeb, 0x6b, 0xff, 0xf1, 0xdc, 0x07, 0x5e, 0xeb, 0x1a, 0x7a, 0x47, 0x7f, 0x3c, 0xef, 0xd6, - 0xa6, 0xb7, 0x2e, 0xb0, 0xe8, 0x2f, 0xba, 0xbc, 0xa6, 0x8d, 0x39, 0x35, 0x2d, 0x97, 0xd7, 0xff, - 0x0b, 0x00, 0x00, 0xff, 0xff, 0xe7, 0xad, 0xd9, 0x73, 0xf4, 0xcb, 0x00, 0x00, + // 10312 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x1c, 0xc9, + 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0x90, 0x68, 0x92, 0x77, 0x38, 0xea, 0xee, 0x40, + 0xcf, 0x95, 0x4f, 0xa7, 0xe8, 0x04, 0xf8, 0xa8, 0x93, 0x72, 0xf1, 0xd9, 0x92, 0xf1, 0x41, 0x82, + 0x20, 0x01, 0x02, 0xd7, 0x00, 0x49, 0x7d, 0xf8, 0x74, 0x1a, 0xcc, 0xf6, 0x2e, 0x86, 0x98, 0x9d, + 0x19, 0xce, 0xcc, 0x82, 0xc0, 0x59, 0x92, 0x25, 0xdb, 0xb2, 0x95, 0xe8, 0xe3, 0x14, 0x29, 0x55, + 0x96, 0x92, 0xc8, 0x91, 0x3f, 0x2a, 0x15, 0x57, 0x72, 0x15, 0xa5, 0xf2, 0x23, 0x4e, 0x9c, 0x94, + 0x4b, 0x76, 0x7e, 0x28, 0xa5, 0xa4, 0xa2, 0x4a, 0x5c, 0x96, 0x13, 0x3b, 0x88, 0x84, 0x54, 0x2a, + 0xa9, 0x54, 0xc5, 0x55, 0xf9, 0xf8, 0x13, 0x56, 0xaa, 0x92, 0xea, 0xef, 0x9e, 0xd9, 0x5d, 0x62, + 0x01, 0x0c, 0x48, 0x4a, 0xbe, 0x7f, 0xbb, 0xfd, 0xde, 0xbc, 0xd7, 0xd3, 0xd3, 0xfd, 0xfa, 0xbd, + 0xd7, 0xef, 0xbd, 0x86, 0xa5, 0xa6, 0x97, 0x6e, 0xb6, 0x37, 0xa6, 0xdc, 0xb0, 0x35, 0xed, 0xc4, + 0xcd, 0x30, 0x8a, 0xc3, 0xdb, 0xec, 0xc7, 0xbb, 0xdd, 0xfa, 0xf4, 0xf6, 0xc5, 0xe9, 0x68, 0xab, + 0x39, 0xed, 0x44, 0x5e, 0x32, 0xed, 0x44, 0x91, 0xef, 0xb9, 0x4e, 0xea, 0x85, 0xc1, 0xf4, 0xf6, + 0x0b, 0x8e, 0x1f, 0x6d, 0x3a, 0x2f, 0x4c, 0x37, 0x49, 0x40, 0x62, 0x27, 0x25, 0xf5, 0xa9, 0x28, + 0x0e, 0xd3, 0x10, 0xfd, 0x94, 0xa6, 0x36, 0x25, 0xa9, 0xb1, 0x1f, 0xaf, 0xb9, 0xf5, 0xa9, 0xed, + 0x8b, 0x53, 0xd1, 0x56, 0x73, 0x8a, 0x52, 0x9b, 0x32, 0xa8, 0x4d, 0x49, 0x6a, 0xe7, 0xdf, 0x6d, + 0xf4, 0xa5, 0x19, 0x36, 0xc3, 0x69, 0x46, 0x74, 0xa3, 0xdd, 0x60, 0xff, 0xd8, 0x1f, 0xf6, 0x8b, + 0x33, 0x3b, 0x6f, 0x6f, 0xbd, 0x94, 0x4c, 0x79, 0x21, 0xed, 0xde, 0xb4, 0x1b, 0xc6, 0x64, 0x7a, + 0xbb, 0xa3, 0x43, 0xe7, 0xaf, 0x68, 0x1c, 0xb2, 0x93, 0x92, 0x20, 0xf1, 0xc2, 0x20, 0x79, 0x37, + 0xed, 0x02, 0x89, 0xb7, 0x49, 0x6c, 0xbe, 0x9e, 0x81, 0xd0, 0x8d, 0xd2, 0x8b, 0x9a, 0x52, 0xcb, + 0x71, 0x37, 0xbd, 0x80, 0xc4, 0xbb, 0xfa, 0xf1, 0x16, 0x49, 0x9d, 0x6e, 0x4f, 0x4d, 0xf7, 0x7a, + 0x2a, 0x6e, 0x07, 0xa9, 0xd7, 0x22, 0x1d, 0x0f, 0xbc, 0xef, 0xa0, 0x07, 0x12, 0x77, 0x93, 0xb4, + 0x9c, 0x8e, 0xe7, 0xde, 0xd3, 0xeb, 0xb9, 0x76, 0xea, 0xf9, 0xd3, 0x5e, 0x90, 0x26, 0x69, 0x9c, + 0x7f, 0xc8, 0xbe, 0x03, 0xa3, 0x33, 0xb7, 0xd6, 0x66, 0xda, 0xe9, 0xe6, 0x5c, 0x18, 0x34, 0xbc, + 0x26, 0x7a, 0x2f, 0x0c, 0xbb, 0x7e, 0x3b, 0x49, 0x49, 0x7c, 0xdd, 0x69, 0x91, 0x09, 0xeb, 0x82, + 0xf5, 0x5c, 0x6d, 0xf6, 0xcc, 0xb7, 0xf7, 0x26, 0xdf, 0xb6, 0xbf, 0x37, 0x39, 0x3c, 0xa7, 0x41, + 0xd8, 0xc4, 0x43, 0xef, 0x84, 0xa1, 0x38, 0xf4, 0xc9, 0x0c, 0xbe, 0x3e, 0x51, 0x62, 0x8f, 0x9c, + 0x12, 0x8f, 0x0c, 0x61, 0xde, 0x8c, 0x25, 0xdc, 0xfe, 0xa3, 0x12, 0xc0, 0x4c, 0x14, 0xad, 0xc6, + 0xe1, 0x6d, 0xe2, 0xa6, 0xe8, 0x63, 0x50, 0xa5, 0x43, 0x57, 0x77, 0x52, 0x87, 0x71, 0x1b, 0xbe, + 0xf8, 0x13, 0x53, 0xfc, 0x4d, 0xa6, 0xcc, 0x37, 0xd1, 0x13, 0x87, 0x62, 0x4f, 0x6d, 0xbf, 0x30, + 0xb5, 0xb2, 0x41, 0x9f, 0x5f, 0x26, 0xa9, 0x33, 0x8b, 0x04, 0x33, 0xd0, 0x6d, 0x58, 0x51, 0x45, + 0x01, 0x0c, 0x24, 0x11, 0x71, 0x59, 0xc7, 0x86, 0x2f, 0x2e, 0x4d, 0x1d, 0x67, 0x86, 0x4e, 0xe9, + 0x9e, 0xaf, 0x45, 0xc4, 0x9d, 0x1d, 0x11, 0x9c, 0x07, 0xe8, 0x3f, 0xcc, 0xf8, 0xa0, 0x6d, 0x18, + 0x4c, 0x52, 0x27, 0x6d, 0x27, 0x13, 0x65, 0xc6, 0xf1, 0x7a, 0x61, 0x1c, 0x19, 0xd5, 0xd9, 0x31, + 0xc1, 0x73, 0x90, 0xff, 0xc7, 0x82, 0x9b, 0xfd, 0x1f, 0x2c, 0x18, 0xd3, 0xc8, 0x4b, 0x5e, 0x92, + 0xa2, 0x9f, 0xed, 0x18, 0xdc, 0xa9, 0xfe, 0x06, 0x97, 0x3e, 0xcd, 0x86, 0xf6, 0xb4, 0x60, 0x56, + 0x95, 0x2d, 0xc6, 0xc0, 0xb6, 0xa0, 0xe2, 0xa5, 0xa4, 0x95, 0x4c, 0x94, 0x2e, 0x94, 0x9f, 0x1b, + 0xbe, 0x78, 0xa5, 0xa8, 0xf7, 0x9c, 0x1d, 0x15, 0x4c, 0x2b, 0x8b, 0x94, 0x3c, 0xe6, 0x5c, 0xec, + 0xdf, 0x1e, 0x31, 0xdf, 0x8f, 0x0e, 0x38, 0x7a, 0x01, 0x86, 0x93, 0xb0, 0x1d, 0xbb, 0x04, 0x93, + 0x28, 0x4c, 0x26, 0xac, 0x0b, 0x65, 0x3a, 0xf5, 0xe8, 0x4c, 0x5d, 0xd3, 0xcd, 0xd8, 0xc4, 0x41, + 0x5f, 0xb4, 0x60, 0xa4, 0x4e, 0x92, 0xd4, 0x0b, 0x18, 0x7f, 0xd9, 0xf9, 0xf5, 0x63, 0x77, 0x5e, + 0x36, 0xce, 0x6b, 0xe2, 0xb3, 0x67, 0xc5, 0x8b, 0x8c, 0x18, 0x8d, 0x09, 0xce, 0xf0, 0xa7, 0x2b, + 0xae, 0x4e, 0x12, 0x37, 0xf6, 0x22, 0xfa, 0x9f, 0xcd, 0x19, 0x63, 0xc5, 0xcd, 0x6b, 0x10, 0x36, + 0xf1, 0x50, 0x00, 0x15, 0xba, 0xa2, 0x92, 0x89, 0x01, 0xd6, 0xff, 0xc5, 0xe3, 0xf5, 0x5f, 0x0c, + 0x2a, 0x5d, 0xac, 0x7a, 0xf4, 0xe9, 0xbf, 0x04, 0x73, 0x36, 0xe8, 0x0b, 0x16, 0x4c, 0x88, 0x15, + 0x8f, 0x09, 0x1f, 0xd0, 0x5b, 0x9b, 0x5e, 0x4a, 0x7c, 0x2f, 0x49, 0x27, 0x2a, 0xac, 0x0f, 0xd3, + 0xfd, 0xcd, 0xad, 0x85, 0x38, 0x6c, 0x47, 0xd7, 0xbc, 0xa0, 0x3e, 0x7b, 0x41, 0x70, 0x9a, 0x98, + 0xeb, 0x41, 0x18, 0xf7, 0x64, 0x89, 0xbe, 0x62, 0xc1, 0xf9, 0xc0, 0x69, 0x91, 0x24, 0x72, 0xe8, + 0xa7, 0xe5, 0xe0, 0x59, 0xdf, 0x71, 0xb7, 0x58, 0x8f, 0x06, 0x8f, 0xd6, 0x23, 0x5b, 0xf4, 0xe8, + 0xfc, 0xf5, 0x9e, 0xa4, 0xf1, 0x7d, 0xd8, 0xa2, 0xdf, 0xb4, 0x60, 0x3c, 0x8c, 0xa3, 0x4d, 0x27, + 0x20, 0x75, 0x09, 0x4d, 0x26, 0x86, 0xd8, 0xd2, 0xfb, 0xe8, 0xf1, 0x3e, 0xd1, 0x4a, 0x9e, 0xec, + 0x72, 0x18, 0x78, 0x69, 0x18, 0xaf, 0x91, 0x34, 0xf5, 0x82, 0x66, 0x32, 0x7b, 0x6e, 0x7f, 0x6f, + 0x72, 0xbc, 0x03, 0x0b, 0x77, 0xf6, 0x07, 0xfd, 0x1c, 0x0c, 0x27, 0xbb, 0x81, 0x7b, 0xcb, 0x0b, + 0xea, 0xe1, 0xdd, 0x64, 0xa2, 0x5a, 0xc4, 0xf2, 0x5d, 0x53, 0x04, 0xc5, 0x02, 0xd4, 0x0c, 0xb0, + 0xc9, 0xad, 0xfb, 0x87, 0xd3, 0x53, 0xa9, 0x56, 0xf4, 0x87, 0xd3, 0x93, 0xe9, 0x3e, 0x6c, 0xd1, + 0xaf, 0x58, 0x30, 0x9a, 0x78, 0xcd, 0xc0, 0x49, 0xdb, 0x31, 0xb9, 0x46, 0x76, 0x93, 0x09, 0x60, + 0x1d, 0xb9, 0x7a, 0xcc, 0x51, 0x31, 0x48, 0xce, 0x9e, 0x13, 0x7d, 0x1c, 0x35, 0x5b, 0x13, 0x9c, + 0xe5, 0xdb, 0x6d, 0xa1, 0xe9, 0x69, 0x3d, 0x5c, 0xec, 0x42, 0xd3, 0x93, 0xba, 0x27, 0x4b, 0xf4, + 0x33, 0x70, 0x9a, 0x37, 0xa9, 0x91, 0x4d, 0x26, 0x46, 0x98, 0xa0, 0x3d, 0xbb, 0xbf, 0x37, 0x79, + 0x7a, 0x2d, 0x07, 0xc3, 0x1d, 0xd8, 0xe8, 0x0e, 0x4c, 0x46, 0x24, 0x6e, 0x79, 0xe9, 0x4a, 0xe0, + 0xef, 0x4a, 0xf1, 0xed, 0x86, 0x11, 0xa9, 0x8b, 0xee, 0x24, 0x13, 0xa3, 0x17, 0xac, 0xe7, 0xaa, + 0xb3, 0xef, 0x10, 0xdd, 0x9c, 0x5c, 0xbd, 0x3f, 0x3a, 0x3e, 0x88, 0x9e, 0xfd, 0x2f, 0x4a, 0x70, + 0x3a, 0xbf, 0x71, 0xa2, 0xbf, 0x6d, 0xc1, 0xa9, 0xdb, 0x77, 0xd3, 0xf5, 0x70, 0x8b, 0x04, 0xc9, + 0xec, 0x2e, 0x15, 0x6f, 0x6c, 0xcb, 0x18, 0xbe, 0xe8, 0x16, 0xbb, 0x45, 0x4f, 0x5d, 0xcd, 0x72, + 0xb9, 0x14, 0xa4, 0xf1, 0xee, 0xec, 0xe3, 0xe2, 0xed, 0x4e, 0x5d, 0xbd, 0xb5, 0x6e, 0x42, 0x71, + 0xbe, 0x53, 0xe7, 0x3f, 0x67, 0xc1, 0xd9, 0x6e, 0x24, 0xd0, 0x69, 0x28, 0x6f, 0x91, 0x5d, 0xae, + 0x95, 0x61, 0xfa, 0x13, 0xbd, 0x0a, 0x95, 0x6d, 0xc7, 0x6f, 0x13, 0xa1, 0xdd, 0x2c, 0x1c, 0xef, + 0x45, 0x54, 0xcf, 0x30, 0xa7, 0xfa, 0x93, 0xa5, 0x97, 0x2c, 0xfb, 0x5f, 0x97, 0x61, 0xd8, 0xd8, + 0xdf, 0x1e, 0x80, 0xc6, 0x16, 0x66, 0x34, 0xb6, 0xe5, 0xc2, 0xb6, 0xe6, 0x9e, 0x2a, 0xdb, 0xdd, + 0x9c, 0xca, 0xb6, 0x52, 0x1c, 0xcb, 0xfb, 0xea, 0x6c, 0x28, 0x85, 0x5a, 0x18, 0x51, 0x8d, 0x9c, + 0x6e, 0xfd, 0x03, 0x45, 0x7c, 0xc2, 0x15, 0x49, 0x6e, 0x76, 0x74, 0x7f, 0x6f, 0xb2, 0xa6, 0xfe, + 0x62, 0xcd, 0xc8, 0xfe, 0x9e, 0x05, 0x67, 0x8d, 0x3e, 0xce, 0x85, 0x41, 0xdd, 0x63, 0x9f, 0xf6, + 0x02, 0x0c, 0xa4, 0xbb, 0x91, 0x54, 0xfb, 0xd5, 0x48, 0xad, 0xef, 0x46, 0x04, 0x33, 0x08, 0x55, + 0xf4, 0x5b, 0x24, 0x49, 0x9c, 0x26, 0xc9, 0x2b, 0xfa, 0xcb, 0xbc, 0x19, 0x4b, 0x38, 0x8a, 0x01, + 0xf9, 0x4e, 0x92, 0xae, 0xc7, 0x4e, 0x90, 0x30, 0xf2, 0xeb, 0x5e, 0x8b, 0x88, 0x01, 0xfe, 0x0b, + 0xfd, 0xcd, 0x18, 0xfa, 0xc4, 0xec, 0x63, 0xfb, 0x7b, 0x93, 0x68, 0xa9, 0x83, 0x12, 0xee, 0x42, + 0xdd, 0xfe, 0x8a, 0x05, 0x8f, 0x75, 0xd7, 0xc5, 0xd0, 0xb3, 0x30, 0xc8, 0x4d, 0x3e, 0xf1, 0x76, + 0xfa, 0x93, 0xb0, 0x56, 0x2c, 0xa0, 0x68, 0x1a, 0x6a, 0x6a, 0x9f, 0x10, 0xef, 0x38, 0x2e, 0x50, + 0x6b, 0x7a, 0x73, 0xd1, 0x38, 0x74, 0xd0, 0xe8, 0x1f, 0xa1, 0xb9, 0xa9, 0x41, 0x63, 0x46, 0x12, + 0x83, 0xd8, 0xff, 0xd1, 0x82, 0x53, 0x46, 0xaf, 0x1e, 0x80, 0x6a, 0x1e, 0x64, 0x55, 0xf3, 0xc5, + 0xc2, 0xe6, 0x73, 0x0f, 0xdd, 0xfc, 0x0b, 0x16, 0x9c, 0x37, 0xb0, 0x96, 0x9d, 0xd4, 0xdd, 0xbc, + 0xb4, 0x13, 0xc5, 0x24, 0xa1, 0xe6, 0x34, 0x7a, 0xca, 0x90, 0x5b, 0xb3, 0xc3, 0x82, 0x42, 0xf9, + 0x1a, 0xd9, 0xe5, 0x42, 0xec, 0x79, 0xa8, 0xf2, 0xc9, 0x19, 0xc6, 0x62, 0xc4, 0xd5, 0xbb, 0xad, + 0x88, 0x76, 0xac, 0x30, 0x90, 0x0d, 0x83, 0x4c, 0x38, 0xd1, 0xc5, 0x4a, 0xb7, 0x21, 0xa0, 0x1f, + 0xf1, 0x26, 0x6b, 0xc1, 0x02, 0x62, 0xaf, 0x64, 0xba, 0xb3, 0x1a, 0x13, 0xf6, 0x71, 0xeb, 0x97, + 0x3d, 0xe2, 0xd7, 0x13, 0x6a, 0x36, 0x38, 0x41, 0x10, 0xa6, 0xc2, 0x02, 0x30, 0xcc, 0x86, 0x19, + 0xdd, 0x8c, 0x4d, 0x1c, 0x7b, 0xbf, 0xc4, 0x8c, 0x0f, 0xb5, 0xac, 0xc9, 0x83, 0xb0, 0x5c, 0xe3, + 0x8c, 0x1c, 0x5c, 0x2d, 0x4e, 0x28, 0x91, 0xde, 0xd6, 0xeb, 0xeb, 0x39, 0x51, 0x88, 0x0b, 0xe5, + 0x7a, 0x7f, 0x0b, 0xf6, 0x5b, 0x25, 0x98, 0xcc, 0x3e, 0xd0, 0x21, 0x49, 0xa9, 0xb9, 0x64, 0x30, + 0xca, 0x3b, 0x28, 0x0c, 0x7c, 0x6c, 0xe2, 0xf5, 0x10, 0x46, 0xa5, 0x93, 0x14, 0x46, 0xa6, 0xac, + 0x2c, 0x1f, 0x20, 0x2b, 0x9f, 0x55, 0xa3, 0x3e, 0x90, 0x13, 0x4e, 0xd9, 0xfd, 0xe2, 0x02, 0x0c, + 0x24, 0x29, 0x89, 0x26, 0x2a, 0x59, 0x59, 0xb3, 0x96, 0x92, 0x08, 0x33, 0x88, 0xfd, 0xdf, 0x4a, + 0xf0, 0x78, 0x76, 0x0c, 0xb5, 0x78, 0xff, 0x40, 0x46, 0xbc, 0xbf, 0xcb, 0x14, 0xef, 0xf7, 0xf6, + 0x26, 0xdf, 0xde, 0xe3, 0xb1, 0x1f, 0x1a, 0xe9, 0x8f, 0x16, 0x72, 0xa3, 0x38, 0x9d, 0x1d, 0xc5, + 0x7b, 0x7b, 0x93, 0x4f, 0xf5, 0x78, 0xc7, 0xdc, 0x30, 0x3f, 0x0b, 0x83, 0x31, 0x71, 0x92, 0x30, + 0x10, 0x03, 0xad, 0x3e, 0x07, 0x66, 0xad, 0x58, 0x40, 0xed, 0x7f, 0x53, 0xcb, 0x0f, 0xf6, 0x02, + 0x77, 0xb0, 0x85, 0x31, 0xf2, 0x60, 0x80, 0xa9, 0xec, 0x5c, 0x34, 0x5c, 0x3b, 0xde, 0x32, 0xa2, + 0x22, 0x5e, 0x91, 0x9e, 0xad, 0xd2, 0xaf, 0x46, 0x9b, 0x30, 0x63, 0x81, 0x76, 0xa0, 0xea, 0x4a, + 0x4d, 0xba, 0x54, 0x84, 0xcf, 0x49, 0xe8, 0xd1, 0x9a, 0xe3, 0x08, 0x95, 0xc5, 0x4a, 0xfd, 0x56, + 0xdc, 0x10, 0x81, 0x72, 0xd3, 0x4b, 0xc5, 0x67, 0x3d, 0xa6, 0xad, 0xb4, 0xe0, 0x19, 0xaf, 0x38, + 0x44, 0x37, 0x88, 0x05, 0x2f, 0xc5, 0x94, 0x3e, 0xfa, 0x8c, 0x05, 0xc3, 0x89, 0xdb, 0x5a, 0x8d, + 0xc3, 0x6d, 0xaf, 0x4e, 0x62, 0xa1, 0x29, 0x1d, 0x53, 0x34, 0xad, 0xcd, 0x2d, 0x4b, 0x82, 0x9a, + 0x2f, 0xb7, 0x5d, 0x35, 0x04, 0x9b, 0x7c, 0xa9, 0x05, 0xf1, 0xb8, 0x78, 0xf7, 0x79, 0xe2, 0x7a, + 0x74, 0x6f, 0x93, 0x06, 0x13, 0x9b, 0x29, 0xc7, 0xd6, 0x1c, 0xe7, 0xdb, 0xee, 0x16, 0x5d, 0x6f, + 0xba, 0x43, 0x6f, 0xdf, 0xdf, 0x9b, 0x7c, 0x7c, 0xae, 0x3b, 0x4f, 0xdc, 0xab, 0x33, 0x6c, 0xc0, + 0xa2, 0xb6, 0xef, 0x63, 0x72, 0xa7, 0x4d, 0x98, 0x3b, 0xa4, 0x80, 0x01, 0x5b, 0xd5, 0x04, 0x73, + 0x03, 0x66, 0x40, 0xb0, 0xc9, 0x17, 0xdd, 0x81, 0xc1, 0x96, 0x93, 0xc6, 0xde, 0x8e, 0xf0, 0x81, + 0x1c, 0x53, 0x97, 0x5f, 0x66, 0xb4, 0x34, 0x73, 0xb6, 0xf5, 0xf3, 0x46, 0x2c, 0x18, 0xa1, 0x16, + 0x54, 0x5a, 0x24, 0x6e, 0x92, 0x89, 0x6a, 0x11, 0xfe, 0xde, 0x65, 0x4a, 0x4a, 0x33, 0xac, 0x51, + 0xcd, 0x87, 0xb5, 0x61, 0xce, 0x05, 0xbd, 0x0a, 0xd5, 0x84, 0xf8, 0xc4, 0xa5, 0xba, 0x4b, 0x8d, + 0x71, 0x7c, 0x4f, 0x9f, 0x7a, 0x9c, 0xb3, 0x41, 0xfc, 0x35, 0xf1, 0x28, 0x5f, 0x60, 0xf2, 0x1f, + 0x56, 0x24, 0xe9, 0x00, 0x46, 0x7e, 0xbb, 0xe9, 0x05, 0x13, 0x50, 0xc4, 0x00, 0xae, 0x32, 0x5a, + 0xb9, 0x01, 0xe4, 0x8d, 0x58, 0x30, 0xb2, 0xff, 0xb3, 0x05, 0x28, 0x2b, 0xd4, 0x1e, 0x80, 0xc2, + 0x7a, 0x27, 0xab, 0xb0, 0x2e, 0x15, 0xa9, 0x75, 0xf4, 0xd0, 0x59, 0x7f, 0xb7, 0x06, 0xb9, 0xed, + 0xe0, 0x3a, 0x49, 0x52, 0x52, 0x7f, 0x4b, 0x84, 0xbf, 0x25, 0xc2, 0xdf, 0x12, 0xe1, 0x4a, 0x84, + 0x6f, 0xe4, 0x44, 0xf8, 0xfb, 0x8d, 0x55, 0xaf, 0x0f, 0x4c, 0x5f, 0x53, 0x27, 0xaa, 0x66, 0x0f, + 0x0c, 0x04, 0x2a, 0x09, 0xae, 0xae, 0xad, 0x5c, 0xef, 0x2a, 0xb3, 0x5f, 0xcb, 0xca, 0xec, 0xe3, + 0xb2, 0xf8, 0xf3, 0x20, 0xa5, 0xff, 0x46, 0x09, 0x9e, 0xc8, 0x4a, 0x2f, 0x1c, 0xfa, 0x7e, 0xd8, + 0x4e, 0xa9, 0x2d, 0x80, 0x7e, 0xcd, 0x82, 0xd3, 0xad, 0xac, 0x11, 0x9e, 0x08, 0x5f, 0xe7, 0x07, + 0x0b, 0x13, 0xad, 0x39, 0x2b, 0x7f, 0x76, 0x42, 0x88, 0xd9, 0xd3, 0x39, 0x40, 0x82, 0x3b, 0xfa, + 0x82, 0x5e, 0x85, 0x5a, 0xcb, 0xd9, 0xb9, 0x11, 0xd5, 0x9d, 0x54, 0x9a, 0x61, 0xbd, 0xad, 0xe7, + 0x76, 0xea, 0xf9, 0x53, 0xfc, 0x04, 0x7b, 0x6a, 0x31, 0x48, 0x57, 0xe2, 0xb5, 0x34, 0xf6, 0x82, + 0x26, 0xf7, 0x70, 0x2d, 0x4b, 0x32, 0x58, 0x53, 0xb4, 0xbf, 0x6e, 0xe5, 0x65, 0xbb, 0x1a, 0x9d, + 0xd8, 0x49, 0x49, 0x73, 0x17, 0x7d, 0x1c, 0x2a, 0xd4, 0x5e, 0x92, 0xa3, 0x72, 0xab, 0xc8, 0x0d, + 0xc7, 0xf8, 0x12, 0x7a, 0xef, 0xa1, 0xff, 0x12, 0xcc, 0x99, 0xda, 0xdf, 0x1a, 0xcc, 0xef, 0xb1, + 0xec, 0x3c, 0xf3, 0x22, 0x40, 0x33, 0x5c, 0x27, 0xad, 0xc8, 0xa7, 0xc3, 0x62, 0x31, 0xa7, 0xb8, + 0x72, 0x11, 0x2c, 0x28, 0x08, 0x36, 0xb0, 0xd0, 0x5f, 0xb6, 0x00, 0x9a, 0x72, 0xaa, 0xc8, 0xfd, + 0xf3, 0x46, 0x91, 0xaf, 0xa3, 0x27, 0xa2, 0xee, 0x8b, 0x62, 0x88, 0x0d, 0xe6, 0xe8, 0x17, 0x2c, + 0xa8, 0xa6, 0xb2, 0xfb, 0x7c, 0x47, 0x59, 0x2f, 0xb2, 0x27, 0xf2, 0xa5, 0xb5, 0x2a, 0xa1, 0x86, + 0x44, 0xf1, 0x45, 0xbf, 0x6c, 0x01, 0x24, 0xbb, 0x81, 0xbb, 0x1a, 0xfa, 0x9e, 0xbb, 0x2b, 0x36, + 0x9a, 0x9b, 0x85, 0xba, 0x31, 0x14, 0xf5, 0xd9, 0x31, 0x3a, 0x1a, 0xfa, 0x3f, 0x36, 0x38, 0xa3, + 0x4f, 0x42, 0x35, 0x11, 0xd3, 0x4d, 0x6c, 0x2d, 0xeb, 0xc5, 0x3a, 0x53, 0x38, 0x6d, 0x21, 0x95, + 0xc4, 0x3f, 0xac, 0x78, 0xa2, 0x5f, 0xb5, 0xe0, 0x54, 0x94, 0x75, 0x7d, 0x89, 0x5d, 0xa4, 0x38, + 0x19, 0x90, 0x73, 0xad, 0xcd, 0x9e, 0xd9, 0xdf, 0x9b, 0x3c, 0x95, 0x6b, 0xc4, 0xf9, 0x5e, 0xa0, + 0x39, 0x18, 0xd7, 0x33, 0x78, 0x25, 0xe2, 0x6e, 0xb8, 0x21, 0xe6, 0x86, 0x63, 0xa7, 0x98, 0x0b, + 0x79, 0x20, 0xee, 0xc4, 0xb7, 0xbf, 0x53, 0xca, 0x78, 0xb1, 0x95, 0x7b, 0x89, 0xad, 0x08, 0x57, + 0x5a, 0xf6, 0x72, 0x81, 0x17, 0xba, 0x22, 0x94, 0xdf, 0x40, 0xaf, 0x08, 0xd5, 0x94, 0x60, 0x83, + 0x39, 0x55, 0x37, 0xc6, 0x9d, 0xbc, 0x13, 0x4b, 0x2c, 0xd2, 0x57, 0x8b, 0xec, 0x52, 0xe7, 0x99, + 0xc3, 0x13, 0xa2, 0x6b, 0xe3, 0x1d, 0x20, 0xdc, 0xd9, 0x25, 0xfb, 0x3b, 0x59, 0xcf, 0xb9, 0x31, + 0xbf, 0xfa, 0x38, 0x15, 0xf8, 0xa2, 0x05, 0xc3, 0x71, 0xe8, 0xfb, 0x5e, 0xd0, 0xa4, 0x6b, 0x41, + 0x08, 0xf4, 0x8f, 0x9c, 0x88, 0x4c, 0x15, 0x93, 0x9e, 0x29, 0x2d, 0x58, 0xf3, 0xc4, 0x66, 0x07, + 0xec, 0x4f, 0x5b, 0x30, 0xd1, 0x6b, 0xcd, 0x22, 0x02, 0x6f, 0x97, 0x13, 0x52, 0x9d, 0x89, 0xaf, + 0x04, 0xf3, 0xc4, 0x27, 0xca, 0xa5, 0x58, 0x9d, 0x7d, 0x46, 0xbc, 0xe6, 0xdb, 0x57, 0x7b, 0xa3, + 0xe2, 0xfb, 0xd1, 0xb1, 0x7f, 0xab, 0x94, 0x1f, 0x51, 0x25, 0xb3, 0xbf, 0x6a, 0x75, 0x18, 0x53, + 0x1f, 0x3c, 0x09, 0x39, 0xc9, 0xcc, 0x2e, 0x75, 0x34, 0xde, 0x1b, 0xe7, 0x21, 0x9e, 0xbd, 0xd9, + 0xff, 0x72, 0x00, 0xee, 0xd3, 0x33, 0x75, 0xba, 0x62, 0xf5, 0x3a, 0x5d, 0x39, 0xfc, 0x81, 0xcd, + 0xe7, 0x2d, 0x18, 0xf4, 0xa9, 0x5e, 0xc7, 0x4f, 0x10, 0x86, 0x2f, 0xd6, 0x4f, 0x6a, 0xec, 0xb9, + 0xfa, 0x98, 0xf0, 0xf3, 0x5f, 0xe5, 0x44, 0xe4, 0x8d, 0x58, 0xf4, 0x01, 0x7d, 0xc3, 0xca, 0x1e, + 0x47, 0xf0, 0x80, 0x1e, 0xef, 0xc4, 0xfa, 0x64, 0x9c, 0x71, 0xf0, 0x8e, 0x69, 0xef, 0x79, 0x8f, + 0xd3, 0x0f, 0x34, 0x05, 0xd0, 0xf0, 0x02, 0xc7, 0xf7, 0x5e, 0xa7, 0xf6, 0x69, 0x85, 0x09, 0x6a, + 0xb6, 0xf3, 0x5d, 0x56, 0xad, 0xd8, 0xc0, 0x38, 0xff, 0x97, 0x60, 0xd8, 0x78, 0xf3, 0x2e, 0xc7, + 0xd6, 0x67, 0xcd, 0x63, 0xeb, 0x9a, 0x71, 0xda, 0x7c, 0xfe, 0xfd, 0x70, 0x3a, 0xdf, 0xc1, 0xc3, + 0x3c, 0x6f, 0x7f, 0x6d, 0x28, 0x7f, 0x86, 0xb0, 0x4e, 0xe2, 0x16, 0xed, 0xda, 0x5b, 0x76, 0xfd, + 0x5b, 0x76, 0xfd, 0x5b, 0x76, 0xbd, 0xe9, 0x9a, 0x15, 0x36, 0xeb, 0xd0, 0x83, 0xb2, 0x59, 0xf7, + 0x2b, 0x90, 0x51, 0x46, 0xf8, 0x80, 0xbc, 0x13, 0x86, 0x62, 0x12, 0x85, 0x37, 0xf0, 0x92, 0x10, + 0xf2, 0x3a, 0x76, 0x98, 0x37, 0x63, 0x09, 0xa7, 0x9b, 0x41, 0xe4, 0xa4, 0x9b, 0x42, 0xca, 0xab, + 0xcd, 0x60, 0xd5, 0x49, 0x37, 0x31, 0x83, 0xa0, 0xf7, 0xc3, 0x58, 0xea, 0xc4, 0x4d, 0x92, 0x62, + 0xb2, 0xcd, 0xc6, 0x5d, 0x1c, 0x05, 0x3d, 0x26, 0x70, 0xc7, 0xd6, 0x33, 0x50, 0x9c, 0xc3, 0x46, + 0x77, 0x60, 0x60, 0x93, 0xf8, 0x2d, 0x31, 0x26, 0x6b, 0xc5, 0x09, 0x61, 0xf6, 0xae, 0x57, 0x88, + 0xdf, 0xe2, 0x22, 0x82, 0xfe, 0xc2, 0x8c, 0x15, 0x9d, 0x10, 0xb5, 0xad, 0x76, 0x92, 0x86, 0x2d, + 0xef, 0x75, 0xe9, 0x01, 0xf9, 0x60, 0xc1, 0x8c, 0xaf, 0x49, 0xfa, 0xdc, 0x66, 0x56, 0x7f, 0xb1, + 0xe6, 0xcc, 0xfa, 0x51, 0xf7, 0x62, 0xe6, 0xd1, 0xd8, 0x15, 0x8e, 0x8c, 0xa2, 0xfb, 0x31, 0x2f, + 0xe9, 0xf3, 0x7e, 0xa8, 0xbf, 0x58, 0x73, 0x46, 0xbb, 0x6a, 0x62, 0x0e, 0xb3, 0x3e, 0xdc, 0x28, + 0xb8, 0x0f, 0x7c, 0x52, 0x76, 0x9b, 0xa0, 0xe8, 0x19, 0xa8, 0xb8, 0x9b, 0x4e, 0x9c, 0x4e, 0x8c, + 0xb0, 0x49, 0xa3, 0x6c, 0xf7, 0x39, 0xda, 0x88, 0x39, 0x0c, 0x3d, 0x05, 0xe5, 0x98, 0x34, 0x58, + 0xc8, 0x9a, 0x11, 0xcc, 0x80, 0x49, 0x03, 0xd3, 0x76, 0xfb, 0xd7, 0x4b, 0x59, 0x7d, 0x26, 0xfb, + 0xde, 0x7c, 0xb6, 0xbb, 0xed, 0x38, 0x91, 0xf6, 0xbd, 0x31, 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, + 0x69, 0x0b, 0x86, 0x6e, 0x27, 0x61, 0x10, 0x90, 0x54, 0xec, 0x1d, 0x37, 0x0b, 0x1e, 0x8a, 0xab, + 0x9c, 0xba, 0xee, 0x83, 0x68, 0xc0, 0x92, 0x2f, 0xed, 0x2e, 0xd9, 0x71, 0xfd, 0x76, 0xbd, 0xe3, + 0x0c, 0xfb, 0x12, 0x6f, 0xc6, 0x12, 0x4e, 0x51, 0xbd, 0x80, 0xa3, 0x0e, 0x64, 0x51, 0x17, 0x03, + 0x81, 0x2a, 0xe0, 0xf6, 0x37, 0x2b, 0x70, 0xae, 0xeb, 0xe2, 0xa0, 0x9a, 0x06, 0xdb, 0xcb, 0x2f, + 0x7b, 0x3e, 0x91, 0x91, 0x19, 0x4c, 0xd3, 0xb8, 0xa9, 0x5a, 0xb1, 0x81, 0x81, 0x7e, 0x1e, 0x20, + 0x72, 0x62, 0xa7, 0x45, 0xc4, 0x0e, 0x5b, 0x3e, 0xfe, 0x86, 0x4e, 0xfb, 0xb1, 0x2a, 0x69, 0x6a, + 0x03, 0x4f, 0x35, 0x25, 0xd8, 0x60, 0x89, 0xde, 0x0b, 0xc3, 0x31, 0xf1, 0x89, 0x93, 0xb0, 0x88, + 0xc7, 0x7c, 0xf8, 0x36, 0xd6, 0x20, 0x6c, 0xe2, 0xa1, 0x67, 0x55, 0x10, 0x4b, 0xee, 0xc0, 0x3f, + 0x1b, 0xc8, 0x82, 0xde, 0xb0, 0x60, 0xac, 0xe1, 0xf9, 0x44, 0x73, 0x17, 0xc1, 0xd6, 0x2b, 0xc7, + 0x7f, 0xc9, 0xcb, 0x26, 0x5d, 0x2d, 0x21, 0x33, 0xcd, 0x09, 0xce, 0xb1, 0xa7, 0x9f, 0x79, 0x9b, + 0xc4, 0x4c, 0xb4, 0x0e, 0x66, 0x3f, 0xf3, 0x4d, 0xde, 0x8c, 0x25, 0x1c, 0xcd, 0xc0, 0xa9, 0xc8, + 0x49, 0x92, 0xb9, 0x98, 0xd4, 0x49, 0x90, 0x7a, 0x8e, 0xcf, 0x43, 0xa1, 0xab, 0x3a, 0x14, 0x72, + 0x35, 0x0b, 0xc6, 0x79, 0x7c, 0xf4, 0x21, 0x78, 0xdc, 0x6b, 0x06, 0x61, 0x4c, 0x96, 0xbd, 0x24, + 0xf1, 0x82, 0xa6, 0x9e, 0x06, 0x4c, 0x52, 0x56, 0x67, 0x27, 0x05, 0xa9, 0xc7, 0x17, 0xbb, 0xa3, + 0xe1, 0x5e, 0xcf, 0xa3, 0xe7, 0xa1, 0x9a, 0x6c, 0x79, 0xd1, 0x5c, 0x5c, 0x4f, 0x98, 0x4f, 0xb8, + 0xaa, 0xbd, 0x4a, 0x6b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x6b, 0xa5, 0xac, 0x45, 0x69, 0xae, 0x1f, + 0x94, 0xd0, 0x55, 0x92, 0xde, 0x74, 0x62, 0xe9, 0x6d, 0x38, 0x66, 0x30, 0xb5, 0xa0, 0x7b, 0xd3, + 0x89, 0xcd, 0xf5, 0xc6, 0x18, 0x60, 0xc9, 0x09, 0xdd, 0x86, 0x81, 0xd4, 0x77, 0x0a, 0xca, 0xbe, + 0x30, 0x38, 0x6a, 0x03, 0x7f, 0x69, 0x26, 0xc1, 0x8c, 0x07, 0x7a, 0x92, 0x6a, 0xcc, 0x1b, 0x32, + 0xe2, 0x4a, 0x28, 0xb9, 0x1b, 0x09, 0x66, 0xad, 0xf6, 0xff, 0xab, 0x76, 0x11, 0x79, 0x6a, 0x8f, + 0x41, 0x17, 0x01, 0xa8, 0xf1, 0xb5, 0x1a, 0x93, 0x86, 0xb7, 0x23, 0xf6, 0x78, 0xb5, 0xac, 0xae, + 0x2b, 0x08, 0x36, 0xb0, 0xe4, 0x33, 0x6b, 0xed, 0x06, 0x7d, 0xa6, 0xd4, 0xf9, 0x0c, 0x87, 0x60, + 0x03, 0x0b, 0xbd, 0x08, 0x83, 0x5e, 0xcb, 0x69, 0xaa, 0xc0, 0xb0, 0x27, 0xe9, 0x7a, 0x5a, 0x64, + 0x2d, 0xf7, 0xf6, 0x26, 0xc7, 0x54, 0x87, 0x58, 0x13, 0x16, 0xb8, 0xe8, 0xb7, 0x2c, 0x18, 0x71, + 0xc3, 0x56, 0x2b, 0x0c, 0xb8, 0xc9, 0x22, 0xec, 0xaf, 0xdb, 0x27, 0xb5, 0x03, 0x4f, 0xcd, 0x19, + 0xcc, 0xb8, 0x01, 0xa6, 0xd2, 0x44, 0x4c, 0x10, 0xce, 0xf4, 0xca, 0x5c, 0x76, 0x95, 0x03, 0x96, + 0xdd, 0xef, 0x58, 0x30, 0xce, 0x9f, 0x35, 0x2c, 0x29, 0x91, 0x11, 0x11, 0x9e, 0xf0, 0x6b, 0x75, + 0x18, 0x97, 0xca, 0x0b, 0xd5, 0x01, 0xc7, 0x9d, 0x9d, 0x44, 0x0b, 0x30, 0xde, 0x08, 0x63, 0x97, + 0x98, 0x03, 0x21, 0x64, 0x86, 0x22, 0x74, 0x39, 0x8f, 0x80, 0x3b, 0x9f, 0x41, 0x37, 0xe1, 0x31, + 0xa3, 0xd1, 0x1c, 0x07, 0x2e, 0x36, 0x9e, 0x16, 0xd4, 0x1e, 0xbb, 0xdc, 0x15, 0x0b, 0xf7, 0x78, + 0x3a, 0xeb, 0x6c, 0xa8, 0xf5, 0xe1, 0x6c, 0x78, 0x0d, 0x9e, 0x70, 0x3b, 0x47, 0x66, 0x3b, 0x69, + 0x6f, 0x24, 0x29, 0x53, 0xb2, 0xaa, 0xb3, 0x3f, 0x26, 0x08, 0x3c, 0x31, 0xd7, 0x0b, 0x11, 0xf7, + 0xa6, 0x81, 0x3e, 0x0e, 0xd5, 0x98, 0xb0, 0xaf, 0x92, 0x88, 0xf4, 0x80, 0x63, 0x5a, 0x98, 0x5a, + 0x39, 0xe4, 0x64, 0xb5, 0x58, 0x14, 0x0d, 0x09, 0x56, 0x1c, 0xcf, 0x7f, 0x00, 0xc6, 0x3b, 0xe6, + 0xf3, 0xa1, 0xec, 0xfd, 0x79, 0x78, 0xac, 0xfb, 0xcc, 0x39, 0x94, 0xd5, 0xff, 0x0f, 0x73, 0x51, + 0x6f, 0x86, 0xa2, 0xd7, 0x87, 0x07, 0xc9, 0x81, 0x32, 0x09, 0xb6, 0x85, 0x20, 0xbd, 0x7c, 0xbc, + 0xd1, 0xbb, 0x14, 0x6c, 0xf3, 0x89, 0xcf, 0xcc, 0xe4, 0x4b, 0xc1, 0x36, 0xa6, 0xb4, 0xd1, 0x97, + 0xad, 0x8c, 0xa2, 0xc2, 0xfd, 0x4e, 0x1f, 0x3d, 0x11, 0xcd, 0xb6, 0x6f, 0xdd, 0xc5, 0xfe, 0x57, + 0x25, 0xb8, 0x70, 0x10, 0x91, 0x3e, 0x86, 0xef, 0x19, 0x18, 0x4c, 0xd8, 0x81, 0x9c, 0x90, 0x4c, + 0xc3, 0x54, 0x2a, 0xf1, 0x23, 0xba, 0xd7, 0xb0, 0x00, 0x21, 0x1f, 0xca, 0x2d, 0x27, 0x12, 0xee, + 0x88, 0xc5, 0xe3, 0xc6, 0xb8, 0xd3, 0xff, 0x8e, 0xbf, 0xec, 0x44, 0xdc, 0xc8, 0x35, 0x1a, 0x30, + 0x65, 0x83, 0x52, 0xa8, 0x38, 0x71, 0xec, 0xc8, 0xd3, 0x9f, 0x6b, 0xc5, 0xf0, 0x9b, 0xa1, 0x24, + 0x67, 0xc7, 0xf7, 0xf7, 0x26, 0x47, 0x33, 0x4d, 0x98, 0x33, 0xb3, 0x3f, 0x3f, 0x94, 0x89, 0xf3, + 0x66, 0x47, 0x7a, 0x09, 0x0c, 0x0a, 0x2f, 0x84, 0x55, 0x74, 0x6a, 0x01, 0x4f, 0xd4, 0x61, 0x76, + 0x8c, 0x48, 0x77, 0x14, 0xac, 0xd0, 0xe7, 0x2c, 0x96, 0x54, 0x28, 0x63, 0xdf, 0x85, 0xf5, 0x70, + 0x32, 0x39, 0x8e, 0x66, 0xaa, 0xa2, 0x6c, 0xc4, 0x26, 0x77, 0xba, 0x75, 0x45, 0x3c, 0x3d, 0x26, + 0x6f, 0x43, 0xc8, 0xb4, 0x43, 0x09, 0x47, 0x3b, 0x5d, 0x8e, 0xee, 0x0a, 0x48, 0x4c, 0xeb, 0xe3, + 0xb0, 0xee, 0x1b, 0x16, 0x8c, 0x73, 0x4d, 0x71, 0xde, 0x6b, 0x34, 0x48, 0x4c, 0x02, 0x97, 0x48, + 0x5d, 0xfb, 0x98, 0x87, 0xc3, 0xd2, 0xf5, 0xb3, 0x98, 0x27, 0xaf, 0xf7, 0xb4, 0x0e, 0x10, 0xee, + 0xec, 0x0c, 0xaa, 0xc3, 0x80, 0x17, 0x34, 0x42, 0xb1, 0x93, 0xcf, 0x1e, 0xaf, 0x53, 0x8b, 0x41, + 0x23, 0xd4, 0xab, 0x99, 0xfe, 0xc3, 0x8c, 0x3a, 0x5a, 0x82, 0xb3, 0xb1, 0xf0, 0x86, 0x5c, 0xf1, + 0x12, 0x6a, 0xb3, 0x2e, 0x79, 0x2d, 0x2f, 0x65, 0xbb, 0x70, 0x79, 0x76, 0x62, 0x7f, 0x6f, 0xf2, + 0x2c, 0xee, 0x02, 0xc7, 0x5d, 0x9f, 0x42, 0xaf, 0xc3, 0x90, 0xcc, 0x82, 0xac, 0x16, 0x61, 0xb7, + 0x74, 0xce, 0x7f, 0x35, 0x99, 0xd6, 0x44, 0xc2, 0xa3, 0x64, 0x68, 0xbf, 0x31, 0x0c, 0x9d, 0x67, + 0x5f, 0xe8, 0x13, 0x50, 0x8b, 0x55, 0x66, 0xa6, 0x55, 0x44, 0xb4, 0x99, 0xfc, 0xbe, 0xe2, 0xdc, + 0x4d, 0xe9, 0x03, 0x3a, 0x07, 0x53, 0x73, 0xa4, 0x5a, 0x7b, 0xa2, 0x8f, 0xc8, 0x0a, 0x98, 0xdb, + 0x82, 0xab, 0x3e, 0x5a, 0xd9, 0x0d, 0x5c, 0xcc, 0x78, 0xa0, 0x18, 0x06, 0x37, 0x89, 0xe3, 0xa7, + 0x9b, 0xc5, 0x78, 0x81, 0xaf, 0x30, 0x5a, 0xf9, 0x18, 0x7e, 0xde, 0x8a, 0x05, 0x27, 0xb4, 0x03, + 0x43, 0x9b, 0x7c, 0x02, 0x08, 0x45, 0x7a, 0xf9, 0xb8, 0x83, 0x9b, 0x99, 0x55, 0xfa, 0x73, 0x8b, + 0x06, 0x2c, 0xd9, 0xb1, 0x73, 0x7f, 0xe3, 0xd8, 0x97, 0x2f, 0xdd, 0xe2, 0xd2, 0x17, 0xfa, 0x3f, + 0xf3, 0xfd, 0x18, 0x8c, 0xc4, 0xc4, 0x0d, 0x03, 0xd7, 0xf3, 0x49, 0x7d, 0x46, 0x7a, 0x78, 0x0f, + 0x13, 0xf4, 0x7e, 0x9a, 0x1a, 0x03, 0xd8, 0xa0, 0x81, 0x33, 0x14, 0xd1, 0x67, 0x2d, 0x18, 0x53, + 0xe9, 0x5c, 0xf4, 0x83, 0x10, 0xe1, 0xb0, 0x5c, 0x2a, 0x28, 0x79, 0x8c, 0xd1, 0x9c, 0x45, 0xfb, + 0x7b, 0x93, 0x63, 0xd9, 0x36, 0x9c, 0xe3, 0x8b, 0x3e, 0x0c, 0x10, 0x6e, 0xf0, 0xc3, 0xfd, 0x99, + 0x54, 0x78, 0x2f, 0x0f, 0xf3, 0xaa, 0x63, 0x3c, 0xfb, 0x45, 0x52, 0xc0, 0x06, 0x35, 0x74, 0x0d, + 0x80, 0x2f, 0x9b, 0xf5, 0xdd, 0x48, 0x6a, 0xdb, 0x32, 0x6b, 0x01, 0xd6, 0x14, 0xe4, 0xde, 0xde, + 0x64, 0xa7, 0x37, 0x89, 0x9d, 0x4e, 0x1b, 0x8f, 0xa3, 0x9f, 0x83, 0xa1, 0xa4, 0xdd, 0x6a, 0x39, + 0xca, 0xb7, 0x59, 0x60, 0x3e, 0x0d, 0xa7, 0x6b, 0x88, 0x22, 0xde, 0x80, 0x25, 0x47, 0x74, 0x9b, + 0x0a, 0xd5, 0x44, 0xb8, 0xb9, 0xd8, 0x2a, 0xe2, 0x3a, 0xc1, 0x30, 0x7b, 0xa7, 0xf7, 0x89, 0xe7, + 0xce, 0xe2, 0x2e, 0x38, 0xf7, 0xf6, 0x26, 0x1f, 0xcb, 0xb6, 0x2f, 0x85, 0x22, 0xc3, 0xa5, 0x2b, + 0x4d, 0x74, 0x55, 0x16, 0x45, 0xa0, 0xaf, 0x2d, 0x73, 0x75, 0x9f, 0xd3, 0x45, 0x11, 0x58, 0x73, + 0xef, 0x31, 0x33, 0x1f, 0x46, 0xcb, 0x70, 0xc6, 0x0d, 0x83, 0x34, 0x0e, 0x7d, 0x9f, 0x57, 0xfa, + 0xe0, 0x86, 0x0f, 0xf7, 0x7d, 0xbe, 0x5d, 0x74, 0xfb, 0xcc, 0x5c, 0x27, 0x0a, 0xee, 0xf6, 0x9c, + 0x1d, 0x64, 0xa3, 0x9e, 0xc4, 0xe0, 0xbc, 0x08, 0x23, 0x64, 0x27, 0x25, 0x71, 0xe0, 0xf8, 0x37, + 0xf0, 0x92, 0xf4, 0xfa, 0xb1, 0x35, 0x70, 0xc9, 0x68, 0xc7, 0x19, 0x2c, 0x64, 0x2b, 0x6b, 0xbf, + 0xa4, 0xd3, 0xc0, 0xb8, 0xb5, 0x2f, 0x6d, 0x7b, 0xfb, 0xff, 0x94, 0x32, 0x0a, 0xd9, 0x7a, 0x4c, + 0x08, 0x0a, 0xa1, 0x12, 0x84, 0x75, 0x25, 0xfb, 0xaf, 0x16, 0x23, 0xfb, 0xaf, 0x87, 0x75, 0xa3, + 0x72, 0x02, 0xfd, 0x97, 0x60, 0xce, 0x87, 0xa5, 0x96, 0xcb, 0x1c, 0x7c, 0x06, 0x10, 0x86, 0x46, + 0x91, 0x9c, 0x55, 0x6a, 0xf9, 0x8a, 0xc9, 0x08, 0x67, 0xf9, 0xa2, 0x2d, 0xa8, 0x6c, 0x86, 0x49, + 0x2a, 0xcd, 0x8f, 0x63, 0x5a, 0x3a, 0x57, 0xc2, 0x24, 0x65, 0x5a, 0x84, 0x7a, 0x6d, 0xda, 0x92, + 0x60, 0xce, 0xc3, 0xfe, 0x2f, 0x56, 0xc6, 0xc7, 0x7b, 0x8b, 0x45, 0x00, 0x6e, 0x93, 0x80, 0x2e, + 0x6b, 0x33, 0x9e, 0xe4, 0x2f, 0xe6, 0xd2, 0x90, 0xde, 0xd1, 0xab, 0x8e, 0xcd, 0x5d, 0x4a, 0x61, + 0x8a, 0x91, 0x30, 0x42, 0x4f, 0x3e, 0x65, 0x65, 0x13, 0xc2, 0x4a, 0x45, 0x18, 0x18, 0x66, 0xc2, + 0xe3, 0x81, 0xb9, 0x65, 0xf6, 0x97, 0x2d, 0x18, 0x9a, 0x75, 0xdc, 0xad, 0xb0, 0xd1, 0x40, 0xcf, + 0x43, 0xb5, 0xde, 0x8e, 0xcd, 0xdc, 0x34, 0x65, 0x3d, 0xcf, 0x8b, 0x76, 0xac, 0x30, 0xe8, 0x1c, + 0x6e, 0x38, 0xae, 0x4c, 0x7b, 0x2c, 0xf3, 0x39, 0x7c, 0x99, 0xb5, 0x60, 0x01, 0x41, 0xef, 0x85, + 0xe1, 0x96, 0xb3, 0x23, 0x1f, 0xce, 0x3b, 0x98, 0x97, 0x35, 0x08, 0x9b, 0x78, 0xf6, 0x3f, 0xb7, + 0x60, 0x62, 0xd6, 0x49, 0x3c, 0x77, 0xa6, 0x9d, 0x6e, 0xce, 0x7a, 0xe9, 0x46, 0xdb, 0xdd, 0x22, + 0x29, 0xcf, 0x75, 0xa5, 0xbd, 0x6c, 0x27, 0x74, 0x29, 0x29, 0xbb, 0x4e, 0xf5, 0xf2, 0x86, 0x68, + 0xc7, 0x0a, 0x03, 0xbd, 0x0e, 0xc3, 0x91, 0x93, 0x24, 0x77, 0xc3, 0xb8, 0x8e, 0x49, 0xa3, 0x98, + 0x4c, 0xf3, 0x35, 0xe2, 0xc6, 0x24, 0xc5, 0xa4, 0x21, 0x4e, 0x29, 0x35, 0x7d, 0x6c, 0x32, 0xb3, + 0xff, 0xba, 0x05, 0x23, 0xec, 0xf4, 0x65, 0x9e, 0xa4, 0x8e, 0xe7, 0x77, 0x94, 0x4b, 0xb1, 0xfa, + 0x2c, 0x97, 0x72, 0x01, 0x06, 0x36, 0xc3, 0x16, 0xc9, 0x9f, 0x1c, 0x5e, 0x09, 0xa9, 0x15, 0x4b, + 0x21, 0xe8, 0x05, 0x3a, 0xce, 0x5e, 0x90, 0x3a, 0x74, 0xc6, 0x49, 0x17, 0xe2, 0x29, 0x3e, 0xc6, + 0xaa, 0x19, 0x9b, 0x38, 0xf6, 0xb7, 0x6a, 0x30, 0x24, 0xce, 0x7f, 0xfb, 0x4e, 0x2f, 0x96, 0xe6, + 0x74, 0xa9, 0xa7, 0x39, 0x9d, 0xc0, 0xa0, 0xcb, 0x8a, 0x31, 0x09, 0xad, 0xed, 0x5a, 0x21, 0x01, + 0x03, 0xbc, 0xbe, 0x93, 0xee, 0x16, 0xff, 0x8f, 0x05, 0x2b, 0xf4, 0x25, 0x0b, 0x4e, 0xb9, 0x61, + 0x10, 0x10, 0x57, 0xab, 0x14, 0x03, 0x45, 0x9c, 0x0b, 0xcf, 0x65, 0x89, 0x6a, 0xd7, 0x7f, 0x0e, + 0x80, 0xf3, 0xec, 0xd1, 0xcb, 0x30, 0xca, 0xc7, 0xec, 0x66, 0xc6, 0xef, 0xa9, 0xab, 0x68, 0x98, + 0x40, 0x9c, 0xc5, 0x45, 0x53, 0xdc, 0x7f, 0x2c, 0xea, 0x55, 0x0c, 0xea, 0x73, 0x24, 0xa3, 0x52, + 0x85, 0x81, 0x81, 0x62, 0x40, 0x31, 0x69, 0xc4, 0x24, 0xd9, 0x14, 0xe7, 0xe3, 0x4c, 0x9d, 0x19, + 0x3a, 0x5a, 0xba, 0x22, 0xee, 0xa0, 0x84, 0xbb, 0x50, 0x47, 0x5b, 0xc2, 0x9e, 0xab, 0x16, 0x21, + 0xb2, 0xc4, 0x67, 0xee, 0x69, 0xd6, 0x4d, 0x42, 0x25, 0xd9, 0x74, 0xe2, 0x3a, 0x53, 0xa3, 0xca, + 0x3c, 0x44, 0x7e, 0x8d, 0x36, 0x60, 0xde, 0x8e, 0xe6, 0xe1, 0x74, 0xae, 0x06, 0x48, 0x22, 0xfc, + 0x93, 0x2a, 0xae, 0x3b, 0x57, 0x3d, 0x24, 0xc1, 0x1d, 0x4f, 0x98, 0xb6, 0xfe, 0xf0, 0x01, 0xb6, + 0xfe, 0xae, 0x8a, 0xc2, 0x1a, 0x61, 0xdb, 0xd1, 0x2b, 0x85, 0x0c, 0x40, 0x5f, 0x21, 0x57, 0x5f, + 0xc8, 0x85, 0x5c, 0x8d, 0xb2, 0x0e, 0xdc, 0x2c, 0xa6, 0x03, 0x87, 0x8f, 0xaf, 0x7a, 0x98, 0xf1, + 0x52, 0xff, 0xdb, 0x02, 0xf9, 0x5d, 0xe7, 0x1c, 0x77, 0x93, 0xd0, 0x29, 0x83, 0xde, 0x0f, 0x63, + 0xca, 0x62, 0x9d, 0x0b, 0xdb, 0x01, 0x0f, 0x95, 0x2a, 0xeb, 0x33, 0x42, 0x9c, 0x81, 0xe2, 0x1c, + 0x36, 0x9a, 0x86, 0x1a, 0x1d, 0x27, 0xfe, 0x28, 0xdf, 0xda, 0x94, 0x55, 0x3c, 0xb3, 0xba, 0x28, + 0x9e, 0xd2, 0x38, 0x28, 0x84, 0x71, 0xdf, 0x49, 0x52, 0xd6, 0x03, 0x6a, 0xc0, 0x1e, 0x31, 0x59, + 0x98, 0x05, 0x0f, 0x2f, 0xe5, 0x09, 0xe1, 0x4e, 0xda, 0xf6, 0xf7, 0x06, 0x60, 0x34, 0x23, 0x19, + 0x0f, 0xb9, 0x27, 0x3e, 0x0f, 0x55, 0xb9, 0x4d, 0xe5, 0x4b, 0x16, 0xa8, 0xbd, 0x4c, 0x61, 0xd0, + 0x4d, 0x6b, 0x83, 0x38, 0x31, 0x89, 0x59, 0x75, 0x95, 0xfc, 0x1e, 0x3e, 0xab, 0x41, 0xd8, 0xc4, + 0x63, 0x42, 0x39, 0xf5, 0x93, 0x39, 0xdf, 0x23, 0x41, 0xca, 0xbb, 0x59, 0x8c, 0x50, 0x5e, 0x5f, + 0x5a, 0x33, 0x89, 0x6a, 0xa1, 0x9c, 0x03, 0xe0, 0x3c, 0x7b, 0xf4, 0x4b, 0x16, 0x8c, 0x3a, 0x77, + 0x13, 0x5d, 0x31, 0x50, 0x04, 0x57, 0x1d, 0x73, 0x93, 0xca, 0x14, 0x21, 0xe4, 0x1e, 0xd6, 0x4c, + 0x13, 0xce, 0x32, 0x45, 0x5f, 0xb5, 0x00, 0x91, 0x1d, 0xe2, 0xca, 0xf0, 0x2f, 0xd1, 0x97, 0xc1, + 0x22, 0x0c, 0xbb, 0x4b, 0x1d, 0x74, 0xb9, 0x54, 0xef, 0x6c, 0xc7, 0x5d, 0xfa, 0x60, 0xff, 0x93, + 0xb2, 0x5a, 0x50, 0x3a, 0xe2, 0xd0, 0x31, 0xf2, 0x8f, 0xac, 0xa3, 0xe7, 0x1f, 0xe9, 0x03, 0xea, + 0xce, 0x1c, 0xa4, 0x4c, 0xee, 0x45, 0xe9, 0x21, 0xe5, 0x5e, 0xfc, 0x82, 0x95, 0x29, 0xce, 0x31, + 0x7c, 0xf1, 0xc3, 0xc5, 0x46, 0x3b, 0x4e, 0xf1, 0xf0, 0x88, 0x9c, 0x74, 0xcf, 0xc6, 0x4c, 0x50, + 0x69, 0x6a, 0xa0, 0x1d, 0x4a, 0x1a, 0xfe, 0xfb, 0x32, 0x0c, 0x1b, 0x3b, 0x69, 0x57, 0xb5, 0xc8, + 0x7a, 0xc4, 0xd4, 0xa2, 0xd2, 0x21, 0xd4, 0xa2, 0x9f, 0x87, 0x9a, 0x2b, 0xa5, 0x7c, 0x31, 0xe5, + 0x29, 0xf3, 0x7b, 0x87, 0x16, 0xf4, 0xaa, 0x09, 0x6b, 0x9e, 0x68, 0x21, 0x93, 0x0e, 0x21, 0x76, + 0x88, 0x01, 0xb6, 0x43, 0x74, 0xcb, 0x57, 0x10, 0x3b, 0x45, 0xe7, 0x33, 0xac, 0x86, 0x4b, 0xe4, + 0x89, 0xf7, 0x92, 0x31, 0xc9, 0xbc, 0x86, 0xcb, 0xea, 0xa2, 0x6c, 0xc6, 0x26, 0x8e, 0xfd, 0x3d, + 0x4b, 0x7d, 0xdc, 0x07, 0x90, 0xd1, 0x7c, 0x3b, 0x9b, 0xd1, 0x7c, 0xa9, 0x90, 0x61, 0xee, 0x91, + 0xca, 0x7c, 0x1d, 0x86, 0xe6, 0xc2, 0x56, 0xcb, 0x09, 0xea, 0xe8, 0xc7, 0x61, 0xc8, 0xe5, 0x3f, + 0x85, 0x1f, 0x85, 0x9d, 0xc6, 0x09, 0x28, 0x96, 0x30, 0xf4, 0x24, 0x0c, 0x38, 0x71, 0x53, 0xfa, + 0x4e, 0x58, 0x40, 0xc7, 0x4c, 0xdc, 0x4c, 0x30, 0x6b, 0xb5, 0xdf, 0x28, 0x03, 0xcc, 0x85, 0xad, + 0xc8, 0x89, 0x49, 0x7d, 0x3d, 0x64, 0xe5, 0xb1, 0x4e, 0xf4, 0x0c, 0x4b, 0x1b, 0x4b, 0x8f, 0xf2, + 0x39, 0x96, 0x71, 0x96, 0x51, 0x7e, 0xd0, 0x67, 0x19, 0x9f, 0xb7, 0x00, 0xd1, 0x2f, 0x12, 0x06, + 0x24, 0x48, 0xf5, 0xe1, 0xec, 0x34, 0xd4, 0x5c, 0xd9, 0x2a, 0xb4, 0x16, 0xbd, 0xfe, 0x24, 0x00, + 0x6b, 0x9c, 0x3e, 0xcc, 0xcf, 0x67, 0xa4, 0x70, 0x2c, 0x67, 0x63, 0x20, 0x99, 0x48, 0x15, 0xb2, + 0xd2, 0xfe, 0xfd, 0x12, 0x3c, 0xc6, 0xf7, 0xbb, 0x65, 0x27, 0x70, 0x9a, 0xa4, 0x45, 0x7b, 0xd5, + 0xef, 0x71, 0xbb, 0x4b, 0xed, 0x1e, 0x4f, 0xc6, 0x34, 0x1e, 0x77, 0x61, 0xf0, 0x09, 0xcd, 0xa7, + 0xf0, 0x62, 0xe0, 0xa5, 0x98, 0x11, 0x47, 0x09, 0x54, 0x65, 0xb1, 0x63, 0x21, 0xe8, 0x0a, 0x62, + 0xa4, 0xd6, 0xbc, 0xd8, 0x94, 0x08, 0x56, 0x8c, 0xa8, 0x56, 0xe8, 0x87, 0xee, 0x16, 0x26, 0x51, + 0xc8, 0x84, 0x9a, 0x11, 0x52, 0xb6, 0x24, 0xda, 0xb1, 0xc2, 0xb0, 0x7f, 0xdf, 0x82, 0xbc, 0xb8, + 0x37, 0x0a, 0x01, 0x59, 0xf7, 0x2d, 0x04, 0x74, 0x88, 0x4a, 0x3c, 0x3f, 0x0b, 0xc3, 0x4e, 0x4a, + 0x77, 0x68, 0x6e, 0xd3, 0x96, 0x8f, 0xe6, 0xa2, 0x5f, 0x0e, 0xeb, 0x5e, 0xc3, 0x63, 0xb6, 0xac, + 0x49, 0xce, 0xfe, 0x9f, 0x03, 0x30, 0xde, 0x11, 0x1a, 0x8f, 0x5e, 0x82, 0x11, 0x57, 0x4c, 0x8f, + 0x08, 0x93, 0x86, 0x78, 0x19, 0x23, 0xce, 0x49, 0xc3, 0x70, 0x06, 0xb3, 0x8f, 0x09, 0xba, 0x08, + 0x67, 0x62, 0x6a, 0x45, 0xb7, 0xc9, 0x4c, 0x23, 0x25, 0xf1, 0x1a, 0x71, 0xc3, 0xa0, 0xce, 0xcb, + 0x55, 0x95, 0x67, 0x1f, 0xdf, 0xdf, 0x9b, 0x3c, 0x83, 0x3b, 0xc1, 0xb8, 0xdb, 0x33, 0x28, 0x82, + 0x51, 0xdf, 0x54, 0xb0, 0x84, 0x76, 0x7d, 0x24, 0xdd, 0x4c, 0x6d, 0xc0, 0x99, 0x66, 0x9c, 0x65, + 0x90, 0xd5, 0xd2, 0x2a, 0x0f, 0x49, 0x4b, 0xfb, 0x45, 0xad, 0xa5, 0xf1, 0xb3, 0xe4, 0x8f, 0x14, + 0x9c, 0x1a, 0x71, 0xd2, 0x6a, 0xda, 0x2b, 0x50, 0x95, 0x71, 0x36, 0x7d, 0xc5, 0xa7, 0x98, 0x74, + 0x7a, 0x48, 0xb4, 0x7b, 0x25, 0xe8, 0xa2, 0xe1, 0xd3, 0x75, 0xa6, 0xb7, 0xd3, 0xcc, 0x3a, 0x3b, + 0xdc, 0x96, 0x8a, 0x76, 0x78, 0x8c, 0x11, 0xdf, 0x38, 0x3e, 0x54, 0xb4, 0x85, 0xa2, 0xc3, 0x8e, + 0x54, 0x40, 0xba, 0x0a, 0x3d, 0xba, 0x08, 0xa0, 0xb5, 0x20, 0x11, 0x6e, 0xac, 0x8e, 0x30, 0xb5, + 0xb2, 0x84, 0x0d, 0x2c, 0x6a, 0xb0, 0x7a, 0x41, 0x92, 0x3a, 0xbe, 0x7f, 0xc5, 0x0b, 0x52, 0xe1, + 0x79, 0x53, 0x3b, 0xe4, 0xa2, 0x06, 0x61, 0x13, 0xef, 0xfc, 0xfb, 0x8c, 0xef, 0x72, 0x98, 0xef, + 0xb9, 0x09, 0x4f, 0x2c, 0x78, 0xa9, 0x0a, 0x92, 0x57, 0xf3, 0x88, 0x2a, 0x39, 0x2a, 0xe9, 0xc3, + 0xea, 0x99, 0xf4, 0x61, 0x04, 0xa9, 0x97, 0xb2, 0x31, 0xf5, 0xf9, 0x20, 0x75, 0xfb, 0x25, 0x38, + 0xbb, 0xe0, 0xa5, 0x97, 0x3d, 0x9f, 0x1c, 0x92, 0x89, 0xfd, 0x7b, 0x83, 0x30, 0x62, 0xe6, 0x41, + 0x1d, 0x26, 0x6f, 0xe5, 0x8b, 0x54, 0x8f, 0x11, 0x6f, 0xe7, 0xa9, 0x03, 0xa0, 0x5b, 0xc7, 0x4e, + 0xca, 0xea, 0x3e, 0x62, 0x86, 0x2a, 0xa3, 0x79, 0x62, 0xb3, 0x03, 0xe8, 0x2e, 0x54, 0x1a, 0x2c, + 0x88, 0xba, 0x5c, 0xc4, 0x29, 0x79, 0xb7, 0x11, 0xd5, 0xcb, 0x8c, 0x87, 0x61, 0x73, 0x7e, 0x74, + 0x87, 0x8c, 0xb3, 0x99, 0x39, 0x46, 0x74, 0xa1, 0xc8, 0xc9, 0x51, 0x18, 0xbd, 0x44, 0x7d, 0xe5, + 0x08, 0xa2, 0x3e, 0x23, 0x78, 0x07, 0x1f, 0x92, 0xe0, 0x65, 0x01, 0xf1, 0xe9, 0x26, 0xd3, 0xdf, + 0x44, 0x38, 0xf4, 0x10, 0x1b, 0x04, 0x23, 0x20, 0x3e, 0x03, 0xc6, 0x79, 0x7c, 0xf4, 0x49, 0x25, + 0xba, 0xab, 0x45, 0x38, 0x2d, 0xcd, 0x19, 0x7d, 0xd2, 0x52, 0xfb, 0xf3, 0x25, 0x18, 0x5b, 0x08, + 0xda, 0xab, 0x0b, 0xab, 0xed, 0x0d, 0xdf, 0x73, 0xaf, 0x91, 0x5d, 0x2a, 0x9a, 0xb7, 0xc8, 0xee, + 0xe2, 0xbc, 0x58, 0x41, 0x6a, 0xce, 0x5c, 0xa3, 0x8d, 0x98, 0xc3, 0xa8, 0x30, 0x6a, 0x78, 0x41, + 0x93, 0xc4, 0x51, 0xec, 0x09, 0x7f, 0xa2, 0x21, 0x8c, 0x2e, 0x6b, 0x10, 0x36, 0xf1, 0x28, 0xed, + 0xf0, 0x6e, 0x40, 0xe2, 0xbc, 0x22, 0xbb, 0x42, 0x1b, 0x31, 0x87, 0x51, 0xa4, 0x34, 0x6e, 0x27, + 0xa9, 0x98, 0x8c, 0x0a, 0x69, 0x9d, 0x36, 0x62, 0x0e, 0xa3, 0x2b, 0x3d, 0x69, 0x6f, 0xb0, 0x20, + 0x84, 0x5c, 0xec, 0xf5, 0x1a, 0x6f, 0xc6, 0x12, 0x4e, 0x51, 0xb7, 0xc8, 0xee, 0x3c, 0x35, 0x29, + 0x73, 0xd9, 0x11, 0xd7, 0x78, 0x33, 0x96, 0x70, 0x56, 0x67, 0x2b, 0x3b, 0x1c, 0x3f, 0x74, 0x75, + 0xb6, 0xb2, 0xdd, 0xef, 0x61, 0x9c, 0xfe, 0x86, 0x05, 0x23, 0x66, 0xe8, 0x10, 0x6a, 0xe6, 0x74, + 0xdc, 0x95, 0x8e, 0x32, 0x8d, 0x3f, 0xdd, 0xed, 0x4e, 0x9a, 0xa6, 0x97, 0x86, 0x51, 0xf2, 0x6e, + 0x12, 0x34, 0xbd, 0x80, 0xb0, 0x13, 0x61, 0x1e, 0x72, 0x94, 0x89, 0x4b, 0x9a, 0x0b, 0xeb, 0xe4, + 0x08, 0x4a, 0xb2, 0x7d, 0x0b, 0xc6, 0x3b, 0x52, 0x62, 0xfa, 0x50, 0x2d, 0x0e, 0x4c, 0x48, 0xb4, + 0x31, 0x0c, 0x53, 0xc2, 0xa2, 0x68, 0x05, 0x9a, 0x83, 0x71, 0xbe, 0x90, 0x28, 0xa7, 0x35, 0x77, + 0x93, 0xb4, 0x54, 0x9a, 0x13, 0x73, 0x5e, 0xdf, 0xcc, 0x03, 0x71, 0x27, 0xbe, 0xfd, 0x05, 0x0b, + 0x46, 0x33, 0x59, 0x4a, 0x05, 0x29, 0x41, 0x6c, 0xa5, 0x85, 0x2c, 0x92, 0x8d, 0x85, 0xf3, 0x96, + 0xd9, 0x66, 0xaa, 0x57, 0x9a, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0x72, 0x09, 0xaa, 0x32, 0x1a, 0xa0, + 0x8f, 0xae, 0x7c, 0xce, 0x82, 0x51, 0x75, 0x60, 0xc0, 0x3c, 0x51, 0xa5, 0x22, 0xe2, 0xd6, 0x69, + 0x0f, 0x54, 0xa8, 0x65, 0xd0, 0x08, 0xb5, 0x46, 0x8e, 0x4d, 0x66, 0x38, 0xcb, 0x1b, 0xdd, 0x04, + 0x48, 0x76, 0x93, 0x94, 0xb4, 0x0c, 0x9f, 0x98, 0x6d, 0xac, 0xb8, 0x29, 0x37, 0x8c, 0x09, 0x5d, + 0x5f, 0xd7, 0xc3, 0x3a, 0x59, 0x53, 0x98, 0x5a, 0x85, 0xd2, 0x6d, 0xd8, 0xa0, 0x64, 0xff, 0xfd, + 0x12, 0x9c, 0xce, 0x77, 0x09, 0x7d, 0x04, 0x46, 0x24, 0x77, 0xe3, 0x7e, 0x1d, 0x19, 0x02, 0x31, + 0x82, 0x0d, 0xd8, 0xbd, 0xbd, 0xc9, 0xc9, 0xce, 0xfb, 0x8d, 0xa6, 0x4c, 0x14, 0x9c, 0x21, 0xc6, + 0x4f, 0x6d, 0xc4, 0xf1, 0xe2, 0xec, 0xee, 0x4c, 0x14, 0x89, 0xa3, 0x17, 0xe3, 0xd4, 0xc6, 0x84, + 0xe2, 0x1c, 0x36, 0x5a, 0x85, 0xb3, 0x46, 0xcb, 0x75, 0xe2, 0x35, 0x37, 0x37, 0xc2, 0x58, 0x5a, + 0x56, 0x4f, 0xea, 0x20, 0xa5, 0x4e, 0x1c, 0xdc, 0xf5, 0x49, 0xba, 0xdb, 0xbb, 0x4e, 0xe4, 0xb8, + 0x5e, 0xba, 0x2b, 0x9c, 0x7c, 0x4a, 0x36, 0xcd, 0x89, 0x76, 0xac, 0x30, 0xec, 0x65, 0x18, 0xe8, + 0x73, 0x06, 0xf5, 0xa5, 0xd1, 0xbf, 0x02, 0x55, 0x4a, 0x4e, 0xaa, 0x77, 0x45, 0x90, 0x0c, 0xa1, + 0x2a, 0x4b, 0xe4, 0x23, 0x1b, 0xca, 0x9e, 0x23, 0x0f, 0xc6, 0xd4, 0x6b, 0x2d, 0x26, 0x49, 0x9b, + 0x19, 0xc9, 0x14, 0x88, 0x9e, 0x81, 0x32, 0xd9, 0x89, 0xf2, 0x27, 0x60, 0x97, 0x76, 0x22, 0x2f, + 0x26, 0x09, 0x45, 0x22, 0x3b, 0x11, 0x3a, 0x0f, 0x25, 0xaf, 0x2e, 0x36, 0x29, 0x10, 0x38, 0xa5, + 0xc5, 0x79, 0x5c, 0xf2, 0xea, 0xf6, 0x0e, 0xd4, 0x54, 0x4d, 0x7e, 0xb4, 0x25, 0x65, 0xb7, 0x55, + 0x44, 0xf8, 0x8e, 0xa4, 0xdb, 0x43, 0x6a, 0xb7, 0x01, 0x74, 0x4e, 0x58, 0x51, 0xf2, 0xe5, 0x02, + 0x0c, 0xb8, 0xa1, 0x48, 0x25, 0xad, 0x6a, 0x32, 0x4c, 0x68, 0x33, 0x88, 0x7d, 0x0b, 0xc6, 0xae, + 0x05, 0xe1, 0x5d, 0x56, 0x74, 0x98, 0x15, 0x0b, 0xa2, 0x84, 0x1b, 0xf4, 0x47, 0x5e, 0x45, 0x60, + 0x50, 0xcc, 0x61, 0xaa, 0x44, 0x4d, 0xa9, 0x57, 0x89, 0x1a, 0xfb, 0x53, 0x16, 0x9c, 0x56, 0x99, + 0x2d, 0x52, 0x1a, 0xbf, 0x04, 0x23, 0x1b, 0x6d, 0xcf, 0xaf, 0xcb, 0x12, 0x44, 0x39, 0x37, 0xc5, + 0xac, 0x01, 0xc3, 0x19, 0x4c, 0x6a, 0x54, 0x6d, 0x78, 0x81, 0x13, 0xef, 0xae, 0x6a, 0xf1, 0xaf, + 0x24, 0xc2, 0xac, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x9c, 0xd9, 0x05, 0x91, 0x4b, 0xd3, 0xc7, 0xc8, + 0xde, 0x80, 0x8a, 0xab, 0x0e, 0x52, 0x8f, 0x54, 0x26, 0x4d, 0xa5, 0x31, 0x33, 0x67, 0x3a, 0xa7, + 0x66, 0xff, 0xd3, 0x12, 0x8c, 0x66, 0x6a, 0x57, 0x20, 0x1f, 0xaa, 0xc4, 0x67, 0xae, 0x3c, 0x39, + 0xc5, 0x8e, 0x5b, 0x88, 0x4f, 0x2d, 0x8b, 0x4b, 0x82, 0x2e, 0x56, 0x1c, 0x1e, 0x8d, 0xf3, 0xaa, + 0x97, 0x60, 0x44, 0x76, 0xe8, 0x43, 0x4e, 0xcb, 0x17, 0xab, 0x50, 0x4d, 0x80, 0x4b, 0x06, 0x0c, + 0x67, 0x30, 0xed, 0x3f, 0x28, 0xc3, 0x04, 0xf7, 0x7d, 0xd6, 0x55, 0x48, 0xc9, 0xb2, 0xd4, 0xb2, + 0xfe, 0x8a, 0xae, 0x30, 0xc3, 0x07, 0x72, 0xe3, 0xb8, 0x75, 0x6f, 0xbb, 0x33, 0xea, 0x2b, 0xd8, + 0xe1, 0xd7, 0x72, 0xc1, 0x0e, 0x7c, 0xb3, 0x6d, 0x9e, 0x50, 0x8f, 0x7e, 0xb8, 0xa2, 0x1f, 0xfe, + 0x4e, 0x09, 0x4e, 0xe5, 0x8a, 0x0a, 0xa3, 0x37, 0xb2, 0x05, 0xf5, 0xac, 0x22, 0x3c, 0x64, 0xf7, + 0xad, 0x33, 0x7b, 0xb8, 0xb2, 0x7a, 0x0f, 0x69, 0xa9, 0xd8, 0x7f, 0x58, 0x82, 0xb1, 0x6c, 0x35, + 0xe4, 0x47, 0x70, 0xa4, 0xde, 0x05, 0x35, 0x56, 0xf0, 0x93, 0xdd, 0xe0, 0xc4, 0x1d, 0x71, 0xbc, + 0x48, 0xa4, 0x6c, 0xc4, 0x1a, 0xfe, 0x48, 0x54, 0x2b, 0xb4, 0xff, 0xae, 0x05, 0xe7, 0xf8, 0x5b, + 0xe6, 0xe7, 0xe1, 0x5f, 0xed, 0x36, 0xba, 0xaf, 0x16, 0xdb, 0xc1, 0x5c, 0x65, 0xa4, 0x83, 0xc6, + 0x97, 0xdd, 0x1c, 0x23, 0x7a, 0x9b, 0x9d, 0x0a, 0x8f, 0x60, 0x67, 0x0f, 0x35, 0x19, 0xec, 0x3f, + 0x2c, 0x83, 0xbe, 0x2c, 0x07, 0x79, 0x22, 0x4b, 0xa7, 0x90, 0x0a, 0x51, 0x6b, 0xbb, 0x81, 0xab, + 0xaf, 0xe5, 0xa9, 0xe6, 0x92, 0x74, 0x7e, 0xc5, 0x82, 0x61, 0x2f, 0xf0, 0x52, 0xcf, 0x61, 0xca, + 0x73, 0x31, 0x97, 0x7d, 0x28, 0x76, 0x8b, 0x9c, 0x72, 0x18, 0x9b, 0xde, 0x5b, 0xc5, 0x0c, 0x9b, + 0x9c, 0xd1, 0xc7, 0x44, 0x3c, 0x62, 0xb9, 0xb0, 0xfc, 0xb2, 0x6a, 0x2e, 0x08, 0x31, 0x82, 0x4a, + 0x4c, 0xd2, 0xb8, 0xa0, 0xb4, 0x4c, 0x4c, 0x49, 0xa9, 0x82, 0x80, 0xfa, 0xda, 0x42, 0xda, 0x8c, + 0x39, 0x23, 0x3b, 0x01, 0xd4, 0x39, 0x16, 0x87, 0x8c, 0xf5, 0x9a, 0x86, 0x9a, 0xd3, 0x4e, 0xc3, + 0x16, 0x1d, 0x26, 0xe1, 0x60, 0xd6, 0xd1, 0x6c, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0x46, 0x05, 0x72, + 0x69, 0x33, 0x68, 0xc7, 0xbc, 0xe8, 0xc9, 0x2a, 0xf6, 0xa2, 0x27, 0xd5, 0x99, 0x6e, 0x97, 0x3d, + 0xa1, 0x26, 0x54, 0xa2, 0x4d, 0x27, 0x91, 0xba, 0xf1, 0x2b, 0x72, 0x98, 0x56, 0x69, 0xe3, 0xbd, + 0xbd, 0xc9, 0x9f, 0xe9, 0xcf, 0xd7, 0x42, 0xe7, 0xea, 0x34, 0xcf, 0x42, 0xd7, 0xac, 0x19, 0x0d, + 0xcc, 0xe9, 0x1f, 0xe6, 0xba, 0x93, 0x4f, 0x8b, 0x12, 0xad, 0x98, 0x24, 0x6d, 0x3f, 0x15, 0xb3, + 0xe1, 0x95, 0x02, 0x57, 0x19, 0x27, 0xac, 0x13, 0x3e, 0xf9, 0x7f, 0x6c, 0x30, 0x45, 0x1f, 0x81, + 0x5a, 0x92, 0x3a, 0x71, 0x7a, 0xc4, 0x14, 0x2d, 0x35, 0xe8, 0x6b, 0x92, 0x08, 0xd6, 0xf4, 0xd0, + 0x87, 0x59, 0xc1, 0x3c, 0x2f, 0xd9, 0x3c, 0x62, 0x18, 0xb1, 0x2c, 0xae, 0x27, 0x28, 0x60, 0x83, + 0x1a, 0x35, 0x3d, 0xd8, 0xdc, 0xe6, 0xb1, 0x33, 0x55, 0x66, 0x5b, 0x2a, 0x51, 0x88, 0x15, 0x04, + 0x1b, 0x58, 0xf6, 0x4f, 0x40, 0x36, 0x63, 0x19, 0x4d, 0xca, 0x04, 0x69, 0xee, 0x7b, 0x62, 0xe1, + 0xc0, 0x99, 0x5c, 0xe6, 0xdf, 0xb1, 0xc0, 0x4c, 0xab, 0x46, 0x77, 0x78, 0xfe, 0xb6, 0x55, 0xc4, + 0x79, 0x81, 0x41, 0x77, 0x6a, 0xd9, 0x89, 0x72, 0x07, 0x57, 0x32, 0x89, 0xfb, 0xfc, 0xfb, 0xa0, + 0x2a, 0xa1, 0x87, 0x52, 0xea, 0x3e, 0x09, 0x67, 0xf2, 0xd7, 0x60, 0x0a, 0x5f, 0x73, 0x33, 0x0e, + 0xdb, 0x51, 0xde, 0x90, 0x64, 0xd7, 0x24, 0x62, 0x0e, 0xa3, 0xe6, 0xd8, 0x96, 0x17, 0xd4, 0xf3, + 0x86, 0xe4, 0x35, 0x2f, 0xa8, 0x63, 0x06, 0xe9, 0xe3, 0xba, 0xaf, 0xdf, 0xb5, 0xe0, 0xc2, 0x41, + 0xb7, 0x75, 0xa2, 0x27, 0x61, 0xe0, 0xae, 0x13, 0xcb, 0x6a, 0xa3, 0x4c, 0x50, 0xde, 0x72, 0xe2, + 0x00, 0xb3, 0x56, 0xb4, 0x0b, 0x83, 0x3c, 0xff, 0x57, 0x68, 0xeb, 0xaf, 0x14, 0x7b, 0x77, 0xe8, + 0x35, 0x62, 0x98, 0x0b, 0x3c, 0xf7, 0x18, 0x0b, 0x86, 0xf6, 0xf7, 0x2d, 0x40, 0x2b, 0xdb, 0x24, + 0x8e, 0xbd, 0xba, 0x91, 0xb1, 0x8c, 0x5e, 0x84, 0x91, 0xdb, 0x6b, 0x2b, 0xd7, 0x57, 0x43, 0x2f, + 0x60, 0x15, 0x0c, 0x8c, 0x24, 0xad, 0xab, 0x46, 0x3b, 0xce, 0x60, 0xa1, 0x39, 0x18, 0xbf, 0x7d, + 0x87, 0x1a, 0xbf, 0x66, 0x1d, 0xf2, 0x92, 0x76, 0x77, 0x5e, 0x7d, 0x25, 0x07, 0xc4, 0x9d, 0xf8, + 0x68, 0x05, 0xce, 0xb5, 0xb8, 0xb9, 0xc1, 0xcb, 0x07, 0x73, 0xdb, 0x43, 0xe5, 0x68, 0x3c, 0xb1, + 0xbf, 0x37, 0x79, 0x6e, 0xb9, 0x1b, 0x02, 0xee, 0xfe, 0x9c, 0xfd, 0x3e, 0x40, 0x3c, 0x58, 0x65, + 0xae, 0x5b, 0xe4, 0x41, 0x4f, 0x4b, 0xdc, 0xfe, 0x7a, 0x05, 0x4e, 0xe5, 0xea, 0xdc, 0x51, 0x53, + 0xaf, 0x33, 0xd4, 0xe1, 0xd8, 0xfb, 0x77, 0x67, 0xf7, 0xfa, 0x0a, 0x9e, 0x08, 0xa0, 0xe2, 0x05, + 0x51, 0x3b, 0x2d, 0x26, 0x0b, 0x8a, 0x77, 0x62, 0x91, 0x12, 0x34, 0x9c, 0x44, 0xf4, 0x2f, 0xe6, + 0x6c, 0x8a, 0x0c, 0xc5, 0xc8, 0x28, 0xe3, 0x03, 0x0f, 0xc9, 0x1d, 0xf0, 0x69, 0x1d, 0x18, 0x51, + 0x29, 0xe2, 0xa0, 0x3e, 0x37, 0x59, 0x4e, 0xfa, 0x80, 0xed, 0x9b, 0x25, 0x18, 0x36, 0x3e, 0x1a, + 0xfa, 0xf5, 0x6c, 0xd1, 0x11, 0xab, 0xb8, 0x57, 0x62, 0xf4, 0xa7, 0x74, 0x59, 0x11, 0xfe, 0x4a, + 0xcf, 0x76, 0xd6, 0x1b, 0xb9, 0xb7, 0x37, 0x79, 0x3a, 0x57, 0x51, 0x24, 0x53, 0x83, 0xe4, 0xfc, + 0x27, 0xe0, 0x54, 0x8e, 0x4c, 0x97, 0x57, 0x5e, 0xcf, 0xde, 0x72, 0x7a, 0x4c, 0xb7, 0x94, 0x39, + 0x64, 0x6f, 0xd2, 0x21, 0xd3, 0x97, 0x5f, 0xf7, 0xe1, 0x8e, 0xcb, 0x25, 0xa0, 0x95, 0xfa, 0x4c, + 0x40, 0x7b, 0x0e, 0xaa, 0x51, 0xe8, 0x7b, 0xae, 0xa7, 0xca, 0x53, 0xb1, 0xc2, 0xad, 0xab, 0xa2, + 0x0d, 0x2b, 0x28, 0xba, 0x0b, 0x35, 0x75, 0x21, 0xac, 0xc8, 0xa1, 0x2f, 0xca, 0xd5, 0xab, 0x94, + 0x16, 0x7d, 0xd1, 0xab, 0xe6, 0x85, 0x6c, 0x18, 0x64, 0x9b, 0xa0, 0x8c, 0xa6, 0x65, 0xd9, 0x88, + 0x6c, 0x77, 0x4c, 0xb0, 0x80, 0xd8, 0x9f, 0x19, 0x82, 0xb3, 0xdd, 0x8a, 0x8d, 0xa2, 0x8f, 0xc3, + 0x20, 0xef, 0x63, 0x31, 0xf5, 0xac, 0xbb, 0xf1, 0x58, 0x60, 0x04, 0x45, 0xb7, 0xd8, 0x6f, 0x2c, + 0x78, 0x0a, 0xee, 0xbe, 0xb3, 0x21, 0x66, 0xc8, 0xc9, 0x70, 0x5f, 0x72, 0x34, 0xf7, 0x25, 0x87, + 0x73, 0xf7, 0x9d, 0x0d, 0xb4, 0x03, 0x95, 0xa6, 0x97, 0x12, 0x47, 0x38, 0x11, 0x6e, 0x9d, 0x08, + 0x73, 0xe2, 0x70, 0x2d, 0x8d, 0xfd, 0xc4, 0x9c, 0x21, 0xfa, 0x86, 0x05, 0xa7, 0x36, 0xb2, 0xc9, + 0x9d, 0x42, 0x78, 0x3a, 0x27, 0x50, 0x50, 0x36, 0xcb, 0x88, 0xd7, 0xfa, 0xcf, 0x35, 0xe2, 0x7c, + 0x77, 0xd0, 0x2f, 0x5a, 0x30, 0xd4, 0xf0, 0x7c, 0xa3, 0x74, 0xe1, 0x09, 0x7c, 0x9c, 0xcb, 0x8c, + 0x81, 0xb6, 0x38, 0xf8, 0xff, 0x04, 0x4b, 0xce, 0xbd, 0x76, 0xaa, 0xc1, 0xe3, 0xee, 0x54, 0x43, + 0x0f, 0xc9, 0x6d, 0xf4, 0xab, 0x25, 0x78, 0xa6, 0x8f, 0x6f, 0x64, 0xe6, 0xe3, 0x59, 0x07, 0xe4, + 0xe3, 0x5d, 0x80, 0x81, 0x98, 0x44, 0x61, 0x5e, 0xf5, 0x65, 0x41, 0xab, 0x0c, 0x82, 0x9e, 0x82, + 0xb2, 0x13, 0x79, 0x42, 0xf3, 0x55, 0xfa, 0xfa, 0xcc, 0xea, 0x22, 0xa6, 0xed, 0xf4, 0x4b, 0xd7, + 0x36, 0x64, 0xca, 0x71, 0x31, 0xf7, 0x6e, 0xf4, 0xca, 0x60, 0xe6, 0x8e, 0x1c, 0x05, 0xc5, 0x9a, + 0xaf, 0xfd, 0xd7, 0x2c, 0x38, 0xdf, 0x7b, 0x8a, 0xa0, 0x17, 0x60, 0x78, 0x23, 0x76, 0x02, 0x77, + 0x93, 0x5d, 0x52, 0x23, 0x07, 0x85, 0xa5, 0x61, 0xe9, 0x66, 0x6c, 0xe2, 0x50, 0x25, 0x96, 0x57, + 0x09, 0x36, 0x30, 0x64, 0xd6, 0x05, 0x55, 0x62, 0xd7, 0xf3, 0x40, 0xdc, 0x89, 0x6f, 0xff, 0x41, + 0xa9, 0x7b, 0xb7, 0xb8, 0x28, 0x39, 0xcc, 0x77, 0x12, 0x5f, 0xa1, 0xd4, 0xe3, 0x2b, 0xdc, 0x81, + 0x6a, 0xca, 0x52, 0xc9, 0x48, 0x43, 0xc8, 0xa3, 0xc2, 0x52, 0xb5, 0xd9, 0x8e, 0xb5, 0x2e, 0x88, + 0x63, 0xc5, 0x86, 0x6e, 0x1c, 0xbe, 0xae, 0x9d, 0x28, 0x36, 0x8e, 0xdc, 0x29, 0xc4, 0x3c, 0x9c, + 0x36, 0xaa, 0x4f, 0xf3, 0x4c, 0x1a, 0x1e, 0x4c, 0xa3, 0xd2, 0x4b, 0x57, 0x73, 0x70, 0xdc, 0xf1, + 0x84, 0xfd, 0x1b, 0x25, 0x78, 0xa2, 0xa7, 0x7c, 0xd4, 0x11, 0x3f, 0xd6, 0x7d, 0x22, 0x7e, 0x8e, + 0x3d, 0xcd, 0xcd, 0x01, 0x1e, 0x78, 0x30, 0x03, 0xfc, 0x3c, 0x54, 0xbd, 0x20, 0x21, 0x6e, 0x3b, + 0xe6, 0x83, 0x66, 0xc4, 0x95, 0x2f, 0x8a, 0x76, 0xac, 0x30, 0xec, 0x3f, 0xea, 0x3d, 0xd5, 0xe8, + 0x5e, 0xf9, 0x23, 0x3b, 0x4a, 0x2f, 0xc3, 0xa8, 0x13, 0x45, 0x1c, 0x8f, 0x45, 0x57, 0xe4, 0x12, + 0xc6, 0x67, 0x4c, 0x20, 0xce, 0xe2, 0x1a, 0x73, 0x78, 0xb0, 0xd7, 0x1c, 0xb6, 0xff, 0xd4, 0x82, + 0x1a, 0x26, 0x0d, 0xbe, 0xde, 0xd1, 0x6d, 0x31, 0x44, 0x56, 0x11, 0x95, 0x9c, 0xe8, 0xc0, 0x26, + 0x1e, 0xab, 0x70, 0xd4, 0x6d, 0xb0, 0x3b, 0xcb, 0x9a, 0x97, 0x0e, 0x55, 0xd6, 0x5c, 0x15, 0xb6, + 0x2e, 0xf7, 0x2e, 0x6c, 0x6d, 0xbf, 0x39, 0x44, 0x5f, 0x2f, 0x0a, 0xe7, 0x62, 0x52, 0x4f, 0xe8, + 0xf7, 0x6d, 0xc7, 0x7e, 0xfe, 0xce, 0xee, 0x1b, 0x78, 0x09, 0xd3, 0xf6, 0x8c, 0x0b, 0xb5, 0x74, + 0xa8, 0x74, 0xd9, 0xf2, 0x81, 0xe9, 0xb2, 0x2f, 0xc3, 0x68, 0x92, 0x6c, 0xae, 0xc6, 0xde, 0xb6, + 0x93, 0x92, 0x6b, 0x64, 0x57, 0x04, 0xe7, 0xe9, 0x14, 0xb7, 0xb5, 0x2b, 0x1a, 0x88, 0xb3, 0xb8, + 0x68, 0x01, 0xc6, 0x75, 0xd2, 0x2a, 0x89, 0x53, 0x16, 0x8b, 0xc7, 0x67, 0x82, 0xca, 0x30, 0xd3, + 0x69, 0xae, 0x02, 0x01, 0x77, 0x3e, 0x43, 0x25, 0x56, 0xa6, 0x91, 0x76, 0x64, 0x30, 0x2b, 0xb1, + 0x32, 0x74, 0x68, 0x5f, 0x3a, 0x9e, 0x40, 0xcb, 0x70, 0x86, 0x4f, 0x8c, 0x99, 0x28, 0x32, 0xde, + 0x68, 0x28, 0x5b, 0x41, 0x67, 0xa1, 0x13, 0x05, 0x77, 0x7b, 0x8e, 0x5a, 0x1f, 0xaa, 0x79, 0x71, + 0x5e, 0x78, 0xff, 0x94, 0xf5, 0xa1, 0xc8, 0x2c, 0xd6, 0xb1, 0x89, 0x87, 0x3e, 0x04, 0x8f, 0xeb, + 0xbf, 0x3c, 0x60, 0x9b, 0xbb, 0xc4, 0xe7, 0x45, 0x3d, 0x00, 0x55, 0x46, 0x79, 0xa1, 0x2b, 0x5a, + 0x1d, 0xf7, 0x7a, 0x1e, 0x6d, 0xc0, 0x79, 0x05, 0xba, 0x14, 0xa4, 0x2c, 0xfa, 0x32, 0x21, 0xb3, + 0x4e, 0x42, 0x6e, 0xc4, 0x3e, 0xab, 0x20, 0x50, 0xd3, 0x57, 0xd0, 0x2c, 0x78, 0xe9, 0x95, 0x6e, + 0x98, 0x78, 0x09, 0xdf, 0x87, 0x0a, 0x9a, 0x86, 0x1a, 0x09, 0x9c, 0x0d, 0x9f, 0xac, 0xcc, 0x2d, + 0xb2, 0xba, 0x02, 0x86, 0x07, 0xfe, 0x92, 0x04, 0x60, 0x8d, 0xa3, 0xe2, 0x41, 0x46, 0x7a, 0x5e, + 0x59, 0xb4, 0x0a, 0x67, 0x9b, 0x6e, 0x44, 0xb5, 0x09, 0xcf, 0x25, 0x33, 0x2e, 0x8b, 0x89, 0xa0, + 0x1f, 0x86, 0x97, 0x36, 0x52, 0xc1, 0x4e, 0x0b, 0x73, 0xab, 0x1d, 0x38, 0xb8, 0xeb, 0x93, 0x74, + 0x8d, 0x45, 0x71, 0xb8, 0xb3, 0x3b, 0x71, 0x26, 0xbb, 0xc6, 0x56, 0x69, 0x23, 0xe6, 0x30, 0x74, + 0x15, 0x10, 0x8b, 0x9c, 0xbb, 0x92, 0xa6, 0x91, 0x52, 0x5f, 0x26, 0xce, 0xb2, 0x57, 0x3a, 0x2f, + 0x9e, 0x40, 0x97, 0x3b, 0x30, 0x70, 0x97, 0xa7, 0xec, 0x3f, 0xb1, 0x60, 0x54, 0xad, 0xd7, 0x07, + 0x10, 0x3b, 0xea, 0x67, 0x63, 0x47, 0x17, 0x8e, 0x2f, 0xf1, 0x58, 0xcf, 0x7b, 0x04, 0x20, 0x7d, + 0x66, 0x18, 0x40, 0x4b, 0x45, 0xb5, 0x21, 0x59, 0x3d, 0x37, 0xa4, 0x47, 0x56, 0x22, 0x75, 0x4b, + 0x22, 0xae, 0x3c, 0xdc, 0x24, 0xe2, 0x35, 0x38, 0x27, 0xd5, 0x05, 0xee, 0xe3, 0xbd, 0x12, 0x26, + 0x4a, 0xc0, 0x55, 0x67, 0x9f, 0x12, 0x84, 0xce, 0x2d, 0x76, 0x43, 0xc2, 0xdd, 0x9f, 0xcd, 0x68, + 0x29, 0x43, 0x07, 0x69, 0x29, 0x7a, 0x4d, 0x2f, 0x35, 0x64, 0x51, 0xe6, 0xdc, 0x9a, 0x5e, 0xba, + 0xbc, 0x86, 0x35, 0x4e, 0x77, 0xc1, 0x5e, 0x2b, 0x48, 0xb0, 0xc3, 0xa1, 0x05, 0xbb, 0x14, 0x31, + 0xc3, 0x3d, 0x45, 0x8c, 0xf4, 0x25, 0x8d, 0xf4, 0xf4, 0x25, 0xbd, 0x1f, 0xc6, 0xbc, 0x60, 0x93, + 0xc4, 0x5e, 0x4a, 0xea, 0x6c, 0x2d, 0x30, 0xf1, 0x53, 0xd5, 0xdb, 0xfa, 0x62, 0x06, 0x8a, 0x73, + 0xd8, 0x59, 0xb9, 0x38, 0xd6, 0x87, 0x5c, 0xec, 0xb1, 0x1b, 0x9d, 0x2a, 0x66, 0x37, 0x3a, 0x7d, + 0xfc, 0xdd, 0x68, 0xfc, 0x44, 0x77, 0x23, 0x54, 0xc8, 0x6e, 0xd4, 0x97, 0xa0, 0x37, 0x0c, 0xba, + 0xb3, 0x07, 0x18, 0x74, 0xbd, 0xb6, 0xa2, 0x73, 0x47, 0xde, 0x8a, 0xba, 0xef, 0x32, 0x8f, 0x1d, + 0x69, 0x97, 0xf9, 0x6c, 0x09, 0xce, 0x69, 0x39, 0x4c, 0x67, 0xbf, 0xd7, 0xa0, 0x92, 0x88, 0xd5, + 0xf5, 0xe7, 0xfe, 0x56, 0x23, 0x94, 0x59, 0x47, 0x45, 0x2b, 0x08, 0x36, 0xb0, 0x58, 0x44, 0x30, + 0x89, 0x59, 0x01, 0xb7, 0xbc, 0x90, 0x9e, 0x13, 0xed, 0x58, 0x61, 0xd0, 0xf9, 0x45, 0x7f, 0x8b, + 0x2c, 0x8b, 0x7c, 0xdd, 0x94, 0x39, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x8e, 0x33, 0x61, 0x02, 0x82, + 0x0a, 0xea, 0x11, 0x71, 0x49, 0x96, 0x94, 0x09, 0x0a, 0x2a, 0xbb, 0xc3, 0x42, 0xbf, 0x2b, 0x9d, + 0xdd, 0x61, 0xa1, 0x0b, 0x0a, 0xc3, 0xfe, 0x5f, 0x16, 0x3c, 0xd1, 0x75, 0x28, 0x1e, 0xc0, 0xe6, + 0xbb, 0x93, 0xdd, 0x7c, 0xd7, 0x8a, 0x32, 0x37, 0x8c, 0xb7, 0xe8, 0xb1, 0x11, 0xff, 0x3b, 0x0b, + 0xc6, 0x34, 0xfe, 0x03, 0x78, 0x55, 0x2f, 0xfb, 0xaa, 0xc5, 0x59, 0x56, 0xb5, 0x8e, 0x77, 0xfb, + 0x13, 0xf6, 0x6e, 0xfc, 0x50, 0x74, 0xc6, 0x95, 0x95, 0xe2, 0x0e, 0x38, 0x01, 0xd8, 0x85, 0x41, + 0x76, 0x80, 0x91, 0x14, 0x73, 0x38, 0x9b, 0xe5, 0xcf, 0x0e, 0x43, 0xf4, 0xe1, 0x10, 0xfb, 0x9b, + 0x60, 0xc1, 0x90, 0x95, 0x17, 0xf4, 0x12, 0x2a, 0xcd, 0xeb, 0x22, 0x88, 0x5a, 0x97, 0x17, 0x14, + 0xed, 0x58, 0x61, 0xd8, 0x2d, 0x98, 0xc8, 0x12, 0x9f, 0x27, 0x0d, 0x16, 0xf0, 0xd3, 0xd7, 0x6b, + 0x4e, 0x43, 0xcd, 0x61, 0x4f, 0x2d, 0xb5, 0x9d, 0xfc, 0xbd, 0x8a, 0x33, 0x12, 0x80, 0x35, 0x8e, + 0xfd, 0xdb, 0x16, 0x9c, 0xe9, 0xf2, 0x32, 0x05, 0x06, 0x8f, 0xa7, 0x5a, 0x0a, 0x74, 0xdb, 0x70, + 0xdf, 0x09, 0x43, 0x75, 0xd2, 0x70, 0x64, 0x48, 0x89, 0x21, 0x73, 0xe7, 0x79, 0x33, 0x96, 0x70, + 0xfb, 0xbf, 0x5b, 0x70, 0x2a, 0xdb, 0xd7, 0x84, 0x4a, 0x4d, 0xfe, 0x32, 0xf3, 0x5e, 0xe2, 0x86, + 0xdb, 0x24, 0xde, 0xa5, 0x6f, 0xce, 0x7b, 0xad, 0xa4, 0xe6, 0x4c, 0x07, 0x06, 0xee, 0xf2, 0x14, + 0xab, 0x30, 0x56, 0x57, 0xa3, 0x2d, 0x67, 0xca, 0xcd, 0x22, 0x67, 0x8a, 0xfe, 0x98, 0xe6, 0xf1, + 0x93, 0x62, 0x89, 0x4d, 0xfe, 0xf6, 0xf7, 0x07, 0x40, 0x65, 0x97, 0xb0, 0xf3, 0xfc, 0x82, 0xa2, + 0x21, 0x32, 0xf7, 0x61, 0x94, 0xfb, 0xb8, 0x0f, 0x43, 0x4e, 0x86, 0x81, 0xfb, 0x1d, 0xb0, 0x71, + 0xef, 0x85, 0xe9, 0x24, 0x54, 0x6f, 0xb8, 0xae, 0x41, 0xd8, 0xc4, 0xa3, 0x3d, 0xf1, 0xbd, 0x6d, + 0xc2, 0x1f, 0x1a, 0xcc, 0xf6, 0x64, 0x49, 0x02, 0xb0, 0xc6, 0xa1, 0x3d, 0xa9, 0x7b, 0x8d, 0x86, + 0x30, 0xc5, 0x55, 0x4f, 0xe8, 0xe8, 0x60, 0x06, 0xe1, 0x45, 0x23, 0xc3, 0x2d, 0xa1, 0x9d, 0x1a, + 0x45, 0x23, 0xc3, 0x2d, 0xcc, 0x20, 0x54, 0x9f, 0x0a, 0xc2, 0xb8, 0xc5, 0xee, 0xbd, 0xac, 0x2b, + 0x2e, 0x42, 0x2b, 0x55, 0xfa, 0xd4, 0xf5, 0x4e, 0x14, 0xdc, 0xed, 0x39, 0x3a, 0x03, 0xa3, 0x98, + 0xd4, 0x3d, 0x37, 0x35, 0xa9, 0x41, 0x76, 0x06, 0xae, 0x76, 0x60, 0xe0, 0x2e, 0x4f, 0xa1, 0x19, + 0x38, 0x25, 0xb3, 0x83, 0x64, 0xee, 0xf7, 0x70, 0x36, 0xd7, 0x14, 0x67, 0xc1, 0x38, 0x8f, 0x4f, + 0xa5, 0x4d, 0x4b, 0x94, 0x7d, 0x60, 0x4a, 0xac, 0x21, 0x6d, 0x64, 0x39, 0x08, 0xac, 0x30, 0xec, + 0x4f, 0x97, 0xe9, 0xee, 0xd8, 0xa3, 0xd4, 0xfd, 0x03, 0x8b, 0xbe, 0xc9, 0xce, 0xc8, 0x81, 0x3e, + 0x66, 0xe4, 0x8b, 0x30, 0x72, 0x3b, 0x09, 0x03, 0x15, 0xd9, 0x52, 0xe9, 0x19, 0xd9, 0x62, 0x60, + 0x75, 0x8f, 0x6c, 0x19, 0x2c, 0x2a, 0xb2, 0x65, 0xe8, 0x88, 0x91, 0x2d, 0xdf, 0xa9, 0x80, 0x2a, + 0x16, 0x7d, 0x9d, 0xa4, 0x77, 0xc3, 0x78, 0xcb, 0x0b, 0x9a, 0x2c, 0xab, 0xea, 0x1b, 0x16, 0x8c, + 0xf0, 0xf5, 0xb2, 0x64, 0x66, 0x26, 0x34, 0x0a, 0xaa, 0x42, 0x9c, 0x61, 0x36, 0xb5, 0x6e, 0x30, + 0xca, 0xdd, 0x71, 0x64, 0x82, 0x70, 0xa6, 0x47, 0xe8, 0x13, 0x00, 0xd2, 0x6f, 0xd9, 0x90, 0x22, + 0x73, 0xb1, 0x98, 0xfe, 0x61, 0xd2, 0xd0, 0xba, 0xe9, 0xba, 0x62, 0x82, 0x0d, 0x86, 0xe8, 0xb3, + 0xf9, 0x7b, 0x81, 0x3f, 0x76, 0x22, 0x63, 0xd3, 0x4f, 0xce, 0x06, 0x86, 0x21, 0x2f, 0x68, 0xd2, + 0x79, 0x22, 0x22, 0x00, 0xde, 0xd1, 0x2d, 0x23, 0x71, 0x29, 0x74, 0xea, 0xb3, 0x8e, 0xef, 0x04, + 0x2e, 0x89, 0x17, 0x39, 0xba, 0x79, 0xe9, 0x1e, 0x6b, 0xc0, 0x92, 0x50, 0x47, 0x99, 0xed, 0x4a, + 0x3f, 0x65, 0xb6, 0xcf, 0x7f, 0x00, 0xc6, 0x3b, 0x3e, 0xe6, 0xa1, 0x52, 0x34, 0x8e, 0x9e, 0xdd, + 0x61, 0xff, 0xb3, 0x41, 0xbd, 0x69, 0x5d, 0x0f, 0xeb, 0xbc, 0xd8, 0x73, 0xac, 0xbf, 0xa8, 0xd0, + 0x3d, 0x0b, 0x9c, 0x22, 0xc6, 0xc5, 0x7d, 0xaa, 0x11, 0x9b, 0x2c, 0xe9, 0x1c, 0x8d, 0x9c, 0x98, + 0x04, 0x27, 0x3d, 0x47, 0x57, 0x15, 0x13, 0x6c, 0x30, 0x44, 0x9b, 0x99, 0x18, 0xed, 0xcb, 0xc7, + 0x8f, 0xd1, 0x66, 0xb5, 0x1a, 0xba, 0x15, 0x8c, 0xfd, 0x92, 0x05, 0x63, 0x41, 0x66, 0xe6, 0x16, + 0x13, 0x96, 0xd5, 0x7d, 0x55, 0xf0, 0xbb, 0x06, 0xb2, 0x6d, 0x38, 0xc7, 0xbf, 0xdb, 0x96, 0x56, + 0x39, 0xe4, 0x96, 0xa6, 0xab, 0xc6, 0x0f, 0xf6, 0xaa, 0x1a, 0x8f, 0x02, 0x75, 0x6d, 0xc6, 0x50, + 0xe1, 0xd7, 0x66, 0x40, 0x97, 0x2b, 0x33, 0x6e, 0x41, 0xcd, 0x8d, 0x89, 0x93, 0x1e, 0xf1, 0x06, + 0x05, 0x76, 0x14, 0x3e, 0x27, 0x09, 0x60, 0x4d, 0xcb, 0xfe, 0xb7, 0x65, 0x38, 0x2d, 0x47, 0x44, + 0x86, 0x74, 0xd2, 0xfd, 0x91, 0xf3, 0xd5, 0xca, 0xad, 0xda, 0x1f, 0xaf, 0x48, 0x00, 0xd6, 0x38, + 0x54, 0x1f, 0x6b, 0x27, 0x64, 0x25, 0x22, 0xc1, 0x92, 0xb7, 0x91, 0x88, 0xf3, 0x47, 0xb5, 0x50, + 0x6e, 0x68, 0x10, 0x36, 0xf1, 0xa8, 0x32, 0xce, 0xf5, 0xe2, 0x24, 0x1f, 0x0e, 0x2e, 0xf4, 0x6d, + 0x2c, 0xe1, 0xe8, 0x6b, 0x5d, 0xef, 0xde, 0x29, 0x26, 0x11, 0xa2, 0x23, 0x92, 0xf5, 0x90, 0x97, + 0xee, 0xbc, 0x61, 0xc1, 0xa9, 0xad, 0x4c, 0x46, 0xaa, 0x14, 0xc9, 0xc7, 0xac, 0x9d, 0x90, 0x4d, + 0x73, 0xd5, 0x53, 0x38, 0xdb, 0x9e, 0xe0, 0x3c, 0x77, 0xfb, 0x7f, 0x58, 0x60, 0x8a, 0xa7, 0xfe, + 0x34, 0x2b, 0xe3, 0xfa, 0xc0, 0xd2, 0x01, 0xd7, 0x07, 0x4a, 0x25, 0xac, 0xdc, 0x9f, 0xd2, 0x3f, + 0x70, 0x08, 0xa5, 0xbf, 0xd2, 0x53, 0x6b, 0x7b, 0x0a, 0xca, 0x6d, 0xaf, 0x2e, 0xf4, 0x76, 0x7d, + 0xda, 0xb8, 0x38, 0x8f, 0x69, 0xbb, 0xfd, 0x8f, 0x2b, 0xda, 0x4e, 0x17, 0xf1, 0xfb, 0x3f, 0x12, + 0xaf, 0xdd, 0x50, 0xa5, 0x30, 0xf8, 0x9b, 0x5f, 0xef, 0x28, 0x85, 0xf1, 0x53, 0x87, 0x4f, 0xcf, + 0xe0, 0x03, 0xd4, 0xab, 0x12, 0xc6, 0xd0, 0x01, 0xb9, 0x19, 0xb7, 0xa1, 0x4a, 0x4d, 0x1b, 0xe6, + 0x70, 0xab, 0x66, 0x3a, 0x55, 0xbd, 0x22, 0xda, 0xef, 0xed, 0x4d, 0xfe, 0xe4, 0xe1, 0xbb, 0x25, + 0x9f, 0xc6, 0x8a, 0x3e, 0x4a, 0xa0, 0x46, 0x7f, 0xb3, 0x34, 0x12, 0x61, 0x34, 0xdd, 0x50, 0xb2, + 0x48, 0x02, 0x0a, 0xc9, 0x51, 0xd1, 0x7c, 0x50, 0x00, 0x35, 0x76, 0xef, 0x17, 0x63, 0xca, 0x6d, + 0xab, 0x55, 0x95, 0xcc, 0x21, 0x01, 0xf7, 0xf6, 0x26, 0x5f, 0x3e, 0x3c, 0x53, 0xf5, 0x38, 0xd6, + 0x2c, 0xec, 0x2f, 0x0f, 0xe8, 0xb9, 0x2b, 0x2a, 0xa0, 0xfc, 0x48, 0xcc, 0xdd, 0x97, 0x72, 0x73, + 0xf7, 0x42, 0xc7, 0xdc, 0x1d, 0xd3, 0xf7, 0x53, 0x65, 0x66, 0xe3, 0x83, 0xde, 0x60, 0x0f, 0xb6, + 0xe3, 0x99, 0x66, 0x71, 0xa7, 0xed, 0xc5, 0x24, 0x59, 0x8d, 0xdb, 0x81, 0x17, 0x34, 0xc5, 0x95, + 0xc0, 0x86, 0x66, 0x91, 0x01, 0xe3, 0x3c, 0x3e, 0xbb, 0x4e, 0x78, 0x37, 0x70, 0x6f, 0x39, 0xdb, + 0x7c, 0x56, 0x19, 0x45, 0x21, 0xd6, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x9b, 0xec, 0xec, 0xd6, 0xc8, + 0x5f, 0xa3, 0x73, 0xc2, 0x67, 0x17, 0xad, 0xf1, 0x8a, 0x12, 0x6a, 0x4e, 0xf0, 0xdb, 0xd5, 0x38, + 0x0c, 0xdd, 0x85, 0xa1, 0x0d, 0x7e, 0xd3, 0x48, 0x31, 0xd5, 0x33, 0xc5, 0xb5, 0x25, 0xac, 0xc0, + 0xb5, 0xbc, 0xc3, 0xe4, 0x9e, 0xfe, 0x89, 0x25, 0x37, 0xfb, 0xdb, 0x03, 0x70, 0x2a, 0x77, 0x15, + 0x57, 0xa6, 0x96, 0x57, 0xe9, 0xc0, 0x5a, 0x5e, 0x1f, 0x05, 0xa8, 0x93, 0xc8, 0x0f, 0x77, 0x99, + 0x9a, 0x33, 0x70, 0x68, 0x35, 0x47, 0x69, 0xc6, 0xf3, 0x8a, 0x0a, 0x36, 0x28, 0x8a, 0x32, 0x1a, + 0xbc, 0x34, 0x58, 0xae, 0x8c, 0x86, 0x51, 0xc0, 0x76, 0xf0, 0xc1, 0x16, 0xb0, 0xf5, 0xe0, 0x14, + 0xef, 0xa2, 0xca, 0x12, 0x3b, 0x42, 0x32, 0x18, 0x8b, 0xb3, 0x9d, 0xcf, 0x92, 0xc1, 0x79, 0xba, + 0x0f, 0xf3, 0xa6, 0x3d, 0xf4, 0x2e, 0xa8, 0xc9, 0xef, 0x9c, 0x4c, 0xd4, 0x74, 0xa6, 0xad, 0x9c, + 0x06, 0xec, 0x06, 0x3c, 0xf1, 0xd3, 0xfe, 0x62, 0x89, 0x6a, 0xa5, 0xfc, 0x9f, 0xaa, 0x98, 0xf0, + 0x2c, 0x0c, 0x3a, 0xed, 0x74, 0x33, 0xec, 0xb8, 0x3e, 0x65, 0x86, 0xb5, 0x62, 0x01, 0x45, 0x4b, + 0x30, 0x50, 0xd7, 0x59, 0xf0, 0x87, 0x19, 0x45, 0xed, 0xe0, 0x73, 0x52, 0x82, 0x19, 0x15, 0xf4, + 0x24, 0x0c, 0xa4, 0x4e, 0x33, 0x73, 0xad, 0xf5, 0xba, 0xd3, 0x4c, 0x30, 0x6b, 0x35, 0x37, 0xcd, + 0x81, 0x03, 0x36, 0xcd, 0x97, 0x61, 0x34, 0xf1, 0x9a, 0x81, 0x93, 0xb6, 0x63, 0x62, 0x1c, 0x26, + 0xe9, 0xf8, 0x00, 0x13, 0x88, 0xb3, 0xb8, 0xf6, 0xef, 0x8d, 0xc0, 0xd9, 0xb5, 0xb9, 0x65, 0x59, + 0xd1, 0xf1, 0xc4, 0x62, 0xea, 0xbb, 0xf1, 0x78, 0x70, 0x31, 0xf5, 0x3d, 0xb8, 0xfb, 0x46, 0x4c, + 0xbd, 0x6f, 0xc4, 0xd4, 0x7f, 0xd6, 0x82, 0x9a, 0x0a, 0x25, 0x17, 0x81, 0xac, 0x1f, 0x29, 0xbe, + 0x07, 0x2a, 0xae, 0x58, 0x44, 0x14, 0xcb, 0xbf, 0x58, 0x33, 0x3f, 0xb9, 0x20, 0xfb, 0xfb, 0x76, + 0xe8, 0x50, 0x41, 0xf6, 0x2a, 0x03, 0xa1, 0x52, 0x44, 0x06, 0x42, 0x8f, 0x4f, 0xd5, 0x35, 0x03, + 0xe1, 0x4b, 0x16, 0x0c, 0x3b, 0xaf, 0xb7, 0x63, 0x32, 0x4f, 0xb6, 0x57, 0xa2, 0x44, 0x08, 0xd8, + 0x57, 0x8b, 0xef, 0xc0, 0x8c, 0x66, 0x22, 0xea, 0xbc, 0xeb, 0x06, 0x6c, 0x76, 0x21, 0x93, 0x71, + 0x30, 0x54, 0x44, 0xc6, 0x41, 0xb7, 0xee, 0x1c, 0x98, 0x71, 0xf0, 0x32, 0x8c, 0xba, 0x7e, 0x18, + 0x90, 0xd5, 0x38, 0x4c, 0x43, 0x37, 0xf4, 0x85, 0x32, 0xad, 0x44, 0xc2, 0x9c, 0x09, 0xc4, 0x59, + 0xdc, 0x5e, 0xe9, 0x0a, 0xb5, 0xe3, 0xa6, 0x2b, 0xc0, 0x43, 0x4a, 0xac, 0xfb, 0x65, 0x9d, 0x58, + 0x37, 0x5c, 0xc4, 0xd5, 0xd7, 0xdd, 0xbe, 0x48, 0x3f, 0xd9, 0x75, 0xe8, 0xab, 0xfc, 0xfe, 0x12, + 0xaa, 0x8e, 0xce, 0x85, 0x2d, 0xaa, 0x6e, 0x8d, 0xb0, 0x21, 0x79, 0xed, 0x04, 0x26, 0xec, 0xad, + 0x35, 0xcd, 0x46, 0xdd, 0x69, 0xa2, 0x9b, 0x70, 0xb6, 0x23, 0xc7, 0x49, 0xfc, 0xfb, 0x7a, 0x09, + 0x7e, 0xec, 0xc0, 0x2e, 0xa0, 0xbb, 0x00, 0xa9, 0xd3, 0x14, 0x13, 0x55, 0xb8, 0xff, 0x8f, 0x19, + 0xc4, 0xb7, 0x2e, 0xe9, 0xf1, 0x8c, 0x75, 0xf5, 0x97, 0x39, 0xd6, 0xe5, 0x6f, 0x16, 0xbb, 0x17, + 0xfa, 0x1d, 0xd5, 0xb9, 0x70, 0xe8, 0x13, 0xcc, 0x20, 0x74, 0xfb, 0x8f, 0x49, 0x53, 0xdf, 0x6f, + 0xa7, 0x3e, 0x1f, 0x66, 0xad, 0x58, 0x40, 0xd1, 0x7b, 0x61, 0xd8, 0xf1, 0x7d, 0x9e, 0x57, 0x41, + 0x12, 0x51, 0x63, 0x5d, 0x57, 0x18, 0xd2, 0x20, 0x6c, 0xe2, 0xd9, 0x7f, 0x56, 0x82, 0xc9, 0x03, + 0x64, 0x0a, 0x7a, 0x09, 0x46, 0xc2, 0xb8, 0xe9, 0x04, 0xde, 0xeb, 0xbc, 0x48, 0x43, 0x25, 0x5b, + 0x0a, 0x6a, 0xc5, 0x80, 0xe1, 0x0c, 0xa6, 0x8c, 0x84, 0x1f, 0xec, 0x11, 0x09, 0xff, 0x5e, 0x18, + 0x4e, 0x89, 0xd3, 0x12, 0x61, 0x3f, 0xc2, 0xfe, 0xd6, 0xe7, 0x99, 0x1a, 0x84, 0x4d, 0x3c, 0x2a, + 0xc5, 0xc6, 0x1c, 0xd7, 0x25, 0x49, 0x22, 0x43, 0xdd, 0x85, 0x6f, 0xb0, 0xb0, 0x38, 0x7a, 0xe6, + 0x72, 0x9d, 0xc9, 0xb0, 0xc0, 0x39, 0x96, 0xf9, 0x01, 0xaf, 0xf5, 0x39, 0xe0, 0xbf, 0x59, 0x82, + 0xa7, 0xee, 0xbb, 0xbb, 0xf5, 0x9d, 0x85, 0xd0, 0x4e, 0x48, 0x9c, 0x9f, 0x38, 0x37, 0x12, 0x12, + 0x63, 0x06, 0xe1, 0xa3, 0x14, 0x45, 0xc6, 0xfd, 0x81, 0x45, 0x27, 0xbd, 0xf0, 0x51, 0xca, 0xb0, + 0xc0, 0x39, 0x96, 0x47, 0x9d, 0x96, 0x7f, 0xaf, 0x04, 0xcf, 0xf4, 0xa1, 0x03, 0x14, 0x98, 0x1c, + 0x94, 0x4d, 0xd1, 0x2a, 0x3f, 0x9c, 0x14, 0xad, 0xa3, 0x0e, 0xd7, 0x9b, 0x25, 0x38, 0xdf, 0x7b, + 0x2b, 0x46, 0x3f, 0x4d, 0x6d, 0x78, 0x19, 0xeb, 0x63, 0x66, 0x77, 0x9d, 0xe1, 0xf6, 0x7b, 0x06, + 0x84, 0xf3, 0xb8, 0x68, 0x0a, 0x20, 0x72, 0xd2, 0xcd, 0xe4, 0xd2, 0x8e, 0x97, 0xa4, 0xa2, 0x46, + 0xc1, 0x18, 0x3f, 0x89, 0x91, 0xad, 0xd8, 0xc0, 0xa0, 0xec, 0xd8, 0xbf, 0xf9, 0xf0, 0x7a, 0x98, + 0xf2, 0x87, 0xb8, 0x19, 0x71, 0x46, 0xd6, 0x71, 0x36, 0x40, 0x38, 0x8f, 0x4b, 0xd9, 0xb1, 0xb3, + 0x3e, 0xde, 0x51, 0x6e, 0x5f, 0x30, 0x76, 0x4b, 0xaa, 0x15, 0x1b, 0x18, 0xf9, 0xbc, 0xb5, 0xca, + 0xc1, 0x79, 0x6b, 0xf6, 0x3f, 0x2a, 0xc1, 0x13, 0x3d, 0x55, 0xb9, 0xfe, 0x16, 0xe0, 0xa3, 0x97, + 0x6b, 0x76, 0xb4, 0xb9, 0x73, 0xc8, 0x0c, 0xaa, 0x3f, 0xed, 0x31, 0xd3, 0x44, 0x06, 0x55, 0x7e, + 0xab, 0xb0, 0x0e, 0xbb, 0x55, 0x3c, 0x42, 0xe3, 0xd9, 0x91, 0x34, 0x35, 0x70, 0x88, 0xa4, 0xa9, + 0xdc, 0xc7, 0xa8, 0xf4, 0xb9, 0x90, 0xbf, 0xdb, 0x7b, 0x78, 0xa9, 0xe9, 0xd7, 0x97, 0x77, 0x74, + 0x1e, 0x4e, 0x7b, 0x01, 0xab, 0xe9, 0xbf, 0xd6, 0xde, 0x10, 0x69, 0xeb, 0xa5, 0xec, 0x75, 0x95, + 0x8b, 0x39, 0x38, 0xee, 0x78, 0xe2, 0x11, 0x4c, 0x62, 0x3b, 0xe2, 0x90, 0x7e, 0x14, 0x6a, 0x8a, + 0x36, 0x0f, 0xcc, 0x55, 0x1f, 0xb4, 0x23, 0x30, 0x57, 0x7d, 0x4d, 0x03, 0x8b, 0x8e, 0x04, 0x55, + 0x37, 0x73, 0x33, 0xf3, 0x1a, 0xd9, 0x65, 0xba, 0xa7, 0xfd, 0x1e, 0x18, 0x51, 0x3e, 0x8c, 0x7e, + 0x0b, 0xb7, 0xdb, 0x5f, 0x1e, 0x84, 0xd1, 0x4c, 0x59, 0xa6, 0x8c, 0xcb, 0xd0, 0x3a, 0xd0, 0x65, + 0xc8, 0x02, 0xad, 0xdb, 0x81, 0xbc, 0xd5, 0xc1, 0x08, 0xb4, 0x6e, 0x07, 0x04, 0x73, 0x18, 0x55, + 0x1d, 0xeb, 0xf1, 0x2e, 0x6e, 0x07, 0x22, 0x20, 0x52, 0xa9, 0x8e, 0xf3, 0xac, 0x15, 0x0b, 0x28, + 0xfa, 0x94, 0x05, 0x23, 0x09, 0xf3, 0x47, 0x73, 0x87, 0xab, 0xf8, 0xa0, 0x57, 0x8f, 0x5f, 0x75, + 0x4a, 0x95, 0x20, 0x63, 0xb1, 0x14, 0x66, 0x0b, 0xce, 0x70, 0x44, 0xbf, 0x64, 0x41, 0x4d, 0x15, + 0x9f, 0x16, 0x57, 0xaf, 0xac, 0x15, 0x5b, 0xf5, 0x8a, 0x7b, 0xea, 0x94, 0x6b, 0x5f, 0x5f, 0xd5, + 0xaa, 0x19, 0xa3, 0x44, 0x79, 0x43, 0x87, 0x4e, 0xc6, 0x1b, 0x0a, 0x5d, 0x3c, 0xa1, 0xef, 0x82, + 0x5a, 0xcb, 0x09, 0xbc, 0x06, 0x49, 0x52, 0xee, 0xa0, 0x94, 0xc5, 0xf8, 0x64, 0x23, 0xd6, 0x70, + 0xba, 0xd9, 0x25, 0xec, 0xc5, 0x52, 0xc3, 0xa3, 0xc8, 0x36, 0xbb, 0x35, 0xdd, 0x8c, 0x4d, 0x1c, + 0xd3, 0xfd, 0x09, 0x0f, 0xd5, 0xfd, 0x39, 0x7c, 0x80, 0xfb, 0xf3, 0x1f, 0x58, 0x70, 0xae, 0xeb, + 0x57, 0x7b, 0x74, 0x43, 0xe4, 0xec, 0xaf, 0x54, 0xe0, 0x4c, 0x97, 0xfa, 0x6a, 0x68, 0xd7, 0x9c, + 0xcf, 0x56, 0x11, 0xa7, 0xe2, 0xd9, 0x43, 0x5e, 0x39, 0x8c, 0x5d, 0x26, 0xf1, 0xe1, 0x0e, 0x1f, + 0xf4, 0x01, 0x40, 0xf9, 0xc1, 0x1e, 0x00, 0x18, 0xd3, 0x72, 0xe0, 0xa1, 0x4e, 0xcb, 0xca, 0xfd, + 0xa7, 0x25, 0xfa, 0xa6, 0x05, 0x13, 0xad, 0x1e, 0x45, 0x7d, 0x85, 0x53, 0xef, 0xe6, 0xc9, 0x94, + 0x0c, 0x9e, 0x7d, 0x72, 0x7f, 0x6f, 0xb2, 0x67, 0x2d, 0x65, 0xdc, 0xb3, 0x57, 0xf6, 0xf7, 0xcb, + 0xc0, 0x8a, 0xfb, 0xb1, 0x1a, 0x3a, 0xbb, 0xe8, 0x93, 0x66, 0x99, 0x46, 0xab, 0xa8, 0x92, 0x82, + 0x9c, 0xb8, 0x2a, 0xf3, 0xc8, 0x47, 0xb0, 0x5b, 0xd5, 0xc7, 0xbc, 0xd0, 0x2a, 0xf5, 0x21, 0xb4, + 0x7c, 0x59, 0x0f, 0xb3, 0x5c, 0x7c, 0x3d, 0xcc, 0x5a, 0xbe, 0x16, 0xe6, 0xfd, 0x3f, 0xf1, 0xc0, + 0x23, 0xf9, 0x89, 0xff, 0xa6, 0xc5, 0x05, 0x4f, 0xee, 0x2b, 0x68, 0xcd, 0xc0, 0xba, 0x8f, 0x66, + 0xf0, 0x3c, 0xbb, 0x74, 0xb7, 0x71, 0x85, 0x38, 0xbe, 0xd0, 0x20, 0xcc, 0xfb, 0x73, 0x59, 0x3b, + 0x56, 0x18, 0xec, 0x9a, 0x2c, 0xdf, 0x0f, 0xef, 0x5e, 0x6a, 0x45, 0xe9, 0xae, 0xd0, 0x25, 0xf4, + 0x35, 0x59, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0x6f, 0x95, 0xf8, 0x0c, 0x14, 0xc7, 0xfa, 0x2f, 0xe5, + 0x2e, 0x36, 0xe9, 0xff, 0x44, 0xfc, 0xe3, 0x00, 0xae, 0xba, 0x6f, 0x53, 0x9c, 0xb7, 0x5c, 0x39, + 0xf6, 0x7d, 0x85, 0x82, 0x9e, 0x7e, 0x0d, 0xdd, 0x86, 0x0d, 0x7e, 0x19, 0x59, 0x5a, 0x3e, 0x50, + 0x96, 0x66, 0xc4, 0xca, 0xc0, 0x01, 0xbb, 0xdd, 0x9f, 0x59, 0x90, 0xd1, 0x88, 0x50, 0x04, 0x15, + 0xda, 0xdd, 0xdd, 0x62, 0xae, 0x12, 0x35, 0x49, 0x53, 0xd1, 0x28, 0xa6, 0x3d, 0xfb, 0x89, 0x39, + 0x23, 0xe4, 0x8b, 0xd3, 0xff, 0x52, 0x11, 0xd7, 0xdd, 0x9a, 0x0c, 0xaf, 0x84, 0xe1, 0x16, 0x3f, + 0x34, 0xd4, 0x91, 0x04, 0xf6, 0x4b, 0x30, 0xde, 0xd1, 0x29, 0x76, 0x87, 0x41, 0x28, 0xef, 0x4f, + 0x35, 0xa6, 0x2b, 0x4b, 0xc1, 0xc3, 0x1c, 0x66, 0xbf, 0x69, 0xc1, 0xe9, 0x3c, 0x79, 0xf4, 0x55, + 0x0b, 0xc6, 0x93, 0x3c, 0xbd, 0x93, 0x1a, 0x3b, 0x15, 0x19, 0xd7, 0x01, 0xc2, 0x9d, 0x9d, 0xb0, + 0xff, 0xaf, 0x98, 0xfc, 0xb7, 0xbc, 0xa0, 0x1e, 0xde, 0x55, 0x8a, 0x89, 0xd5, 0x53, 0x31, 0xa1, + 0xeb, 0xd1, 0xdd, 0x24, 0xf5, 0xb6, 0xdf, 0x91, 0xfb, 0xb7, 0x26, 0xda, 0xb1, 0xc2, 0x60, 0xa9, + 0x4e, 0x6d, 0x51, 0x30, 0x37, 0x37, 0x29, 0xe7, 0x45, 0x3b, 0x56, 0x18, 0xe8, 0x45, 0x18, 0x31, + 0xef, 0x08, 0x16, 0xf3, 0x92, 0x29, 0xe4, 0xe6, 0x75, 0xc2, 0x38, 0x83, 0x85, 0xa6, 0x00, 0x94, + 0x92, 0x23, 0xb7, 0x48, 0xe6, 0x84, 0x51, 0x92, 0x28, 0xc1, 0x06, 0x06, 0x4b, 0x2c, 0xe4, 0x17, + 0xf1, 0xca, 0xf8, 0x51, 0x9e, 0x58, 0x28, 0xda, 0xb0, 0x82, 0x52, 0x69, 0xd2, 0x72, 0x82, 0xb6, + 0xe3, 0xd3, 0x11, 0x12, 0xd9, 0xd0, 0x6a, 0x19, 0x2e, 0x2b, 0x08, 0x36, 0xb0, 0xe8, 0x1b, 0xa7, + 0x5e, 0x8b, 0x7c, 0x38, 0x0c, 0x64, 0xe4, 0x95, 0x3e, 0x52, 0x11, 0xed, 0x58, 0x61, 0xd8, 0xff, + 0xd5, 0x82, 0xfc, 0x75, 0xed, 0x19, 0x2f, 0x87, 0x75, 0x60, 0x06, 0x76, 0x36, 0x7f, 0xb3, 0xd4, + 0x57, 0xfe, 0xa6, 0x99, 0x5a, 0x59, 0xbe, 0x6f, 0x6a, 0xe5, 0x8f, 0xeb, 0x9b, 0xb0, 0x78, 0x0e, + 0xe6, 0x70, 0xb7, 0x5b, 0xb0, 0x90, 0x0d, 0x83, 0xae, 0xa3, 0x6a, 0x74, 0x8c, 0x70, 0xdb, 0x61, + 0x6e, 0x86, 0x21, 0x09, 0x88, 0xbd, 0x02, 0x35, 0x75, 0xb2, 0x20, 0x0d, 0x55, 0xab, 0xbb, 0xa1, + 0xda, 0x57, 0x2a, 0xd9, 0xec, 0xc6, 0xb7, 0x7f, 0xf0, 0xf4, 0xdb, 0xbe, 0xfb, 0x83, 0xa7, 0xdf, + 0xf6, 0xc7, 0x3f, 0x78, 0xfa, 0x6d, 0x9f, 0xda, 0x7f, 0xda, 0xfa, 0xf6, 0xfe, 0xd3, 0xd6, 0x77, + 0xf7, 0x9f, 0xb6, 0xfe, 0x78, 0xff, 0x69, 0xeb, 0xfb, 0xfb, 0x4f, 0x5b, 0x5f, 0xfa, 0x4f, 0x4f, + 0xbf, 0xed, 0xc3, 0x5d, 0x43, 0xef, 0xe8, 0x8f, 0x77, 0xbb, 0xf5, 0xe9, 0xed, 0x8b, 0x2c, 0xfa, + 0x8b, 0x2e, 0xaf, 0x69, 0x63, 0x4e, 0x4d, 0xcb, 0xe5, 0xf5, 0xff, 0x03, 0x00, 0x00, 0xff, 0xff, + 0x51, 0xda, 0xe1, 0xf8, 0x58, 0xd1, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -5575,6 +5675,18 @@ func (m *ApplicationSetGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) _ = i var l int _ = l + if m.Plugin != nil { + { + size, err := m.Plugin.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x52 + } if m.Selector != nil { { size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i]) @@ -5753,6 +5865,18 @@ func (m *ApplicationSetNestedGenerator) MarshalToSizedBuffer(dAtA []byte) (int, _ = i var l int _ = l + if m.Plugin != nil { + { + size, err := m.Plugin.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x52 + } if m.Selector != nil { { size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i]) @@ -6325,6 +6449,18 @@ func (m *ApplicationSetTerminalGenerator) MarshalToSizedBuffer(dAtA []byte) (int _ = i var l int _ = l + if m.Plugin != nil { + { + size, err := m.Plugin.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + } if m.PullRequest != nil { { size, err := m.PullRequest.MarshalToSizedBuffer(dAtA[:i]) @@ -9841,7 +9977,7 @@ func (m *OverrideIgnoreDiff) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *ProjectRole) Marshal() (dAtA []byte, err error) { +func (m *PluginConfigMapRef) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -9851,53 +9987,16 @@ func (m *ProjectRole) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *ProjectRole) MarshalTo(dAtA []byte) (int, error) { +func (m *PluginConfigMapRef) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *ProjectRole) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PluginConfigMapRef) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int _ = l - if len(m.Groups) > 0 { - for iNdEx := len(m.Groups) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Groups[iNdEx]) - copy(dAtA[i:], m.Groups[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Groups[iNdEx]))) - i-- - dAtA[i] = 0x2a - } - } - if len(m.JWTTokens) > 0 { - for iNdEx := len(m.JWTTokens) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.JWTTokens[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x22 - } - } - if len(m.Policies) > 0 { - for iNdEx := len(m.Policies) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Policies[iNdEx]) - copy(dAtA[i:], m.Policies[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Policies[iNdEx]))) - i-- - dAtA[i] = 0x1a - } - } - i -= len(m.Description) - copy(dAtA[i:], m.Description) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Description))) - i-- - dAtA[i] = 0x12 i -= len(m.Name) copy(dAtA[i:], m.Name) i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) @@ -9906,7 +10005,7 @@ func (m *ProjectRole) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *PullRequestGenerator) Marshal() (dAtA []byte, err error) { +func (m *PluginGenerator) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -9916,16 +10015,40 @@ func (m *PullRequestGenerator) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *PullRequestGenerator) MarshalTo(dAtA []byte) (int, error) { +func (m *PluginGenerator) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *PullRequestGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *PluginGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int _ = l + if len(m.Values) > 0 { + keysForValues := make([]string, 0, len(m.Values)) + for k := range m.Values { + keysForValues = append(keysForValues, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + for iNdEx := len(keysForValues) - 1; iNdEx >= 0; iNdEx-- { + v := m.Values[string(keysForValues[iNdEx])] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintGenerated(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(keysForValues[iNdEx]) + copy(dAtA[i:], keysForValues[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForValues[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x2a + } + } { size, err := m.Template.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -9935,7 +10058,182 @@ func (m *PullRequestGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { i = encodeVarintGenerated(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x3a + dAtA[i] = 0x22 + if m.RequeueAfterSeconds != nil { + i = encodeVarintGenerated(dAtA, i, uint64(*m.RequeueAfterSeconds)) + i-- + dAtA[i] = 0x18 + } + { + size, err := m.Input.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.ConfigMapRef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *PluginInput) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PluginInput) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PluginInput) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Parameters) > 0 { + keysForParameters := make([]string, 0, len(m.Parameters)) + for k := range m.Parameters { + keysForParameters = append(keysForParameters, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForParameters) + for iNdEx := len(keysForParameters) - 1; iNdEx >= 0; iNdEx-- { + v := m.Parameters[string(keysForParameters[iNdEx])] + baseI := i + { + size, err := (&v).MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + i -= len(keysForParameters[iNdEx]) + copy(dAtA[i:], keysForParameters[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForParameters[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *ProjectRole) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ProjectRole) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ProjectRole) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Groups) > 0 { + for iNdEx := len(m.Groups) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Groups[iNdEx]) + copy(dAtA[i:], m.Groups[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Groups[iNdEx]))) + i-- + dAtA[i] = 0x2a + } + } + if len(m.JWTTokens) > 0 { + for iNdEx := len(m.JWTTokens) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.JWTTokens[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + } + if len(m.Policies) > 0 { + for iNdEx := len(m.Policies) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Policies[iNdEx]) + copy(dAtA[i:], m.Policies[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Policies[iNdEx]))) + i-- + dAtA[i] = 0x1a + } + } + i -= len(m.Description) + copy(dAtA[i:], m.Description) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Description))) + i-- + dAtA[i] = 0x12 + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *PullRequestGenerator) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PullRequestGenerator) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PullRequestGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.Template.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a if m.RequeueAfterSeconds != nil { i = encodeVarintGenerated(dAtA, i, uint64(*m.RequeueAfterSeconds)) i-- @@ -13517,6 +13815,10 @@ func (m *ApplicationSetGenerator) Size() (n int) { l = m.Selector.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.Plugin != nil { + l = m.Plugin.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -13579,6 +13881,10 @@ func (m *ApplicationSetNestedGenerator) Size() (n int) { l = m.Selector.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.Plugin != nil { + l = m.Plugin.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -13776,6 +14082,10 @@ func (m *ApplicationSetTerminalGenerator) Size() (n int) { l = m.PullRequest.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.Plugin != nil { + l = m.Plugin.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -15079,6 +15389,61 @@ func (m *OverrideIgnoreDiff) Size() (n int) { return n } +func (m *PluginConfigMapRef) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *PluginGenerator) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ConfigMapRef.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Input.Size() + n += 1 + l + sovGenerated(uint64(l)) + if m.RequeueAfterSeconds != nil { + n += 1 + sovGenerated(uint64(*m.RequeueAfterSeconds)) + } + l = m.Template.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Values) > 0 { + for k, v := range m.Values { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } + return n +} + +func (m *PluginInput) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Parameters) > 0 { + for k, v := range m.Parameters { + _ = k + _ = v + l = v.Size() + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + l + sovGenerated(uint64(l)) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } + return n +} + func (m *ProjectRole) Size() (n int) { if m == nil { return 0 @@ -16586,6 +16951,7 @@ func (this *ApplicationSetGenerator) String() string { `Matrix:` + strings.Replace(this.Matrix.String(), "MatrixGenerator", "MatrixGenerator", 1) + `,`, `Merge:` + strings.Replace(this.Merge.String(), "MergeGenerator", "MergeGenerator", 1) + `,`, `Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LabelSelector", "v1.LabelSelector", 1) + `,`, + `Plugin:` + strings.Replace(this.Plugin.String(), "PluginGenerator", "PluginGenerator", 1) + `,`, `}`, }, "") return s @@ -16620,6 +16986,7 @@ func (this *ApplicationSetNestedGenerator) String() string { `Matrix:` + strings.Replace(fmt.Sprintf("%v", this.Matrix), "JSON", "v11.JSON", 1) + `,`, `Merge:` + strings.Replace(fmt.Sprintf("%v", this.Merge), "JSON", "v11.JSON", 1) + `,`, `Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LabelSelector", "v1.LabelSelector", 1) + `,`, + `Plugin:` + strings.Replace(this.Plugin.String(), "PluginGenerator", "PluginGenerator", 1) + `,`, `}`, }, "") return s @@ -16774,6 +17141,7 @@ func (this *ApplicationSetTerminalGenerator) String() string { `SCMProvider:` + strings.Replace(this.SCMProvider.String(), "SCMProviderGenerator", "SCMProviderGenerator", 1) + `,`, `ClusterDecisionResource:` + strings.Replace(this.ClusterDecisionResource.String(), "DuckTypeGenerator", "DuckTypeGenerator", 1) + `,`, `PullRequest:` + strings.Replace(this.PullRequest.String(), "PullRequestGenerator", "PullRequestGenerator", 1) + `,`, + `Plugin:` + strings.Replace(this.Plugin.String(), "PluginGenerator", "PluginGenerator", 1) + `,`, `}`, }, "") return s @@ -17822,47 +18190,101 @@ func (this *OverrideIgnoreDiff) String() string { }, "") return s } -func (this *ProjectRole) String() string { +func (this *PluginConfigMapRef) String() string { if this == nil { return "nil" } - repeatedStringForJWTTokens := "[]JWTToken{" - for _, f := range this.JWTTokens { - repeatedStringForJWTTokens += strings.Replace(strings.Replace(f.String(), "JWTToken", "JWTToken", 1), `&`, ``, 1) + "," - } - repeatedStringForJWTTokens += "}" - s := strings.Join([]string{`&ProjectRole{`, + s := strings.Join([]string{`&PluginConfigMapRef{`, `Name:` + fmt.Sprintf("%v", this.Name) + `,`, - `Description:` + fmt.Sprintf("%v", this.Description) + `,`, - `Policies:` + fmt.Sprintf("%v", this.Policies) + `,`, - `JWTTokens:` + repeatedStringForJWTTokens + `,`, - `Groups:` + fmt.Sprintf("%v", this.Groups) + `,`, `}`, }, "") return s } -func (this *PullRequestGenerator) String() string { +func (this *PluginGenerator) String() string { if this == nil { return "nil" } - repeatedStringForFilters := "[]PullRequestGeneratorFilter{" - for _, f := range this.Filters { - repeatedStringForFilters += strings.Replace(strings.Replace(f.String(), "PullRequestGeneratorFilter", "PullRequestGeneratorFilter", 1), `&`, ``, 1) + "," + keysForValues := make([]string, 0, len(this.Values)) + for k := range this.Values { + keysForValues = append(keysForValues, k) } - repeatedStringForFilters += "}" - s := strings.Join([]string{`&PullRequestGenerator{`, - `Github:` + strings.Replace(this.Github.String(), "PullRequestGeneratorGithub", "PullRequestGeneratorGithub", 1) + `,`, - `GitLab:` + strings.Replace(this.GitLab.String(), "PullRequestGeneratorGitLab", "PullRequestGeneratorGitLab", 1) + `,`, - `Gitea:` + strings.Replace(this.Gitea.String(), "PullRequestGeneratorGitea", "PullRequestGeneratorGitea", 1) + `,`, - `BitbucketServer:` + strings.Replace(this.BitbucketServer.String(), "PullRequestGeneratorBitbucketServer", "PullRequestGeneratorBitbucketServer", 1) + `,`, - `Filters:` + repeatedStringForFilters + `,`, + github_com_gogo_protobuf_sortkeys.Strings(keysForValues) + mapStringForValues := "map[string]string{" + for _, k := range keysForValues { + mapStringForValues += fmt.Sprintf("%v: %v,", k, this.Values[k]) + } + mapStringForValues += "}" + s := strings.Join([]string{`&PluginGenerator{`, + `ConfigMapRef:` + strings.Replace(strings.Replace(this.ConfigMapRef.String(), "PluginConfigMapRef", "PluginConfigMapRef", 1), `&`, ``, 1) + `,`, + `Input:` + strings.Replace(strings.Replace(this.Input.String(), "PluginInput", "PluginInput", 1), `&`, ``, 1) + `,`, `RequeueAfterSeconds:` + valueToStringGenerated(this.RequeueAfterSeconds) + `,`, `Template:` + strings.Replace(strings.Replace(this.Template.String(), "ApplicationSetTemplate", "ApplicationSetTemplate", 1), `&`, ``, 1) + `,`, + `Values:` + mapStringForValues + `,`, `}`, }, "") return s } -func (this *PullRequestGeneratorBitbucketServer) String() string { +func (this *PluginInput) String() string { + if this == nil { + return "nil" + } + keysForParameters := make([]string, 0, len(this.Parameters)) + for k := range this.Parameters { + keysForParameters = append(keysForParameters, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForParameters) + mapStringForParameters := "PluginParameters{" + for _, k := range keysForParameters { + mapStringForParameters += fmt.Sprintf("%v: %v,", k, this.Parameters[k]) + } + mapStringForParameters += "}" + s := strings.Join([]string{`&PluginInput{`, + `Parameters:` + mapStringForParameters + `,`, + `}`, + }, "") + return s +} +func (this *ProjectRole) String() string { + if this == nil { + return "nil" + } + repeatedStringForJWTTokens := "[]JWTToken{" + for _, f := range this.JWTTokens { + repeatedStringForJWTTokens += strings.Replace(strings.Replace(f.String(), "JWTToken", "JWTToken", 1), `&`, ``, 1) + "," + } + repeatedStringForJWTTokens += "}" + s := strings.Join([]string{`&ProjectRole{`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `Description:` + fmt.Sprintf("%v", this.Description) + `,`, + `Policies:` + fmt.Sprintf("%v", this.Policies) + `,`, + `JWTTokens:` + repeatedStringForJWTTokens + `,`, + `Groups:` + fmt.Sprintf("%v", this.Groups) + `,`, + `}`, + }, "") + return s +} +func (this *PullRequestGenerator) String() string { + if this == nil { + return "nil" + } + repeatedStringForFilters := "[]PullRequestGeneratorFilter{" + for _, f := range this.Filters { + repeatedStringForFilters += strings.Replace(strings.Replace(f.String(), "PullRequestGeneratorFilter", "PullRequestGeneratorFilter", 1), `&`, ``, 1) + "," + } + repeatedStringForFilters += "}" + s := strings.Join([]string{`&PullRequestGenerator{`, + `Github:` + strings.Replace(this.Github.String(), "PullRequestGeneratorGithub", "PullRequestGeneratorGithub", 1) + `,`, + `GitLab:` + strings.Replace(this.GitLab.String(), "PullRequestGeneratorGitLab", "PullRequestGeneratorGitLab", 1) + `,`, + `Gitea:` + strings.Replace(this.Gitea.String(), "PullRequestGeneratorGitea", "PullRequestGeneratorGitea", 1) + `,`, + `BitbucketServer:` + strings.Replace(this.BitbucketServer.String(), "PullRequestGeneratorBitbucketServer", "PullRequestGeneratorBitbucketServer", 1) + `,`, + `Filters:` + repeatedStringForFilters + `,`, + `RequeueAfterSeconds:` + valueToStringGenerated(this.RequeueAfterSeconds) + `,`, + `Template:` + strings.Replace(strings.Replace(this.Template.String(), "ApplicationSetTemplate", "ApplicationSetTemplate", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} +func (this *PullRequestGeneratorBitbucketServer) String() string { if this == nil { return "nil" } @@ -21487,6 +21909,42 @@ func (m *ApplicationSetGenerator) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Plugin", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Plugin == nil { + m.Plugin = &PluginGenerator{} + } + if err := m.Plugin.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -21978,6 +22436,42 @@ func (m *ApplicationSetNestedGenerator) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Plugin", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Plugin == nil { + m.Plugin = &PluginGenerator{} + } + if err := m.Plugin.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -23547,6 +24041,42 @@ func (m *ApplicationSetTerminalGenerator) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Plugin", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Plugin == nil { + m.Plugin = &PluginGenerator{} + } + if err := m.Plugin.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -34777,6 +35307,563 @@ func (m *OverrideIgnoreDiff) Unmarshal(dAtA []byte) error { } return nil } +func (m *PluginConfigMapRef) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PluginConfigMapRef: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PluginConfigMapRef: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PluginGenerator) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PluginGenerator: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PluginGenerator: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConfigMapRef", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ConfigMapRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Input", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Input.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RequeueAfterSeconds", wireType) + } + var v int64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.RequeueAfterSeconds = &v + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Template", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Template.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Values", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Values == nil { + m.Values = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Values[mapkey] = mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PluginInput) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PluginInput: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PluginInput: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Parameters == nil { + m.Parameters = make(PluginParameters) + } + var mapkey string + mapvalue := &v11.JSON{} + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var mapmsglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + mapmsglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if mapmsglen < 0 { + return ErrInvalidLengthGenerated + } + postmsgIndex := iNdEx + mapmsglen + if postmsgIndex < 0 { + return ErrInvalidLengthGenerated + } + if postmsgIndex > l { + return io.ErrUnexpectedEOF + } + mapvalue = &v11.JSON{} + if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil { + return err + } + iNdEx = postmsgIndex + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Parameters[mapkey] = *mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *ProjectRole) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 6f29b2b4393e7..17802a88d2ddc 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -231,6 +231,8 @@ message ApplicationSetGenerator { // Selector allows to post-filter all generator. optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9; + + optional PluginGenerator plugin = 10; } // ApplicationSetList contains a list of ApplicationSet @@ -265,6 +267,8 @@ message ApplicationSetNestedGenerator { // Selector allows to post-filter all generator. optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9; + + optional PluginGenerator plugin = 10; } message ApplicationSetRolloutStep { @@ -354,6 +358,8 @@ message ApplicationSetTerminalGenerator { optional DuckTypeGenerator clusterDecisionResource = 5; optional PullRequestGenerator pullRequest = 6; + + optional PluginGenerator plugin = 7; } // ApplicationSource contains all required information about the source of an application @@ -1196,6 +1202,33 @@ message OverrideIgnoreDiff { repeated string managedFieldsManagers = 3; } +message PluginConfigMapRef { + // Name of the ConfigMap + optional string name = 1; +} + +// PluginGenerator defines connection info specific to Plugin. +message PluginGenerator { + optional PluginConfigMapRef configMapRef = 1; + + optional PluginInput input = 2; + + // RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again. + optional int64 requeueAfterSeconds = 3; + + optional ApplicationSetTemplate template = 4; + + // Values contains key/value pairs which are passed directly as parameters to the template. These values will not be + // sent as parameters to the plugin. + map values = 5; +} + +message PluginInput { + // Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the + // values can be any type. + map parameters = 1; +} + // ProjectRole represents a role that has access to a project message ProjectRole { // Name is a name for this role diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index 0001735fb5e54..d2254caf0214d 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -102,6 +102,9 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OrphanedResourceKey": schema_pkg_apis_application_v1alpha1_OrphanedResourceKey(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OrphanedResourcesMonitorSettings": schema_pkg_apis_application_v1alpha1_OrphanedResourcesMonitorSettings(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OverrideIgnoreDiff": schema_pkg_apis_application_v1alpha1_OverrideIgnoreDiff(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginConfigMapRef": schema_pkg_apis_application_v1alpha1_PluginConfigMapRef(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator": schema_pkg_apis_application_v1alpha1_PluginGenerator(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginInput": schema_pkg_apis_application_v1alpha1_PluginInput(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ProjectRole": schema_pkg_apis_application_v1alpha1_ProjectRole(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator": schema_pkg_apis_application_v1alpha1_PullRequestGenerator(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGeneratorBitbucketServer": schema_pkg_apis_application_v1alpha1_PullRequestGeneratorBitbucketServer(ref), @@ -936,11 +939,16 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetGenerator(ref common.Ref Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, + "plugin": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.MatrixGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.MergeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.MatrixGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.MergeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -1048,11 +1056,16 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetNestedGenerator(ref comm Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, + "plugin": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -1407,11 +1420,16 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetTerminalGenerator(ref co Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator"), }, }, + "plugin": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ClusterGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.GitGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ListGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PullRequestGenerator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGenerator"}, } } @@ -4279,6 +4297,113 @@ func schema_pkg_apis_application_v1alpha1_OverrideIgnoreDiff(ref common.Referenc } } +func schema_pkg_apis_application_v1alpha1_PluginConfigMapRef(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "Name of the ConfigMap", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name"}, + }, + }, + } +} + +func schema_pkg_apis_application_v1alpha1_PluginGenerator(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PluginGenerator defines connection info specific to Plugin.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "configMapRef": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginConfigMapRef"), + }, + }, + "input": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginInput"), + }, + }, + "requeueAfterSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "template": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate"), + }, + }, + "values": { + SchemaProps: spec.SchemaProps{ + Description: "Values contains key/value pairs which are passed directly as parameters to the template. These values will not be sent as parameters to the plugin.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"configMapRef"}, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginConfigMapRef", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.PluginInput"}, + } +} + +func schema_pkg_apis_application_v1alpha1_PluginInput(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "parameters": { + SchemaProps: spec.SchemaProps{ + Description: "Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the values can be any type.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"}, + } +} + func schema_pkg_apis_application_v1alpha1_ProjectRole(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 34b7bf06cb783..4d7438d6d2677 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -452,6 +452,11 @@ func (in *ApplicationSetGenerator) DeepCopyInto(out *ApplicationSetGenerator) { *out = new(v1.LabelSelector) (*in).DeepCopyInto(*out) } + if in.Plugin != nil { + in, out := &in.Plugin, &out.Plugin + *out = new(PluginGenerator) + (*in).DeepCopyInto(*out) + } return } @@ -546,6 +551,11 @@ func (in *ApplicationSetNestedGenerator) DeepCopyInto(out *ApplicationSetNestedG *out = new(v1.LabelSelector) (*in).DeepCopyInto(*out) } + if in.Plugin != nil { + in, out := &in.Plugin, &out.Plugin + *out = new(PluginGenerator) + (*in).DeepCopyInto(*out) + } return } @@ -829,6 +839,11 @@ func (in *ApplicationSetTerminalGenerator) DeepCopyInto(out *ApplicationSetTermi *out = new(PullRequestGenerator) (*in).DeepCopyInto(*out) } + if in.Plugin != nil { + in, out := &in.Plugin, &out.Plugin + *out = new(PluginGenerator) + (*in).DeepCopyInto(*out) + } return } @@ -2497,6 +2512,98 @@ func (in *OverrideIgnoreDiff) DeepCopy() *OverrideIgnoreDiff { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PluginConfigMapRef) DeepCopyInto(out *PluginConfigMapRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginConfigMapRef. +func (in *PluginConfigMapRef) DeepCopy() *PluginConfigMapRef { + if in == nil { + return nil + } + out := new(PluginConfigMapRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PluginGenerator) DeepCopyInto(out *PluginGenerator) { + *out = *in + out.ConfigMapRef = in.ConfigMapRef + in.Input.DeepCopyInto(&out.Input) + if in.RequeueAfterSeconds != nil { + in, out := &in.RequeueAfterSeconds, &out.RequeueAfterSeconds + *out = new(int64) + **out = **in + } + in.Template.DeepCopyInto(&out.Template) + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginGenerator. +func (in *PluginGenerator) DeepCopy() *PluginGenerator { + if in == nil { + return nil + } + out := new(PluginGenerator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PluginInput) DeepCopyInto(out *PluginInput) { + *out = *in + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = make(PluginParameters, len(*in)) + for key, val := range *in { + (*out)[key] = *val.DeepCopy() + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginInput. +func (in *PluginInput) DeepCopy() *PluginInput { + if in == nil { + return nil + } + out := new(PluginInput) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in PluginParameters) DeepCopyInto(out *PluginParameters) { + { + in := &in + *out = make(PluginParameters, len(*in)) + for key, val := range *in { + (*out)[key] = *val.DeepCopy() + } + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginParameters. +func (in PluginParameters) DeepCopy() PluginParameters { + if in == nil { + return nil + } + out := new(PluginParameters) + in.DeepCopyInto(out) + return *out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ProjectRole) DeepCopyInto(out *ProjectRole) { *out = *in diff --git a/util/settings/settings.go b/util/settings/settings.go index 54d076ea4a3de..f884a3a4906f3 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -2001,7 +2001,7 @@ func ReplaceMapSecrets(obj map[string]interface{}, secretValues map[string]strin case []interface{}: newObj[k] = replaceListSecrets(val, secretValues) case string: - newObj[k] = replaceStringSecret(val, secretValues) + newObj[k] = ReplaceStringSecret(val, secretValues) default: newObj[k] = val } @@ -2018,7 +2018,7 @@ func replaceListSecrets(obj []interface{}, secretValues map[string]string) []int case []interface{}: newObj[i] = replaceListSecrets(val, secretValues) case string: - newObj[i] = replaceStringSecret(val, secretValues) + newObj[i] = ReplaceStringSecret(val, secretValues) default: newObj[i] = val } @@ -2026,8 +2026,8 @@ func replaceListSecrets(obj []interface{}, secretValues map[string]string) []int return newObj } -// replaceStringSecret checks if given string is a secret key reference ( starts with $ ) and returns corresponding value from provided map -func replaceStringSecret(val string, secretValues map[string]string) string { +// ReplaceStringSecret checks if given string is a secret key reference ( starts with $ ) and returns corresponding value from provided map +func ReplaceStringSecret(val string, secretValues map[string]string) string { if val == "" || !strings.HasPrefix(val, "$") { return val } diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go index d4adf580434da..afb6cb4891415 100644 --- a/util/settings/settings_test.go +++ b/util/settings/settings_test.go @@ -1446,3 +1446,18 @@ allowedAudiences: ["aud1", "aud2"]`}, }) } } + +func TestReplaceStringSecret(t *testing.T) { + secretValues := map[string]string{"my-secret-key": "my-secret-value"} + result := ReplaceStringSecret("$my-secret-key", secretValues) + assert.Equal(t, "my-secret-value", result) + + result = ReplaceStringSecret("$invalid-secret-key", secretValues) + assert.Equal(t, "$invalid-secret-key", result) + + result = ReplaceStringSecret("", secretValues) + assert.Equal(t, "", result) + + result = ReplaceStringSecret("my-value", secretValues) + assert.Equal(t, "my-value", result) +} From d7cc8da4dec3aa0c5e129fbf2ad34bed39976947 Mon Sep 17 00:00:00 2001 From: Abirdcfly Date: Fri, 2 Jun 2023 21:32:35 +0800 Subject: [PATCH 095/252] chore: remove unused variables in GenerateManifests (#13887) Signed-off-by: Abirdcfly --- reposerver/repository/repository.go | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index b2d8b2b145289..0937ff10d3667 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -1317,7 +1317,6 @@ func WithCMPTarExcludedGlobs(excludedGlobs []string) GenerateManifestOpt { func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, q *apiclient.ManifestRequest, isLocal bool, gitCredsStore git.CredsStore, maxCombinedManifestQuantity resource.Quantity, gitRepoPaths io.TempPaths, opts ...GenerateManifestOpt) (*apiclient.ManifestResponse, error) { opt := newGenerateManifestOpt(opts...) var targetObjs []*unstructured.Unstructured - var dest *v1alpha1.ApplicationDestination resourceTracking := argo.NewResourceTracking() @@ -1417,15 +1416,10 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, } } - res := apiclient.ManifestResponse{ + return &apiclient.ManifestResponse{ Manifests: manifests, SourceType: string(appSourceType), - } - if dest != nil { - res.Namespace = dest.Namespace - res.Server = dest.Server - } - return &res, nil + }, nil } func newEnv(q *apiclient.ManifestRequest, revision string) *v1alpha1.Env { From f8d0d5970f2b4030b8d727d99068b0510592a631 Mon Sep 17 00:00:00 2001 From: Geoffrey MUSELLI Date: Fri, 2 Jun 2023 09:36:52 -0400 Subject: [PATCH 096/252] fix(ui): Fix Link warnings (#13694) (#13854) Signed-off-by: Geoffrey Muselli --- .../components/application-summary/application-summary.tsx | 2 +- ui/src/app/shared/services/applications-service.ts | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx index 36328660724dc..9072f650f5026 100644 --- a/ui/src/app/applications/components/application-summary/application-summary.tsx +++ b/ui/src/app/applications/components/application-summary/application-summary.tsx @@ -319,7 +319,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => { { title: 'LINKS', view: ( - services.applications.getLinks(app.metadata.name)} input={app} key='appLinks'> + services.applications.getLinks(app.metadata.name, app.metadata.namespace)} input={app} key='appLinks'> {(links: models.LinksResponse) => } ) diff --git a/ui/src/app/shared/services/applications-service.ts b/ui/src/app/shared/services/applications-service.ts index a62aea13fccdf..398e828d11550 100644 --- a/ui/src/app/shared/services/applications-service.ts +++ b/ui/src/app/shared/services/applications-service.ts @@ -404,9 +404,10 @@ export class ApplicationsService { .then(() => true); } - public getLinks(applicationName: string): Promise { + public getLinks(applicationName: string, namespace: string): Promise { return requests .get(`/applications/${applicationName}/links`) + .query({namespace}) .send() .then(res => res.body as models.LinksResponse); } From e9e4f50c1af57387b967582766a23c4ee79e097f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Jun 2023 09:54:07 -0400 Subject: [PATCH 097/252] chore(deps): bump github.com/xanzy/go-gitlab from 0.83.0 to 0.84.0 (#13884) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.83.0 to 0.84.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e8734aea8dcaf..ca8117bd97fdb 100644 --- a/go.mod +++ b/go.mod @@ -69,7 +69,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 github.com/whilp/git-urls v1.0.0 - github.com/xanzy/go-gitlab v0.83.0 + github.com/xanzy/go-gitlab v0.84.0 github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 go.opentelemetry.io/otel v1.16.0 diff --git a/go.sum b/go.sum index ddbd014444838..139414071b898 100644 --- a/go.sum +++ b/go.sum @@ -1018,8 +1018,8 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= -github.com/xanzy/go-gitlab v0.83.0 h1:37p0MpTPNbsTMKX/JnmJtY8Ch1sFiJzVF342+RvZEGw= -github.com/xanzy/go-gitlab v0.83.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.84.0 h1:PdpCaskQSgcVDsx21c6ikf8Rfyo7SNtFAJwP9PrbCFE= +github.com/xanzy/go-gitlab v0.84.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= From cdfbe6046b4f9d453f679d0b19724659a1507621 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Jun 2023 09:54:32 -0400 Subject: [PATCH 098/252] chore(deps): bump github.com/imdario/mergo from 0.3.13 to 0.3.16 (#13883) Bumps [github.com/imdario/mergo](https://github.com/imdario/mergo) from 0.3.13 to 0.3.16. - [Release notes](https://github.com/imdario/mergo/releases) - [Commits](https://github.com/imdario/mergo/compare/v0.3.13...v0.3.16) --- updated-dependencies: - dependency-name: github.com/imdario/mergo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index ca8117bd97fdb..a47674f0325c0 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,7 @@ require ( github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/grpc-ecosystem/grpc-gateway v1.16.0 github.com/hashicorp/go-retryablehttp v0.7.2 - github.com/imdario/mergo v0.3.13 + github.com/imdario/mergo v0.3.16 github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a github.com/itchyny/gojq v0.12.12 github.com/jeremywohl/flatten v1.0.1 diff --git a/go.sum b/go.sum index 139414071b898..4382e40cb3cd4 100644 --- a/go.sum +++ b/go.sum @@ -603,8 +603,9 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a h1:RweVA0vnEyStwtAelyGmnU8ENDnwd1Q7pQr7U3J/rXo= github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a/go.mod h1:6hRR09jOEG81ADP5wCQju1z71g6OL4eEvELdran/3cs= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= From fd5f3c4cc2448a77a98783dc111ac59c1fd17ecf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Jun 2023 09:55:16 -0400 Subject: [PATCH 099/252] chore(deps): bump oras.land/oras-go/v2 from 2.1.0 to 2.2.0 (#13881) Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](https://github.com/oras-project/oras-go/compare/v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: oras.land/oras-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a47674f0325c0..29b75f911d7b4 100644 --- a/go.mod +++ b/go.mod @@ -97,7 +97,7 @@ require ( k8s.io/kubectl v0.24.2 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 - oras.land/oras-go/v2 v2.1.0 + oras.land/oras-go/v2 v2.2.0 sigs.k8s.io/controller-runtime v0.11.0 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 sigs.k8s.io/yaml v1.3.0 diff --git a/go.sum b/go.sum index 4382e40cb3cd4..a816aafd306b7 100644 --- a/go.sum +++ b/go.sum @@ -1759,8 +1759,8 @@ modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -oras.land/oras-go/v2 v2.1.0 h1:1nS8BIeEP6CBVQifwxrsth2bkuD+cYfjp7Hf7smUcS8= -oras.land/oras-go/v2 v2.1.0/go.mod h1:v5ZSAPIMEJYnZjZ6rTGPAyaonH+rCFmbE95IAzCTeGU= +oras.land/oras-go/v2 v2.2.0 h1:E1fqITD56Eg5neZbxBtAdZVgDHD6wBabJo6xESTcQyo= +oras.land/oras-go/v2 v2.2.0/go.mod h1:pXjn0+KfarspMHHNR3A56j3tgvr+mxArHuI8qVn59v8= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= From c8e44ed080bc208feb6b8fc1e5e73b57e53900ba Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Fri, 2 Jun 2023 12:14:43 -0600 Subject: [PATCH 100/252] docs: document matchExpressions field for post-selectors (#13646) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .../applicationset/Generators-Post-Selector.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/docs/operator-manual/applicationset/Generators-Post-Selector.md b/docs/operator-manual/applicationset/Generators-Post-Selector.md index 20f367ada7a1f..d8570859084ff 100644 --- a/docs/operator-manual/applicationset/Generators-Post-Selector.md +++ b/docs/operator-manual/applicationset/Generators-Post-Selector.md @@ -36,8 +36,24 @@ spec: ``` The List generator + Post Selector generates a single set of parameters: + ```yaml - cluster: engineering-dev url: https://kubernetes.default.svc env: staging -``` \ No newline at end of file +``` + +It is also possible to use `matchExpressions` for more powerful selectors. + +```yaml +spec: + generators: + - clusters: {} + selector: + matchExpressions: + - key: server + operator: In + values: + - https://kubernetes.default.svc + - https://some-other-cluster +``` From 15482be82bbdc1e11e1a89389976b586e71338fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Jun 2023 20:02:55 +0000 Subject: [PATCH 101/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.272 to 1.44.274 (#13880) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.272 to 1.44.274. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.272...v1.44.274) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 29b75f911d7b4..7d159279c997d 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.272 + github.com/aws/aws-sdk-go v1.44.274 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 diff --git a/go.sum b/go.sum index a816aafd306b7..b107ce30e89ed 100644 --- a/go.sum +++ b/go.sum @@ -140,8 +140,8 @@ github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.272 h1:cP7BaZCz1a4P80vOxi8OVma8ZcxZNDYyuyU5/bojU+Y= -github.com/aws/aws-sdk-go v1.44.272/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.274 h1:vfreSv19e/9Ka9YytOzgzJasrRZfX7dnttLlbh8NKeA= +github.com/aws/aws-sdk-go v1.44.274/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From 26d5ad6f00890c14ab7d09c1852ff1505da8ac10 Mon Sep 17 00:00:00 2001 From: Blake Pettersson Date: Sat, 3 Jun 2023 19:35:38 +0200 Subject: [PATCH 102/252] chore: bump argo-ui version (#13836) * fix: update deps We need to add `@types/uuid` as a dev dependency, and we also need to update `argo-ui`, since it was pulling in a newer version of `react-toastify`. My fork pins it to `9.0.8`. Signed-off-by: Blake Pettersson * build: regenerate lockfile Signed-off-by: Blake Pettersson * chore: bump argo-ui version Bump the argo-ui version to get the version which corresponds with the latest `master`, containing argoproj/argo-ui#379. Signed-off-by: Blake Pettersson --------- Signed-off-by: Blake Pettersson --- ui/package.json | 1 + ui/yarn.lock | 66 +++++++++++++++++++++++++++---------------------- 2 files changed, 37 insertions(+), 30 deletions(-) diff --git a/ui/package.json b/ui/package.json index eb34e42420367..7574954ea2edc 100644 --- a/ui/package.json +++ b/ui/package.json @@ -89,6 +89,7 @@ "@types/react-router": "^4.0.27", "@types/react-router-dom": "^4.2.3", "@types/react-test-renderer": "^16.8.3", + "@types/uuid": "^9.0.1", "add": "^2.0.6", "babel-jest": "^26.6.3", "babel-loader": "^8.0.6", diff --git a/ui/yarn.lock b/ui/yarn.lock index e34744e800545..eec815da77f34 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -1157,12 +1157,7 @@ resolved "https://registry.yarnpkg.com/@exodus/schemasafe/-/schemasafe-1.0.0-rc.3.tgz#dda2fbf3dafa5ad8c63dadff7e01d3fdf4736025" integrity sha512-GoXw0U2Qaa33m3eUcxuHnHpNvHjNlLo0gtV091XBpaRINaB4X6FGCG5XKxSFNFiPpugUDqNruHzaqpTdDm4AOg== -"@fortawesome/fontawesome-free@^6.1.1": - version "6.2.0" - resolved "https://registry.yarnpkg.com/@fortawesome/fontawesome-free/-/fontawesome-free-6.2.0.tgz#ba3510825b332816fe7190f28827f8cb33a298b5" - integrity sha512-CNR7qRIfCwWHNN7FnKUniva94edPdyQzil/zCwk3v6k4R6rR2Fr8i4s3PM7n/lyfPA6Zfko9z5WDzFxG9SW1uQ== - -"@fortawesome/fontawesome-free@^6.4.0": +"@fortawesome/fontawesome-free@^6.2.1", "@fortawesome/fontawesome-free@^6.4.0": version "6.4.0" resolved "https://registry.yarnpkg.com/@fortawesome/fontawesome-free/-/fontawesome-free-6.4.0.tgz#1ee0c174e472c84b23cb46c995154dc383e3b4fe" integrity sha512-0NyytTlPJwB/BF5LtRV8rrABDbe3TdTXqNB3PdZ+UUUZAEIrdOJdmABqKjt4AXwIoJNaRVVZEXxpNrqvE1GAYQ== @@ -1561,13 +1556,13 @@ dependencies: "@sinonjs/commons" "^1.7.0" -"@tippy.js/react@^2.2.3": - version "2.2.3" - resolved "https://registry.yarnpkg.com/@tippy.js/react/-/react-2.2.3.tgz#2ffb0af6693055be7db4b329b2d3cc7f2356f68e" - integrity sha512-5XYvbQujzDj9r00JYEz/cBtm6DutjOdv2azdco53B+eWF7FDBCQfkLVn87wimfEpmGK0vqRQv/cwFxFcoOP98Q== +"@tippy.js/react@^3.1.1": + version "3.1.1" + resolved "https://registry.yarnpkg.com/@tippy.js/react/-/react-3.1.1.tgz#027e4595e55f31430741fe8e0d92aaddfbe47efd" + integrity sha512-KF45vW/jKh/nBXk/2zzTFslv/T46zOMkIoDJ56ymZ+M00yHttk58J5wZ29oqGqDIUnobWSZD+cFpbR4u/UUvgw== dependencies: prop-types "^15.6.2" - tippy.js "^4.3.4" + tippy.js "^5.1.1" "@tootallnate/once@1": version "1.1.2" @@ -1999,6 +1994,11 @@ "@types/cookiejar" "*" "@types/node" "*" +"@types/uuid@^9.0.1": + version "9.0.1" + resolved "https://registry.yarnpkg.com/@types/uuid/-/uuid-9.0.1.tgz#98586dc36aee8dacc98cc396dbca8d0429647aa6" + integrity sha512-rFT3ak0/2trgvp4yYZo5iKFEPsET7vKydKF+VRCxlQ9bpheehyAJH89dAkaLEq/j/RZXJIqcgsmPJKUP1Z28HA== + "@types/ws@^8.2.2": version "8.5.3" resolved "https://registry.yarnpkg.com/@types/ws/-/ws-8.5.3.tgz#7d25a1ffbecd3c4f2d35068d0b283c037003274d" @@ -2442,25 +2442,26 @@ arg@^4.1.0: "argo-ui@git+https://github.com/argoproj/argo-ui.git": version "1.0.0" - resolved "git+https://github.com/argoproj/argo-ui.git#6107e270e7090cf9af37bf43d017dbd17d3d9130" + resolved "git+https://github.com/argoproj/argo-ui.git#25663b03b4b7c0c7e49eb06c65a2beae927a54df" dependencies: - "@fortawesome/fontawesome-free" "^6.1.1" - "@tippy.js/react" "^2.2.3" + "@fortawesome/fontawesome-free" "^6.2.1" + "@tippy.js/react" "^3.1.1" antd "^4.21.3" classnames "^2.2.6" - core-js "^3.22.0" + core-js "^3.30.2" foundation-sites "^6.4.3" history "^4.10.1" - moment "^2.29.2" + moment "^2.29.4" moment-timezone "^0.5.34" prop-types "^15.8.1" react-autocomplete "1.8.1" react-form "^2.16.0" react-helmet "^6.1.0" react-router-dom "^4.2.2" - react-toastify "^9.0.8" - rxjs "^7.5.5" + react-toastify "9.0.8" + rxjs "^7.5.6" typescript "^4.8.3" + uuid "^9.0.0" xterm "^4.18.0" xterm-addon-fit "^0.5.0" @@ -3333,10 +3334,10 @@ core-js@^2.4.0: resolved "https://registry.yarnpkg.com/core-js/-/core-js-2.6.12.tgz#d9333dfa7b065e347cc5682219d6f690859cc2ec" integrity sha512-Kb2wC0fvsWfQrgk8HU5lW6U/Lcs8+9aaYcy4ZFc6DDlo4nZ7n70dEgE5rtR0oG6ufKDUnrwfWL1mXR5ljDatrQ== -core-js@^3.22.0: - version "3.25.0" - resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.25.0.tgz#be71d9e0dd648ffd70c44a7ec2319d039357eceb" - integrity sha512-CVU1xvJEfJGhyCpBrzzzU1kjCfgsGUxhEvwUV2e/cOedYWHdmluamx+knDnmhqALddMG16fZvIqvs9aijsHHaA== +core-js@^3.30.2: + version "3.30.2" + resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.30.2.tgz#6528abfda65e5ad728143ea23f7a14f0dcf503fc" + integrity sha512-uBJiDmwqsbJCWHAwjrx3cvjbMXP7xD72Dmsn5LOJpiRmE3WbBbN5rCqQ2Qh6Ek6/eOrjlWngEynBWo4VxerQhg== core-util-is@~1.0.0: version "1.0.2" @@ -7116,7 +7117,7 @@ polished@^4.1.3: dependencies: "@babel/runtime" "^7.16.7" -popper.js@^1.14.7: +popper.js@^1.16.0: version "1.16.1" resolved "https://registry.yarnpkg.com/popper.js/-/popper.js-1.16.1.tgz#2a223cb3dc7b6213d740e40372be40de43e65b1b" integrity sha512-Wb4p1J4zyFTbM+u6WuO4XstYx4Ky9Cewe4DWrel7B0w6VVICvPwdOpotjzcf6eD8TsckVnIMNONQyPIUFOUbCQ== @@ -8040,7 +8041,7 @@ react-test-renderer@16.8.3: react-is "^16.8.3" scheduler "^0.13.3" -react-toastify@^9.0.8: +react-toastify@9.0.8: version "9.0.8" resolved "https://registry.yarnpkg.com/react-toastify/-/react-toastify-9.0.8.tgz#3876c89fc6211a29027b3075010b5ec39ebe4f7e" integrity sha512-EwM+teWt49HSHx+67qI08yLAW1zAsBxCXLCsUfxHYv1W7/R3ZLhrqKalh7j+kjgPna1h5LQMSMwns4tB4ww2yQ== @@ -8384,7 +8385,7 @@ run-parallel@^1.1.9: dependencies: queue-microtask "^1.2.2" -rxjs@6.6.7, rxjs@^6.6.6, rxjs@^7.5.5: +rxjs@6.6.7, rxjs@^6.6.6, rxjs@^7.5.6: version "6.6.7" resolved "https://registry.yarnpkg.com/rxjs/-/rxjs-6.6.7.tgz#90ac018acabf491bf65044235d5863c4dab804c9" integrity sha512-hTdwr+7yYNIT5n4AMYp85KA6yw2Va0FLa3Rguvbpa4W3I5xynaBZo41cM3XM+4Q6fRMj3sBYIR1VAmZMXYJvRQ== @@ -9272,12 +9273,12 @@ tiny-warning@^1.0.0: resolved "https://registry.yarnpkg.com/tiny-warning/-/tiny-warning-1.0.3.tgz#94a30db453df4c643d0fd566060d60a875d84754" integrity sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA== -tippy.js@^4.3.4: - version "4.3.5" - resolved "https://registry.yarnpkg.com/tippy.js/-/tippy.js-4.3.5.tgz#882bff8d92f09bb0546d2826d5668c0560006f54" - integrity sha512-NDq3efte8nGK6BOJ1dDN1/WelAwfmh3UtIYXXck6+SxLzbIQNZE/cmRSnwScZ/FyiKdIcvFHvYUgqmoGx8CcyA== +tippy.js@^5.1.1: + version "5.2.1" + resolved "https://registry.yarnpkg.com/tippy.js/-/tippy.js-5.2.1.tgz#e08d7332c103a15e427124d710d881fca82365d6" + integrity sha512-66UT6JRVn3dXNCORE+0UvUK3JZqV/VhLlU6HTDm3FmrweUUFUxUGvT8tUQ7ycMp+uhuLAwQw6dBabyC+iKf/MA== dependencies: - popper.js "^1.14.7" + popper.js "^1.16.0" tmpl@1.0.x: version "1.0.5" @@ -9660,6 +9661,11 @@ uuid@^8.3.2: resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== +uuid@^9.0.0: + version "9.0.0" + resolved "https://registry.yarnpkg.com/uuid/-/uuid-9.0.0.tgz#592f550650024a38ceb0c562f2f6aa435761efb5" + integrity sha512-MXcSTerfPa4uqyzStbRoTgt5XIe3x5+42+q1sDuy3R5MDk66URdLMOZe5aPX/SQd+kuYAh0FdP/pO28IkQyTeg== + v8-compile-cache-lib@^3.0.1: version "3.0.1" resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf" From 8c0456be18f5245c720a3159c3dc96855dfcef17 Mon Sep 17 00:00:00 2001 From: dromie Date: Mon, 5 Jun 2023 00:30:16 +0200 Subject: [PATCH 103/252] fix: creds.CAPath passed helm in PullOCI (#13726) (#13871) Signed-off-by: Nandor Galambosi --- util/helm/cmd.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/util/helm/cmd.go b/util/helm/cmd.go index d4904dadb6fbf..0ee376538096f 100644 --- a/util/helm/cmd.go +++ b/util/helm/cmd.go @@ -233,6 +233,9 @@ func (c *Cmd) PullOCI(repo string, chart string, version string, destination str version, "--destination", destination} + if creds.CAPath != "" { + args = append(args, "--ca-file", creds.CAPath) + } if creds.InsecureSkipVerify && c.insecureSkipVerifySupported { args = append(args, "--insecure-skip-tls-verify") } From 1d87c77b400e33ed0d12d839b0ee632c8f4dfd5a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Jun 2023 09:10:43 -0400 Subject: [PATCH 104/252] chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#13899) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 35 ++++++++++------------------------- 2 files changed, 14 insertions(+), 29 deletions(-) diff --git a/go.mod b/go.mod index 7d159279c997d..e61163a4baf64 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/evanphx/json-patch v5.6.0+incompatible github.com/fsnotify/fsnotify v1.6.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e - github.com/go-git/go-git/v5 v5.6.1 + github.com/go-git/go-git/v5 v5.7.0 github.com/go-logr/logr v1.2.4 github.com/go-openapi/loads v0.21.2 github.com/go-openapi/runtime v0.26.0 @@ -117,7 +117,7 @@ require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Microsoft/go-winio v0.5.2 // indirect github.com/PagerDuty/go-pagerduty v1.6.0 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect @@ -140,7 +140,7 @@ require ( github.com/fvbommel/sortorder v1.0.1 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.0.1 // indirect - github.com/go-git/gcfg v1.5.0 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -209,7 +209,7 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect - github.com/skeema/knownhosts v1.1.0 // indirect + github.com/skeema/knownhosts v1.1.1 // indirect github.com/slack-go/slack v0.12.1 // indirect github.com/spf13/cast v1.4.1 // indirect github.com/stretchr/objx v0.5.0 // indirect diff --git a/go.sum b/go.sum index b107ce30e89ed..2eb2f7e8ac19e 100644 --- a/go.sum +++ b/go.sum @@ -93,8 +93,9 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PagerDuty/go-pagerduty v1.6.0 h1:am81SzvG5Pw+s3JZ5yEy6kGvsXXklTNRrGr3d8WKpsU= github.com/PagerDuty/go-pagerduty v1.6.0/go.mod h1:7eaBLzsDpK7VUvU0SJ5mohczQkoWrrr5CjDaw5gh1as= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= +github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 h1:ZK3C5DtzV2nVAQTx5S5jQvMeDqWtD1By5mOoyY/xJek= +github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 h1:prBTRx78AQnXzivNT9Crhu564W/zPPr3ibSlpT9xKcE= @@ -114,7 +115,6 @@ github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGn github.com/alicebob/miniredis/v2 v2.23.1 h1:jR6wZggBxwWygeXcdNyguCOCIjPsZyNUNlAkTx2fu0U= github.com/alicebob/miniredis/v2 v2.23.1/go.mod h1:84TWKZlxYkfgMucPBf5SOQBYJceZeQRFIaQgNMiCX6Q= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/antonmedv/expr v1.12.5 h1:Fq4okale9swwL3OeLLs9WD9H6GbgBLJyN/NUHRv+n0E= @@ -261,8 +261,8 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= @@ -316,18 +316,15 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= -github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ= -github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= -github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk= -github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= +github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE= +github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -603,7 +600,6 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a h1:RweVA0vnEyStwtAelyGmnU8ENDnwd1Q7pQr7U3J/rXo= @@ -622,7 +618,6 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i github.com/jeremywohl/flatten v1.0.1 h1:LrsxmB3hfwJuE+ptGOijix1PIfOoKLJ3Uee/mzbgtrs= github.com/jeremywohl/flatten v1.0.1/go.mod h1:4AmD/VxjWcI5SRB0n6szE2A6s2fsNHDLO0nAlMHgfLQ= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -748,7 +743,6 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM= github.com/moby/ipvs v1.0.1/go.mod h1:2pngiyseZbIKXNv7hsKj3O9UEz30c53MT9005gt2hxQ= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= @@ -931,8 +925,8 @@ github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0= -github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag= +github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= +github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c h1:fyKiXKO1/I/B6Y2U8T7WdQGWzwehOuGIrljPtt7YTTI= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= github.com/slack-go/slack v0.12.1 h1:X97b9g2hnITDtNsNe5GkGx6O2/Sz/uC20ejRZN6QxOw= @@ -1110,7 +1104,6 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= -golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -1129,13 +1122,10 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= @@ -1249,13 +1239,11 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= @@ -1391,8 +1379,6 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1405,7 +1391,6 @@ golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= From ccb2266f7c993733fc6b42dc9ed1ff541351fd39 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Jun 2023 09:13:02 -0400 Subject: [PATCH 105/252] chore(deps): bump github.com/redis/go-redis/v9 from 9.0.2 to 9.0.5 (#13900) Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) from 9.0.2 to 9.0.5. - [Release notes](https://github.com/redis/go-redis/releases) - [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md) - [Commits](https://github.com/redis/go-redis/compare/v9.0.2...v9.0.5) --- updated-dependencies: - dependency-name: github.com/redis/go-redis/v9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index e61163a4baf64..6c72f2c743028 100644 --- a/go.mod +++ b/go.mod @@ -59,7 +59,7 @@ require ( github.com/patrickmn/go-cache v2.1.0+incompatible github.com/prometheus/client_golang v1.14.0 github.com/r3labs/diff v1.1.0 - github.com/redis/go-redis/v9 v9.0.2 + github.com/redis/go-redis/v9 v9.0.5 github.com/robfig/cron/v3 v3.0.1 github.com/sirupsen/logrus v1.9.0 github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c diff --git a/go.sum b/go.sum index 2eb2f7e8ac19e..5164ec6187970 100644 --- a/go.sum +++ b/go.sum @@ -161,8 +161,8 @@ github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4m github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 h1:zYSzkoIwekCQAr6GT6KxISLt4YRS6kd4/ixfzMN+7yc= github.com/bradleyfalzon/ghinstallation/v2 v2.4.0/go.mod h1:4MwZLSgBJJgg4i3nJwZJ95AMooSqN8fJDmegLVn9Q2U= -github.com/bsm/ginkgo/v2 v2.5.0 h1:aOAnND1T40wEdAtkGSkvSICWeQ8L3UASX7YVCqQx+eQ= -github.com/bsm/gomega v1.20.0 h1:JhAwLmtRzXFTx2AkALSLa8ijZafntmhSoU63Ok18Uq8= +github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= +github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= github.com/casbin/casbin/v2 v2.69.1 h1:R3e7uveIRN5Pdqvq0GXEhXmn7HyfoEVjp21/mgEXbdI= @@ -884,8 +884,8 @@ github.com/quobyte/api v0.1.8/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H github.com/r3labs/diff v1.1.0 h1:V53xhrbTHrWFWq3gI4b94AjgEJOerO1+1l0xyHOBi8M= github.com/r3labs/diff v1.1.0/go.mod h1:7WjXasNzi0vJetRcB/RqNl5dlIsmXcTTLmF5IoH6Xig= github.com/redis/go-redis/v9 v9.0.0-rc.4/go.mod h1:Vo3EsyWnicKnSKCA7HhgnvnyA74wOA69Cd2Meli5mmA= -github.com/redis/go-redis/v9 v9.0.2 h1:BA426Zqe/7r56kCcvxYLWe1mkaz71LKF77GwgFzSxfE= -github.com/redis/go-redis/v9 v9.0.2/go.mod h1:/xDTe9EF1LM61hek62Poq2nzQSGj0xSrEtEHbBQevps= +github.com/redis/go-redis/v9 v9.0.5 h1:CuQcn5HIEeK7BgElubPP8CGtE0KakrnbBSTLjathl5o= +github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= From 68c68f1a05329d99befe629bb7e58ab44b3996a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Jun 2023 09:13:30 -0400 Subject: [PATCH 106/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.274 to 1.44.275 (#13901) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.274 to 1.44.275. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.274...v1.44.275) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6c72f2c743028..a681299f9f2be 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.274 + github.com/aws/aws-sdk-go v1.44.275 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 diff --git a/go.sum b/go.sum index 5164ec6187970..c5512a9244070 100644 --- a/go.sum +++ b/go.sum @@ -140,8 +140,8 @@ github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.274 h1:vfreSv19e/9Ka9YytOzgzJasrRZfX7dnttLlbh8NKeA= -github.com/aws/aws-sdk-go v1.44.274/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.275 h1:VqRULgqrigvQLll4e4hXuc568EQAtZQ6jmBzLlQHzSI= +github.com/aws/aws-sdk-go v1.44.275/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From 0018fcc4136396557cb098671aed34734fb0e613 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Jun 2023 09:13:53 -0400 Subject: [PATCH 107/252] chore(deps): bump github.com/itchyny/gojq from 0.12.12 to 0.12.13 (#13902) Bumps [github.com/itchyny/gojq](https://github.com/itchyny/gojq) from 0.12.12 to 0.12.13. - [Release notes](https://github.com/itchyny/gojq/releases) - [Changelog](https://github.com/itchyny/gojq/blob/main/CHANGELOG.md) - [Commits](https://github.com/itchyny/gojq/compare/v0.12.12...v0.12.13) --- updated-dependencies: - dependency-name: github.com/itchyny/gojq dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a681299f9f2be..97bbeb76a1ae7 100644 --- a/go.mod +++ b/go.mod @@ -48,7 +48,7 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.2 github.com/imdario/mergo v0.3.16 github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a - github.com/itchyny/gojq v0.12.12 + github.com/itchyny/gojq v0.12.13 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/ktrysmt/go-bitbucket v0.9.58 diff --git a/go.sum b/go.sum index c5512a9244070..0a52ec13e6a69 100644 --- a/go.sum +++ b/go.sum @@ -608,8 +608,8 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/ishidawataru/sctp v0.0.0-20190723014705-7c296d48a2b5/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= -github.com/itchyny/gojq v0.12.12 h1:x+xGI9BXqKoJQZkr95ibpe3cdrTbY8D9lonrK433rcA= -github.com/itchyny/gojq v0.12.12/go.mod h1:j+3sVkjxwd7A7Z5jrbKibgOLn0ZfLWkV+Awxr/pyzJE= +github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU= +github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4= github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk= From ee983fe8ace6efbfbd888a4d985e6f5a767a2db6 Mon Sep 17 00:00:00 2001 From: Akram Ben Aissi Date: Mon, 5 Jun 2023 15:19:14 +0200 Subject: [PATCH 108/252] fix: Fixes sharding placement algorithm and allows development of alternative algorithms (#13018) * fix: Extraction of DistributionFunction to allow passing different type of functions to filter clusters by shard - Adding unit tests for sharding - Refresh clusters list on DistributionFunction call Signed-off-by: Akram Ben Aissi Signed-off-by: ishitasequeira * fix: Incorrect conversion of an integer with architecture-dependent bit size from [strconv.Atoi](1) to a lower bit size type uint32 without an upper bound check. Signed-off-by: Akram Ben Aissi * Added config to switch to round-robin sharding Signed-off-by: Raghavi Shirur Signed-off-by: Akram Ben Aissi * Documenting sharding more, adding shuffling tests (skipped), re-enable sharding algo env var Signed-off-by: Akram Ben Aissi * Allow configuration through argocd-cmd-params-cm configMap and key: controller.sharding.algorithm Signed-off-by: Akram Ben Aissi * De-duplicate code, remove reflection for default case, shorten distribution methods name, ran codegen on manifests Signed-off-by: Akram Ben Aissi Signed-off-by: Akram Ben Aissi --------- Signed-off-by: Akram Ben Aissi Signed-off-by: ishitasequeira Signed-off-by: Raghavi Shirur Co-authored-by: Raghavi Shirur --- .../commands/argocd_application_controller.go | 15 +- cmd/argocd/commands/admin/cluster.go | 8 +- common/common.go | 8 + controller/appcontroller.go | 15 +- controller/appcontroller_test.go | 1 - controller/sharding/sharding.go | 155 +++++++-- controller/sharding/sharding_test.go | 317 +++++++++++++++++- controller/sharding/shuffle_test.go | 83 +++++ .../operator-manual/argocd-cmd-params-cm.yaml | 2 + docs/operator-manual/high_availability.md | 28 ++ .../argocd-application-controller.md | 1 + ...cd-application-controller-statefulset.yaml | 6 + manifests/core-install.yaml | 6 + manifests/ha/install.yaml | 6 + manifests/ha/namespace-install.yaml | 6 + manifests/install.yaml | 6 + manifests/namespace-install.yaml | 6 + util/env/env.go | 13 +- 18 files changed, 637 insertions(+), 45 deletions(-) create mode 100644 controller/sharding/shuffle_test.go diff --git a/cmd/argocd-application-controller/commands/argocd_application_controller.go b/cmd/argocd-application-controller/commands/argocd_application_controller.go index 597cfd0e33495..ab88d4ccbdf93 100644 --- a/cmd/argocd-application-controller/commands/argocd_application_controller.go +++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go @@ -23,6 +23,7 @@ import ( cacheutil "github.com/argoproj/argo-cd/v2/util/cache" appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" "github.com/argoproj/argo-cd/v2/util/cli" + "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/env" "github.com/argoproj/argo-cd/v2/util/errors" kubeutil "github.com/argoproj/argo-cd/v2/util/kube" @@ -62,6 +63,7 @@ func NewCommand() *cobra.Command { otlpAddress string applicationNamespaces []string persistResourceHealth bool + shardingAlgorithm string ) var command = cobra.Command{ Use: cliName, @@ -134,7 +136,7 @@ func NewCommand() *cobra.Command { appController.InvalidateProjectsCache() })) kubectl := kubeutil.NewKubectl() - clusterFilter := getClusterFilter() + clusterFilter := getClusterFilter(kubeClient, settingsMgr, shardingAlgorithm) appController, err = controller.NewApplicationController( namespace, settingsMgr, @@ -152,7 +154,8 @@ func NewCommand() *cobra.Command { kubectlParallelismLimit, persistResourceHealth, clusterFilter, - applicationNamespaces) + applicationNamespaces, + ) errors.CheckError(err) cacheutil.CollectMetrics(redisClient, appController.GetMetricsServer()) @@ -195,13 +198,14 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to") command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces that applications are allowed to be reconciled from") command.Flags().BoolVar(&persistResourceHealth, "persist-resource-health", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH", true), "Enables storing the managed resources health in the Application CRD") + command.Flags().StringVar(&shardingAlgorithm, "sharding-method", env.StringFromEnv(common.EnvControllerShardingAlgorithm, common.DefaultShardingAlgorithm), "Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin] ") cacheSrc = appstatecache.AddCacheFlagsToCmd(&command, func(client *redis.Client) { redisClient = client }) return &command } -func getClusterFilter() func(cluster *v1alpha1.Cluster) bool { +func getClusterFilter(kubeClient *kubernetes.Clientset, settingsMgr *settings.SettingsManager, shardingAlgorithm string) sharding.ClusterFilterFunction { replicas := env.ParseNumFromEnv(common.EnvControllerReplicas, 0, 0, math.MaxInt32) shard := env.ParseNumFromEnv(common.EnvControllerShard, -1, -math.MaxInt32, math.MaxInt32) var clusterFilter func(cluster *v1alpha1.Cluster) bool @@ -212,7 +216,10 @@ func getClusterFilter() func(cluster *v1alpha1.Cluster) bool { errors.CheckError(err) } log.Infof("Processing clusters from shard %d", shard) - clusterFilter = sharding.GetClusterFilter(replicas, shard) + db := db.NewDB(settingsMgr.GetNamespace(), settingsMgr, kubeClient) + log.Infof("Using filter function: %s", shardingAlgorithm) + distributionFunction := sharding.GetDistributionFunction(db, shardingAlgorithm) + clusterFilter = sharding.GetClusterFilter(distributionFunction, shard) } else { log.Info("Processing all cluster shards") } diff --git a/cmd/argocd/commands/admin/cluster.go b/cmd/argocd/commands/admin/cluster.go index dd5833a21b048..52b33fcc8d5ae 100644 --- a/cmd/argocd/commands/admin/cluster.go +++ b/cmd/argocd/commands/admin/cluster.go @@ -19,6 +19,7 @@ import ( "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" + "k8s.io/utils/pointer" cmdutil "github.com/argoproj/argo-cd/v2/cmd/util" "github.com/argoproj/argo-cd/v2/common" @@ -115,10 +116,13 @@ func loadClusters(ctx context.Context, kubeClient *kubernetes.Clientset, appClie } batch := clustersList.Items[batchStart:batchEnd] _ = kube.RunAllAsync(len(batch), func(i int) error { - cluster := batch[i] clusterShard := 0 + cluster := batch[i] if replicas > 0 { - clusterShard = sharding.GetShardByID(cluster.ID, replicas) + distributionFunction := sharding.GetDistributionFunction(argoDB, common.DefaultShardingAlgorithm) + distributionFunction(&cluster) + cluster.Shard = pointer.Int64Ptr(int64(clusterShard)) + log.Infof("Cluster with uid: %s will be processed by shard %d", cluster.ID, clusterShard) } if shard != -1 && clusterShard != shard { diff --git a/common/common.go b/common/common.go index b00d436b1ea50..c44b4e7364e00 100644 --- a/common/common.go +++ b/common/common.go @@ -103,6 +103,12 @@ const ( // PasswordPatten is the default password patten PasswordPatten = `^.{8,32}$` + + //LegacyShardingAlgorithm is the default value for Sharding Algorithm it uses an `uid` based distribution (non-uniform) + LegacyShardingAlgorithm = "legacy" + //RoundRobinShardingAlgorithm is a flag value that can be opted for Sharding Algorithm it uses an equal distribution accross all shards + RoundRobinShardingAlgorithm = "round-robin" + DefaultShardingAlgorithm = LegacyShardingAlgorithm ) // Dex related constants @@ -203,6 +209,8 @@ const ( EnvControllerReplicas = "ARGOCD_CONTROLLER_REPLICAS" // EnvControllerShard is the shard number that should be handled by controller EnvControllerShard = "ARGOCD_CONTROLLER_SHARD" + // EnvControllerShardingAlgorithm is the distribution sharding algorithm to be used: legacy or round-robin + EnvControllerShardingAlgorithm = "ARGOCD_CONTROLLER_SHARDING_ALGORITHM" // EnvEnableGRPCTimeHistogramEnv enables gRPC metrics collection EnvEnableGRPCTimeHistogramEnv = "ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM" // EnvGithubAppCredsExpirationDuration controls the caching of Github app credentials. This value is in minutes (default: 60) diff --git a/controller/appcontroller.go b/controller/appcontroller.go index 585c95c35efa6..cda4939b042e3 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -41,14 +41,17 @@ import ( "github.com/argoproj/argo-cd/v2/common" statecache "github.com/argoproj/argo-cd/v2/controller/cache" "github.com/argoproj/argo-cd/v2/controller/metrics" + "github.com/argoproj/argo-cd/v2/controller/sharding" "github.com/argoproj/argo-cd/v2/pkg/apis/application" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + argov1alpha "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" "github.com/argoproj/argo-cd/v2/pkg/client/informers/externalversions/application/v1alpha1" applisters "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/util/argo" argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff" + appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/errors" @@ -229,10 +232,12 @@ func (ctrl *ApplicationController) InvalidateProjectsCache(names ...string) { ctrl.projByNameCache.Delete(name) } } else { - ctrl.projByNameCache.Range(func(key, _ interface{}) bool { - ctrl.projByNameCache.Delete(key) - return true - }) + if ctrl != nil { + ctrl.projByNameCache.Range(func(key, _ interface{}) bool { + ctrl.projByNameCache.Delete(key) + return true + }) + } } } @@ -2010,3 +2015,5 @@ func (ctrl *ApplicationController) toAppKey(appName string) string { func (ctrl *ApplicationController) toAppQualifiedName(appName, appNamespace string) string { return fmt.Sprintf("%s/%s", appNamespace, appName) } + +type ClusterFilterFunction func(c *argov1alpha.Cluster, distributionFunction sharding.DistributionFunction) bool diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index 179ab84e2f879..d49aa6e8d5499 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -167,7 +167,6 @@ metadata: namespace: ` + test.FakeArgoCDNamespace + ` type: Opaque ` - var fakeApp = ` apiVersion: argoproj.io/v1alpha1 kind: Application diff --git a/controller/sharding/sharding.go b/controller/sharding/sharding.go index 1c0615196bd06..8529171f9fae7 100644 --- a/controller/sharding/sharding.go +++ b/controller/sharding/sharding.go @@ -1,17 +1,127 @@ package sharding import ( + "context" "fmt" "hash/fnv" + "math" "os" + "sort" "strconv" "strings" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + + "github.com/argoproj/argo-cd/v2/util/db" + "github.com/argoproj/argo-cd/v2/util/env" + log "github.com/sirupsen/logrus" ) +// Make it overridable for testing +var osHostnameFunction = os.Hostname + +type DistributionFunction func(c *v1alpha1.Cluster) int +type ClusterFilterFunction func(c *v1alpha1.Cluster) bool + +// GetClusterFilter returns a ClusterFilterFunction which is a function taking a cluster as a parameter +// and returns wheter or not the cluster should be processed by a given shard. It calls the distributionFunction +// to determine which shard will process the cluster, and if the given shard is equal to the calculated shard +// the function will return true. +func GetClusterFilter(distributionFunction DistributionFunction, shard int) ClusterFilterFunction { + replicas := env.ParseNumFromEnv(common.EnvControllerReplicas, 0, 0, math.MaxInt32) + return func(c *v1alpha1.Cluster) bool { + clusterShard := 0 + if c != nil && c.Shard != nil { + requestedShard := int(*c.Shard) + if requestedShard < replicas { + clusterShard = requestedShard + } else { + log.Warnf("Specified cluster shard (%d) for cluster: %s is greater than the number of available shard. Assigning automatically.", requestedShard, c.Name) + } + } else { + clusterShard = distributionFunction(c) + } + return clusterShard == shard + } +} + +// GetDistributionFunction returns which DistributionFunction should be used based on the passed algorithm and +// the current datas. +func GetDistributionFunction(db db.ArgoDB, shardingAlgorithm string) DistributionFunction { + log.Infof("Using filter function: %s", shardingAlgorithm) + distributionFunction := LegacyDistributionFunction() + switch shardingAlgorithm { + case common.RoundRobinShardingAlgorithm: + distributionFunction = RoundRobinDistributionFunction(db) + case common.LegacyShardingAlgorithm: + distributionFunction = LegacyDistributionFunction() + default: + log.Warnf("distribution type %s is not supported, defaulting to %s", shardingAlgorithm, common.DefaultShardingAlgorithm) + } + return distributionFunction +} + +// LegacyDistributionFunction returns a DistributionFunction using a stable distribution algorithm: +// for a given cluster the function will return the shard number based on the cluster id. This function +// is lightweight and can be distributed easily, however, it does not ensure an homogenous distribution as +// some shards may get assigned more clusters than others. It is the legacy function distribution that is +// kept for compatibility reasons +func LegacyDistributionFunction() DistributionFunction { + replicas := env.ParseNumFromEnv(common.EnvControllerReplicas, 0, 0, math.MaxInt32) + return func(c *v1alpha1.Cluster) int { + if replicas == 0 { + return -1 + } + if c == nil { + return 0 + } + id := c.ID + log.Debugf("Calculating cluster shard for cluster id: %s", id) + if id == "" { + return 0 + } else { + h := fnv.New32a() + _, _ = h.Write([]byte(id)) + shard := int32(h.Sum32() % uint32(replicas)) + log.Infof("Cluster with id=%s will be processed by shard %d", id, shard) + return int(shard) + } + } +} + +// RoundRobinDistributionFunction returns a DistributionFunction using an homogeneous distribution algorithm: +// for a given cluster the function will return the shard number based on the modulo of the cluster rank in +// the cluster's list sorted by uid on the shard number. +// This function ensures an homogenous distribution: each shards got assigned the same number of +// clusters +/-1 , but with the drawback of a reshuffling of clusters accross shards in case of some changes +// in the cluster list +func RoundRobinDistributionFunction(db db.ArgoDB) DistributionFunction { + replicas := env.ParseNumFromEnv(common.EnvControllerReplicas, 0, 0, math.MaxInt32) + return func(c *v1alpha1.Cluster) int { + if replicas > 0 { + if c == nil { // in-cluster does not necessarly have a secret assigned. So we are receiving a nil cluster here. + return 0 + } else { + clusterIndexdByClusterIdMap := createClusterIndexByClusterIdMap(db) + clusterIndex, ok := clusterIndexdByClusterIdMap[c.ID] + if !ok { + log.Warnf("Cluster with id=%s not found in cluster map.", c.ID) + return -1 + } + shard := int(clusterIndex % replicas) + log.Infof("Cluster with id=%s will be processed by shard %d", c.ID, shard) + return shard + } + } + log.Warnf("The number of replicas (%d) is lower than 1", replicas) + return -1 + } +} + +// InferShard extracts the shard index based on its hostname. func InferShard() (int, error) { - hostname, err := os.Hostname() + hostname, err := osHostnameFunction() if err != nil { return 0, err } @@ -23,31 +133,32 @@ func InferShard() (int, error) { if err != nil { return 0, fmt.Errorf("hostname should ends with shard number separated by '-' but got: %s", hostname) } - return shard, nil + return int(shard), nil } -// GetShardByID calculates cluster shard as `clusterSecret.UID % replicas count` -func GetShardByID(id string, replicas int) int { - if id == "" { - return 0 - } else { - h := fnv.New32a() - _, _ = h.Write([]byte(id)) - return int(h.Sum32() % uint32(replicas)) +func getSortedClustersList(db db.ArgoDB) []v1alpha1.Cluster { + ctx := context.Background() + clustersList, dbErr := db.ListClusters(ctx) + if dbErr != nil { + log.Warnf("Error while querying clusters list from database: %v", dbErr) + return []v1alpha1.Cluster{} } + clusters := clustersList.Items + sort.Slice(clusters, func(i, j int) bool { + return clusters[i].ID < clusters[j].ID + }) + return clusters } -func GetClusterFilter(replicas int, shard int) func(c *v1alpha1.Cluster) bool { - return func(c *v1alpha1.Cluster) bool { - clusterShard := 0 - // cluster might be nil if app is using invalid cluster URL, assume shard 0 in this case. - if c != nil { - if c.Shard != nil { - clusterShard = int(*c.Shard) - } else { - clusterShard = GetShardByID(c.ID, replicas) - } - } - return clusterShard == shard +func createClusterIndexByClusterIdMap(db db.ArgoDB) map[string]int { + clusters := getSortedClustersList(db) + log.Debugf("ClustersList has %d items", len(clusters)) + clusterById := make(map[string]v1alpha1.Cluster) + clusterIndexedByClusterId := make(map[string]int) + for i, cluster := range clusters { + log.Debugf("Adding cluster with id=%s and name=%s to cluster's map", cluster.ID, cluster.Name) + clusterById[cluster.ID] = cluster + clusterIndexedByClusterId[cluster.ID] = i } + return clusterIndexedByClusterId } diff --git a/controller/sharding/sharding_test.go b/controller/sharding/sharding_test.go index dc27726f8a6fa..ca44bf32e2d6b 100644 --- a/controller/sharding/sharding_test.go +++ b/controller/sharding/sharding_test.go @@ -1,29 +1,330 @@ package sharding import ( + "errors" + "fmt" + "os" "testing" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - + dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" ) func TestGetShardByID_NotEmptyID(t *testing.T) { - assert.Equal(t, 0, GetShardByID("1", 2)) - assert.Equal(t, 1, GetShardByID("2", 2)) - assert.Equal(t, 0, GetShardByID("3", 2)) - assert.Equal(t, 1, GetShardByID("4", 2)) + os.Setenv(common.EnvControllerReplicas, "1") + assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "1"})) + assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "2"})) + assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "3"})) + assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "4"})) } func TestGetShardByID_EmptyID(t *testing.T) { - shard := GetShardByID("", 10) + os.Setenv(common.EnvControllerReplicas, "1") + distributionFunction := LegacyDistributionFunction + shard := distributionFunction()(&v1alpha1.Cluster{}) assert.Equal(t, 0, shard) } -func TestGetClusterFilter(t *testing.T) { - filter := GetClusterFilter(2, 1) +func TestGetShardByID_NoReplicas(t *testing.T) { + os.Setenv(common.EnvControllerReplicas, "0") + distributionFunction := LegacyDistributionFunction + shard := distributionFunction()(&v1alpha1.Cluster{}) + assert.Equal(t, -1, shard) +} + +func TestGetShardByID_NoReplicasUsingHashDistributionFunction(t *testing.T) { + os.Setenv(common.EnvControllerReplicas, "0") + distributionFunction := LegacyDistributionFunction + shard := distributionFunction()(&v1alpha1.Cluster{}) + assert.Equal(t, -1, shard) +} + +func TestGetShardByID_NoReplicasUsingHashDistributionFunctionWithClusters(t *testing.T) { + db, cluster1, cluster2, cluster3, cluster4, cluster5 := createTestClusters() + // Test with replicas set to 0 + os.Setenv(common.EnvControllerReplicas, "0") + os.Setenv(common.EnvControllerShardingAlgorithm, common.RoundRobinShardingAlgorithm) + distributionFunction := RoundRobinDistributionFunction(db) + assert.Equal(t, -1, distributionFunction(nil)) + assert.Equal(t, -1, distributionFunction(&cluster1)) + assert.Equal(t, -1, distributionFunction(&cluster2)) + assert.Equal(t, -1, distributionFunction(&cluster3)) + assert.Equal(t, -1, distributionFunction(&cluster4)) + assert.Equal(t, -1, distributionFunction(&cluster5)) + +} + +func TestGetClusterFilterDefault(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Unsetenv(common.EnvControllerShardingAlgorithm) + os.Setenv(common.EnvControllerReplicas, "2") + filter := GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), shardIndex) + assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) + assert.False(t, filter(&v1alpha1.Cluster{ID: "3"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "4"})) +} + +func TestGetClusterFilterLegacy(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, common.LegacyShardingAlgorithm) + filter := GetClusterFilter(GetDistributionFunction(nil, common.LegacyShardingAlgorithm), shardIndex) assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) assert.False(t, filter(&v1alpha1.Cluster{ID: "3"})) assert.True(t, filter(&v1alpha1.Cluster{ID: "4"})) } + +func TestGetClusterFilterUnknown(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, "unknown") + filter := GetClusterFilter(GetDistributionFunction(nil, "unknown"), shardIndex) + assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) + assert.False(t, filter(&v1alpha1.Cluster{ID: "3"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "4"})) +} + +func TestLegacyGetClusterFilterWithFixedShard(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Setenv(common.EnvControllerReplicas, "2") + filter := GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), shardIndex) + assert.False(t, filter(nil)) + assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) + assert.False(t, filter(&v1alpha1.Cluster{ID: "3"})) + assert.True(t, filter(&v1alpha1.Cluster{ID: "4"})) + + var fixedShard int64 = 4 + filter = GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), int(fixedShard)) + assert.False(t, filter(&v1alpha1.Cluster{ID: "4", Shard: &fixedShard})) + + fixedShard = 1 + filter = GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), int(fixedShard)) + assert.True(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) + +} + +func TestRoundRobinGetClusterFilterWithFixedShard(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Setenv(common.EnvControllerReplicas, "2") + db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() + + filter := GetClusterFilter(GetDistributionFunction(db, common.RoundRobinShardingAlgorithm), shardIndex) + assert.False(t, filter(nil)) + assert.False(t, filter(&cluster1)) + assert.True(t, filter(&cluster2)) + assert.False(t, filter(&cluster3)) + assert.True(t, filter(&cluster4)) + + // a cluster with a fixed shard should be processed by the specified exact + // same shard unless the specified shard index is greater than the number of replicas. + var fixedShard int64 = 4 + filter = GetClusterFilter(GetDistributionFunction(db, common.RoundRobinShardingAlgorithm), int(fixedShard)) + assert.False(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) + + fixedShard = 1 + filter = GetClusterFilter(GetDistributionFunction(db, common.RoundRobinShardingAlgorithm), int(fixedShard)) + assert.True(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) +} + +func TestGetClusterFilterLegacyHash(t *testing.T) { + shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, "hash") + db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() + filter := GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) + assert.False(t, filter(&cluster1)) + assert.True(t, filter(&cluster2)) + assert.False(t, filter(&cluster3)) + assert.True(t, filter(&cluster4)) + + // a cluster with a fixed shard should be processed by the specified exact + // same shard unless the specified shard index is greater than the number of replicas. + var fixedShard int64 = 4 + filter = GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), int(fixedShard)) + assert.False(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) + + fixedShard = 1 + filter = GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), int(fixedShard)) + assert.True(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) +} + +func TestGetClusterFilterWithEnvControllerShardingAlgorithms(t *testing.T) { + db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() + shardIndex := 1 + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, common.LegacyShardingAlgorithm) + shardShouldProcessCluster := GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) + assert.False(t, shardShouldProcessCluster(&cluster1)) + assert.True(t, shardShouldProcessCluster(&cluster2)) + assert.False(t, shardShouldProcessCluster(&cluster3)) + assert.True(t, shardShouldProcessCluster(&cluster4)) + assert.False(t, shardShouldProcessCluster(nil)) + + os.Setenv(common.EnvControllerShardingAlgorithm, common.RoundRobinShardingAlgorithm) + shardShouldProcessCluster = GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) + assert.False(t, shardShouldProcessCluster(&cluster1)) + assert.True(t, shardShouldProcessCluster(&cluster2)) + assert.False(t, shardShouldProcessCluster(&cluster3)) + assert.True(t, shardShouldProcessCluster(&cluster4)) + assert.False(t, shardShouldProcessCluster(nil)) +} + +func TestGetShardByIndexModuloReplicasCountDistributionFunction2(t *testing.T) { + db, cluster1, cluster2, cluster3, cluster4, cluster5 := createTestClusters() + // Test with replicas set to 1 + os.Setenv(common.EnvControllerReplicas, "1") + distributionFunction := RoundRobinDistributionFunction(db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 0, distributionFunction(&cluster2)) + assert.Equal(t, 0, distributionFunction(&cluster3)) + assert.Equal(t, 0, distributionFunction(&cluster4)) + assert.Equal(t, 0, distributionFunction(&cluster5)) + + // Test with replicas set to 2 + os.Setenv(common.EnvControllerReplicas, "2") + distributionFunction = RoundRobinDistributionFunction(db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 1, distributionFunction(&cluster2)) + assert.Equal(t, 0, distributionFunction(&cluster3)) + assert.Equal(t, 1, distributionFunction(&cluster4)) + assert.Equal(t, 0, distributionFunction(&cluster5)) + + // // Test with replicas set to 3 + os.Setenv(common.EnvControllerReplicas, "3") + distributionFunction = RoundRobinDistributionFunction(db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 1, distributionFunction(&cluster2)) + assert.Equal(t, 2, distributionFunction(&cluster3)) + assert.Equal(t, 0, distributionFunction(&cluster4)) + assert.Equal(t, 1, distributionFunction(&cluster5)) +} + +func TestGetShardByIndexModuloReplicasCountDistributionFunctionWhenClusterNumberIsHigh(t *testing.T) { + // Unit test written to evaluate the cost of calling db.ListCluster on every call of distributionFunction + // Doing that allows to accept added and removed clusters on the fly. + // Initial tests where showing that under 1024 clusters, execution time was around 400ms + // and for 4096 clusters, execution time was under 9s + // The other implementation was giving almost linear time of 400ms up to 10'000 clusters + db := dbmocks.ArgoDB{} + clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{}} + for i := 0; i < 2048; i++ { + cluster := createCluster(fmt.Sprintf("cluster-%d", i), fmt.Sprintf("%d", i)) + clusterList.Items = append(clusterList.Items, cluster) + } + db.On("ListClusters", mock.Anything).Return(clusterList, nil) + os.Setenv(common.EnvControllerReplicas, "2") + distributionFunction := RoundRobinDistributionFunction(&db) + for i, c := range clusterList.Items { + assert.Equal(t, i%2, distributionFunction(&c)) + } +} + +func TestGetShardByIndexModuloReplicasCountDistributionFunctionWhenClusterIsAddedAndRemoved(t *testing.T) { + db := dbmocks.ArgoDB{} + cluster1 := createCluster("cluster1", "1") + cluster2 := createCluster("cluster2", "2") + cluster3 := createCluster("cluster3", "3") + cluster4 := createCluster("cluster4", "4") + cluster5 := createCluster("cluster5", "5") + cluster6 := createCluster("cluster6", "6") + + clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{cluster1, cluster2, cluster3, cluster4, cluster5}} + db.On("ListClusters", mock.Anything).Return(clusterList, nil) + + // Test with replicas set to 2 + os.Setenv(common.EnvControllerReplicas, "2") + distributionFunction := RoundRobinDistributionFunction(&db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 1, distributionFunction(&cluster2)) + assert.Equal(t, 0, distributionFunction(&cluster3)) + assert.Equal(t, 1, distributionFunction(&cluster4)) + assert.Equal(t, 0, distributionFunction(&cluster5)) + assert.Equal(t, -1, distributionFunction(&cluster6)) // as cluster6 is not in the DB, this one should not have a shard assigned + + // Now, the database knows cluster6. Shard should be assigned a proper shard + clusterList.Items = append(clusterList.Items, cluster6) + assert.Equal(t, 1, distributionFunction(&cluster6)) + + // Now, we remove the last added cluster, it should be unassigned as well + clusterList.Items = clusterList.Items[:len(clusterList.Items)-1] + assert.Equal(t, -1, distributionFunction(&cluster6)) + +} + +func TestGetShardByIndexModuloReplicasCountDistributionFunction(t *testing.T) { + db, cluster1, cluster2, _, _, _ := createTestClusters() + os.Setenv(common.EnvControllerReplicas, "2") + distributionFunction := RoundRobinDistributionFunction(db) + + // Test that the function returns the correct shard for cluster1 and cluster2 + expectedShardForCluster1 := 0 + expectedShardForCluster2 := 1 + shardForCluster1 := distributionFunction(&cluster1) + shardForCluster2 := distributionFunction(&cluster2) + + if shardForCluster1 != expectedShardForCluster1 { + t.Errorf("Expected shard for cluster1 to be %d but got %d", expectedShardForCluster1, shardForCluster1) + } + if shardForCluster2 != expectedShardForCluster2 { + t.Errorf("Expected shard for cluster2 to be %d but got %d", expectedShardForCluster2, shardForCluster2) + } +} + +func TestInferShard(t *testing.T) { + // Override the os.Hostname function to return a specific hostname for testing + defer func() { osHostnameFunction = os.Hostname }() + + osHostnameFunction = func() (string, error) { return "example-shard-3", nil } + expectedShard := 3 + actualShard, _ := InferShard() + assert.Equal(t, expectedShard, actualShard) + + osHostnameError := errors.New("cannot resolve hostname") + osHostnameFunction = func() (string, error) { return "exampleshard", osHostnameError } + _, err := InferShard() + assert.NotNil(t, err) + assert.Equal(t, err, osHostnameError) + + osHostnameFunction = func() (string, error) { return "exampleshard", nil } + _, err = InferShard() + assert.NotNil(t, err) + + osHostnameFunction = func() (string, error) { return "example-shard", nil } + _, err = InferShard() + assert.NotNil(t, err) + +} + +func createTestClusters() (*dbmocks.ArgoDB, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster) { + db := dbmocks.ArgoDB{} + cluster1 := createCluster("cluster1", "1") + cluster2 := createCluster("cluster2", "2") + cluster3 := createCluster("cluster3", "3") + cluster4 := createCluster("cluster4", "4") + cluster5 := createCluster("cluster5", "5") + + db.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ + cluster1, cluster2, cluster3, cluster4, cluster5, + }}, nil) + return &db, cluster1, cluster2, cluster3, cluster4, cluster5 +} + +func createCluster(name string, id string) v1alpha1.Cluster { + cluster := v1alpha1.Cluster{ + Name: name, + ID: id, + Server: "https://kubernetes.default.svc?" + id, + } + return cluster +} diff --git a/controller/sharding/shuffle_test.go b/controller/sharding/shuffle_test.go new file mode 100644 index 0000000000000..2baaa6a758ca9 --- /dev/null +++ b/controller/sharding/shuffle_test.go @@ -0,0 +1,83 @@ +package sharding + +import ( + "fmt" + "math" + "os" + "testing" + + "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" +) + +func TestLargeShuffle(t *testing.T) { + t.Skip() + db := dbmocks.ArgoDB{} + clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{}} + for i := 0; i < math.MaxInt/4096; i += 256 { + //fmt.Fprintf(os.Stdout, "%d", i) + cluster := createCluster(fmt.Sprintf("cluster-%d", i), fmt.Sprintf("%d", i)) + clusterList.Items = append(clusterList.Items, cluster) + } + db.On("ListClusters", mock.Anything).Return(clusterList, nil) + // Test with replicas set to 256 + os.Setenv(common.EnvControllerReplicas, "256") + distributionFunction := RoundRobinDistributionFunction(&db) + for i, c := range clusterList.Items { + assert.Equal(t, i%2567, distributionFunction(&c)) + } + +} + +func TestShuffle(t *testing.T) { + t.Skip() + db := dbmocks.ArgoDB{} + cluster1 := createCluster("cluster1", "10") + cluster2 := createCluster("cluster2", "20") + cluster3 := createCluster("cluster3", "30") + cluster4 := createCluster("cluster4", "40") + cluster5 := createCluster("cluster5", "50") + cluster6 := createCluster("cluster6", "60") + cluster25 := createCluster("cluster6", "25") + + clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{cluster1, cluster2, cluster3, cluster4, cluster5, cluster6}} + db.On("ListClusters", mock.Anything).Return(clusterList, nil) + + // Test with replicas set to 3 + os.Setenv(common.EnvControllerReplicas, "3") + distributionFunction := RoundRobinDistributionFunction(&db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 1, distributionFunction(&cluster2)) + assert.Equal(t, 2, distributionFunction(&cluster3)) + assert.Equal(t, 0, distributionFunction(&cluster4)) + assert.Equal(t, 1, distributionFunction(&cluster5)) + assert.Equal(t, 2, distributionFunction(&cluster6)) + + // Now, we remove cluster1, it should be unassigned, and all the other should be resuffled + clusterList.Items = Remove(clusterList.Items, 0) + assert.Equal(t, -1, distributionFunction(&cluster1)) + assert.Equal(t, 0, distributionFunction(&cluster2)) + assert.Equal(t, 1, distributionFunction(&cluster3)) + assert.Equal(t, 2, distributionFunction(&cluster4)) + assert.Equal(t, 0, distributionFunction(&cluster5)) + assert.Equal(t, 1, distributionFunction(&cluster6)) + + // Now, we add a cluster with an id=25 so it will be placed right after cluster2 + clusterList.Items = append(clusterList.Items, cluster25) + assert.Equal(t, -1, distributionFunction(&cluster1)) + assert.Equal(t, 0, distributionFunction(&cluster2)) + assert.Equal(t, 1, distributionFunction(&cluster25)) + assert.Equal(t, 2, distributionFunction(&cluster3)) + assert.Equal(t, 0, distributionFunction(&cluster4)) + assert.Equal(t, 1, distributionFunction(&cluster5)) + assert.Equal(t, 2, distributionFunction(&cluster6)) + +} + +func Remove(slice []v1alpha1.Cluster, s int) []v1alpha1.Cluster { + return append(slice[:s], slice[s+1:]...) +} diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml index 4aeb9c3bbbe34..47ec108c6512e 100644 --- a/docs/operator-manual/argocd-cmd-params-cm.yaml +++ b/docs/operator-manual/argocd-cmd-params-cm.yaml @@ -57,6 +57,8 @@ data: controller.resource.health.persist: "true" # Cache expiration default (default 24h0m0s) controller.default.cache.expiration: "24h0m0s" + # Sharding algorithm used to balance clusters accross application controller shards (default "legacy") + controller.sharding.algorithm: legacy # Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit. controller.kubectl.parallelism.limit: "20" diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md index 8e69c0cfb01ef..56030fa2e9a57 100644 --- a/docs/operator-manual/high_availability.md +++ b/docs/operator-manual/high_availability.md @@ -80,6 +80,34 @@ spec: value: "2" ``` +* The shard distribution algorithm of the `argocd-application-controller` can be set by using the `--sharding-method` parameter. Supported sharding methods are : [legacy (default), round-robin]. `legacy` mode uses an `uid` based distribution (non-uniform). `round-robin` uses an equal distribution across all shards. The `--sharding-method` parameter can also be overriden by setting the key `controller.sharding.algorithm` in the `argocd-cmd-params-cm` `configMap` (preferably) or by setting the `ARGOCD_CONTROLLER_SHARDING_ALGORITHM` environment variable and by specifiying the same possible values. + +!!! warning "Alpha Feature" + The `round-robin` shard distribution algorithm is an experimental feature. Reshuffling is known to occur in certain scenarios with cluster removal. If the cluster at rank-0 is removed, reshuffling all clusters across shards will occur and may temporarly have negative performance impacts. + +* A cluster can be manually assigned and forced to a `shard` by patching the `shard` field in the cluster secret to contain the shard number, e.g. +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: mycluster-secret + labels: + argocd.argoproj.io/secret-type: cluster +type: Opaque +stringData: + shard: 1 + name: mycluster.com + server: https://mycluster.com + config: | + { + "bearerToken": "", + "tlsClientConfig": { + "insecure": false, + "caData": "" + } + } +``` + * `ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM` - environment variable that enables collecting RPC performance metrics. Enable it if you need to troubleshoot performance issues. Note: This metric is expensive to both query and store! **metrics** diff --git a/docs/operator-manual/server-commands/argocd-application-controller.md b/docs/operator-manual/server-commands/argocd-application-controller.md index fb27a3c176e71..d21763afa7404 100644 --- a/docs/operator-manual/server-commands/argocd-application-controller.md +++ b/docs/operator-manual/server-commands/argocd-application-controller.md @@ -59,6 +59,7 @@ argocd-application-controller [flags] --sentinel stringArray Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). --sentinelmaster string Redis sentinel master group name. (default "master") --server string The address and port of the Kubernetes API server + --sharding-method string Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin] (default "legacy") --status-processors int Number of application status processors (default 20) --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. --token string Bearer token for authentication to the API server diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml index d1a7991bd036b..270fa05bcc62e 100644 --- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml +++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml @@ -143,6 +143,12 @@ spec: name: argocd-cmd-params-cm key: application.namespaces optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 1668aef487445..0352d6b068cd5 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -18899,6 +18899,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 80ad0036798ef..e8afa2dd2b17a 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -20686,6 +20686,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index a23472c4901a1..b193db90768c5 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -2714,6 +2714,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/manifests/install.yaml b/manifests/install.yaml index f90c3b62ef916..abee52d790b54 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -19726,6 +19726,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index e06c931218b21..a12501e6e89ec 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -1754,6 +1754,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/util/env/env.go b/util/env/env.go index dc1549082db10..1b49a0c322065 100644 --- a/util/env/env.go +++ b/util/env/env.go @@ -1,6 +1,7 @@ package env import ( + "math" "os" "strconv" "strings" @@ -21,20 +22,24 @@ func ParseNumFromEnv(env string, defaultValue, min, max int) int { if str == "" { return defaultValue } - num, err := strconv.Atoi(str) + num, err := strconv.ParseInt(str, 10, 0) if err != nil { log.Warnf("Could not parse '%s' as a number from environment %s", str, env) return defaultValue } - if num < min { + if num > math.MaxInt || num < math.MinInt { + log.Warnf("Value in %s is %d is outside of the min and max %d allowed values. Using default %d", env, num, min, defaultValue) + return defaultValue + } + if int(num) < min { log.Warnf("Value in %s is %d, which is less than minimum %d allowed", env, num, min) return defaultValue } - if num > max { + if int(num) > max { log.Warnf("Value in %s is %d, which is greater than maximum %d allowed", env, num, max) return defaultValue } - return num + return int(num) } // Helper function to parse a int64 from an environment variable. Returns a From 8840929187f4dd7b9d9fd908ea5085a006895507 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 5 Jun 2023 20:36:22 -0400 Subject: [PATCH 109/252] [Bot] docs: Update Snyk reports (#13895) Signed-off-by: CI Co-authored-by: CI --- docs/snyk/index.md | 32 +- docs/snyk/master/argocd-iac-install.html | 234 ++++----- .../master/argocd-iac-namespace-install.html | 222 +++----- docs/snyk/master/argocd-test.html | 4 +- .../master/ghcr.io_dexidp_dex_v2.36.0.html | 195 ++++++- docs/snyk/master/haproxy_2.6.12-alpine.html | 205 +++++++- .../quay.io_argoproj_argocd_latest.html | 368 +++++++------- docs/snyk/master/redis_7.0.11-alpine.html | 210 +++++++- docs/snyk/v2.5.17/argocd-iac-install.html | 36 +- .../v2.5.17/argocd-iac-namespace-install.html | 36 +- docs/snyk/v2.5.17/argocd-test.html | 2 +- .../v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html | 195 ++++++- docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html | 205 +++++++- .../quay.io_argoproj_argocd_v2.5.17.html | 478 ++++++++++++++++-- docs/snyk/v2.5.17/redis_7.0.11-alpine.html | 210 +++++++- docs/snyk/v2.6.8/argocd-iac-install.html | 36 +- .../v2.6.8/argocd-iac-namespace-install.html | 36 +- docs/snyk/v2.6.8/argocd-test.html | 2 +- .../v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html | 195 ++++++- docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html | 205 +++++++- .../quay.io_argoproj_argocd_v2.6.8.html | 478 ++++++++++++++++-- docs/snyk/v2.6.8/redis_7.0.11-alpine.html | 210 +++++++- docs/snyk/v2.7.3/argocd-iac-install.html | 36 +- .../v2.7.3/argocd-iac-namespace-install.html | 36 +- docs/snyk/v2.7.3/argocd-test.html | 2 +- .../v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html | 195 ++++++- docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html | 205 +++++++- .../quay.io_argoproj_argocd_v2.7.3.html | 478 ++++++++++++++++-- docs/snyk/v2.7.3/redis_7.0.11-alpine.html | 210 +++++++- 29 files changed, 4160 insertions(+), 796 deletions(-) diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 123b3959ee654..1e16212f16796 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -15,10 +15,10 @@ recent minor releases. |---:|:--------:|:----:|:------:|:---:| | [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 | | [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 0 | 0 | -| [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 0 | -| [haproxy:2.6.12-alpine](master/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 18 | -| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 1 | +| [haproxy:2.6.12-alpine](master/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 1 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 2 | 18 | +| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 1 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | @@ -28,10 +28,10 @@ recent minor releases. |---:|:--------:|:----:|:------:|:---:| | [go.mod](v2.7.3/argocd-test.html) | 0 | 0 | 0 | 0 | | [ui/yarn.lock](v2.7.3/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.36.0](v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 0 | -| [haproxy:2.6.12-alpine](v2.7.3/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 0 | -| [argocd:v2.7.3](v2.7.3/quay.io_argoproj_argocd_v2.7.3.html) | 0 | 0 | 1 | 18 | -| [redis:7.0.11-alpine](v2.7.3/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [dex:v2.36.0](v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 1 | +| [haproxy:2.6.12-alpine](v2.7.3/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 1 | +| [argocd:v2.7.3](v2.7.3/quay.io_argoproj_argocd_v2.7.3.html) | 0 | 0 | 3 | 19 | +| [redis:7.0.11-alpine](v2.7.3/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 1 | | [install.yaml](v2.7.3/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.7.3/argocd-iac-namespace-install.html) | - | - | - | - | @@ -41,10 +41,10 @@ recent minor releases. |---:|:--------:|:----:|:------:|:---:| | [go.mod](v2.6.8/argocd-test.html) | 0 | 0 | 0 | 0 | | [ui/yarn.lock](v2.6.8/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.36.0](v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 0 | -| [haproxy:2.6.12-alpine](v2.6.8/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 0 | -| [argocd:v2.6.8](v2.6.8/quay.io_argoproj_argocd_v2.6.8.html) | 0 | 0 | 1 | 18 | -| [redis:7.0.11-alpine](v2.6.8/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [dex:v2.36.0](v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 1 | +| [haproxy:2.6.12-alpine](v2.6.8/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 1 | +| [argocd:v2.6.8](v2.6.8/quay.io_argoproj_argocd_v2.6.8.html) | 0 | 0 | 3 | 19 | +| [redis:7.0.11-alpine](v2.6.8/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 1 | | [install.yaml](v2.6.8/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.6.8/argocd-iac-namespace-install.html) | - | - | - | - | @@ -54,9 +54,9 @@ recent minor releases. |---:|:--------:|:----:|:------:|:---:| | [go.mod](v2.5.17/argocd-test.html) | 0 | 0 | 2 | 0 | | [ui/yarn.lock](v2.5.17/argocd-test.html) | 0 | 0 | 4 | 0 | -| [dex:v2.36.0](v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 0 | -| [haproxy:2.6.12-alpine](v2.5.17/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 0 | -| [argocd:v2.5.17](v2.5.17/quay.io_argoproj_argocd_v2.5.17.html) | 0 | 0 | 1 | 18 | -| [redis:7.0.11-alpine](v2.5.17/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [dex:v2.36.0](v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 1 | +| [haproxy:2.6.12-alpine](v2.5.17/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 1 | +| [argocd:v2.5.17](v2.5.17/quay.io_argoproj_argocd_v2.5.17.html) | 0 | 0 | 3 | 19 | +| [redis:7.0.11-alpine](v2.5.17/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 1 | | [install.yaml](v2.5.17/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.5.17/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 430a882914020..3861107a41fba 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:25:14 pm (UTC+00:00)

    +

    June 4th 2023, 12:18:32 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    41 total issues
    +
    40 total issues
    @@ -507,7 +507,7 @@

    Role with dangerous permissions

  • - Line number: 16341 + Line number: 17956
    • @@ -553,7 +553,7 @@

    Role with dangerous permissions

  • - Line number: 16418 + Line number: 18033
    • @@ -599,7 +599,7 @@

    Role with dangerous permissions

  • - Line number: 16446 + Line number: 18061
    • @@ -645,7 +645,7 @@

    Role with dangerous permissions

  • - Line number: 16494 + Line number: 18109
    • @@ -691,7 +691,7 @@

    Role with dangerous permissions

  • - Line number: 16476 + Line number: 18091
    • @@ -737,7 +737,7 @@

    Role with dangerous permissions

  • - Line number: 16510 + Line number: 18125
    • @@ -774,7 +774,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 46] + [DocId: 45] spec @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 17585 + Line number: 19203
    • @@ -826,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 42] + [DocId: 41] input @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 16997 + Line number: 18596
    • @@ -884,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 17206 + Line number: 18811
    • @@ -942,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 17172 + Line number: 18777
    • @@ -1000,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 17266 + Line number: 18871
    • @@ -1058,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 17353 + Line number: 18958
    • @@ -1116,7 +1116,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 17585 + Line number: 19203
    • @@ -1174,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 17409 + Line number: 19015
    • @@ -1232,7 +1232,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 17670 + Line number: 19288
    • @@ -1290,7 +1290,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 17974 + Line number: 19604
    • @@ -1348,7 +1348,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 43] + [DocId: 42] spec @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 17186 + Line number: 18791
    • @@ -1383,62 +1383,6 @@

    Remediation

    More about this issue

    - -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 17363 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    -

    Container is running without liveness probe

    @@ -1456,7 +1400,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 42] + [DocId: 41] spec @@ -1471,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 16997 + Line number: 18596
    • @@ -1508,7 +1452,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 43] + [DocId: 42] spec @@ -1523,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 17172 + Line number: 18777
    • @@ -1560,7 +1504,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 43] + [DocId: 42] spec @@ -1575,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 17206 + Line number: 18811
    • @@ -1612,7 +1556,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 45] + [DocId: 44] spec @@ -1627,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 17353 + Line number: 18958
    • @@ -1664,7 +1608,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 46] + [DocId: 45] spec @@ -1679,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 17585 + Line number: 19203
    • @@ -1716,7 +1660,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 42] + [DocId: 41] input @@ -1737,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 16997 + Line number: 18596
    • @@ -1774,7 +1718,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -1795,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 17172 + Line number: 18777
    • @@ -1832,7 +1776,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -1853,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 17206 + Line number: 18811
    • @@ -1890,7 +1834,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1911,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 17266 + Line number: 18871
    • @@ -1948,7 +1892,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -1969,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 17353 + Line number: 18958
    • @@ -2006,7 +1950,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2027,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 17585 + Line number: 19203
    • @@ -2064,7 +2008,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2085,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 17409 + Line number: 19015
    • @@ -2122,7 +2066,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -2143,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 17670 + Line number: 19288
    • @@ -2180,7 +2124,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -2201,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 17974 + Line number: 19604
    • @@ -2238,7 +2182,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 42] + [DocId: 41] input @@ -2257,7 +2201,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17096 + Line number: 18701
    • @@ -2267,7 +2211,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2294,7 +2238,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -2304,7 +2248,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[dex] securityContext @@ -2313,7 +2257,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17214 + Line number: 18794
    • @@ -2323,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2350,7 +2294,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -2360,7 +2304,7 @@

    Container's UID could clash with host's UID› spec - containers[dex] + initContainers[copyutil] securityContext @@ -2369,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17189 + Line number: 18819
    • @@ -2379,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2406,7 +2350,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -2425,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17287 + Line number: 18892
    • @@ -2435,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2462,7 +2406,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -2481,7 +2425,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17363 + Line number: 18968
    • @@ -2491,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2518,7 +2462,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2528,7 +2472,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[argocd-repo-server] securityContext @@ -2537,7 +2481,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17592 + Line number: 19176
    • @@ -2547,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2574,7 +2518,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2584,7 +2528,7 @@

    Container's UID could clash with host's UID› spec - containers[argocd-repo-server] + initContainers[copyutil] securityContext @@ -2593,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17558 + Line number: 19210
    • @@ -2603,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2630,7 +2574,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -2649,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17884 + Line number: 19514
    • @@ -2659,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2686,7 +2630,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -2705,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 18116 + Line number: 19746
    • @@ -2715,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index d51d9ed8037e7..c9130abeb1634 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:25:29 pm (UTC+00:00)

    +

    June 4th 2023, 12:18:44 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    41 total issues
    +
    40 total issues

    • @@ -774,7 +774,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 39] + [DocId: 38] spec @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1228 + Line number: 1231
    • @@ -826,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 34] input @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 640 + Line number: 624
    • @@ -884,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 849 + Line number: 839
    • @@ -942,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 815 + Line number: 805
    • @@ -1000,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 909 + Line number: 899
    • @@ -1058,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 37] input @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 996 + Line number: 986
    • @@ -1116,7 +1116,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1228 + Line number: 1231
    • @@ -1174,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1052 + Line number: 1043
    • @@ -1232,7 +1232,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 39] input @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1313 + Line number: 1316
    • @@ -1290,7 +1290,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 41] + [DocId: 40] input @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1617 + Line number: 1632
    • @@ -1348,7 +1348,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 36] + [DocId: 35] spec @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 829 + Line number: 819
    • @@ -1383,62 +1383,6 @@

    Remediation

    More about this issue

    - -
    -

    Container is running with writable root filesystem

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-8 -
      • - -
    • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - readOnlyRootFilesystem - -
      • - -
    • - Line number: 1006 -
      • -
    - -
    - -

    Impact

    -

    Compromised process could abuse writable root filesystem to elevate privileges

    - -

    Remediation

    -

    Set `securityContext.readOnlyRootFilesystem` to `true`

    - - -
    -
    - -
    -

    More about this issue

    -
    -

    Container is running without liveness probe

    @@ -1456,7 +1400,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 35] + [DocId: 34] spec @@ -1471,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 640 + Line number: 624
    • @@ -1508,7 +1452,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 36] + [DocId: 35] spec @@ -1523,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 815 + Line number: 805
    • @@ -1560,7 +1504,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 36] + [DocId: 35] spec @@ -1575,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 849 + Line number: 839
    • @@ -1612,7 +1556,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 38] + [DocId: 37] spec @@ -1627,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 996 + Line number: 986
    • @@ -1664,7 +1608,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 39] + [DocId: 38] spec @@ -1679,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 1228 + Line number: 1231
    • @@ -1716,7 +1660,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 34] input @@ -1737,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 640 + Line number: 624
    • @@ -1774,7 +1718,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -1795,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 815 + Line number: 805
    • @@ -1832,7 +1776,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -1853,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 849 + Line number: 839
    • @@ -1890,7 +1834,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -1911,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 909 + Line number: 899
    • @@ -1948,7 +1892,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 37] input @@ -1969,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 996 + Line number: 986
    • @@ -2006,7 +1950,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -2027,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 1228 + Line number: 1231
    • @@ -2064,7 +2008,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -2085,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 1052 + Line number: 1043
    • @@ -2122,7 +2066,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 39] input @@ -2143,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 1313 + Line number: 1316
    • @@ -2180,7 +2124,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 41] + [DocId: 40] input @@ -2201,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 1617 + Line number: 1632
    • @@ -2238,7 +2182,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 35] + [DocId: 34] input @@ -2257,7 +2201,7 @@

    Container's UID could clash with host's UID
  • - Line number: 739 + Line number: 729
    • @@ -2267,7 +2211,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2294,7 +2238,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -2304,7 +2248,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[dex] securityContext @@ -2313,7 +2257,7 @@

    Container's UID could clash with host's UID
  • - Line number: 857 + Line number: 822
    • @@ -2323,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2350,7 +2294,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -2360,7 +2304,7 @@

    Container's UID could clash with host's UID› spec - containers[dex] + initContainers[copyutil] securityContext @@ -2369,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 832 + Line number: 847
    • @@ -2379,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2406,7 +2350,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -2425,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 930 + Line number: 920
    • @@ -2435,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2462,7 +2406,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 38] + [DocId: 37] input @@ -2481,7 +2425,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1006 + Line number: 996
    • @@ -2491,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2518,7 +2462,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -2528,7 +2472,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[argocd-repo-server] securityContext @@ -2537,7 +2481,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1235 + Line number: 1204
    • @@ -2547,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2574,7 +2518,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -2584,7 +2528,7 @@

    Container's UID could clash with host's UID› spec - containers[argocd-repo-server] + initContainers[copyutil] securityContext @@ -2593,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1201 + Line number: 1238
    • @@ -2603,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2630,7 +2574,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 40] + [DocId: 39] input @@ -2649,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1527 + Line number: 1542
    • @@ -2659,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2686,7 +2630,7 @@

    Container's UID could clash with host's UID
  • Introduced through: - [DocId: 41] + [DocId: 40] input @@ -2705,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1759 + Line number: 1774
    • @@ -2715,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 7dc86d4a27b3b..d47e7f66ff52a 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:21:58 pm (UTC+00:00)

    +

    June 4th 2023, 12:16:13 am (UTC+00:00)

    Scanned the following paths: @@ -468,7 +468,7 @@

    Snyk test report

    1 known vulnerabilities
    2 vulnerable dependency paths
    -
    1812 dependencies
    +
    1826 dependencies
    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html index 0ea1e90741c8e..773947e5719fe 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:22:13 pm (UTC+00:00)

    +

    June 4th 2023, 12:16:25 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    4 known vulnerabilities
    -
    28 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    35 vulnerable dependency paths
    760 dependencies

    • @@ -591,7 +591,14 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    A security vulnerability has been identified in all supported versions

    +

    of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    Remediation

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    References

    @@ -601,6 +608,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -743,6 +751,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -891,6 +900,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -1047,6 +1057,181 @@

    References

    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/master/haproxy_2.6.12-alpine.html b/docs/snyk/master/haproxy_2.6.12-alpine.html index 81d1a635ee0df..1561cbddad0a4 100644 --- a/docs/snyk/master/haproxy_2.6.12-alpine.html +++ b/docs/snyk/master/haproxy_2.6.12-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:22:23 pm (UTC+00:00)

    +

    June 4th 2023, 12:16:31 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    +
    2 known vulnerabilities
    +
    18 vulnerable dependency paths
    18 dependencies
    @@ -654,6 +654,203 @@

    References

    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.12-alpine and openssl/libcrypto3@3.0.8-r3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 42fcdcc7eabf9..86f04dbe59f49 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:22:57 pm (UTC+00:00)

    +

    June 4th 2023, 12:16:54 am (UTC+00:00)

    Scanned the following paths: @@ -466,9 +466,9 @@

    Snyk test report

    -
    19 known vulnerabilities
    -
    76 vulnerable dependency paths
    -
    2100 dependencies
    +
    20 known vulnerabilities
    +
    73 vulnerable dependency paths
    +
    2105 dependencies
    @@ -603,6 +603,85 @@

    References

    More about this vulnerability

    + +
    +

    CVE-2023-2603

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libcap2 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and libcap2@1:2.44-1build3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + libcap2@1:2.44-1build3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.9 + + apt/libapt-pkg6.0@2.4.9 + + systemd/libsystemd0@249.11-0ubuntu3.9 + + libcap2@1:2.44-1build3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 libcap2.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2022-46908

    @@ -1001,7 +1080,7 @@

    References

    -

    Out-of-bounds Read

    +

    Information Exposure

    @@ -1017,12 +1096,12 @@

    Out-of-bounds Read

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.9 + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1033,115 +1112,11 @@

    Out-of-bounds Read

    Detailed paths

      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
    • Introduced through: docker-image|quay.io/argoproj/argocd@latest openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 @@ -1153,43 +1128,33 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

      -

      Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

      -

      The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

      -

      If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

      +

      The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssl.

      +

      There is no fixed version for Ubuntu:22.04 openssh.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Improper Privilege Management

    +

    CVE-2023-28531

    @@ -1239,35 +1204,25 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    +

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    Remediation

    There is no fixed version for Ubuntu:22.04 openssh.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Information Exposure

    +

    CVE-2023-2953

    @@ -1283,13 +1238,13 @@

    Information Exposure

  • Vulnerable module: - openssh/openssh-client + openldap/libldap-2.5-0
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@latest, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    • @@ -1303,7 +1258,31 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -1315,33 +1294,27 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

    Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    +

    A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    There is no fixed version for Ubuntu:22.04 openldap.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    CVE-2023-28531

    +

    Resource Exhaustion

    @@ -1357,13 +1330,13 @@

    CVE-2023-28531

  • Vulnerable module: - openssh/openssh-client + libzstd/libzstd1
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@latest, meta-common-packages@meta and others
    • @@ -1377,7 +1350,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + meta-common-packages@meta + + libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -1389,27 +1364,26 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

    Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    +

    A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    There is no fixed version for Ubuntu:22.04 libzstd.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Resource Exhaustion

    +

    CVE-2023-2602

    @@ -1425,13 +1399,13 @@

    Resource Exhaustion

  • Vulnerable module: - libzstd/libzstd1 + libcap2
  • Introduced through: + docker-image|quay.io/argoproj/argocd@latest and libcap2@1:2.44-1build3 - docker-image|quay.io/argoproj/argocd@latest, meta-common-packages@meta and others
    • @@ -1445,9 +1419,22 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - meta-common-packages@meta + libcap2@1:2.44-1build3 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - libzstd/libzstd1@1.4.8+dfsg-3build1 + apt@2.4.9 + + apt/libapt-pkg6.0@2.4.9 + + systemd/libsystemd0@249.11-0ubuntu3.9 + + libcap2@1:2.44-1build3 @@ -1459,21 +1446,18 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

    +

    This vulnerability has not been analyzed by NVD yet.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libzstd.

    +

    There is no fixed version for Ubuntu:22.04 libcap2.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • @@ -2315,7 +2299,7 @@

    References

    -

    CVE-2023-28321

    +

    Improper Certificate Validation

    diff --git a/docs/snyk/master/redis_7.0.11-alpine.html b/docs/snyk/master/redis_7.0.11-alpine.html index 9118cfc1f5789..d1952b61a9b79 100644 --- a/docs/snyk/master/redis_7.0.11-alpine.html +++ b/docs/snyk/master/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:23:06 pm (UTC+00:00)

    +

    June 4th 2023, 12:17:06 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    +
    1 known vulnerabilities
    +
    9 vulnerable dependency paths
    18 dependencies
    @@ -484,7 +484,207 @@

    Snyk test report

    - No known vulnerabilities detected. +
    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.0-r4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r0 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.0-r9 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libssl3@3.1.0-r4 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r0 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.0-r9 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    diff --git a/docs/snyk/v2.5.17/argocd-iac-install.html b/docs/snyk/v2.5.17/argocd-iac-install.html index a64aae98214ad..4a167b915ac4e 100644 --- a/docs/snyk/v2.5.17/argocd-iac-install.html +++ b/docs/snyk/v2.5.17/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:35:25 pm (UTC+00:00)

    +

    June 4th 2023, 12:25:47 am (UTC+00:00)

    Scanned the following path: @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2304,7 +2304,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[dex] securityContext @@ -2313,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 10071 + Line number: 10046
    • @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2360,7 +2360,7 @@

    Container's UID could clash with host's UID› spec - containers[dex] + initContainers[copyutil] securityContext @@ -2369,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 10046 + Line number: 10071
    • @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2528,7 +2528,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[argocd-repo-server] securityContext @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 10427 + Line number: 10393
    • @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2584,7 +2584,7 @@

    Container's UID could clash with host's UID› spec - containers[argocd-repo-server] + initContainers[copyutil] securityContext @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 10393 + Line number: 10427
    • @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/v2.5.17/argocd-iac-namespace-install.html b/docs/snyk/v2.5.17/argocd-iac-namespace-install.html index ed5a25e5e084a..fba88b460848e 100644 --- a/docs/snyk/v2.5.17/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.17/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:35:42 pm (UTC+00:00)

    +

    June 4th 2023, 12:26:00 am (UTC+00:00)

    Scanned the following path: @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2304,7 +2304,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[dex] securityContext @@ -2313,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 737 + Line number: 712
    • @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2360,7 +2360,7 @@

    Container's UID could clash with host's UID› spec - containers[dex] + initContainers[copyutil] securityContext @@ -2369,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 712 + Line number: 737
    • @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2528,7 +2528,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[argocd-repo-server] securityContext @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1093 + Line number: 1059
    • @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2584,7 +2584,7 @@

    Container's UID could clash with host's UID› spec - containers[argocd-repo-server] + initContainers[copyutil] securityContext @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1059 + Line number: 1093
    • @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/v2.5.17/argocd-test.html b/docs/snyk/v2.5.17/argocd-test.html index 3946919a00225..93873a2831fdc 100644 --- a/docs/snyk/v2.5.17/argocd-test.html +++ b/docs/snyk/v2.5.17/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:33:15 pm (UTC+00:00)

    +

    June 4th 2023, 12:24:11 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html index 5653b9fe1912b..7a16fec6bf9be 100644 --- a/docs/snyk/v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:33:24 pm (UTC+00:00)

    +

    June 4th 2023, 12:24:20 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    4 known vulnerabilities
    -
    28 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    35 vulnerable dependency paths
    760 dependencies
    @@ -591,7 +591,14 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    A security vulnerability has been identified in all supported versions

    +

    of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    Remediation

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    References

    @@ -601,6 +608,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -743,6 +751,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -891,6 +900,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -1047,6 +1057,181 @@

    References

    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html b/docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html index 25f4a570269e7..fe7109a317861 100644 --- a/docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html +++ b/docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:33:30 pm (UTC+00:00)

    +

    June 4th 2023, 12:24:25 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    +
    2 known vulnerabilities
    +
    18 vulnerable dependency paths
    18 dependencies
    @@ -654,6 +654,203 @@

    References

    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.12-alpine and openssl/libcrypto3@3.0.8-r3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.5.17/quay.io_argoproj_argocd_v2.5.17.html b/docs/snyk/v2.5.17/quay.io_argoproj_argocd_v2.5.17.html index cf3422d386c59..795456f7ad976 100644 --- a/docs/snyk/v2.5.17/quay.io_argoproj_argocd_v2.5.17.html +++ b/docs/snyk/v2.5.17/quay.io_argoproj_argocd_v2.5.17.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:34:01 pm (UTC+00:00)

    +

    June 4th 2023, 12:24:48 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    29 known vulnerabilities
    -
    88 vulnerable dependency paths
    +
    32 known vulnerabilities
    +
    103 vulnerable dependency paths
    2047 dependencies
    @@ -1005,6 +1005,301 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2023-2650

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssl/libssl3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.5.17 and openssl/libssl3@3.0.2-0ubuntu1.9 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.9 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + libssh/libssh-4@0.9.6-2build1 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.3 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 + + krb5/libkrb5-3@1.19.2-2ubuntu0.2 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + openssl@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.9 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-2603

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libcap2 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.5.17 and libcap2@1:2.44-1build3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + libcap2@1:2.44-1build3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + apt@2.4.9 + + apt/libapt-pkg6.0@2.4.9 + + systemd/libsystemd0@249.11-0ubuntu3.9 + + libcap2@1:2.44-1build3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 libcap2.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Denial of Service (DoS)

    @@ -1941,7 +2236,7 @@

    NVD Description

    application is affected. This is fairly unlikely making this issue a Low severity one.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    +

    Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

    References

    • ADVISORY
      • @@ -1959,7 +2254,7 @@

      References

    -

    Improper Privilege Management

    +

    Information Exposure

    @@ -2009,35 +2304,31 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    +

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    Remediation

    There is no fixed version for Ubuntu:22.04 openssh.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Information Exposure

    +

    CVE-2023-28531

    @@ -2087,31 +2378,25 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    +

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    Remediation

    There is no fixed version for Ubuntu:22.04 openssh.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    CVE-2023-28531

    +

    CVE-2023-2953

    @@ -2127,13 +2412,13 @@

    CVE-2023-28531

  • Vulnerable module: - openssh/openssh-client + openldap/libldap-2.5-0
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.17, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    • @@ -2147,7 +2432,31 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.5.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2159,22 +2468,22 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

    Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    +

    A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    There is no fixed version for Ubuntu:22.04 openldap.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • @@ -2246,6 +2555,85 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2023-2602

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libcap2 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.5.17 and libcap2@1:2.44-1build3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + libcap2@1:2.44-1build3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.17 + + apt@2.4.9 + + apt/libapt-pkg6.0@2.4.9 + + systemd/libsystemd0@249.11-0ubuntu3.9 + + libcap2@1:2.44-1build3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 libcap2.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Integer Overflow or Wraparound

    @@ -3085,7 +3473,7 @@

    References

    -

    CVE-2023-28321

    +

    Improper Certificate Validation

    diff --git a/docs/snyk/v2.5.17/redis_7.0.11-alpine.html b/docs/snyk/v2.5.17/redis_7.0.11-alpine.html index 8c21514ddc1e8..ef088d3fbb454 100644 --- a/docs/snyk/v2.5.17/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.5.17/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:34:08 pm (UTC+00:00)

    +

    June 4th 2023, 12:24:54 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    +
    1 known vulnerabilities
    +
    9 vulnerable dependency paths
    18 dependencies
    @@ -484,7 +484,207 @@

    Snyk test report

    - No known vulnerabilities detected. +
    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.0-r4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r0 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.0-r9 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libssl3@3.1.0-r4 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r0 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.0-r9 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    diff --git a/docs/snyk/v2.6.8/argocd-iac-install.html b/docs/snyk/v2.6.8/argocd-iac-install.html index 90e59283c3d75..da733796e12b9 100644 --- a/docs/snyk/v2.6.8/argocd-iac-install.html +++ b/docs/snyk/v2.6.8/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:32:32 pm (UTC+00:00)

    +

    June 4th 2023, 12:23:42 am (UTC+00:00)

    Scanned the following path: @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2304,7 +2304,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[dex] securityContext @@ -2313,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 15993 + Line number: 15968
    • @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2360,7 +2360,7 @@

    Container's UID could clash with host's UID› spec - containers[dex] + initContainers[copyutil] securityContext @@ -2369,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 15968 + Line number: 15993
    • @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2528,7 +2528,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[argocd-repo-server] securityContext @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 16356 + Line number: 16322
    • @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2584,7 +2584,7 @@

    Container's UID could clash with host's UID› spec - containers[argocd-repo-server] + initContainers[copyutil] securityContext @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 16322 + Line number: 16356
    • @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/v2.6.8/argocd-iac-namespace-install.html b/docs/snyk/v2.6.8/argocd-iac-namespace-install.html index a880f4a802ee3..574cfc9e02f74 100644 --- a/docs/snyk/v2.6.8/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.6.8/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:32:47 pm (UTC+00:00)

    +

    June 4th 2023, 12:23:53 am (UTC+00:00)

    Scanned the following path: @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2304,7 +2304,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[dex] securityContext @@ -2313,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 797 + Line number: 772
    • @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2360,7 +2360,7 @@

    Container's UID could clash with host's UID› spec - containers[dex] + initContainers[copyutil] securityContext @@ -2369,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 772 + Line number: 797
    • @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2528,7 +2528,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[argocd-repo-server] securityContext @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1160 + Line number: 1126
    • @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2584,7 +2584,7 @@

    Container's UID could clash with host's UID› spec - containers[argocd-repo-server] + initContainers[copyutil] securityContext @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1126 + Line number: 1160
    • @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/v2.6.8/argocd-test.html b/docs/snyk/v2.6.8/argocd-test.html index bcb13efeadeef..a8502c11858f0 100644 --- a/docs/snyk/v2.6.8/argocd-test.html +++ b/docs/snyk/v2.6.8/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:29:32 pm (UTC+00:00)

    +

    June 4th 2023, 12:21:35 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html index b10c128ac615d..287f58d3f2fc8 100644 --- a/docs/snyk/v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:29:42 pm (UTC+00:00)

    +

    June 4th 2023, 12:21:42 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    4 known vulnerabilities
    -
    28 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    35 vulnerable dependency paths
    760 dependencies
    @@ -591,7 +591,14 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    A security vulnerability has been identified in all supported versions

    +

    of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    Remediation

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    References

    @@ -601,6 +608,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -743,6 +751,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -891,6 +900,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -1047,6 +1057,181 @@

    References

    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html b/docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html index f5deaadb8af60..b6962e1836705 100644 --- a/docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html +++ b/docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:29:48 pm (UTC+00:00)

    +

    June 4th 2023, 12:21:49 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    +
    2 known vulnerabilities
    +
    18 vulnerable dependency paths
    18 dependencies
    @@ -654,6 +654,203 @@

    References

    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.12-alpine and openssl/libcrypto3@3.0.8-r3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.6.8/quay.io_argoproj_argocd_v2.6.8.html b/docs/snyk/v2.6.8/quay.io_argoproj_argocd_v2.6.8.html index 44a364a377ed1..7a4bffc270f17 100644 --- a/docs/snyk/v2.6.8/quay.io_argoproj_argocd_v2.6.8.html +++ b/docs/snyk/v2.6.8/quay.io_argoproj_argocd_v2.6.8.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:30:28 pm (UTC+00:00)

    +

    June 4th 2023, 12:22:18 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    27 known vulnerabilities
    -
    86 vulnerable dependency paths
    +
    30 known vulnerabilities
    +
    101 vulnerable dependency paths
    2063 dependencies
    @@ -1005,6 +1005,301 @@

    References

    More about this vulnerability

    + +
    +

    CVE-2023-2650

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssl/libssl3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.8 and openssl/libssl3@3.0.2-0ubuntu1.9 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.9 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + libssh/libssh-4@0.9.6-2build1 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.3 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 + + krb5/libkrb5-3@1.19.2-2ubuntu0.2 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + openssl@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.9 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-2603

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libcap2 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.8 and libcap2@1:2.44-1build3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + libcap2@1:2.44-1build3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + apt@2.4.9 + + apt/libapt-pkg6.0@2.4.9 + + systemd/libsystemd0@249.11-0ubuntu3.9 + + libcap2@1:2.44-1build3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 libcap2.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    @@ -1795,7 +2090,7 @@

    NVD Description

    application is affected. This is fairly unlikely making this issue a Low severity one.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    +

    Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

    References

    • ADVISORY
      • @@ -1813,7 +2108,7 @@

      References

    -

    Improper Privilege Management

    +

    Information Exposure

    @@ -1863,35 +2158,31 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    +

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    Remediation

    There is no fixed version for Ubuntu:22.04 openssh.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Information Exposure

    +

    CVE-2023-28531

    @@ -1941,31 +2232,25 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    +

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    Remediation

    There is no fixed version for Ubuntu:22.04 openssh.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    CVE-2023-28531

    +

    CVE-2023-2953

    @@ -1981,13 +2266,13 @@

    CVE-2023-28531

  • Vulnerable module: - openssh/openssh-client + openldap/libldap-2.5-0
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.8, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    • @@ -2001,7 +2286,31 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.6.8 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2013,22 +2322,22 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

    Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    +

    A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    There is no fixed version for Ubuntu:22.04 openldap.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • @@ -2100,6 +2409,85 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2023-2602

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libcap2 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.6.8 and libcap2@1:2.44-1build3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + libcap2@1:2.44-1build3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.8 + + apt@2.4.9 + + apt/libapt-pkg6.0@2.4.9 + + systemd/libsystemd0@249.11-0ubuntu3.9 + + libcap2@1:2.44-1build3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 libcap2.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Integer Overflow or Wraparound

    @@ -2939,7 +3327,7 @@

    References

    -

    CVE-2023-28321

    +

    Improper Certificate Validation

    diff --git a/docs/snyk/v2.6.8/redis_7.0.11-alpine.html b/docs/snyk/v2.6.8/redis_7.0.11-alpine.html index 250d1de7c4bf8..a6b238cb47dde 100644 --- a/docs/snyk/v2.6.8/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.6.8/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:30:34 pm (UTC+00:00)

    +

    June 4th 2023, 12:22:24 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    +
    1 known vulnerabilities
    +
    9 vulnerable dependency paths
    18 dependencies
    @@ -484,7 +484,207 @@

    Snyk test report

    - No known vulnerabilities detected. +
    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.0-r4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r0 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.0-r9 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libssl3@3.1.0-r4 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r0 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.0-r9 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    diff --git a/docs/snyk/v2.7.3/argocd-iac-install.html b/docs/snyk/v2.7.3/argocd-iac-install.html index 45b3053cbf037..5f6306a69abf5 100644 --- a/docs/snyk/v2.7.3/argocd-iac-install.html +++ b/docs/snyk/v2.7.3/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:28:53 pm (UTC+00:00)

    +

    June 4th 2023, 12:21:09 am (UTC+00:00)

    Scanned the following path: @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2304,7 +2304,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[dex] securityContext @@ -2313,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17154 + Line number: 17129
    • @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2360,7 +2360,7 @@

    Container's UID could clash with host's UID› spec - containers[dex] + initContainers[copyutil] securityContext @@ -2369,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17129 + Line number: 17154
    • @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2528,7 +2528,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[argocd-repo-server] securityContext @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17519 + Line number: 17485
    • @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2584,7 +2584,7 @@

    Container's UID could clash with host's UID› spec - containers[argocd-repo-server] + initContainers[copyutil] securityContext @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17485 + Line number: 17519
    • @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/v2.7.3/argocd-iac-namespace-install.html b/docs/snyk/v2.7.3/argocd-iac-namespace-install.html index 9810dd3636d46..1c4beaedc1c52 100644 --- a/docs/snyk/v2.7.3/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.3/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:29:12 pm (UTC+00:00)

    +

    June 4th 2023, 12:21:21 am (UTC+00:00)

    Scanned the following path: @@ -2267,7 +2267,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2304,7 +2304,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[dex] securityContext @@ -2313,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 814 + Line number: 789
    • @@ -2323,7 +2323,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2360,7 +2360,7 @@

    Container's UID could clash with host's UID› spec - containers[dex] + initContainers[copyutil] securityContext @@ -2369,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 789 + Line number: 814
    • @@ -2379,7 +2379,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2435,7 +2435,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2491,7 +2491,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2528,7 +2528,7 @@

    Container's UID could clash with host's UID› spec - initContainers[copyutil] + containers[argocd-repo-server] securityContext @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1179 + Line number: 1145
    • @@ -2547,7 +2547,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2584,7 +2584,7 @@

    Container's UID could clash with host's UID› spec - containers[argocd-repo-server] + initContainers[copyutil] securityContext @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1145 + Line number: 1179
    • @@ -2603,7 +2603,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2659,7 +2659,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    @@ -2715,7 +2715,7 @@

    Impact

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10000. SecurityContext can be set on both `spec` and `container` level. If both are set, then the container level takes precedence

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    diff --git a/docs/snyk/v2.7.3/argocd-test.html b/docs/snyk/v2.7.3/argocd-test.html index 406dd92e13ea7..4a1fafe570a7f 100644 --- a/docs/snyk/v2.7.3/argocd-test.html +++ b/docs/snyk/v2.7.3/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:25:45 pm (UTC+00:00)

    +

    June 4th 2023, 12:19:03 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html index 19e1cd62d839e..a5244bab63443 100644 --- a/docs/snyk/v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:25:55 pm (UTC+00:00)

    +

    June 4th 2023, 12:19:12 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    4 known vulnerabilities
    -
    28 vulnerable dependency paths
    +
    5 known vulnerabilities
    +
    35 vulnerable dependency paths
    760 dependencies
    @@ -591,7 +591,14 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    A security vulnerability has been identified in all supported versions

    +

    of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    Remediation

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    References

    @@ -601,6 +608,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -743,6 +751,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -891,6 +900,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -1047,6 +1057,181 @@

    References

    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html b/docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html index f09200213d076..ab656613b8916 100644 --- a/docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html +++ b/docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:26:02 pm (UTC+00:00)

    +

    June 4th 2023, 12:19:17 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    +
    2 known vulnerabilities
    +
    18 vulnerable dependency paths
    18 dependencies
    @@ -654,6 +654,203 @@

    References

    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.12-alpine and openssl/libcrypto3@3.0.8-r3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + .haproxy-rundeps@20230329.185657 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.12-alpine + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.7.3/quay.io_argoproj_argocd_v2.7.3.html b/docs/snyk/v2.7.3/quay.io_argoproj_argocd_v2.7.3.html index 67fe3880d5c42..97f37778b3f84 100644 --- a/docs/snyk/v2.7.3/quay.io_argoproj_argocd_v2.7.3.html +++ b/docs/snyk/v2.7.3/quay.io_argoproj_argocd_v2.7.3.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:26:34 pm (UTC+00:00)

    +

    June 4th 2023, 12:19:37 am (UTC+00:00)

    Scanned the following paths: @@ -466,8 +466,8 @@

    Snyk test report

    -
    21 known vulnerabilities
    -
    78 vulnerable dependency paths
    +
    24 known vulnerabilities
    +
    93 vulnerable dependency paths
    2065 dependencies
    @@ -762,6 +762,301 @@

    References

    More about this vulnerability

    + +
    +

    CVE-2023-2650

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssl/libssl3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.3 and openssl/libssl3@3.0.2-0ubuntu1.9 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + openssh/openssh-client@1:8.9p1-3ubuntu0.1 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.9 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + libssh/libssh-4@0.9.6-2build1 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.3 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 + + krb5/libkrb5-3@1.19.2-2ubuntu0.2 + + openssl/libssl3@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + openssl@3.0.2-0ubuntu1.9 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + ca-certificates@20211016ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.9 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-2603

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libcap2 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.3 and libcap2@1:2.44-1build3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + libcap2@1:2.44-1build3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + apt@2.4.9 + + apt/libapt-pkg6.0@2.4.9 + + systemd/libsystemd0@249.11-0ubuntu3.9 + + libcap2@1:2.44-1build3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 libcap2.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2022-46908

    @@ -1330,7 +1625,7 @@

    NVD Description

    application is affected. This is fairly unlikely making this issue a Low severity one.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    +

    Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

    References

    • ADVISORY
      • @@ -1348,7 +1643,7 @@

      References

    -

    Improper Privilege Management

    +

    Information Exposure

    @@ -1398,35 +1693,31 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

    +

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    Remediation

    There is no fixed version for Ubuntu:22.04 openssh.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Information Exposure

    +

    CVE-2023-28531

    @@ -1476,31 +1767,25 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    +

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    Remediation

    There is no fixed version for Ubuntu:22.04 openssh.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    CVE-2023-28531

    +

    CVE-2023-2953

    @@ -1516,13 +1801,13 @@

    CVE-2023-28531

  • Vulnerable module: - openssh/openssh-client + openldap/libldap-2.5-0
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.3, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    • @@ -1536,7 +1821,31 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.7.3 - openssh/openssh-client@1:8.9p1-3ubuntu0.1 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -1548,22 +1857,22 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. +

    Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

    +

    A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    There is no fixed version for Ubuntu:22.04 openldap.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • @@ -1635,6 +1944,85 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2023-2602

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libcap2 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.3 and libcap2@1:2.44-1build3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + libcap2@1:2.44-1build3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.3 + + apt@2.4.9 + + apt/libapt-pkg6.0@2.4.9 + + systemd/libsystemd0@249.11-0ubuntu3.9 + + libcap2@1:2.44-1build3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 libcap2.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Integer Overflow or Wraparound

    @@ -2474,7 +2862,7 @@

    References

    -

    CVE-2023-28321

    +

    Improper Certificate Validation

    diff --git a/docs/snyk/v2.7.3/redis_7.0.11-alpine.html b/docs/snyk/v2.7.3/redis_7.0.11-alpine.html index aaae7f3257d3e..0361067d1a4d0 100644 --- a/docs/snyk/v2.7.3/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.7.3/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    May 27th 2023, 11:26:39 pm (UTC+00:00)

    +

    June 4th 2023, 12:19:42 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    +
    1 known vulnerabilities
    +
    9 vulnerable dependency paths
    18 dependencies
    @@ -484,7 +484,207 @@

    Snyk test report

    - No known vulnerabilities detected. +
    +
    +

    CVE-2023-2650

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.0-r4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r0 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.0-r9 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libssl3@3.1.0-r4 + + openssl/libcrypto3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230511.210805 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r0 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.0-r9 + + openssl/libssl3@3.1.0-r4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.1-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    From 9f3d70d35b31063e15b846ab39b0585ac48dea63 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jun 2023 12:49:19 -0400 Subject: [PATCH 110/252] chore(deps): bump github.com/yuin/gopher-lua (#13916) Bumps [github.com/yuin/gopher-lua](https://github.com/yuin/gopher-lua) from 0.0.0-20220504180219-658193537a64 to 1.1.0. - [Release notes](https://github.com/yuin/gopher-lua/releases) - [Commits](https://github.com/yuin/gopher-lua/commits/v1.1.0) --- updated-dependencies: - dependency-name: github.com/yuin/gopher-lua dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 97bbeb76a1ae7..4caf31aa6fc3f 100644 --- a/go.mod +++ b/go.mod @@ -70,7 +70,7 @@ require ( github.com/valyala/fasttemplate v1.2.2 github.com/whilp/git-urls v1.0.0 github.com/xanzy/go-gitlab v0.84.0 - github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64 + github.com/yuin/gopher-lua v1.1.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 go.opentelemetry.io/otel v1.16.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0 diff --git a/go.sum b/go.sum index 0a52ec13e6a69..42c023b1532f2 100644 --- a/go.sum +++ b/go.sum @@ -1034,8 +1034,9 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64 h1:5mLPGnFdSsevFRFc9q3yYbBkB6tsm4aCwwQV/j1JQAQ= github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= +github.com/yuin/gopher-lua v1.1.0 h1:BojcDhfyDWgU2f2TOzYK/g5p2gxMrku8oupLDqlnSqE= +github.com/yuin/gopher-lua v1.1.0/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= From d1dc735dc1182d9725d51431deda20fa7355d91f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jun 2023 12:51:48 -0400 Subject: [PATCH 111/252] chore(deps): bump github.com/grpc-ecosystem/go-grpc-middleware (#13920) Bumps [github.com/grpc-ecosystem/go-grpc-middleware](https://github.com/grpc-ecosystem/go-grpc-middleware) from 1.3.0 to 1.4.0. - [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases) - [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v1.3.0...v1.4.0) --- updated-dependencies: - dependency-name: github.com/grpc-ecosystem/go-grpc-middleware dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 4caf31aa6fc3f..a5f730b9dcbd9 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.5.0 github.com/gosimple/slug v1.13.1 - github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 + github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/grpc-ecosystem/grpc-gateway v1.16.0 github.com/hashicorp/go-retryablehttp v0.7.2 diff --git a/go.sum b/go.sum index 42c023b1532f2..cc76de763d9ec 100644 --- a/go.sum +++ b/go.sum @@ -552,8 +552,9 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:Fecb github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= +github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= +github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= @@ -1103,6 +1104,7 @@ go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= +go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= From 428928518838f8a0f9f31217a37e3a42289e9505 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jun 2023 12:52:40 -0400 Subject: [PATCH 112/252] chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#13918) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index a5f730b9dcbd9..02de0e9a0c5a0 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,7 @@ require ( github.com/r3labs/diff v1.1.0 github.com/redis/go-redis/v9 v9.0.5 github.com/robfig/cron/v3 v3.0.1 - github.com/sirupsen/logrus v1.9.0 + github.com/sirupsen/logrus v1.9.3 github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c github.com/soheilhy/cmux v0.1.5 github.com/spf13/cobra v1.6.1 diff --git a/go.sum b/go.sum index cc76de763d9ec..946213eb35a4c 100644 --- a/go.sum +++ b/go.sum @@ -924,8 +924,9 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c h1:fyKiXKO1/I/B6Y2U8T7WdQGWzwehOuGIrljPtt7YTTI= From b2c59014a7a39490173408087ec4a82ceecd392d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jun 2023 12:53:47 -0400 Subject: [PATCH 113/252] chore(deps): bump github.com/prometheus/client_golang (#13919) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.14.0 to 1.15.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.15.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 20 +++++++++----------- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 02de0e9a0c5a0..35495a2ea3b96 100644 --- a/go.mod +++ b/go.mod @@ -57,7 +57,7 @@ require ( github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 github.com/olekukonko/tablewriter v0.0.5 github.com/patrickmn/go-cache v2.1.0+incompatible - github.com/prometheus/client_golang v1.14.0 + github.com/prometheus/client_golang v1.15.1 github.com/r3labs/diff v1.1.0 github.com/redis/go-redis/v9 v9.0.5 github.com/robfig/cron/v3 v3.0.1 @@ -181,7 +181,7 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/malexdev/utfutil v0.0.0-20180510171754-00c8d4a8e7a8 // indirect github.com/mattn/go-runewidth v0.0.14 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect github.com/mitchellh/go-wordwrap v1.0.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect @@ -201,8 +201,8 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.3.0 // indirect - github.com/prometheus/common v0.37.0 // indirect - github.com/prometheus/procfs v0.8.0 // indirect + github.com/prometheus/common v0.42.0 // indirect + github.com/prometheus/procfs v0.9.0 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/rs/cors v1.8.0 // indirect github.com/russross/blackfriday v1.6.0 // indirect diff --git a/go.sum b/go.sum index 946213eb35a4c..bc653722b94cd 100644 --- a/go.sum +++ b/go.sum @@ -333,11 +333,9 @@ github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxF github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= @@ -669,8 +667,8 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -716,8 +714,9 @@ github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM= github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHSH/GzLMJeu5zhYVZSx5RQxGKm1h96s= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -855,8 +854,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= -github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= +github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI= +github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -869,8 +868,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= -github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= +github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= +github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -878,8 +877,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= -github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= +github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= +github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quobyte/api v0.1.8/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI= github.com/r3labs/diff v1.1.0 h1:V53xhrbTHrWFWq3gI4b94AjgEJOerO1+1l0xyHOBi8M= @@ -1267,7 +1266,6 @@ golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= From 4ecffdd236bffe524538b39b293de19f905e762d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jun 2023 17:43:13 +0000 Subject: [PATCH 114/252] chore(deps): bump github.com/alicebob/miniredis/v2 from 2.23.1 to 2.30.3 (#13917) Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) from 2.23.1 to 2.30.3. - [Release notes](https://github.com/alicebob/miniredis/releases) - [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md) - [Commits](https://github.com/alicebob/miniredis/compare/v2.23.1...v2.30.3) --- updated-dependencies: - dependency-name: github.com/alicebob/miniredis/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 35495a2ea3b96..bceb65d6fb00f 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.0 github.com/Masterminds/sprig/v3 v3.2.3 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d - github.com/alicebob/miniredis/v2 v2.23.1 + github.com/alicebob/miniredis/v2 v2.30.3 github.com/antonmedv/expr v1.12.5 github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da diff --git a/go.sum b/go.sum index bc653722b94cd..4a0f01f2e00f5 100644 --- a/go.sum +++ b/go.sum @@ -112,8 +112,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= -github.com/alicebob/miniredis/v2 v2.23.1 h1:jR6wZggBxwWygeXcdNyguCOCIjPsZyNUNlAkTx2fu0U= -github.com/alicebob/miniredis/v2 v2.23.1/go.mod h1:84TWKZlxYkfgMucPBf5SOQBYJceZeQRFIaQgNMiCX6Q= +github.com/alicebob/miniredis/v2 v2.30.3 h1:hrqDB4cHFSHQf4gO3xu6YKQg8PqJpNjLYsQAFYHstqw= +github.com/alicebob/miniredis/v2 v2.30.3/go.mod h1:b25qWj4fCEsBeAAR2mlb0ufImGC6uH3VlUfb/HS5zKg= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= @@ -1035,7 +1035,6 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= github.com/yuin/gopher-lua v1.1.0 h1:BojcDhfyDWgU2f2TOzYK/g5p2gxMrku8oupLDqlnSqE= github.com/yuin/gopher-lua v1.1.0/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= From ef42c6e8ab1e79e76ceda2196ad39bb57cc3b4f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Jun 2023 08:05:26 -0400 Subject: [PATCH 115/252] chore(deps): bump github.com/Masterminds/semver/v3 from 3.2.0 to 3.2.1 (#13930) Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1) --- updated-dependencies: - dependency-name: github.com/Masterminds/semver/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index bceb65d6fb00f..47c0319806405 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.19 require ( code.gitea.io/sdk/gitea v0.15.1 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible - github.com/Masterminds/semver/v3 v3.2.0 + github.com/Masterminds/semver/v3 v3.2.1 github.com/Masterminds/sprig/v3 v3.2.3 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/alicebob/miniredis/v2 v2.30.3 diff --git a/go.sum b/go.sum index 4a0f01f2e00f5..02667898d0aee 100644 --- a/go.sum +++ b/go.sum @@ -79,8 +79,9 @@ github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd h1:sjQovDkwrZp github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.4.15/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= From e43de8216b4613d7911c2db6d5cbf7794094d925 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Jun 2023 08:05:58 -0400 Subject: [PATCH 116/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.275 to 1.44.277 (#13931) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.275 to 1.44.277. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.275...v1.44.277) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 47c0319806405..47aba9a6f1505 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.275 + github.com/aws/aws-sdk-go v1.44.277 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 diff --git a/go.sum b/go.sum index 02667898d0aee..9cbc973a7783a 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.275 h1:VqRULgqrigvQLll4e4hXuc568EQAtZQ6jmBzLlQHzSI= -github.com/aws/aws-sdk-go v1.44.275/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.277 h1:YHmyzBPARTJ7LLYV1fxbfEbQOaUh3kh52hb7nBvX3BQ= +github.com/aws/aws-sdk-go v1.44.277/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From 5d136037d81f597f564a9ce8915829ddc2fa0e2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Jun 2023 08:07:03 -0400 Subject: [PATCH 117/252] chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#13932) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 47aba9a6f1505..630ac946e2b9a 100644 --- a/go.mod +++ b/go.mod @@ -64,7 +64,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c github.com/soheilhy/cmux v0.1.5 - github.com/spf13/cobra v1.6.1 + github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 @@ -168,7 +168,7 @@ require ( github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-version v1.2.1 // indirect github.com/huandu/xstrings v1.3.3 // indirect - github.com/inconshreveable/mousetrap v1.0.1 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect diff --git a/go.sum b/go.sum index 9cbc973a7783a..76495dd40de5e 100644 --- a/go.sum +++ b/go.sum @@ -605,8 +605,9 @@ github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+h github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a h1:RweVA0vnEyStwtAelyGmnU8ENDnwd1Q7pQr7U3J/rXo= github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a/go.mod h1:6hRR09jOEG81ADP5wCQju1z71g6OL4eEvELdran/3cs= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/ishidawataru/sctp v0.0.0-20190723014705-7c296d48a2b5/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU= github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4= @@ -955,8 +956,9 @@ github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= -github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= +github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= From 3c6a6e1ee3bab8d4d3d92645dc7375f514d3d5ca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Jun 2023 08:07:40 -0400 Subject: [PATCH 118/252] chore(deps): bump github.com/hashicorp/go-retryablehttp (#13933) Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.2 to 0.7.4. - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.2...v0.7.4) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 630ac946e2b9a..351e77bfe5836 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/grpc-ecosystem/grpc-gateway v1.16.0 - github.com/hashicorp/go-retryablehttp v0.7.2 + github.com/hashicorp/go-retryablehttp v0.7.4 github.com/imdario/mergo v0.3.16 github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a github.com/itchyny/gojq v0.12.13 diff --git a/go.sum b/go.sum index 76495dd40de5e..148e47951e79e 100644 --- a/go.sum +++ b/go.sum @@ -573,8 +573,8 @@ github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjh github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.5.1/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0= -github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= +github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= From e233334a4ba43eb74f5380a3197753c7afffdb86 Mon Sep 17 00:00:00 2001 From: fsl <1171313930@qq.com> Date: Wed, 7 Jun 2023 23:34:14 +0800 Subject: [PATCH 119/252] chore: Code format (#12400) Signed-off-by: fengshunli <1171313930@qq.com> --- cmd/argocd/commands/bcrypt_test.go | 2 +- cmd/argocd/commands/version_test.go | 4 ++-- cmd/util/applicationset_test.go | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cmd/argocd/commands/bcrypt_test.go b/cmd/argocd/commands/bcrypt_test.go index c5949977a1425..ec00a73b0dcba 100644 --- a/cmd/argocd/commands/bcrypt_test.go +++ b/cmd/argocd/commands/bcrypt_test.go @@ -12,7 +12,7 @@ func TestGeneratePassword(t *testing.T) { bcryptCmd := NewBcryptCmd() bcryptCmd.SetArgs([]string{"--password", "abc"}) output := new(bytes.Buffer) - bcryptCmd.SetOutput(output) + bcryptCmd.SetOut(output) err := bcryptCmd.Execute() if err != nil { return diff --git a/cmd/argocd/commands/version_test.go b/cmd/argocd/commands/version_test.go index 88aa689b48669..3312e5ad958b6 100644 --- a/cmd/argocd/commands/version_test.go +++ b/cmd/argocd/commands/version_test.go @@ -12,7 +12,7 @@ import ( func TestShortVersionClient(t *testing.T) { buf := new(bytes.Buffer) cmd := NewVersionCmd(&argocdclient.ClientOptions{}, nil) - cmd.SetOutput(buf) + cmd.SetOut(buf) cmd.SetArgs([]string{"version", "--short", "--client"}) err := cmd.Execute() if err != nil { @@ -26,7 +26,7 @@ func TestShortVersion(t *testing.T) { serverVersion := &version.VersionMessage{Version: "v99.99.99+unknown"} buf := new(bytes.Buffer) cmd := NewVersionCmd(&argocdclient.ClientOptions{}, serverVersion) - cmd.SetOutput(buf) + cmd.SetOut(buf) cmd.SetArgs([]string{"argocd", "version", "--short"}) err := cmd.Execute() if err != nil { diff --git a/cmd/util/applicationset_test.go b/cmd/util/applicationset_test.go index 78c07f7e0d005..c15e58a61af14 100644 --- a/cmd/util/applicationset_test.go +++ b/cmd/util/applicationset_test.go @@ -7,7 +7,7 @@ import ( "github.com/stretchr/testify/assert" ) -var appSet string = `apiVersion: argoproj.io/v1alpha1 +var appSet = `apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: name: guestbook @@ -31,10 +31,10 @@ spec: ` func TestReadAppSet(t *testing.T) { - appsets := []*argoprojiov1alpha1.ApplicationSet{} - err := readAppset([]byte(appSet), &appsets) + var appSets []*argoprojiov1alpha1.ApplicationSet + err := readAppset([]byte(appSet), &appSets) if err != nil { t.Logf("Failed reading appset file") } - assert.Equal(t, len(appsets), 1) + assert.Equal(t, len(appSets), 1) } From 739f4a95f6fba44d2b4bf9c103c37a39453fca46 Mon Sep 17 00:00:00 2001 From: Geoffrey MUSELLI Date: Wed, 7 Jun 2023 17:52:04 -0400 Subject: [PATCH 120/252] fix(ui): Fix Patch and Get Manifests (#13949) Signed-off-by: Geoffrey Muselli --- ui/src/app/shared/services/applications-service.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ui/src/app/shared/services/applications-service.ts b/ui/src/app/shared/services/applications-service.ts index 398e828d11550..fb53a7a09c4ee 100644 --- a/ui/src/app/shared/services/applications-service.ts +++ b/ui/src/app/shared/services/applications-service.ts @@ -108,13 +108,14 @@ export class ApplicationsService { public getManifest(name: string, appNamespace: string, revision: string): Promise { return requests .get(`/applications/${name}/manifests`) - .query({name, revision}) + .query({name, revision, appNamespace}) .then(res => res.body as models.ManifestResponse); } public updateSpec(appName: string, appNamespace: string, spec: models.ApplicationSpec): Promise { return requests .put(`/applications/${appName}/spec`) + .query({appNamespace}) .send(spec) .then(res => res.body as models.ApplicationSpec); } From 28d68b723bcb8c41b9aa5a82c86e9eb9059f23ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 08:07:48 -0400 Subject: [PATCH 121/252] chore(deps): bump github.com/casbin/casbin/v2 from 2.69.1 to 2.70.0 (#13958) Bumps [github.com/casbin/casbin/v2](https://github.com/casbin/casbin) from 2.69.1 to 2.70.0. - [Release notes](https://github.com/casbin/casbin/releases) - [Changelog](https://github.com/casbin/casbin/blob/master/.releaserc.json) - [Commits](https://github.com/casbin/casbin/compare/v2.69.1...v2.70.0) --- updated-dependencies: - dependency-name: github.com/casbin/casbin/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 351e77bfe5836..d40303d90c852 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 - github.com/casbin/casbin/v2 v2.69.1 + github.com/casbin/casbin/v2 v2.70.0 github.com/coreos/go-oidc/v3 v3.6.0 github.com/dustin/go-humanize v1.0.1 github.com/evanphx/json-patch v5.6.0+incompatible diff --git a/go.sum b/go.sum index 148e47951e79e..d516b86da451e 100644 --- a/go.sum +++ b/go.sum @@ -166,8 +166,8 @@ github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= -github.com/casbin/casbin/v2 v2.69.1 h1:R3e7uveIRN5Pdqvq0GXEhXmn7HyfoEVjp21/mgEXbdI= -github.com/casbin/casbin/v2 v2.69.1/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= +github.com/casbin/casbin/v2 v2.70.0 h1:CuoWeWpMj6GsXf5K1npAKHEMb+9k9QE/Mo7cVZmSJ98= +github.com/casbin/casbin/v2 v2.70.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= From 902355bd014bf5970213ce8a7118c7e7d5c91436 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 08:08:23 -0400 Subject: [PATCH 122/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.277 to 1.44.278 (#13957) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.277 to 1.44.278. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.277...v1.44.278) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d40303d90c852..a9f80a7921c1d 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.277 + github.com/aws/aws-sdk-go v1.44.278 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 diff --git a/go.sum b/go.sum index d516b86da451e..6d0072f37d843 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.277 h1:YHmyzBPARTJ7LLYV1fxbfEbQOaUh3kh52hb7nBvX3BQ= -github.com/aws/aws-sdk-go v1.44.277/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.278 h1:jJFDO/unYFI48WQk7UGSyO3rBA/gnmRpNYNuAw/fPgE= +github.com/aws/aws-sdk-go v1.44.278/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From b334da35aaa12a220737f0fae29e07cc82ad54b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 08:08:53 -0400 Subject: [PATCH 123/252] chore(deps): bump docker/setup-buildx-action from 2.5.0 to 2.6.0 (#13959) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c...6a58db7e0d21ca03e6c44877909e80e45217eed2) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image-reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index d36e0170ee3d3..69e3c4b7929d1 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -79,7 +79,7 @@ jobs: cosign-release: 'v2.0.0' - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 - - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 + - uses: docker/setup-buildx-action@6a58db7e0d21ca03e6c44877909e80e45217eed2 # v2.6.0 - name: Setup tags for container image as a CSV type run: | From 34ec918fae4560d336328a2da26e03f674c088bd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 08:09:46 -0400 Subject: [PATCH 124/252] chore(deps): bump slsa-framework/slsa-github-generator (#13960) Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 0a8898777cea0..169511a356e42 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -86,7 +86,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }} # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.7.0 with: image: ghcr.io/argoproj/argo-cd/argocd digest: ${{ needs.build-and-publish.outputs.image-digest }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1baa2a42a7cb4..acd5279e0f454 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -38,7 +38,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator if: github.repository == 'argoproj/argo-cd' - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.7.0 with: image: quay.io/argoproj/argocd digest: ${{ needs.argocd-image.outputs.image-digest }} @@ -120,7 +120,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" provenance-name: "argocd-cli.intoto.jsonl" From d3ec7f8f4f7839c4325038e20542abe6944067fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 08:10:28 -0400 Subject: [PATCH 125/252] chore(deps): bump docker/login-action from 2.1.0 to 2.2.0 (#13961) Bumps [docker/login-action](https://github.com/docker/login-action) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/f4ef78c080cd8ba55a85445d5b36e214a81df20a...465a07811f14bebb1938fbed4728c6a1ff8901fc) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image-reuse.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 69e3c4b7929d1..acd71a630ce49 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -106,7 +106,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV - name: Login to Quay.io - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: quay.io username: ${{ secrets.quay_username }} @@ -114,7 +114,7 @@ jobs: if: ${{ inputs.quay_image_name && inputs.push }} - name: Login to GitHub Container Registry - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: ghcr.io username: ${{ secrets.ghcr_username }} @@ -122,7 +122,7 @@ jobs: if: ${{ inputs.ghcr_image_name && inputs.push }} - name: Login to dockerhub Container Registry - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: username: ${{ secrets.docker_username }} password: ${{ secrets.docker_password }} From c30ab214547b482b39ec7e510c3bc3e56926847d Mon Sep 17 00:00:00 2001 From: JenTing Date: Thu, 8 Jun 2023 23:30:22 +0800 Subject: [PATCH 126/252] docs: fix typo (#13967) Signed-off-by: JenTing Hsiao --- docs/proposals/002-ui-extensions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposals/002-ui-extensions.md b/docs/proposals/002-ui-extensions.md index 8fa02d25fd11c..583888da68c66 100644 --- a/docs/proposals/002-ui-extensions.md +++ b/docs/proposals/002-ui-extensions.md @@ -63,7 +63,7 @@ As an operator, I would like to configure Argo CD to perform pre-defined actions ## Proposal -A new `ArgoCDExtension` CRD would be introduced which will allow operators configure Argo CD to understand how to handle and visualize custom resources. Visualizing a object requires javascript to render the object, and health/actions require lua scripts. Aas such, the extension CR would need to point to some location where the javascript/lua code would be hosted. +A new `ArgoCDExtension` CRD would be introduced which will allow operators configure Argo CD to understand how to handle and visualize custom resources. Visualizing a object requires javascript to render the object, and health/actions require lua scripts. As such, the extension CR would need to point to some location where the javascript/lua code would be hosted. It is proposed that a git repository be used to contain the javascript code, as well as the lua scripts necessary to assess health or perform actions of a resource. From 330252dffc9b6fd79724ff93eb0184a39f7389a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:38:24 +0000 Subject: [PATCH 127/252] chore(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0 (#13962) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/e81a89b1732b9c48d79cd809d8d81d79c4647a18...2b82ce82d56a2a04d2637cd93a637ae1b359c0a7) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image-reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index acd71a630ce49..8ab6d7443f0cf 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -78,7 +78,7 @@ jobs: with: cosign-release: 'v2.0.0' - - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 + - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - uses: docker/setup-buildx-action@6a58db7e0d21ca03e6c44877909e80e45217eed2 # v2.6.0 - name: Setup tags for container image as a CSV type From 0c143f91abb11d0e2394332fc3702c02dd620f6e Mon Sep 17 00:00:00 2001 From: Craig Rodrigues Date: Fri, 9 Jun 2023 17:05:54 -0700 Subject: [PATCH 128/252] fix(ui): rename variable component to Component (#13983) Eliminates an error in SonarCloud. See: https://www.matheusmello.io/posts/react-hook-useeffect-is-called-in-function-that-is-neither-a-react-function Signed-off-by: Craig Rodrigues --- ui/src/app/shared/components/monaco-editor.tsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ui/src/app/shared/components/monaco-editor.tsx b/ui/src/app/shared/components/monaco-editor.tsx index 533f24e20295b..cc7bfb0a2df6c 100644 --- a/ui/src/app/shared/components/monaco-editor.tsx +++ b/ui/src/app/shared/components/monaco-editor.tsx @@ -26,7 +26,7 @@ const DEFAULT_LINE_HEIGHT = 18; const MonacoEditorLazy = React.lazy(() => import('monaco-editor').then(monaco => { - const component = (props: MonacoProps) => { + const Component = (props: MonacoProps) => { const [height, setHeight] = React.useState(0); React.useEffect(() => { @@ -81,7 +81,7 @@ const MonacoEditorLazy = React.lazy(() => }; return { - default: component + default: Component }; }) ); From 0f2126339ef3f3b08348521c9c14f16748e27418 Mon Sep 17 00:00:00 2001 From: fsl <1171313930@qq.com> Date: Sun, 11 Jun 2023 00:00:47 +0800 Subject: [PATCH 129/252] fix: remove extra comma (#13969) Signed-off-by: fengshunli <1171313930@qq.com> --- .github/workflows/ci-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 8a7d01be8e2a3..564e31f0c1931 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -149,7 +149,7 @@ jobs: path: test-results/ test-go-race: - name: Run unit tests with -race, for Go packages + name: Run unit tests with -race for Go packages runs-on: ubuntu-22.04 needs: - build-go From 14e20f31047e23eaf654f6963b6b181e064566bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Jun 2023 16:39:57 -0400 Subject: [PATCH 130/252] chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#13904) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/08e2f20817b15149a52b5b3ebe7de50aff2ba8c5...5f1fec7010f6ae3b84ea4f7b2129beb8639b564f) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 564e31f0c1931..6de84ca32ee9f 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -76,7 +76,7 @@ jobs: with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint - uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0 + uses: golangci/golangci-lint-action@5f1fec7010f6ae3b84ea4f7b2129beb8639b564f # v3.5.0 with: version: v1.51.0 args: --timeout 10m --exclude SA5011 --verbose From 3266b0ff63b950e48b6589694557790241189085 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Jun 2023 21:32:12 +0000 Subject: [PATCH 131/252] chore(deps): bump thehanimo/pr-title-checker from 1.3.7 to 1.4.0 (#13903) Bumps [thehanimo/pr-title-checker](https://github.com/thehanimo/pr-title-checker) from 1.3.7 to 1.4.0. - [Release notes](https://github.com/thehanimo/pr-title-checker/releases) - [Commits](https://github.com/thehanimo/pr-title-checker/compare/cdafc664bf9b25678d4e6df76ff67b2fe21bb5d2...0cf5902181e78341bb97bb06646396e5bd354b3f) --- updated-dependencies: - dependency-name: thehanimo/pr-title-checker dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr-title-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index d6dabc96b8c0b..020535d7b8afa 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -23,7 +23,7 @@ jobs: name: Validate PR Title runs-on: ubuntu-latest steps: - - uses: thehanimo/pr-title-checker@cdafc664bf9b25678d4e6df76ff67b2fe21bb5d2 # v1.3.7 + - uses: thehanimo/pr-title-checker@0cf5902181e78341bb97bb06646396e5bd354b3f # v1.4.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} configuration_path: ".github/pr-title-checker-config.json" From c32d5dd2f31ca212a7c1bb437ebd7b60530bfc41 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 11 Jun 2023 14:32:37 -0400 Subject: [PATCH 132/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.278 to 1.44.279 (#13974) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.278 to 1.44.279. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.278...v1.44.279) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a9f80a7921c1d..16ef6d984be14 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.278 + github.com/aws/aws-sdk-go v1.44.279 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 diff --git a/go.sum b/go.sum index 6d0072f37d843..8441ffd0bcb47 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.278 h1:jJFDO/unYFI48WQk7UGSyO3rBA/gnmRpNYNuAw/fPgE= -github.com/aws/aws-sdk-go v1.44.278/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.279 h1:g23dxnYjIiPlQo0gIKNR0zVPsSvo1bj5frWln+5sfhk= +github.com/aws/aws-sdk-go v1.44.279/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From f86f48fe67bed22bd2c89fe7146471f802833073 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 08:44:16 -0400 Subject: [PATCH 133/252] chore(deps): bump library/busybox in /test/e2e/multiarch-container (#13998) Bumps library/busybox from `7b3ccab` to `6e49438`. --- updated-dependencies: - dependency-name: library/busybox dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/e2e/multiarch-container/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile index 31aa01f2d3b46..af807e25de5d1 100644 --- a/test/e2e/multiarch-container/Dockerfile +++ b/test/e2e/multiarch-container/Dockerfile @@ -1,2 +1,2 @@ -FROM docker.io/library/busybox@sha256:7b3ccabffc97de872a30dfd234fd972a66d247c8cfc69b0550f276481852627c +FROM docker.io/library/busybox@sha256:6e494387c901caf429c1bf77bd92fb82b33a68c0e19f6d1aa6a3ac8d27a7049d CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null" From bd3130b4fd92936e467ee63ee555c656844c2308 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 08:46:19 -0400 Subject: [PATCH 134/252] chore(deps): bump docker/build-push-action from 4.0.0 to 4.1.0 (#13994) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/3b5e8027fcad23fda98b2e3ac259d8d67585f671...44ea916f6c540f9302d50c2b1e5a8dc071f15cdf) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image-reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 8ab6d7443f0cf..7fb85d04ba94a 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -130,7 +130,7 @@ jobs: - name: Build and push container image id: image - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 #v4.0.0 + uses: docker/build-push-action@44ea916f6c540f9302d50c2b1e5a8dc071f15cdf #v4.1.0 with: context: . platforms: ${{ inputs.platforms }} From af1afdaa31ad994b3ff6037990686e2bc8bb4ed2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 13:36:32 +0000 Subject: [PATCH 135/252] chore(deps): bump github.com/xanzy/go-gitlab from 0.84.0 to 0.85.0 (#13992) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.84.0 to 0.85.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.84.0...v0.85.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 16ef6d984be14..f2e559bc86806 100644 --- a/go.mod +++ b/go.mod @@ -69,7 +69,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 github.com/whilp/git-urls v1.0.0 - github.com/xanzy/go-gitlab v0.84.0 + github.com/xanzy/go-gitlab v0.85.0 github.com/yuin/gopher-lua v1.1.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 go.opentelemetry.io/otel v1.16.0 diff --git a/go.sum b/go.sum index 8441ffd0bcb47..4ebf400b976fe 100644 --- a/go.sum +++ b/go.sum @@ -1017,8 +1017,8 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= -github.com/xanzy/go-gitlab v0.84.0 h1:PdpCaskQSgcVDsx21c6ikf8Rfyo7SNtFAJwP9PrbCFE= -github.com/xanzy/go-gitlab v0.84.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.85.0 h1:E/wjnsd/mM5kV6O9y5+i6zxjx+wfAwa97sgcT1ETNwk= +github.com/xanzy/go-gitlab v0.85.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= From aa3b95561b0ad6902d7292819e2233257e6a2717 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 13:36:49 +0000 Subject: [PATCH 136/252] chore(deps): bump actions/checkout from 3.5.2 to 3.5.3 (#13993) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e5e7e5ab8b370d6c329ec480221332ada57f0ab...c85c95e3d7251135ab7dc9ce3241c5835cc595a9) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-build.yaml | 18 +++++++++--------- .github/workflows/codeql.yml | 2 +- .github/workflows/image-reuse.yaml | 4 ++-- .github/workflows/image.yaml | 4 ++-- .github/workflows/init-release.yaml | 2 +- .github/workflows/release.yaml | 6 +++--- .github/workflows/scorecard.yaml | 2 +- .github/workflows/update-snyk.yaml | 2 +- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 6de84ca32ee9f..23c2ae6ab948f 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: @@ -46,7 +46,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: @@ -70,7 +70,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: @@ -93,7 +93,7 @@ jobs: - name: Create checkout directory run: mkdir -p ~/go/src/github.com/argoproj - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang @@ -160,7 +160,7 @@ jobs: - name: Create checkout directory run: mkdir -p ~/go/src/github.com/argoproj - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang @@ -215,7 +215,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: @@ -263,7 +263,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup NodeJS uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: @@ -300,7 +300,7 @@ jobs: sonar_secret: ${{ secrets.SONAR_TOKEN }} steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Restore node dependency cache @@ -379,7 +379,7 @@ jobs: GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }} steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 54ee690ceb378..284484e36d695 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 7fb85d04ba94a..45c49849d2f3d 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -58,14 +58,14 @@ jobs: image-digest: ${{ steps.image.outputs.digest }} steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.3.0 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} if: ${{ github.ref_type == 'tag'}} - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.3.0 if: ${{ github.ref_type != 'tag'}} - name: Setup Golang diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 169511a356e42..e98ae27708263 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -25,7 +25,7 @@ jobs: image-tag: ${{ steps.image.outputs.tag}} platforms: ${{ steps.platforms.outputs.platforms }} steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Set image tag for ghcr run: echo "tag=$(cat ./VERSION)-${GITHUB_SHA::8}" >> $GITHUB_OUTPUT @@ -104,7 +104,7 @@ jobs: if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }} runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.3.0 - run: git clone "https://$TOKEN@github.com/argoproj/argoproj-deployments" env: TOKEN: ${{ secrets.TOKEN }} diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml index ab62e3b69cb1a..4a8379e90693a 100644 --- a/.github/workflows/init-release.yaml +++ b/.github/workflows/init-release.yaml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.2.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.2.0 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index acd5279e0f454..e6c82b11a2700 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -59,7 +59,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} @@ -138,7 +138,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.2.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.2.0 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} @@ -211,7 +211,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.2.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.2.0 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 1f1a8c5b81a5b..3fdfdb4a3e8c6 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -30,7 +30,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false diff --git a/.github/workflows/update-snyk.yaml b/.github/workflows/update-snyk.yaml index 9e09a1d555b05..ca004f398df60 100644 --- a/.github/workflows/update-snyk.yaml +++ b/.github/workflows/update-snyk.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Build reports From 08747292cfdf0108cf03c0866026138204c6dcb9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 15:08:03 -0400 Subject: [PATCH 137/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.279 to 1.44.280 (#13991) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.279 to 1.44.280. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.279...v1.44.280) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f2e559bc86806..2cde82009b486 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.279 + github.com/aws/aws-sdk-go v1.44.280 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 diff --git a/go.sum b/go.sum index 4ebf400b976fe..4c8bbc99220b0 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.279 h1:g23dxnYjIiPlQo0gIKNR0zVPsSvo1bj5frWln+5sfhk= -github.com/aws/aws-sdk-go v1.44.279/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.280 h1:UYl/yxhDxP8naok6ftWyQ9/9ZzNwjC9dvEs/j8BkGhw= +github.com/aws/aws-sdk-go v1.44.280/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From e5a69e5fd4f889e445b98ce5889d9f873d7eb10a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 08:25:23 -0400 Subject: [PATCH 138/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.280 to 1.44.281 (#14010) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.280 to 1.44.281. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.280...v1.44.281) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2cde82009b486..2f77b634c8817 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.280 + github.com/aws/aws-sdk-go v1.44.281 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 diff --git a/go.sum b/go.sum index 4c8bbc99220b0..ad95d57c5afca 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.280 h1:UYl/yxhDxP8naok6ftWyQ9/9ZzNwjC9dvEs/j8BkGhw= -github.com/aws/aws-sdk-go v1.44.280/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.281 h1:z/ptheJvINaIAsKXthxONM+toTKw2pxyk700Hfm6yUw= +github.com/aws/aws-sdk-go v1.44.281/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From 8c07ef5d6633a0364f555d0b4f25adb85f1426e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 08:26:40 -0400 Subject: [PATCH 139/252] chore(deps): bump github.com/bradleyfalzon/ghinstallation/v2 (#14011) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.4.0...v2.5.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 14 ++++++-------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 2f77b634c8817..de154d981af85 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/aws/aws-sdk-go v1.44.281 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 github.com/casbin/casbin/v2 v2.70.0 github.com/coreos/go-oidc/v3 v3.6.0 github.com/dustin/go-humanize v1.0.1 @@ -158,7 +158,7 @@ require ( github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-github/v41 v41.0.0 // indirect - github.com/google/go-github/v52 v52.0.0 // indirect + github.com/google/go-github/v53 v53.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/gosimple/unidecode v1.0.1 // indirect diff --git a/go.sum b/go.sum index ad95d57c5afca..08a8396f06c27 100644 --- a/go.sum +++ b/go.sum @@ -160,11 +160,12 @@ github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTS github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= -github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 h1:zYSzkoIwekCQAr6GT6KxISLt4YRS6kd4/ixfzMN+7yc= -github.com/bradleyfalzon/ghinstallation/v2 v2.4.0/go.mod h1:4MwZLSgBJJgg4i3nJwZJ95AMooSqN8fJDmegLVn9Q2U= +github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 h1:yaYcGQ7yEIGbsJfW/9z7v1sLiZg/5rSNNXwmMct5XaE= +github.com/bradleyfalzon/ghinstallation/v2 v2.5.0/go.mod h1:amcvPQMrRkWNdueWOjPytGL25xQGzox7425qMgzo+Vo= github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= github.com/casbin/casbin/v2 v2.70.0 h1:CuoWeWpMj6GsXf5K1npAKHEMb+9k9QE/Mo7cVZmSJ98= github.com/casbin/casbin/v2 v2.70.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= @@ -492,8 +493,8 @@ github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTL github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio= github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= -github.com/google/go-github/v52 v52.0.0 h1:uyGWOY+jMQ8GVGSX8dkSwCzlehU3WfdxQ7GweO/JP7M= -github.com/google/go-github/v52 v52.0.0/go.mod h1:WJV6VEEUPuMo5pXqqa2ZCZEdbQqua4zAk2MZTIo+m+4= +github.com/google/go-github/v53 v53.0.0 h1:T1RyHbSnpHYnoF0ZYKiIPSgPtuJ8G6vgc0MKodXsQDQ= +github.com/google/go-github/v53 v53.0.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g= github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= @@ -1131,6 +1132,7 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= @@ -1250,7 +1252,6 @@ golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1268,7 +1269,6 @@ golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1390,7 +1390,6 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1401,7 +1400,6 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 79a15fcb0539322f87d2a2a9bc2b6a465db32804 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 08:28:15 -0400 Subject: [PATCH 140/252] chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#14013) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.5.0 to 3.6.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/5f1fec7010f6ae3b84ea4f7b2129beb8639b564f...639cd343e1d3b897ff35927a75193d57cfcba299) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 23c2ae6ab948f..622710178370e 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -76,7 +76,7 @@ jobs: with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint - uses: golangci/golangci-lint-action@5f1fec7010f6ae3b84ea4f7b2129beb8639b564f # v3.5.0 + uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0 with: version: v1.51.0 args: --timeout 10m --exclude SA5011 --verbose From 646a6836de41dc5082108701f536dcb4de6babb5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 08:46:00 -0400 Subject: [PATCH 141/252] chore(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (#14014) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/f82d6c1c344bcacabba2c841718984797f664a6b...336e29918d653399e599bfca99fadc1d7ffbc9f7) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e6c82b11a2700..385aa9f26c471 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -88,7 +88,7 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Run GoReleaser - uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0 + uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 id: run-goreleaser with: version: latest From 36e292ce847207c7a7b5a90d1478009e7c3d2260 Mon Sep 17 00:00:00 2001 From: Ishita Sequeira <46771830+ishitasequeira@users.noreply.github.com> Date: Tue, 13 Jun 2023 09:05:41 -0400 Subject: [PATCH 142/252] docs: proposal/dynamic rebalancing of clusters across shards (#13221) * Add proposal document for dynamic rebalancing of clusters across shards Signed-off-by: ishitasequeira * Use ConfigMap instead of Redis based on the feedback on the proposal Signed-off-by: ishitasequeira * address comments and add comments about not redistributing clusters for unhealthy controllers Signed-off-by: ishitasequeira * Address comments Signed-off-by: ishitasequeira --------- Signed-off-by: ishitasequeira --- ...cing-clusters-across-shards-dynamically.md | 142 ++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 docs/proposals/rebalancing-clusters-across-shards-dynamically.md diff --git a/docs/proposals/rebalancing-clusters-across-shards-dynamically.md b/docs/proposals/rebalancing-clusters-across-shards-dynamically.md new file mode 100644 index 0000000000000..63ed973004cf5 --- /dev/null +++ b/docs/proposals/rebalancing-clusters-across-shards-dynamically.md @@ -0,0 +1,142 @@ +--- +title: Neat-enhancement-idea +authors: + - "@ishitasequeira" # Authors' github accounts here. +sponsors: + - TBD # List all interested parties here. +reviewers: + - "@alexmt" + - TBD +approvers: + - "@alexmt" + - TBD + +creation-date: yyyy-mm-dd +last-updated: yyyy-mm-dd +--- + +# Neat Enhancement Idea + +Rebalance clusters across shards automatically on changes to the number of available shards. + + +## Open Questions [optional] + +This is where to call out areas of the design that require closure before deciding to implement the +design. + + +## Summary + +Current implementation of sharding uses StatefulSet for the application controller and the goal is to move towards an agile stateless Deployment. Although the application controller does not have any state to preserve, stateful sets were used to get predictable hostnames and the serial number in the hostname was used to get the shard id of a particular instance. Using StatefulSet has the following limitations: + +Any change done to the StatefulSet would cause all the child pods to restart in a serial fashion. This makes scaling up/down of the application controller slow as even existing healthy instances need to be restarted as well. +Scaling up or down happens one at a time. If there are 10 instances and if scaled to 20, then the scaling happens one at a time, causing considerable delay for the scaling to complete. + +Each shard replica knows about the total number of available shards by evaluating the environment variable ARGOCD_CONTROLLER_REPLICAS, which needs to be kept up-to-date with the actual number of available replicas (shards). If the number of replicas does not equal the number set in ARGOCD_CONTROLLER_REPLICAS, sharding will not work as intended, leading to both, unused and overused replicas. As this environment variable is set on the StatefulSet and propagated to the pods, all the pods in the StatefulSet need to be restarted in order to pick up the new number of total shards. + +The current sharding mechanism relies on predictable pod names for the application controller to determine which shard a given replica should impersonate, e.g. the first replica of the StatefulSet (argocd-application-controller-0) will be the first shard, the second replica (argocd-application-controller-1) will be the second and so forth. + +## Motivation + +If the number of available shards is changed (i.e. one or more application controller replicas are added or removed), all pods in the statefulset have to be restarted so that the managed clusters are redistributed over the available shards. Additionally, the application controller workload is deployed as a StatefulSet, which is not intended for dynamic horizontal scaling. + +### Goals + +- Improve the application controller’s ability to scale horizontally with a growing number of clusters +- Remove the need to run application controller as a StatefulSet workload + +### Non-Goals + +- Expand the scope of sharding to other assets than clusters (e.g. applications) +- Make a single shard highly available (e.g. by having 2 or more replicas by shard) + +## Proposal + +### Why use Deployments instead of StatefulSet: +StatefulSet is a Kubernetes resource that manages multiple pods that have unique identities, and are not interchangeable (unlike a regular Kubernetes Deployment, in which pods are stateless and can be destroyed and recreated as often as needed). + +Stateless applications scale horizontally very easily as compared to stateful applications due to the fact that infrastructure allows adding as many computing resources as needed. Changing the StatefulSet to Deployments for Application Controller will allow us to dynamically scale the replicas without restarting existing application controller pods. Also, the shard to application controller assignment would help in making sure the shards are scaled and distributed across the available healhty replicas of application controllers. + +### Distributing shards among Application Controllers: + +Inorder to be able to accurately know which shards are being managed by which application-controller, especially in scenarios of redistribution of load, addition/removal of `application controller`, etc., we would need to have a mechanism to assign clusters to the shards. + +In most scenarios, the service account used by the application controller has read access to all the resources in the cluster. Thus, instead of setting the environment variable ARGOCD_CONTROLLER_REPLICAS representing the number of replicas, the number of replicas can be read directly from the number of healthy replicas of the application controller deployment. + +For other scenarios, some users install controller with only `argocd-application-controller-role` role and use it to manage remote clusters only. In this case, we would need to update the `argocd-application-controller-role` role and allow controller inspect it's own deployment and find out the number of replicas. + +The application controllers will claim one of the available shards by checking which shard is not present in the ConfigMap or is assigned to an unhealthy controller. We will store the assignment list of Application Controller to Shard in ConfigMap. The mapping of Application Controller to Shard will store the below information: + +* Name/Id of the shard +* Name of the Application Controller currently managing the shard +* Last time of successful update to ConfigMap (Heartbeat) + +The mapping will be updated in ConfigMap every X (heartbeat interval) seconds with the help of heartbeat process performed by every application controller. If the heartbeat was not performed by the application controller for a certain time, the application controller is assumed to be unhealthy and the number of healthy/managed shards would be reduced, that is, the number of healthy replicas of the application controller deployment changes. + +The heartbeat interval will be a configurable parameter initialized while setting up the application controller. This way, users will be able to control the frequency at which they want the heartbeat process to take place. + +As part of the readiness probe, we will also add a check whether application controller was able to claim a shard successfully or not. If the shard claim failed, the readiness probe will fail marking the controller as unhealthy. Anytime the number of healthy replicas of application controllers is different from the number of application controllers to shard mappings, we would re-distribute the clusters among the healthy replicas again. We can summarize the above statement using the below formula: + +``` +Number of Replicas ≠ Count of {Application Controller, Shard} mapping +``` + +The below logic can be used to perform application controller to shard assignment: + +1) If a new application controller is added, that is, a new shard is added, we would perform the re-distribution of clusters among the shards with the existing sharding algorithm being used. + +2) In scenarios when one of the application controllers is identified to be unhealthy, we will not trigger the re-ditribution of clusters across shards. The new instance of the application controller will claim this unassigned shard and start managing the shard. + +How will this work? +* The application controller will query the ConfigMap for the status of all the application controllers and last updated heartbeat timestamps. +* It will check if any application controller is flagged as Unhealthy or has not updated its status in ConfigMap during the heartbeat process for a certain period of time. +* If the status for an application controller was already flagged as Unhealthy, we will not re-trigger the redistribution of clusters across healthy shards. The new application controller will come online and try to claim this unassigned shard. +* If the status is not flagged and an application controller has not updated the last active timestamp in a long time, then we mark the Application Controller as Unhealthy and unassign the shard in the ConfigMap. + +*Note:* We will continue to use the cluster to shard assignment approach being used today. + +### Pros +* Every Application Controller would be able to take action on finding the distribution of load. +* Every Application Controller will monitor the status of Unhealthy shard and would be able to take action or flag for action. + +### Cons + +* ~~Possibility of race conditions while flagging the shard as Unhealthy during the heartbeat process. Although this can be handled using the [distributed locks](https://redis.io/docs/manual/patterns/distributed-locks/) in Redis.~~ +As we are using ConfigMap, this Con get's removed. Kubernetes would give conflict errors in case multiple edits are tried on the ConfigMap at the same time. We can leverage this error messages to avoid race conditions. + +* ~~In scenarios when Redis becomes unavailable, the heartbeat mechanism will pause working till the redis comes back online again. This will also pause the dynamic redistribution of clusters till Redis comes back online. The redistribution of clusters will be triggered again when Redis comes back online.~~ We would not see this issue by using ConfigMap instead of Redis. + + +### Security Considerations + +* This would be a breaking change of converting StatefulSets to Deployments. Any automation done by customers which is based on the assumption that the controller is modelled as a StatefulSet would break with this change. + +* ~~We would rely on Redis to store the current Application Controller to Shard mapping. In case the Redis is not available, it would not affect the regular working of ArgoCD. The dynamic distribution of clusters among healthy shards would stop working with the heartbeat process till Redis comes back up online, but the application controllers will continue managing their workloads.~~ We would not rely on Redis by using ConfigMap avoiding this issue. + + +### Upgrade / Downgrade Strategy + +* Working ArgoCD itself should not affected. An initial restart of all the application controller pods is expected when we switch from StatefulSet to Deployment or vice-versa. + +* There would be some initial delays in the reconciliation process during the transistion from StatefulSet to Deployment. If someone is not using sharding at all, they should not face any issues. + +## Alternatives + +An alternative approach would be to use Leader Election strategy. By implementing leader election, one of the healthy application controllers will be appointed as leader. The leader controller will be responsible for assigning clusters to the shards and balancing load across the shards. + +The leader controller will continue sending heartbeats to every replica controller and monitor the health of the controllers. In case one of the replica controllers crashes, the leader will distribute the shards managed by the unhealthy replica among the healthy replicas. + +If the leader goes down, the leader election process will be initiated among the healthy candidates and one of the candidates will be marked as leader who will perform the heartbeat process and redistribution of resources. + +One of the possible examples for selecting the leader is by checking the load handled by each healthy candidate and selecting the candidate which has the least load / number of resources running on it. + +### Pros of Leader Election + +* We can refrain from performing multiple calls to ConfigMap about the load and status of the shards and store it in a local cache within the leader while updating data in ConfigMap on a timely manner (for e.g. every 10 mins). +* Single leaders can easily offer clients consistency because they can see and control all the changes made to the state of the system. + + +### Cons of Leader Election +* A single leader is a single point of failure. If the leader becomes bad, that is, does not distribute clusters properly across shards, it is very difficult to identify or fix the bad behavior and can become a single point of failure +* A single leader means a single point of scaling, both in data size and request rate. When a leader-elected system needs to grow beyond a single leader, it requires a complete re-architecture. From 2d2a020cf6ec0e04ff33e68f5ab81015c8f8b42f Mon Sep 17 00:00:00 2001 From: ahached Date: Tue, 13 Jun 2023 14:35:11 +0100 Subject: [PATCH 143/252] chore: add MeilleursAgents to USERS.md (#14007) Signed-off-by: ahached --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index f02187afc2fee..cf455d2ab87e7 100644 --- a/USERS.md +++ b/USERS.md @@ -155,6 +155,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Max Kelsen](https://www.maxkelsen.com/) 1. [MeDirect](https://medirect.com.mt/) 1. [Meican](https://meican.com/) +1. [Meilleurs Agents](https://www.meilleursagents.com/) 1. [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/) 1. [Metanet](http://www.metanet.co.kr/en/) 1. [MindSpore](https://mindspore.cn) From 99d8024a2f8c2f786c774ec7bcc3b4d63e007860 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 11:02:56 -0400 Subject: [PATCH 144/252] [Bot] docs: Update Snyk reports (#13988) Signed-off-by: CI Co-authored-by: CI --- docs/snyk/index.md | 62 +- docs/snyk/master/argocd-iac-install.html | 4 +- .../master/argocd-iac-namespace-install.html | 4 +- docs/snyk/master/argocd-test.html | 4 +- .../master/ghcr.io_dexidp_dex_v2.36.0.html | 237 +-- docs/snyk/master/haproxy_2.6.12-alpine.html | 160 +- .../quay.io_argoproj_argocd_latest.html | 160 +- docs/snyk/master/redis_7.0.11-alpine.html | 12 +- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- .../{v2.5.17 => v2.5.18}/argocd-test.html | 2 +- .../ghcr.io_dexidp_dex_v2.36.0.html | 237 +-- .../haproxy_2.6.12-alpine.html | 160 +- .../quay.io_argoproj_argocd_v2.5.18.html} | 788 +++------ .../redis_7.0.11-alpine.html | 12 +- .../argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- docs/snyk/{v2.6.8 => v2.6.9}/argocd-test.html | 2 +- .../ghcr.io_dexidp_dex_v2.36.0.html | 237 +-- .../haproxy_2.6.12-alpine.html | 160 +- .../quay.io_argoproj_argocd_v2.6.9.html} | 985 ++++++----- .../redis_7.0.11-alpine.html | 12 +- .../argocd-iac-install.html | 72 +- .../argocd-iac-namespace-install.html | 72 +- docs/snyk/{v2.7.3 => v2.7.4}/argocd-test.html | 2 +- .../ghcr.io_dexidp_dex_v2.36.0.html | 237 +-- .../haproxy_2.6.12-alpine.html | 160 +- .../quay.io_argoproj_argocd_v2.7.4.html} | 1463 ++--------------- .../redis_7.0.11-alpine.html | 12 +- 29 files changed, 1816 insertions(+), 3448 deletions(-) rename docs/snyk/{v2.5.17 => v2.5.18}/argocd-iac-install.html (99%) rename docs/snyk/{v2.5.17 => v2.5.18}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.5.17 => v2.5.18}/argocd-test.html (99%) rename docs/snyk/{v2.7.3 => v2.5.18}/ghcr.io_dexidp_dex_v2.36.0.html (98%) rename docs/snyk/{v2.5.17 => v2.5.18}/haproxy_2.6.12-alpine.html (98%) rename docs/snyk/{v2.6.8/quay.io_argoproj_argocd_v2.6.8.html => v2.5.18/quay.io_argoproj_argocd_v2.5.18.html} (82%) rename docs/snyk/{v2.7.3 => v2.5.18}/redis_7.0.11-alpine.html (97%) rename docs/snyk/{v2.6.8 => v2.6.9}/argocd-iac-install.html (99%) rename docs/snyk/{v2.6.8 => v2.6.9}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.6.8 => v2.6.9}/argocd-test.html (99%) rename docs/snyk/{v2.6.8 => v2.6.9}/ghcr.io_dexidp_dex_v2.36.0.html (98%) rename docs/snyk/{v2.7.3 => v2.6.9}/haproxy_2.6.12-alpine.html (98%) rename docs/snyk/{v2.7.3/quay.io_argoproj_argocd_v2.7.3.html => v2.6.9/quay.io_argoproj_argocd_v2.6.9.html} (82%) rename docs/snyk/{v2.5.17 => v2.6.9}/redis_7.0.11-alpine.html (97%) rename docs/snyk/{v2.7.3 => v2.7.4}/argocd-iac-install.html (98%) rename docs/snyk/{v2.7.3 => v2.7.4}/argocd-iac-namespace-install.html (98%) rename docs/snyk/{v2.7.3 => v2.7.4}/argocd-test.html (99%) rename docs/snyk/{v2.5.17 => v2.7.4}/ghcr.io_dexidp_dex_v2.36.0.html (98%) rename docs/snyk/{v2.6.8 => v2.7.4}/haproxy_2.6.12-alpine.html (98%) rename docs/snyk/{v2.5.17/quay.io_argoproj_argocd_v2.5.17.html => v2.7.4/quay.io_argoproj_argocd_v2.7.4.html} (65%) rename docs/snyk/{v2.6.8 => v2.7.4}/redis_7.0.11-alpine.html (97%) diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 1e16212f16796..2083ce137778f 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -15,48 +15,48 @@ recent minor releases. |---:|:--------:|:----:|:------:|:---:| | [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 | | [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 0 | 0 | -| [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 1 | -| [haproxy:2.6.12-alpine](master/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 1 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 2 | 18 | -| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 1 | +| [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.12-alpine](master/haproxy_2.6.12-alpine.html) | 0 | 1 | 1 | 0 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 18 | +| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 1 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.7.3 +### v2.7.4 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.7.3/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.7.3/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.36.0](v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 1 | -| [haproxy:2.6.12-alpine](v2.7.3/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 1 | -| [argocd:v2.7.3](v2.7.3/quay.io_argoproj_argocd_v2.7.3.html) | 0 | 0 | 3 | 19 | -| [redis:7.0.11-alpine](v2.7.3/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.7.3/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.7.3/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.7.4/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.7.4/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.36.0](v2.7.4/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.12-alpine](v2.7.4/haproxy_2.6.12-alpine.html) | 0 | 1 | 1 | 0 | +| [argocd:v2.7.4](v2.7.4/quay.io_argoproj_argocd_v2.7.4.html) | 0 | 0 | 1 | 18 | +| [redis:7.0.11-alpine](v2.7.4/redis_7.0.11-alpine.html) | 0 | 1 | 0 | 0 | +| [install.yaml](v2.7.4/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.7.4/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.6.8 +### v2.6.9 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.6.8/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.6.8/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.36.0](v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 1 | -| [haproxy:2.6.12-alpine](v2.6.8/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 1 | -| [argocd:v2.6.8](v2.6.8/quay.io_argoproj_argocd_v2.6.8.html) | 0 | 0 | 3 | 19 | -| [redis:7.0.11-alpine](v2.6.8/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.6.8/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.6.8/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.6.9/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.6.9/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.36.0](v2.6.9/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.12-alpine](v2.6.9/haproxy_2.6.12-alpine.html) | 0 | 1 | 1 | 0 | +| [argocd:v2.6.9](v2.6.9/quay.io_argoproj_argocd_v2.6.9.html) | 0 | 0 | 1 | 18 | +| [redis:7.0.11-alpine](v2.6.9/redis_7.0.11-alpine.html) | 0 | 1 | 0 | 0 | +| [install.yaml](v2.6.9/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.6.9/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.5.17 +### v2.5.18 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.5.17/argocd-test.html) | 0 | 0 | 2 | 0 | -| [ui/yarn.lock](v2.5.17/argocd-test.html) | 0 | 0 | 4 | 0 | -| [dex:v2.36.0](v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 1 | 3 | 1 | -| [haproxy:2.6.12-alpine](v2.5.17/haproxy_2.6.12-alpine.html) | 0 | 0 | 1 | 1 | -| [argocd:v2.5.17](v2.5.17/quay.io_argoproj_argocd_v2.5.17.html) | 0 | 0 | 3 | 19 | -| [redis:7.0.11-alpine](v2.5.17/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.5.17/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.5.17/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.5.18/argocd-test.html) | 0 | 0 | 2 | 0 | +| [ui/yarn.lock](v2.5.18/argocd-test.html) | 0 | 0 | 4 | 0 | +| [dex:v2.36.0](v2.5.18/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.12-alpine](v2.5.18/haproxy_2.6.12-alpine.html) | 0 | 1 | 1 | 0 | +| [argocd:v2.5.18](v2.5.18/quay.io_argoproj_argocd_v2.5.18.html) | 0 | 0 | 1 | 18 | +| [redis:7.0.11-alpine](v2.5.18/redis_7.0.11-alpine.html) | 0 | 1 | 0 | 0 | +| [install.yaml](v2.5.18/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.5.18/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 3861107a41fba..2c9c5b2ca1223 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:18:32 am (UTC+00:00)

    +

    June 11th 2023, 12:18:14 am (UTC+00:00)

    Scanned the following path: @@ -2649,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 19746 + Line number: 19752
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index c9130abeb1634..a412f0ed99d2c 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:18:44 am (UTC+00:00)

    +

    June 11th 2023, 12:18:27 am (UTC+00:00)

    Scanned the following path: @@ -2649,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1774 + Line number: 1780
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index d47e7f66ff52a..2aeafeda4179f 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:16:13 am (UTC+00:00)

    +

    June 11th 2023, 12:15:58 am (UTC+00:00)

    Scanned the following paths: @@ -468,7 +468,7 @@

    Snyk test report

    1 known vulnerabilities
    2 vulnerable dependency paths
    -
    1826 dependencies
    +
    1828 dependencies
    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html index 773947e5719fe..d4aed41c57b33 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:16:25 am (UTC+00:00)

    +

    June 11th 2023, 12:16:09 am (UTC+00:00)

    Scanned the following paths: @@ -609,6 +609,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -618,12 +619,12 @@

    References

    -
    -

    Improper Certificate Validation

    +
    +

    Allocation of Resources Without Limits or Throttling

    -
    - medium severity +
    + high severity
    @@ -733,31 +734,65 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -876,42 +911,37 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    +

    Applications that use a non-default option when verifying certificates may be + vulnerable to an attack from a malicious CA to circumvent certain checks.

    +

    Invalid certificate policies in leaf certificates are silently ignored by + OpenSSL and other certificate policy checks are skipped for that certificate. + A malicious CA could use this to deliberately assert invalid certificate policies + in order to circumvent policy checking on the certificate altogether.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Out-of-bounds Read

    +

    Improper Certificate Validation

    @@ -1025,44 +1055,47 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    +

    The function X509_VERIFY_PARAM_add0_policy() is documented to + implicitly enable the certificate policy check when doing certificate + verification. However the implementation of the function does not + enable the check which allows certificates with invalid or incorrect + policies to pass the certificate verification.

    +

    As suddenly enabling the policy check could break existing deployments it was + decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() + function.

    +

    Instead the applications that require OpenSSL to perform certificate + policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly + enable the policy check by calling X509_VERIFY_PARAM_set_flags() with + the X509_V_FLAG_POLICY_CHECK flag argument.

    +

    Certificate policy checks are disabled by default in OpenSSL and are not + commonly used by applications.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    CVE-2023-2650

    +
    +

    Out-of-bounds Read

    -
    - low severity +
    + medium severity
    @@ -1172,63 +1205,35 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

    -

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

    -

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

    -

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

    -

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

    -

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

    -

    Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

    -

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

    -

    The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

    -

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/master/haproxy_2.6.12-alpine.html b/docs/snyk/master/haproxy_2.6.12-alpine.html index 1561cbddad0a4..f6df81040e31f 100644 --- a/docs/snyk/master/haproxy_2.6.12-alpine.html +++ b/docs/snyk/master/haproxy_2.6.12-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:16:31 am (UTC+00:00)

    +

    June 11th 2023, 12:16:15 am (UTC+00:00)

    Scanned the following path: @@ -485,12 +485,12 @@

    Snyk test report

    -
    -

    Out-of-bounds Read

    +
    +

    Allocation of Resources Without Limits or Throttling

    -
    - medium severity +
    + high severity
    @@ -622,44 +622,74 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    CVE-2023-2650

    +
    +

    Out-of-bounds Read

    -
    - low severity +
    + medium severity
    @@ -791,63 +821,35 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

    -

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

    -

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

    -

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

    -

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

    -

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

    -

    Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

    -

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

    -

    The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

    -

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 86f04dbe59f49..cdc2fe74fc89d 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:16:54 am (UTC+00:00)

    +

    June 11th 2023, 12:16:39 am (UTC+00:00)

    Scanned the following paths: @@ -466,9 +466,9 @@

    Snyk test report

    -
    20 known vulnerabilities
    -
    73 vulnerable dependency paths
    -
    2105 dependencies
    +
    19 known vulnerabilities
    +
    68 vulnerable dependency paths
    +
    2107 dependencies
    @@ -476,134 +476,6 @@

    Snyk test report

    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - perl/perl-modules-5.34 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - perl/libperl5.34@5.34.0-3ubuntu1.1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - perl/libperl5.34@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - meta-common-packages@meta - - perl/perl-base@5.34.0-3ubuntu1.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 perl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    CVE-2023-2603

    @@ -668,12 +540,16 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

    Remediation

    There is no fixed version for Ubuntu:22.04 libcap2.

    References

    @@ -1222,7 +1098,7 @@

    References

    -

    CVE-2023-2953

    +

    NULL Pointer Dereference

    @@ -1446,12 +1322,16 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.

    Remediation

    There is no fixed version for Ubuntu:22.04 libcap2.

    References

    @@ -1618,7 +1498,7 @@

    Detailed paths

    curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - libssh/libssh-4@0.9.6-2build1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2289,6 +2169,9 @@

    References

    @@ -2358,6 +2241,9 @@

    References

    diff --git a/docs/snyk/master/redis_7.0.11-alpine.html b/docs/snyk/master/redis_7.0.11-alpine.html index d1952b61a9b79..bbdb981ca0cf2 100644 --- a/docs/snyk/master/redis_7.0.11-alpine.html +++ b/docs/snyk/master/redis_7.0.11-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:17:06 am (UTC+00:00)

    +

    June 11th 2023, 12:16:47 am (UTC+00:00)

    Scanned the following path: @@ -485,12 +485,12 @@

    Snyk test report

    -
    -

    CVE-2023-2650

    +
    +

    Allocation of Resources Without Limits or Throttling

    -
    - low severity +
    + high severity
    @@ -675,6 +675,8 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • diff --git a/docs/snyk/v2.5.17/argocd-iac-install.html b/docs/snyk/v2.5.18/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.5.17/argocd-iac-install.html rename to docs/snyk/v2.5.18/argocd-iac-install.html index 4a167b915ac4e..33af0e0dd44f6 100644 --- a/docs/snyk/v2.5.17/argocd-iac-install.html +++ b/docs/snyk/v2.5.18/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:25:47 am (UTC+00:00)

    +

    June 11th 2023, 12:25:36 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.5.17/argocd-iac-namespace-install.html b/docs/snyk/v2.5.18/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.5.17/argocd-iac-namespace-install.html rename to docs/snyk/v2.5.18/argocd-iac-namespace-install.html index fba88b460848e..27cae4a8fb5d5 100644 --- a/docs/snyk/v2.5.17/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.18/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:26:00 am (UTC+00:00)

    +

    June 11th 2023, 12:25:48 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.5.17/argocd-test.html b/docs/snyk/v2.5.18/argocd-test.html similarity index 99% rename from docs/snyk/v2.5.17/argocd-test.html rename to docs/snyk/v2.5.18/argocd-test.html index 93873a2831fdc..a466d198d9ccf 100644 --- a/docs/snyk/v2.5.17/argocd-test.html +++ b/docs/snyk/v2.5.18/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:24:11 am (UTC+00:00)

    +

    June 11th 2023, 12:24:00 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/v2.5.18/ghcr.io_dexidp_dex_v2.36.0.html similarity index 98% rename from docs/snyk/v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html rename to docs/snyk/v2.5.18/ghcr.io_dexidp_dex_v2.36.0.html index a5244bab63443..76255798ef0b8 100644 --- a/docs/snyk/v2.7.3/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/v2.5.18/ghcr.io_dexidp_dex_v2.36.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:19:12 am (UTC+00:00)

    +

    June 11th 2023, 12:24:08 am (UTC+00:00)

    Scanned the following paths: @@ -609,6 +609,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -618,12 +619,12 @@

    References

    -
    -

    Improper Certificate Validation

    +
    +

    Allocation of Resources Without Limits or Throttling

    -
    - medium severity +
    + high severity
    @@ -733,31 +734,65 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -876,42 +911,37 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    +

    Applications that use a non-default option when verifying certificates may be + vulnerable to an attack from a malicious CA to circumvent certain checks.

    +

    Invalid certificate policies in leaf certificates are silently ignored by + OpenSSL and other certificate policy checks are skipped for that certificate. + A malicious CA could use this to deliberately assert invalid certificate policies + in order to circumvent policy checking on the certificate altogether.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Out-of-bounds Read

    +

    Improper Certificate Validation

    @@ -1025,44 +1055,47 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    +

    The function X509_VERIFY_PARAM_add0_policy() is documented to + implicitly enable the certificate policy check when doing certificate + verification. However the implementation of the function does not + enable the check which allows certificates with invalid or incorrect + policies to pass the certificate verification.

    +

    As suddenly enabling the policy check could break existing deployments it was + decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() + function.

    +

    Instead the applications that require OpenSSL to perform certificate + policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly + enable the policy check by calling X509_VERIFY_PARAM_set_flags() with + the X509_V_FLAG_POLICY_CHECK flag argument.

    +

    Certificate policy checks are disabled by default in OpenSSL and are not + commonly used by applications.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    CVE-2023-2650

    +
    +

    Out-of-bounds Read

    -
    - low severity +
    + medium severity
    @@ -1172,63 +1205,35 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

    -

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

    -

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

    -

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

    -

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

    -

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

    -

    Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

    -

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

    -

    The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

    -

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html b/docs/snyk/v2.5.18/haproxy_2.6.12-alpine.html similarity index 98% rename from docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html rename to docs/snyk/v2.5.18/haproxy_2.6.12-alpine.html index fe7109a317861..c4b9b810873aa 100644 --- a/docs/snyk/v2.5.17/haproxy_2.6.12-alpine.html +++ b/docs/snyk/v2.5.18/haproxy_2.6.12-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:24:25 am (UTC+00:00)

    +

    June 11th 2023, 12:24:14 am (UTC+00:00)

    Scanned the following path: @@ -485,12 +485,12 @@

    Snyk test report

    -
    -

    Out-of-bounds Read

    +
    +

    Allocation of Resources Without Limits or Throttling

    -
    - medium severity +
    + high severity
    @@ -622,44 +622,74 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    CVE-2023-2650

    +
    +

    Out-of-bounds Read

    -
    - low severity +
    + medium severity
    @@ -791,63 +821,35 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

    -

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

    -

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

    -

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

    -

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

    -

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

    -

    Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

    -

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

    -

    The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

    -

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.6.8/quay.io_argoproj_argocd_v2.6.8.html b/docs/snyk/v2.5.18/quay.io_argoproj_argocd_v2.5.18.html similarity index 82% rename from docs/snyk/v2.6.8/quay.io_argoproj_argocd_v2.6.8.html rename to docs/snyk/v2.5.18/quay.io_argoproj_argocd_v2.5.18.html index 7a4bffc270f17..e525fa9428efc 100644 --- a/docs/snyk/v2.6.8/quay.io_argoproj_argocd_v2.6.8.html +++ b/docs/snyk/v2.5.18/quay.io_argoproj_argocd_v2.5.18.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

    Snyk test report

    -

    June 4th 2023, 12:22:18 am (UTC+00:00)

    +

    June 11th 2023, 12:24:37 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.6.8/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.6.8/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.6.8/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.6.8/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.6.8/git-lfs/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.5.18/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.5.18/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.5.18/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.5.18/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.5.18/git-lfs/git-lfs (gomodules)
    -
    30 known vulnerabilities
    -
    101 vulnerable dependency paths
    -
    2063 dependencies
    +
    29 known vulnerabilities
    +
    80 vulnerable dependency paths
    +
    2047 dependencies
    @@ -879,7 +879,7 @@

    References

    -

    Improper Certificate Validation

    +

    CVE-2023-2603

    @@ -895,13 +895,13 @@

    Improper Certificate Validation

  • Vulnerable module: - perl/perl-modules-5.34 + libcap2
  • Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.18 and libcap2@1:2.44-1build3 - docker-image|quay.io/argoproj/argocd@v2.6.8, git@1:2.34.1-1ubuntu1.9 and others
    • @@ -913,63 +913,24 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - perl/libperl5.34@5.34.0-3ubuntu1.1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - git@1:2.34.1-1ubuntu1.9 + docker-image|quay.io/argoproj/argocd@v2.5.18 - perl@5.34.0-3ubuntu1.1 - - perl/libperl5.34@5.34.0-3ubuntu1.1 + libcap2@1:2.44-1build3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 - git@1:2.34.1-1ubuntu1.9 + apt@2.4.9 - perl@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + apt/libapt-pkg6.0@2.4.9 - meta-common-packages@meta + systemd/libsystemd0@249.11-0ubuntu3.9 - perl/perl-base@5.34.0-3ubuntu1.1 + libcap2@1:2.44-1build3 @@ -981,33 +942,27 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

      +

      A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 perl.

      +

      There is no fixed version for Ubuntu:22.04 libcap2.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-2650

    +

    Denial of Service (DoS)

    @@ -1018,17 +973,17 @@

    CVE-2023-2650

    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - openssl/libssl3 + gopkg.in/yaml.v2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and openssl/libssl3@3.0.2-0ubuntu1.9 + github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4
    @@ -1041,113 +996,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + github.com/argoproj/argo-cd/v2@* - openssl@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 + gopkg.in/yaml.v2@v2.2.4 @@ -1158,72 +1009,39 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

      -

      Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

      -

      An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

      -

      When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

      -

      With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

      -

      Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

      -

      Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

      -

      In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

      -

      The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

      -

      In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

      +

      Overview

      +

      gopkg.in/yaml.v2 is a YAML support package for the Go language.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

      +

      Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-2603

    +

    Improper Input Validation

    @@ -1234,17 +1052,17 @@

    CVE-2023-2603

    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - libcap2 + golang.org/x/text/language
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and libcap2@1:2.44-1build3 + sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/text/language@v0.3.7
    @@ -1257,24 +1075,18 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + sigs.k8s.io/kustomize/kustomize/v4@* - libcap2@1:2.44-1build3 + golang.org/x/text/language@v0.3.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 + helm.sh/helm/v3@* - libcap2@1:2.44-1build3 + golang.org/x/text/language@v0.3.7 @@ -1285,24 +1097,28 @@

      Detailed paths

      -

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Overview

      +

      Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 libcap2.

      +

      Upgrade golang.org/x/text/language to version 0.3.8 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Improper Input Validation

    +

    Incorrect Privilege Assignment

    @@ -1318,12 +1134,12 @@

    Improper Input Validation

  • Vulnerable module: - golang.org/x/text/language + golang.org/x/sys/unix
  • Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/text/language@v0.3.7 + helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f
    • @@ -1334,20 +1150,11 @@

    Improper Input Validation

    Detailed paths

      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - golang.org/x/text/language@v0.3.7 - - - -
    • Introduced through: helm.sh/helm/v3@* - golang.org/x/text/language@v0.3.7 + golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f @@ -1359,27 +1166,24 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

      +

      Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

      Remediation

      -

      Upgrade golang.org/x/text/language to version 0.3.8 or higher.

      +

      Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Incorrect Privilege Assignment

    +

    Denial of Service (DoS)

    @@ -1395,12 +1199,12 @@

    Incorrect Privilege Assignment

  • Vulnerable module: - golang.org/x/sys/unix + golang.org/x/net/http2
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
    • @@ -1415,7 +1219,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* - golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b @@ -1427,24 +1231,39 @@

    Detailed paths

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    +

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Denial of Service (DoS)

    +

    Improper Input Validation

    @@ -1460,12 +1279,12 @@

    Denial of Service (DoS)

  • Vulnerable module: - golang.org/x/net/http2 + go.mongodb.org/mongo-driver/bson/bsonrw
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2
    • @@ -1478,9 +1297,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 @@ -1492,34 +1311,21 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      +

      go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

      +

      Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

      +

      Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1546,7 +1352,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.5.18, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1558,7 +1364,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1617,7 +1423,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.18 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1630,7 +1436,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1639,7 +1445,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 adduser@3.118ubuntu5 @@ -1650,7 +1456,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1661,7 +1467,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1718,7 +1524,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.5.18 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1731,7 +1537,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1740,7 +1546,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 grep@3.7-1build1 @@ -1802,7 +1608,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.18 and patch@2.7.6-7build2
    @@ -1815,7 +1621,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 patch@2.7.6-7build2 @@ -1869,7 +1675,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.18 and patch@2.7.6-7build2
    @@ -1882,7 +1688,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 patch@2.7.6-7build2 @@ -1918,194 +1724,6 @@

      References

      More about this vulnerability

    -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.8 and openssl/libssl3@3.0.2-0ubuntu1.9 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - openssl@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Information Exposure

    @@ -2129,7 +1747,7 @@

    Information Exposure

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.18 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -2142,7 +1760,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2203,7 +1821,7 @@

      CVE-2023-28531

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.5.18 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -2216,7 +1834,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2250,7 +1868,7 @@

      References

    -

    CVE-2023-2953

    +

    NULL Pointer Dereference

    @@ -2272,7 +1890,7 @@

    CVE-2023-2953

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.5.18, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    • @@ -2284,7 +1902,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2295,7 +1913,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 git@1:2.34.1-1ubuntu1.9 @@ -2308,7 +1926,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2364,7 +1982,7 @@

      Resource Exhaustion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.5.18, meta-common-packages@meta and others
    @@ -2376,7 +1994,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 meta-common-packages@meta @@ -2432,7 +2050,7 @@

      CVE-2023-2602

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and libcap2@1:2.44-1build3 + docker-image|quay.io/argoproj/argocd@v2.5.18 and libcap2@1:2.44-1build3
    @@ -2445,7 +2063,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 libcap2@1:2.44-1build3 @@ -2454,7 +2072,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 apt@2.4.9 @@ -2474,12 +2092,16 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.

      Remediation

      There is no fixed version for Ubuntu:22.04 libcap2.

      References

      @@ -2511,7 +2133,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.5.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2524,7 +2146,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2533,7 +2155,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 adduser@3.118ubuntu5 @@ -2554,7 +2176,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 adduser@3.118ubuntu5 @@ -2577,7 +2199,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2586,7 +2208,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 adduser@3.118ubuntu5 @@ -2607,7 +2229,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2616,7 +2238,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2627,7 +2249,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 git@1:2.34.1-1ubuntu1.9 @@ -2640,13 +2262,13 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - libssh/libssh-4@0.9.6-2build1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2655,7 +2277,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 adduser@3.118ubuntu5 @@ -2674,7 +2296,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 meta-common-packages@meta @@ -2733,7 +2355,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.18 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2746,7 +2368,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2755,7 +2377,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 apt@2.4.9 @@ -2766,7 +2388,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2777,7 +2399,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2788,7 +2410,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2799,7 +2421,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2812,7 +2434,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2825,7 +2447,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2834,7 +2456,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2845,7 +2467,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2858,7 +2480,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2867,7 +2489,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2878,7 +2500,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2887,7 +2509,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2898,7 +2520,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2907,7 +2529,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2918,7 +2540,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2931,7 +2553,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2944,7 +2566,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2953,7 +2575,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2964,7 +2586,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2977,7 +2599,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2990,7 +2612,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2999,7 +2621,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3010,7 +2632,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -3019,7 +2641,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3030,7 +2652,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3039,7 +2661,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3050,7 +2672,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3109,7 +2731,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.5.18 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -3122,7 +2744,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 glibc/libc-bin@2.35-0ubuntu3.1 @@ -3131,7 +2753,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 meta-common-packages@meta @@ -3190,7 +2812,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.5.18, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3202,7 +2824,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 git@1:2.34.1-1ubuntu1.9 @@ -3213,7 +2835,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 git@1:2.34.1-1ubuntu1.9 @@ -3222,7 +2844,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 git-lfs@3.0.2-1ubuntu0.2 @@ -3280,7 +2902,7 @@

      CVE-2023-28322

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.5.18, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3292,7 +2914,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 git@1:2.34.1-1ubuntu1.9 @@ -3317,6 +2939,9 @@

      References

      @@ -3349,7 +2974,7 @@

      Improper Certificate Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.5.18, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3361,7 +2986,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 git@1:2.34.1-1ubuntu1.9 @@ -3386,6 +3011,9 @@

      References

      @@ -3417,7 +3045,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.18 and coreutils@8.32-4.1ubuntu1
    @@ -3430,7 +3058,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 coreutils@8.32-4.1ubuntu1 @@ -3487,7 +3115,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.18 and bash@5.1-6ubuntu1
    @@ -3500,7 +3128,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.8 + docker-image|quay.io/argoproj/argocd@v2.5.18 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.7.3/redis_7.0.11-alpine.html b/docs/snyk/v2.5.18/redis_7.0.11-alpine.html similarity index 97% rename from docs/snyk/v2.7.3/redis_7.0.11-alpine.html rename to docs/snyk/v2.5.18/redis_7.0.11-alpine.html index 0361067d1a4d0..be299d9abd352 100644 --- a/docs/snyk/v2.7.3/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.5.18/redis_7.0.11-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      June 4th 2023, 12:19:42 am (UTC+00:00)

      +

      June 11th 2023, 12:24:47 am (UTC+00:00)

      Scanned the following path: @@ -485,12 +485,12 @@

      Snyk test report

      -
      -

      CVE-2023-2650

      +
      +

      Allocation of Resources Without Limits or Throttling

      -
      - low severity +
      + high severity
      @@ -675,6 +675,8 @@

      References

    • openssl-security@openssl.org
    • openssl-security@openssl.org
    • openssl-security@openssl.org
      • +
    • openssl-security@openssl.org
      • +
    • openssl-security@openssl.org
    diff --git a/docs/snyk/v2.6.8/argocd-iac-install.html b/docs/snyk/v2.6.9/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.6.8/argocd-iac-install.html rename to docs/snyk/v2.6.9/argocd-iac-install.html index da733796e12b9..09773ec98db51 100644 --- a/docs/snyk/v2.6.8/argocd-iac-install.html +++ b/docs/snyk/v2.6.9/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:23:42 am (UTC+00:00)

    +

    June 11th 2023, 12:23:30 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.6.8/argocd-iac-namespace-install.html b/docs/snyk/v2.6.9/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.6.8/argocd-iac-namespace-install.html rename to docs/snyk/v2.6.9/argocd-iac-namespace-install.html index 574cfc9e02f74..75a86bd66c7d9 100644 --- a/docs/snyk/v2.6.8/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.6.9/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:23:53 am (UTC+00:00)

    +

    June 11th 2023, 12:23:42 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.6.8/argocd-test.html b/docs/snyk/v2.6.9/argocd-test.html similarity index 99% rename from docs/snyk/v2.6.8/argocd-test.html rename to docs/snyk/v2.6.9/argocd-test.html index a8502c11858f0..560f11f3dbb20 100644 --- a/docs/snyk/v2.6.8/argocd-test.html +++ b/docs/snyk/v2.6.9/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:21:35 am (UTC+00:00)

    +

    June 11th 2023, 12:21:31 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/v2.6.9/ghcr.io_dexidp_dex_v2.36.0.html similarity index 98% rename from docs/snyk/v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html rename to docs/snyk/v2.6.9/ghcr.io_dexidp_dex_v2.36.0.html index 287f58d3f2fc8..23af7adb58f38 100644 --- a/docs/snyk/v2.6.8/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/v2.6.9/ghcr.io_dexidp_dex_v2.36.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:21:42 am (UTC+00:00)

    +

    June 11th 2023, 12:21:38 am (UTC+00:00)

    Scanned the following paths: @@ -609,6 +609,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -618,12 +619,12 @@

    References

    -
    -

    Improper Certificate Validation

    +
    +

    Allocation of Resources Without Limits or Throttling

    -
    - medium severity +
    + high severity
    @@ -733,31 +734,65 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -876,42 +911,37 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    +

    Applications that use a non-default option when verifying certificates may be + vulnerable to an attack from a malicious CA to circumvent certain checks.

    +

    Invalid certificate policies in leaf certificates are silently ignored by + OpenSSL and other certificate policy checks are skipped for that certificate. + A malicious CA could use this to deliberately assert invalid certificate policies + in order to circumvent policy checking on the certificate altogether.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Out-of-bounds Read

    +

    Improper Certificate Validation

    @@ -1025,44 +1055,47 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    +

    The function X509_VERIFY_PARAM_add0_policy() is documented to + implicitly enable the certificate policy check when doing certificate + verification. However the implementation of the function does not + enable the check which allows certificates with invalid or incorrect + policies to pass the certificate verification.

    +

    As suddenly enabling the policy check could break existing deployments it was + decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() + function.

    +

    Instead the applications that require OpenSSL to perform certificate + policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly + enable the policy check by calling X509_VERIFY_PARAM_set_flags() with + the X509_V_FLAG_POLICY_CHECK flag argument.

    +

    Certificate policy checks are disabled by default in OpenSSL and are not + commonly used by applications.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    CVE-2023-2650

    +
    +

    Out-of-bounds Read

    -
    - low severity +
    + medium severity
    @@ -1172,63 +1205,35 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

    -

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

    -

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

    -

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

    -

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

    -

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

    -

    Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

    -

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

    -

    The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

    -

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html b/docs/snyk/v2.6.9/haproxy_2.6.12-alpine.html similarity index 98% rename from docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html rename to docs/snyk/v2.6.9/haproxy_2.6.12-alpine.html index ab656613b8916..0b403f3b73135 100644 --- a/docs/snyk/v2.7.3/haproxy_2.6.12-alpine.html +++ b/docs/snyk/v2.6.9/haproxy_2.6.12-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:19:17 am (UTC+00:00)

    +

    June 11th 2023, 12:21:43 am (UTC+00:00)

    Scanned the following path: @@ -485,12 +485,12 @@

    Snyk test report

    -
    -

    Out-of-bounds Read

    +
    +

    Allocation of Resources Without Limits or Throttling

    -
    - medium severity +
    + high severity
    @@ -622,44 +622,74 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    CVE-2023-2650

    +
    +

    Out-of-bounds Read

    -
    - low severity +
    + medium severity
    @@ -791,63 +821,35 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

    -

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

    -

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

    -

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

    -

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

    -

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

    -

    Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

    -

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

    -

    The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

    -

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.7.3/quay.io_argoproj_argocd_v2.7.3.html b/docs/snyk/v2.6.9/quay.io_argoproj_argocd_v2.6.9.html similarity index 82% rename from docs/snyk/v2.7.3/quay.io_argoproj_argocd_v2.7.3.html rename to docs/snyk/v2.6.9/quay.io_argoproj_argocd_v2.6.9.html index 97f37778b3f84..33eb70886d8a1 100644 --- a/docs/snyk/v2.7.3/quay.io_argoproj_argocd_v2.7.3.html +++ b/docs/snyk/v2.6.9/quay.io_argoproj_argocd_v2.6.9.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

    Snyk test report

    -

    June 4th 2023, 12:19:37 am (UTC+00:00)

    +

    June 11th 2023, 12:22:06 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.7.3/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.7.3/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.7.3/kustomize/kustomize/v5 (gomodules)
    • quay.io/argoproj/argocd:v2.7.3/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.7.3/git-lfs/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.6.9/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.6.9/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.6.9/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.6.9/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.6.9/git-lfs/git-lfs (gomodules)
    -
    24 known vulnerabilities
    -
    93 vulnerable dependency paths
    -
    2065 dependencies
    +
    27 known vulnerabilities
    +
    78 vulnerable dependency paths
    +
    2063 dependencies
    @@ -493,12 +493,12 @@

    Denial of Service (DoS)

  • Vulnerable module: - golang.org/x/net/http2/hpack + gopkg.in/yaml.v3
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0 + sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b
    • @@ -511,9 +511,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + sigs.k8s.io/kustomize/kustomize/v4@* - golang.org/x/net/http2/hpack@v0.5.0 + gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b @@ -525,7 +525,20 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      +

      gopkg.in/yaml.v3 is a YAML support package for the Go language.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

      +

      PoC

      + 
      package main
+        
+        import (
+            "gopkg.in/yaml.v3"
+        )
+        
+        func main() {
+            var t interface{}
+            yaml.Unmarshal([]byte("0: [:!00 \xef"), &t)
+        }
+

      Details

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      @@ -539,19 +552,95 @@

      Details

    Remediation

    -

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    Upgrade gopkg.in/yaml.v3 to version 3.0.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    +
    + +
    +
    +

    NULL Pointer Dereference

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + gopkg.in/yaml.v3 +
      • + +
    • Introduced through: + + sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + sigs.k8s.io/kustomize/kustomize/v4@* + + gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    +

    Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.

    +

    PoC

    + 
    package main
+        
+        import (
+            "gopkg.in/yaml.v3"
+        )
+        
+        func main() {
+            var t interface{}
+            yaml.Unmarshal([]byte("#\n-\n-\n0"), &t)
+        }
+
    +

    Remediation

    +

    Upgrade gopkg.in/yaml.v3 to version 3.0.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    @@ -572,12 +661,12 @@

    Denial of Service (DoS)

  • Vulnerable module: - golang.org/x/net/http2 + golang.org/x/net/http2/hpack
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 + sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd
    • @@ -588,11 +677,20 @@

    Denial of Service (DoS)

    Detailed paths

      +
    • + Introduced through: + sigs.k8s.io/kustomize/kustomize/v4@* + + golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd + + + +
    • Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2@v0.5.0 + golang.org/x/net/http2/hpack@v0.0.0-20220722155237-a158d28d115b @@ -604,7 +702,6 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      Details

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      @@ -619,7 +716,7 @@

      Details

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    References

    -
    -

    Improper Certificate Validation

    +
    +

    Denial of Service

    -
    - medium severity +
    + high severity
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - perl/perl-modules-5.34 + golang.org/x/net/http2
    • Introduced through: + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - docker-image|quay.io/argoproj/argocd@v2.7.3, git@1:2.34.1-1ubuntu1.9 and others
    @@ -670,63 +767,75 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 + helm.sh/helm/v3@* - perl/perl-modules-5.34@5.34.0-3ubuntu1.1 + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - perl/libperl5.34@5.34.0-3ubuntu1.1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1.1 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - perl/libperl5.34@5.34.0-3ubuntu1.1 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - +
    + +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

    +

    References

    + -
    • +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - meta-common-packages@meta + helm.sh/helm/v3@* - perl/perl-base@5.34.0-3ubuntu1.1 + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b @@ -737,34 +846,40 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

      +

      Overview

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 perl.

      +

      Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-2650

    +

    CVE-2023-2603

    @@ -780,12 +895,12 @@

    CVE-2023-2650

  • Vulnerable module: - openssl/libssl3 + libcap2
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and openssl/libssl3@3.0.2-0ubuntu1.9 + docker-image|quay.io/argoproj/argocd@v2.6.9 and libcap2@1:2.44-1build3
    • @@ -798,113 +913,101 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 - openssl/libssl3@3.0.2-0ubuntu1.9 + libcap2@1:2.44-1build3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + apt@2.4.9 - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + apt/libapt-pkg6.0@2.4.9 - libfido2/libfido2-1@1.10.0-1 + systemd/libsystemd0@249.11-0ubuntu3.9 - openssl/libssl3@3.0.2-0ubuntu1.9 + libcap2@1:2.44-1build3
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 libcap2.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    • +
    +

    Improper Input Validation

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/text/language +
      • + +
    • Introduced through: -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - + sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/text/language@v0.3.7 -
      • + +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + sigs.k8s.io/kustomize/kustomize/v4@* - openssl@3.0.2-0ubuntu1.9 + golang.org/x/text/language@v0.3.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - ca-certificates@20211016ubuntu0.22.04.1 + helm.sh/helm/v3@* - openssl@3.0.2-0ubuntu1.9 + golang.org/x/text/language@v0.3.7 @@ -915,72 +1018,28 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

      -

      Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

      -

      An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

      -

      When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

      -

      With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

      -

      Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

      -

      Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

      -

      In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

      -

      The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

      -

      In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

      +

      Overview

      +

      Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

      Remediation

      -

      Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

      +

      Upgrade golang.org/x/text/language to version 0.3.8 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-2603

    +

    Incorrect Privilege Assignment

    @@ -991,17 +1050,17 @@

    CVE-2023-2603

    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - libcap2 + golang.org/x/sys/unix
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and libcap2@1:2.44-1build3 + helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f
    @@ -1014,24 +1073,74 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + helm.sh/helm/v3@* - libcap2@1:2.44-1build3 + golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    +

    Remediation

    +

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 + helm.sh/helm/v3@* - libcap2@1:2.44-1build3 + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b @@ -1042,19 +1151,35 @@

      Detailed paths

      -

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Overview

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 libcap2.

      +

      Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1081,7 +1206,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.6.9, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1093,7 +1218,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1152,7 +1277,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.6.9 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1165,7 +1290,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1174,7 +1299,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 adduser@3.118ubuntu5 @@ -1185,7 +1310,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1196,7 +1321,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1253,7 +1378,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.6.9 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1266,7 +1391,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1275,7 +1400,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 grep@3.7-1build1 @@ -1337,7 +1462,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.6.9 and patch@2.7.6-7build2
    @@ -1350,7 +1475,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 patch@2.7.6-7build2 @@ -1404,7 +1529,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.6.9 and patch@2.7.6-7build2
    @@ -1417,7 +1542,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 patch@2.7.6-7build2 @@ -1453,194 +1578,6 @@

      References

      More about this vulnerability

    -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.3 and openssl/libssl3@3.0.2-0ubuntu1.9 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - openssl@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 - - ca-certificates@20211016ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Information Exposure

    @@ -1664,7 +1601,7 @@

    Information Exposure

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.9 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1677,7 +1614,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1738,7 +1675,7 @@

      CVE-2023-28531

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.6.9 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -1751,7 +1688,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1785,7 +1722,7 @@

      References

    -

    CVE-2023-2953

    +

    NULL Pointer Dereference

    @@ -1807,7 +1744,7 @@

    CVE-2023-2953

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.6.9, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    • @@ -1819,7 +1756,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -1830,7 +1767,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 git@1:2.34.1-1ubuntu1.9 @@ -1843,7 +1780,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -1899,7 +1836,7 @@

      Resource Exhaustion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.6.9, meta-common-packages@meta and others
    @@ -1911,7 +1848,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 meta-common-packages@meta @@ -1967,7 +1904,7 @@

      CVE-2023-2602

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and libcap2@1:2.44-1build3 + docker-image|quay.io/argoproj/argocd@v2.6.9 and libcap2@1:2.44-1build3
    @@ -1980,7 +1917,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 libcap2@1:2.44-1build3 @@ -1989,7 +1926,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 apt@2.4.9 @@ -2009,12 +1946,16 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.

      Remediation

      There is no fixed version for Ubuntu:22.04 libcap2.

      References

      @@ -2046,7 +1987,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.6.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2059,7 +2000,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2068,7 +2009,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 adduser@3.118ubuntu5 @@ -2089,7 +2030,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 adduser@3.118ubuntu5 @@ -2112,7 +2053,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2121,7 +2062,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 adduser@3.118ubuntu5 @@ -2142,7 +2083,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2151,7 +2092,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2162,7 +2103,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 git@1:2.34.1-1ubuntu1.9 @@ -2175,13 +2116,13 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - libssh/libssh-4@0.9.6-2build1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2190,7 +2131,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 adduser@3.118ubuntu5 @@ -2209,7 +2150,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 meta-common-packages@meta @@ -2268,7 +2209,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.6.9 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2281,7 +2222,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2290,7 +2231,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 apt@2.4.9 @@ -2301,7 +2242,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2312,7 +2253,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2323,7 +2264,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2334,7 +2275,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2347,7 +2288,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2360,7 +2301,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2369,7 +2310,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2380,7 +2321,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2393,7 +2334,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2402,7 +2343,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2413,7 +2354,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2422,7 +2363,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2433,7 +2374,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2442,7 +2383,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2453,7 +2394,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2466,7 +2407,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2479,7 +2420,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2488,7 +2429,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2499,7 +2440,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2512,7 +2453,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2525,7 +2466,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2534,7 +2475,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2545,7 +2486,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2554,7 +2495,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2565,7 +2506,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2574,7 +2515,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2585,7 +2526,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2644,7 +2585,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.6.9 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2657,7 +2598,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2666,7 +2607,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 meta-common-packages@meta @@ -2725,7 +2666,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.6.9, git@1:2.34.1-1ubuntu1.9 and others
    @@ -2737,7 +2678,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 git@1:2.34.1-1ubuntu1.9 @@ -2748,7 +2689,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 git@1:2.34.1-1ubuntu1.9 @@ -2757,7 +2698,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 git-lfs@3.0.2-1ubuntu0.2 @@ -2815,7 +2756,7 @@

      CVE-2023-28322

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.6.9, git@1:2.34.1-1ubuntu1.9 and others
    @@ -2827,7 +2768,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 git@1:2.34.1-1ubuntu1.9 @@ -2852,6 +2793,9 @@

      References

      @@ -2884,7 +2828,7 @@

      Improper Certificate Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.6.9, git@1:2.34.1-1ubuntu1.9 and others
    @@ -2896,7 +2840,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 git@1:2.34.1-1ubuntu1.9 @@ -2921,6 +2865,9 @@

      References

      @@ -2952,7 +2899,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.9 and coreutils@8.32-4.1ubuntu1
    @@ -2965,7 +2912,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 coreutils@8.32-4.1ubuntu1 @@ -3022,7 +2969,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.9 and bash@5.1-6ubuntu1
    @@ -3035,7 +2982,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.3 + docker-image|quay.io/argoproj/argocd@v2.6.9 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.5.17/redis_7.0.11-alpine.html b/docs/snyk/v2.6.9/redis_7.0.11-alpine.html similarity index 97% rename from docs/snyk/v2.5.17/redis_7.0.11-alpine.html rename to docs/snyk/v2.6.9/redis_7.0.11-alpine.html index ef088d3fbb454..03b0678b7c437 100644 --- a/docs/snyk/v2.5.17/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.6.9/redis_7.0.11-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      June 4th 2023, 12:24:54 am (UTC+00:00)

      +

      June 11th 2023, 12:22:12 am (UTC+00:00)

      Scanned the following path: @@ -485,12 +485,12 @@

      Snyk test report

      -
      -

      CVE-2023-2650

      +
      +

      Allocation of Resources Without Limits or Throttling

      -
      - low severity +
      + high severity
      @@ -675,6 +675,8 @@

      References

    • openssl-security@openssl.org
    • openssl-security@openssl.org
    • openssl-security@openssl.org
      • +
    • openssl-security@openssl.org
      • +
    • openssl-security@openssl.org
    diff --git a/docs/snyk/v2.7.3/argocd-iac-install.html b/docs/snyk/v2.7.4/argocd-iac-install.html similarity index 98% rename from docs/snyk/v2.7.3/argocd-iac-install.html rename to docs/snyk/v2.7.4/argocd-iac-install.html index 5f6306a69abf5..4cb40002da34a 100644 --- a/docs/snyk/v2.7.3/argocd-iac-install.html +++ b/docs/snyk/v2.7.4/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:21:09 am (UTC+00:00)

    +

    June 11th 2023, 12:21:01 am (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 17512 + Line number: 17518
    • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 16974 + Line number: 16980
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 17146 + Line number: 17152
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 17112 + Line number: 17118
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 17206 + Line number: 17212
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 17280 + Line number: 17286
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 17512 + Line number: 17518
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 17336 + Line number: 17342
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 17597 + Line number: 17603
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 17901 + Line number: 17907
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 17126 + Line number: 17132
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 17290 + Line number: 17296
    • @@ -1471,7 +1471,7 @@

    Container is running without liveness probe

  • - Line number: 16974 + Line number: 16980
    • @@ -1523,7 +1523,7 @@

    Container is running without liveness probe

  • - Line number: 17112 + Line number: 17118
    • @@ -1575,7 +1575,7 @@

    Container is running without liveness probe

  • - Line number: 17146 + Line number: 17152
    • @@ -1627,7 +1627,7 @@

    Container is running without liveness probe

  • - Line number: 17280 + Line number: 17286
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 17512 + Line number: 17518
    • @@ -1737,7 +1737,7 @@

    Container is running without memory limit

  • - Line number: 16974 + Line number: 16980
    • @@ -1795,7 +1795,7 @@

    Container is running without memory limit

  • - Line number: 17112 + Line number: 17118
    • @@ -1853,7 +1853,7 @@

    Container is running without memory limit

  • - Line number: 17146 + Line number: 17152
    • @@ -1911,7 +1911,7 @@

    Container is running without memory limit

  • - Line number: 17206 + Line number: 17212
    • @@ -1969,7 +1969,7 @@

    Container is running without memory limit

  • - Line number: 17280 + Line number: 17286
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 17512 + Line number: 17518
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 17336 + Line number: 17342
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 17597 + Line number: 17603
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 17901 + Line number: 17907
    • @@ -2257,7 +2257,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17049 + Line number: 17055
    • @@ -2313,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17129 + Line number: 17135
    • @@ -2369,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17154 + Line number: 17160
    • @@ -2425,7 +2425,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17214 + Line number: 17220
    • @@ -2481,7 +2481,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17290 + Line number: 17296
    • @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17485 + Line number: 17491
    • @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17519 + Line number: 17525
    • @@ -2649,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 17811 + Line number: 17817
    • @@ -2705,7 +2705,7 @@

    Container's UID could clash with host's UID
  • - Line number: 18043 + Line number: 18049
    • diff --git a/docs/snyk/v2.7.3/argocd-iac-namespace-install.html b/docs/snyk/v2.7.4/argocd-iac-namespace-install.html similarity index 98% rename from docs/snyk/v2.7.3/argocd-iac-namespace-install.html rename to docs/snyk/v2.7.4/argocd-iac-namespace-install.html index 1c4beaedc1c52..d3e5d26bc6870 100644 --- a/docs/snyk/v2.7.3/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.4/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:21:21 am (UTC+00:00)

    +

    June 11th 2023, 12:21:14 am (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1172 + Line number: 1178
    • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 634 + Line number: 640
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 806 + Line number: 812
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 772 + Line number: 778
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 866 + Line number: 872
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 940 + Line number: 946
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1172 + Line number: 1178
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 996 + Line number: 1002
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1257 + Line number: 1263
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1561 + Line number: 1567
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 786 + Line number: 792
    • @@ -1419,7 +1419,7 @@

    Container is running with writable root filesystem

  • - Line number: 950 + Line number: 956
    • @@ -1471,7 +1471,7 @@

    Container is running without liveness probe

  • - Line number: 634 + Line number: 640
    • @@ -1523,7 +1523,7 @@

    Container is running without liveness probe

  • - Line number: 772 + Line number: 778
    • @@ -1575,7 +1575,7 @@

    Container is running without liveness probe

  • - Line number: 806 + Line number: 812
    • @@ -1627,7 +1627,7 @@

    Container is running without liveness probe

  • - Line number: 940 + Line number: 946
    • @@ -1679,7 +1679,7 @@

    Container is running without liveness probe

  • - Line number: 1172 + Line number: 1178
    • @@ -1737,7 +1737,7 @@

    Container is running without memory limit

  • - Line number: 634 + Line number: 640
    • @@ -1795,7 +1795,7 @@

    Container is running without memory limit

  • - Line number: 772 + Line number: 778
    • @@ -1853,7 +1853,7 @@

    Container is running without memory limit

  • - Line number: 806 + Line number: 812
    • @@ -1911,7 +1911,7 @@

    Container is running without memory limit

  • - Line number: 866 + Line number: 872
    • @@ -1969,7 +1969,7 @@

    Container is running without memory limit

  • - Line number: 940 + Line number: 946
    • @@ -2027,7 +2027,7 @@

    Container is running without memory limit

  • - Line number: 1172 + Line number: 1178
    • @@ -2085,7 +2085,7 @@

    Container is running without memory limit

  • - Line number: 996 + Line number: 1002
    • @@ -2143,7 +2143,7 @@

    Container is running without memory limit

  • - Line number: 1257 + Line number: 1263
    • @@ -2201,7 +2201,7 @@

    Container is running without memory limit

  • - Line number: 1561 + Line number: 1567
    • @@ -2257,7 +2257,7 @@

    Container's UID could clash with host's UID
  • - Line number: 709 + Line number: 715
    • @@ -2313,7 +2313,7 @@

    Container's UID could clash with host's UID
  • - Line number: 789 + Line number: 795
    • @@ -2369,7 +2369,7 @@

    Container's UID could clash with host's UID
  • - Line number: 814 + Line number: 820
    • @@ -2425,7 +2425,7 @@

    Container's UID could clash with host's UID
  • - Line number: 874 + Line number: 880
    • @@ -2481,7 +2481,7 @@

    Container's UID could clash with host's UID
  • - Line number: 950 + Line number: 956
    • @@ -2537,7 +2537,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1145 + Line number: 1151
    • @@ -2593,7 +2593,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1179 + Line number: 1185
    • @@ -2649,7 +2649,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1471 + Line number: 1477
    • @@ -2705,7 +2705,7 @@

    Container's UID could clash with host's UID
  • - Line number: 1703 + Line number: 1709
    • diff --git a/docs/snyk/v2.7.3/argocd-test.html b/docs/snyk/v2.7.4/argocd-test.html similarity index 99% rename from docs/snyk/v2.7.3/argocd-test.html rename to docs/snyk/v2.7.4/argocd-test.html index 4a1fafe570a7f..fb65bc3ea2e54 100644 --- a/docs/snyk/v2.7.3/argocd-test.html +++ b/docs/snyk/v2.7.4/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:19:03 am (UTC+00:00)

    +

    June 11th 2023, 12:18:47 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html b/docs/snyk/v2.7.4/ghcr.io_dexidp_dex_v2.36.0.html similarity index 98% rename from docs/snyk/v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html rename to docs/snyk/v2.7.4/ghcr.io_dexidp_dex_v2.36.0.html index 7a16fec6bf9be..5e3c715f518fa 100644 --- a/docs/snyk/v2.5.17/ghcr.io_dexidp_dex_v2.36.0.html +++ b/docs/snyk/v2.7.4/ghcr.io_dexidp_dex_v2.36.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:24:20 am (UTC+00:00)

    +

    June 11th 2023, 12:18:58 am (UTC+00:00)

    Scanned the following paths: @@ -609,6 +609,7 @@

    References

  • openssl-security@openssl.org
  • openssl-security@openssl.org
  • openssl-security@openssl.org
    • +
  • openssl-security@openssl.org
    • @@ -618,12 +619,12 @@

    References

    -
    -

    Improper Certificate Validation

    +
    +

    Allocation of Resources Without Limits or Throttling

    -
    - medium severity +
    + high severity
    @@ -733,31 +734,65 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Applications that use a non-default option when verifying certificates may be - vulnerable to an attack from a malicious CA to circumvent certain checks.

    -

    Invalid certificate policies in leaf certificates are silently ignored by - OpenSSL and other certificate policy checks are skipped for that certificate. - A malicious CA could use this to deliberately assert invalid certificate policies - in order to circumvent policy checking on the certificate altogether.

    -

    Policy processing is disabled by default but can be enabled by passing - the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -876,42 +911,37 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    The function X509_VERIFY_PARAM_add0_policy() is documented to - implicitly enable the certificate policy check when doing certificate - verification. However the implementation of the function does not - enable the check which allows certificates with invalid or incorrect - policies to pass the certificate verification.

    -

    As suddenly enabling the policy check could break existing deployments it was - decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() - function.

    -

    Instead the applications that require OpenSSL to perform certificate - policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly - enable the policy check by calling X509_VERIFY_PARAM_set_flags() with - the X509_V_FLAG_POLICY_CHECK flag argument.

    -

    Certificate policy checks are disabled by default in OpenSSL and are not - commonly used by applications.

    +

    Applications that use a non-default option when verifying certificates may be + vulnerable to an attack from a malicious CA to circumvent certain checks.

    +

    Invalid certificate policies in leaf certificates are silently ignored by + OpenSSL and other certificate policy checks are skipped for that certificate. + A malicious CA could use this to deliberately assert invalid certificate policies + in order to circumvent policy checking on the certificate altogether.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Out-of-bounds Read

    +

    Improper Certificate Validation

    @@ -1025,44 +1055,47 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    +

    The function X509_VERIFY_PARAM_add0_policy() is documented to + implicitly enable the certificate policy check when doing certificate + verification. However the implementation of the function does not + enable the check which allows certificates with invalid or incorrect + policies to pass the certificate verification.

    +

    As suddenly enabling the policy check could break existing deployments it was + decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() + function.

    +

    Instead the applications that require OpenSSL to perform certificate + policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly + enable the policy check by calling X509_VERIFY_PARAM_set_flags() with + the X509_V_FLAG_POLICY_CHECK flag argument.

    +

    Certificate policy checks are disabled by default in OpenSSL and are not + commonly used by applications.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    CVE-2023-2650

    +
    +

    Out-of-bounds Read

    -
    - low severity +
    + medium severity
    @@ -1172,63 +1205,35 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

    -

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

    -

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

    -

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

    -

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

    -

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

    -

    Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

    -

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

    -

    The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

    -

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html b/docs/snyk/v2.7.4/haproxy_2.6.12-alpine.html similarity index 98% rename from docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html rename to docs/snyk/v2.7.4/haproxy_2.6.12-alpine.html index b6962e1836705..3fee6c74df91c 100644 --- a/docs/snyk/v2.6.8/haproxy_2.6.12-alpine.html +++ b/docs/snyk/v2.7.4/haproxy_2.6.12-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 4th 2023, 12:21:49 am (UTC+00:00)

    +

    June 11th 2023, 12:19:04 am (UTC+00:00)

    Scanned the following path: @@ -485,12 +485,12 @@

    Snyk test report

    -
    -

    Out-of-bounds Read

    +
    +

    Allocation of Resources Without Limits or Throttling

    -
    - medium severity +
    + high severity
    @@ -622,44 +622,74 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    +

    Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

    +

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

    +

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

    +

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

    +

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

    +

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

    +

    Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

    +

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

    +

    The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

    +

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    CVE-2023-2650

    +
    +

    Out-of-bounds Read

    -
    - low severity +
    + medium severity
    @@ -791,63 +821,35 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. See How to fix? for Alpine:3.17 relevant fixed versions and status.

    -

    Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

    -

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

    -

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

    -

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

    -

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

    -

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

    -

    Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

    -

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

    -

    The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

    -

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

    +

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

    +

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

    +

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

    +

    If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

    Remediation

    -

    Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.5.17/quay.io_argoproj_argocd_v2.5.17.html b/docs/snyk/v2.7.4/quay.io_argoproj_argocd_v2.7.4.html similarity index 65% rename from docs/snyk/v2.5.17/quay.io_argoproj_argocd_v2.5.17.html rename to docs/snyk/v2.7.4/quay.io_argoproj_argocd_v2.7.4.html index 795456f7ad976..c98f3740eb3cc 100644 --- a/docs/snyk/v2.5.17/quay.io_argoproj_argocd_v2.5.17.html +++ b/docs/snyk/v2.7.4/quay.io_argoproj_argocd_v2.7.4.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

    Snyk test report

    -

    June 4th 2023, 12:24:48 am (UTC+00:00)

    +

    June 11th 2023, 12:19:27 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.5.17/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.5.17/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.5.17/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.5.17/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.5.17/git-lfs/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.4/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.7.4/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.7.4/kustomize/kustomize/v5 (gomodules)
    • quay.io/argoproj/argocd:v2.7.4/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.7.4/git-lfs/git-lfs (gomodules)
    -
    32 known vulnerabilities
    -
    103 vulnerable dependency paths
    -
    2047 dependencies
    +
    21 known vulnerabilities
    +
    70 vulnerable dependency paths
    +
    2065 dependencies
    @@ -493,993 +493,12 @@

    Denial of Service (DoS)

  • Vulnerable module: - gopkg.in/yaml.v3 -
    • - -
  • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b - -
    • - - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the Unmarshal function, which causes the program to crash when attempting to deserialize invalid input.

    -

    PoC

    - 
    package main
-        
-        import (
-            "gopkg.in/yaml.v3"
-        )
-        
-        func main() {
-            var t interface{}
-            yaml.Unmarshal([]byte("0: [:!00 \xef"), &t)
-        }
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v3 to version 3.0.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    NULL Pointer Dereference

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v3 -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v3 is a YAML support package for the Go language.

    -

    Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing #\n-\n-\n0 via the parserc.go parser.

    -

    PoC

    - 
    package main
-        
-        import (
-            "gopkg.in/yaml.v3"
-        )
-        
-        func main() {
-            var t interface{}
-            yaml.Unmarshal([]byte("#\n-\n-\n0"), &t)
-        }
-
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v3 to version 3.0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2/hpack -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - golang.org/x/net/http2/hpack@v0.0.0-20220127200216-cd36cc0744dd - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2/hpack@v0.0.0-20220722155237-a158d28d115b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service as an HTTP/2 connection can hang during closing if a shutdown was preempted by a fatal error.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.0.0-20220906165146-f3363e06e74c, 1.18.6, 1.19.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Certificate Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - perl/perl-modules-5.34 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.5.17, git@1:2.34.1-1ubuntu1.9 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - perl/libperl5.34@5.34.0-3ubuntu1.1 - - perl/perl-modules-5.34@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - perl/libperl5.34@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - git@1:2.34.1-1ubuntu1.9 - - perl@5.34.0-3ubuntu1.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - meta-common-packages@meta - - perl/perl-base@5.34.0-3ubuntu1.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 perl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-2650

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.17 and openssl/libssl3@3.0.2-0ubuntu1.9 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - openssl@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Issue summary: Processing some specially crafted ASN.1 object identifiers or - data containing them may be very slow.

    -

    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of - the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message - size limit may experience notable to very long delays when processing those - messages, which may lead to a Denial of Service.

    -

    An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - - most of which have no size limit. OBJ_obj2txt() may be used to translate - an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL - type ASN1_OBJECT) to its canonical numeric text form, which are the - sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by - periods.

    -

    When one of the sub-identifiers in the OBJECT IDENTIFIER is very large - (these are sizes that are seen as absurdly large, taking up tens or hundreds - of KiBs), the translation to a decimal number in text may take a very long - time. The time complexity is O(n^2) with 'n' being the size of the - sub-identifiers in bytes (*).

    -

    With OpenSSL 3.0, support to fetch cryptographic algorithms using names / - identifiers in string form was introduced. This includes using OBJECT - IDENTIFIERs in canonical numeric text form as identifiers for fetching - algorithms.

    -

    Such OBJECT IDENTIFIERs may be received through the ASN.1 structure - AlgorithmIdentifier, which is commonly used in multiple protocols to specify - what cryptographic algorithm should be used to sign or verify, encrypt or - decrypt, or digest passed data.

    -

    Applications that call OBJ_obj2txt() directly with untrusted data are - affected, with any version of OpenSSL. If the use is for the mere purpose - of display, the severity is considered low.

    -

    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, - CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 - certificates, including simple things like verifying its signature.

    -

    The impact on TLS is relatively low, because all versions of OpenSSL have a - 100KiB limit on the peer's certificate chain. Additionally, this only - impacts clients, or servers that have explicitly enabled client - authentication.

    -

    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, - such as X.509 certificates. This is assumed to not happen in such a way - that it would cause a Denial of Service, so these versions are considered - not affected by this issue in such a way that it would be cause for concern, - and the severity is therefore considered low.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-2603

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libcap2 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.17 and libcap2@1:2.44-1build3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - libcap2@1:2.44-1build3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - apt@2.4.9 - - apt/libapt-pkg6.0@2.4.9 - - systemd/libsystemd0@249.11-0ubuntu3.9 - - libcap2@1:2.44-1build3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libcap2.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - gopkg.in/yaml.v2 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/yaml.v2@v2.2.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    gopkg.in/yaml.v2 is a YAML support package for the Go language.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/text/language -
      • - -
    • Introduced through: - - sigs.k8s.io/kustomize/kustomize/v4@* and golang.org/x/text/language@v0.3.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - sigs.k8s.io/kustomize/kustomize/v4@* - - golang.org/x/text/language@v0.3.7 - - - -
      • -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/text/language@v0.3.7 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

    -

    Remediation

    -

    Upgrade golang.org/x/text/language to version 0.3.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Incorrect Privilege Assignment

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/sys/unix + golang.org/x/net/http2/hpack
    • Introduced through: - helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f + helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0
    @@ -1494,7 +513,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* - golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f + golang.org/x/net/http2/hpack@v0.5.0 @@ -1506,28 +525,42 @@

    Detailed paths

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    +

    Denial of Service (DoS)

    -
    - medium severity +
    + high severity
    @@ -1544,7 +577,7 @@

    Denial of Service (DoS)

  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0
    • @@ -1559,7 +592,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b + golang.org/x/net/http2@v0.5.0 @@ -1572,7 +605,7 @@

    Detailed paths

    Overview

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    Details

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    @@ -1586,24 +619,24 @@

    Details

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    +

    Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Improper Input Validation

    +

    CVE-2023-2603

    @@ -1614,17 +647,17 @@

    Improper Input Validation

    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - go.mongodb.org/mongo-driver/bson/bsonrw + libcap2
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 + docker-image|quay.io/argoproj/argocd@v2.7.4 and libcap2@1:2.44-1build3
    @@ -1637,9 +670,24 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.7.4 + + libcap2@1:2.44-1build3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.4 + + apt@2.4.9 + + apt/libapt-pkg6.0@2.4.9 + + systemd/libsystemd0@249.11-0ubuntu3.9 - go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 + libcap2@1:2.44-1build3 @@ -1650,22 +698,23 @@

      Detailed paths

      -

      Overview

      -

      go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

      -

      Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

      Remediation

      -

      Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

      +

      There is no fixed version for Ubuntu:22.04 libcap2.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1692,7 +741,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.7.4, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1704,7 +753,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1763,7 +812,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.4 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1776,7 +825,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1785,7 +834,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 adduser@3.118ubuntu5 @@ -1796,7 +845,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1807,7 +856,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1864,7 +913,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.7.4 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1877,7 +926,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1886,7 +935,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 grep@3.7-1build1 @@ -1948,7 +997,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.4 and patch@2.7.6-7build2
    @@ -1961,7 +1010,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 patch@2.7.6-7build2 @@ -2015,7 +1064,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.4 and patch@2.7.6-7build2
    @@ -2028,7 +1077,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 patch@2.7.6-7build2 @@ -2064,194 +1113,6 @@

      References

      More about this vulnerability

    -
    -
    -

    Out-of-bounds Read

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.17 and openssl/libssl3@3.0.2-0ubuntu1.9 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - openssh/openssh-client@1:8.9p1-3ubuntu0.1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - - libssh/libssh-4@0.9.6-2build1 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - openssl@3.0.2-0ubuntu1.9 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.9 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM - platform contains a bug that could cause it to read past the input buffer, - leading to a crash.

    -

    Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM - platform can crash in rare circumstances. The AES-XTS algorithm is usually - used for disk encryption.

    -

    The AES-XTS cipher decryption implementation for 64 bit ARM platform will read - past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 - byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext - buffer is unmapped, this will trigger a crash which results in a denial of - service.

    -

    If an attacker can control the size and location of the ciphertext buffer - being decrypted by an application using AES-XTS on 64 bit ARM, the - application is affected. This is fairly unlikely making this issue - a Low severity one.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Information Exposure

    @@ -2275,7 +1136,7 @@

    Information Exposure

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.4 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -2288,7 +1149,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2349,7 +1210,7 @@

      CVE-2023-28531

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.4 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    @@ -2362,7 +1223,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2396,7 +1257,7 @@

      References

    -

    CVE-2023-2953

    +

    NULL Pointer Dereference

    @@ -2418,7 +1279,7 @@

    CVE-2023-2953

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.7.4, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    • @@ -2430,7 +1291,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2441,7 +1302,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 git@1:2.34.1-1ubuntu1.9 @@ -2454,7 +1315,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2510,7 +1371,7 @@

      Resource Exhaustion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.7.4, meta-common-packages@meta and others
    @@ -2522,7 +1383,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 meta-common-packages@meta @@ -2578,7 +1439,7 @@

      CVE-2023-2602

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and libcap2@1:2.44-1build3 + docker-image|quay.io/argoproj/argocd@v2.7.4 and libcap2@1:2.44-1build3
    @@ -2591,7 +1452,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 libcap2@1:2.44-1build3 @@ -2600,7 +1461,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 apt@2.4.9 @@ -2620,12 +1481,16 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.

      Remediation

      There is no fixed version for Ubuntu:22.04 libcap2.

      References

      @@ -2657,7 +1522,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.7.4 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2670,7 +1535,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2679,7 +1544,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 adduser@3.118ubuntu5 @@ -2700,7 +1565,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 adduser@3.118ubuntu5 @@ -2723,7 +1588,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2732,7 +1597,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 adduser@3.118ubuntu5 @@ -2753,7 +1618,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2762,7 +1627,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2773,7 +1638,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 git@1:2.34.1-1ubuntu1.9 @@ -2786,13 +1651,13 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 git@1:2.34.1-1ubuntu1.9 curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - libssh/libssh-4@0.9.6-2build1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2801,7 +1666,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 adduser@3.118ubuntu5 @@ -2820,7 +1685,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 meta-common-packages@meta @@ -2879,7 +1744,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.4 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2892,7 +1757,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2901,7 +1766,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 apt@2.4.9 @@ -2912,7 +1777,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2923,7 +1788,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2934,7 +1799,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2945,7 +1810,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2958,7 +1823,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2971,7 +1836,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2980,7 +1845,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2991,7 +1856,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3004,7 +1869,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3013,7 +1878,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3024,7 +1889,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -3033,7 +1898,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3044,7 +1909,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3053,7 +1918,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3064,7 +1929,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3077,7 +1942,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3090,7 +1955,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -3099,7 +1964,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3110,7 +1975,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3123,7 +1988,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3136,7 +2001,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -3145,7 +2010,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3156,7 +2021,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -3165,7 +2030,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3176,7 +2041,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -3185,7 +2050,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3196,7 +2061,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3255,7 +2120,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.7.4 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -3268,7 +2133,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 glibc/libc-bin@2.35-0ubuntu3.1 @@ -3277,7 +2142,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 meta-common-packages@meta @@ -3336,7 +2201,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.7.4, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3348,7 +2213,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 git@1:2.34.1-1ubuntu1.9 @@ -3359,7 +2224,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 git@1:2.34.1-1ubuntu1.9 @@ -3368,7 +2233,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 git-lfs@3.0.2-1ubuntu0.2 @@ -3426,7 +2291,7 @@

      CVE-2023-28322

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.7.4, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3438,7 +2303,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 git@1:2.34.1-1ubuntu1.9 @@ -3463,6 +2328,9 @@

      References

      @@ -3495,7 +2363,7 @@

      Improper Certificate Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.7.4, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3507,7 +2375,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 git@1:2.34.1-1ubuntu1.9 @@ -3532,6 +2400,9 @@

      References

      @@ -3563,7 +2434,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.4 and coreutils@8.32-4.1ubuntu1
    @@ -3576,7 +2447,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 coreutils@8.32-4.1ubuntu1 @@ -3633,7 +2504,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.4 and bash@5.1-6ubuntu1
    @@ -3646,7 +2517,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.17 + docker-image|quay.io/argoproj/argocd@v2.7.4 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.6.8/redis_7.0.11-alpine.html b/docs/snyk/v2.7.4/redis_7.0.11-alpine.html similarity index 97% rename from docs/snyk/v2.6.8/redis_7.0.11-alpine.html rename to docs/snyk/v2.7.4/redis_7.0.11-alpine.html index a6b238cb47dde..e27e999382e3d 100644 --- a/docs/snyk/v2.6.8/redis_7.0.11-alpine.html +++ b/docs/snyk/v2.7.4/redis_7.0.11-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      June 4th 2023, 12:22:24 am (UTC+00:00)

      +

      June 11th 2023, 12:19:32 am (UTC+00:00)

      Scanned the following path: @@ -485,12 +485,12 @@

      Snyk test report

      -
      -

      CVE-2023-2650

      +
      +

      Allocation of Resources Without Limits or Throttling

      -
      - low severity +
      + high severity
      @@ -675,6 +675,8 @@

      References

    • openssl-security@openssl.org
    • openssl-security@openssl.org
    • openssl-security@openssl.org
      • +
    • openssl-security@openssl.org
      • +
    • openssl-security@openssl.org
    From 74f2396dcffd4576e1807252a506ddaf8620b9f8 Mon Sep 17 00:00:00 2001 From: Nicholas Morey Date: Wed, 14 Jun 2023 06:51:12 -0400 Subject: [PATCH 145/252] docs: add pre-release to helm tracking strategies (#13923) Signed-off-by: Nicholas Morey Co-authored-by: pasha-codefresh --- docs/user-guide/tracking_strategies.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/tracking_strategies.md b/docs/user-guide/tracking_strategies.md index e1abe85717724..57dfc5f907b65 100644 --- a/docs/user-guide/tracking_strategies.md +++ b/docs/user-guide/tracking_strategies.md @@ -11,7 +11,7 @@ is detected. ## Helm -For Helm, all versions are [Semantic Versions](https://semver.org/). As a result, you can either version ranges: +Helm chart versions are [Semantic Versions](https://semver.org/). As a result, you can use any of the following version ranges: | Use Case | How | Examples | |-|-|-| @@ -19,6 +19,7 @@ For Helm, all versions are [Semantic Versions](https://semver.org/). As a result | Track patches (e.g. in pre-production) | Use a range | `1.2.*` or `>=1.2.0 <1.3.0` | | Track minor releases (e.g. in QA) | Use a range | `1.*` or `>=1.0.0 <2.0.0` | | Use the latest (e.g. in local development) | Use star range | `*` or `>=0.0.0` | +| Use the latest including pre-releases | Use star range with `-0` suffix | `*-0` or `>=0.0.0-0` | [Read about version ranges](https://www.telerik.com/blogs/the-mystical-magical-semver-ranges-used-by-npm-bower) From eb31712af72b133d94bb93869b1251ac9500bbb6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 08:06:48 -0400 Subject: [PATCH 146/252] chore(deps): bump docker/setup-buildx-action from 2.6.0 to 2.7.0 (#14034) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.6.0 to 2.7.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/6a58db7e0d21ca03e6c44877909e80e45217eed2...ecf95283f03858871ff00b787d79c419715afc34) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image-reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 45c49849d2f3d..a55a136caa6e4 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -79,7 +79,7 @@ jobs: cosign-release: 'v2.0.0' - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - - uses: docker/setup-buildx-action@6a58db7e0d21ca03e6c44877909e80e45217eed2 # v2.6.0 + - uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0 - name: Setup tags for container image as a CSV type run: | From 0cecf7031d27b8b6454b22f8a6f1bcda0150c6de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 08:08:35 -0400 Subject: [PATCH 147/252] chore(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 (#14032) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/284f54f989303d2699d373481a0cfa13ad5a6666...153407881ec5c347639a548ade7d8ad1d6740e38) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/init-release.yaml | 2 +- .github/workflows/release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml index 4a8379e90693a..6881dc379aaa4 100644 --- a/.github/workflows/init-release.yaml +++ b/.github/workflows/init-release.yaml @@ -57,7 +57,7 @@ jobs: git diff - name: Create pull request - uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 385aa9f26c471..92e7452334c27 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -270,7 +270,7 @@ jobs: if: ${{ env.UPDATE_VERSION == 'true' }} - name: Create PR to update VERSION on master branch - uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: commit-message: Bump version in master title: "chore: Bump version in master" From 7da7259d9f09a843daf8ccbd08e0ed0f65f93f7b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 08:11:10 -0400 Subject: [PATCH 148/252] chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.58 to 0.9.59 (#14030) Bumps [github.com/ktrysmt/go-bitbucket](https://github.com/ktrysmt/go-bitbucket) from 0.9.58 to 0.9.59. - [Release notes](https://github.com/ktrysmt/go-bitbucket/releases) - [Commits](https://github.com/ktrysmt/go-bitbucket/compare/v0.9.58...v0.9.59) --- updated-dependencies: - dependency-name: github.com/ktrysmt/go-bitbucket dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index de154d981af85..a5f605da194cf 100644 --- a/go.mod +++ b/go.mod @@ -51,7 +51,7 @@ require ( github.com/itchyny/gojq v0.12.13 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 - github.com/ktrysmt/go-bitbucket v0.9.58 + github.com/ktrysmt/go-bitbucket v0.9.59 github.com/mattn/go-isatty v0.0.19 github.com/mattn/go-zglob v0.0.4 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 diff --git a/go.sum b/go.sum index 08a8396f06c27..8fa942931351d 100644 --- a/go.sum +++ b/go.sum @@ -676,8 +676,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/ktrysmt/go-bitbucket v0.9.58 h1:EyEO5Na+ydAITnUr/s8NRGU20vfFl5PsnwSCB3HK5ZE= -github.com/ktrysmt/go-bitbucket v0.9.58/go.mod h1:apndNyqXgInXkIW9/MClTsr2VznPf4iBzST3yhAt8SU= +github.com/ktrysmt/go-bitbucket v0.9.59 h1:ZnyDyJB6umS1kTDWnm26XnnMtkm74h6kZoO00g9b8ck= +github.com/ktrysmt/go-bitbucket v0.9.59/go.mod h1:5pck2g2ZJkBekDzo6psBPs+Dda7fun4br+maTN07aQQ= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/libopenstorage/openstorage v1.0.0/go.mod h1:Sp1sIObHjat1BeXhfMqLZ14wnOzEhNx2YQedreMcUyc= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= @@ -987,7 +987,6 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= From 7165540ec4c3c25d81859a8d082520a9aff4d9e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 08:11:59 -0400 Subject: [PATCH 149/252] chore(deps): bump golang.org/x/crypto from 0.9.0 to 0.10.0 (#14029) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 13 ++++++++----- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index a5f605da194cf..5218e18c0a531 100644 --- a/go.mod +++ b/go.mod @@ -75,11 +75,11 @@ require ( go.opentelemetry.io/otel v1.16.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0 go.opentelemetry.io/otel/sdk v1.16.0 - golang.org/x/crypto v0.9.0 + golang.org/x/crypto v0.10.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/oauth2 v0.8.0 golang.org/x/sync v0.2.0 - golang.org/x/term v0.8.0 + golang.org/x/term v0.9.0 google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 google.golang.org/grpc v1.55.0 google.golang.org/protobuf v1.30.0 @@ -228,8 +228,8 @@ require ( go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.8.0 // indirect golang.org/x/net v0.10.0 // indirect - golang.org/x/sys v0.8.0 // indirect - golang.org/x/text v0.9.0 // indirect + golang.org/x/sys v0.9.0 // indirect + golang.org/x/text v0.10.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.6.0 // indirect gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect diff --git a/go.sum b/go.sum index 8fa942931351d..3985770ba94eb 100644 --- a/go.sum +++ b/go.sum @@ -1133,8 +1133,8 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1389,8 +1389,9 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1399,8 +1400,9 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= +golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1415,8 +1417,9 @@ golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From c9c6d7b49a9e0364dec1245af3afda9045b9cbe3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 08:12:47 -0400 Subject: [PATCH 150/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.281 to 1.44.282 (#14028) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.281 to 1.44.282. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.281...v1.44.282) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5218e18c0a531..6ad6e66518146 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.281 + github.com/aws/aws-sdk-go v1.44.282 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 diff --git a/go.sum b/go.sum index 3985770ba94eb..43028cebd49dc 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.281 h1:z/ptheJvINaIAsKXthxONM+toTKw2pxyk700Hfm6yUw= -github.com/aws/aws-sdk-go v1.44.281/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.282 h1:ZPB9QhwxmMIEC8ja0DdFowOl5fODWaZ6s2cZ40fx6r8= +github.com/aws/aws-sdk-go v1.44.282/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From bbe092609998d3aa337bd1d1cd8ba095ae0b6a72 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 12:57:45 +0000 Subject: [PATCH 151/252] chore(deps): bump docker/build-push-action from 4.1.0 to 4.1.1 (#14033) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/44ea916f6c540f9302d50c2b1e5a8dc071f15cdf...2eb1c1961a95fc15694676618e422e8ba1d63825) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/image-reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index a55a136caa6e4..d5232e148c037 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -130,7 +130,7 @@ jobs: - name: Build and push container image id: image - uses: docker/build-push-action@44ea916f6c540f9302d50c2b1e5a8dc071f15cdf #v4.1.0 + uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 #v4.1.1 with: context: . platforms: ${{ inputs.platforms }} From f63b856394e6c41d68ef3fb3f7cd99b3c2d1435a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 13:12:38 +0000 Subject: [PATCH 152/252] chore(deps): bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 (#14031) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.8.0 to 0.9.0. - [Commits](https://github.com/golang/oauth2/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 6ad6e66518146..b18c18cdacecf 100644 --- a/go.mod +++ b/go.mod @@ -77,7 +77,7 @@ require ( go.opentelemetry.io/otel/sdk v1.16.0 golang.org/x/crypto v0.10.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 - golang.org/x/oauth2 v0.8.0 + golang.org/x/oauth2 v0.9.0 golang.org/x/sync v0.2.0 golang.org/x/term v0.9.0 google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 @@ -227,7 +227,7 @@ require ( go.opentelemetry.io/proto/otlp v0.19.0 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect golang.org/x/mod v0.8.0 // indirect - golang.org/x/net v0.10.0 // indirect + golang.org/x/net v0.11.0 // indirect golang.org/x/sys v0.9.0 // indirect golang.org/x/text v0.10.0 // indirect golang.org/x/time v0.3.0 // indirect diff --git a/go.sum b/go.sum index 43028cebd49dc..a650a877d7e3a 100644 --- a/go.sum +++ b/go.sum @@ -1251,8 +1251,9 @@ golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1268,8 +1269,9 @@ golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs= +golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From 0faa56b1fff18362ec3c01c1bc8195293d0f4201 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Wed, 14 Jun 2023 11:37:45 -0400 Subject: [PATCH 153/252] chore(deps): upgrade go to 1.20.5 (#13941) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- Dockerfile | 4 ++-- test/container/Dockerfile | 2 +- test/remote/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 32c419838f137..f8965cb922c5a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:9a0bdde4188b896a372804be238 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.20.4@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS builder +FROM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS builder RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20.4@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd diff --git a/test/container/Dockerfile b/test/container/Dockerfile index 997dba8eeb2c0..7886e2c8c16a4 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -9,7 +9,7 @@ RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version FROM docker.io/library/node:20.2.0@sha256:14f0471d0478fbb9177d0f9e8c146dc872273dcdcfc7fea93a27ed81fc6b0e96 as node -FROM docker.io/library/golang:1.20.4@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 as golang +FROM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f as golang FROM docker.io/library/registry:2.8@sha256:41f413c22d6156587e2a51f3e80c09808b8c70e82be149b82b5e0196a88d49b4 as registry diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index 018adee07cf37..effd69c9768af 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 -FROM docker.io/library/golang:1.20.4@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS go +FROM docker.io/library/golang:1.20.5@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS go RUN go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest From 523f6231e77dca14213dcbcfad8f852983ec81e4 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Wed, 14 Jun 2023 11:38:31 -0400 Subject: [PATCH 154/252] chore(deps): upgrade haproxy to 2.6.14-alpine (#14018) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- manifests/ha/base/redis-ha/chart/upstream.yaml | 4 ++-- manifests/ha/base/redis-ha/chart/values.yaml | 2 +- manifests/ha/install.yaml | 4 ++-- manifests/ha/namespace-install.yaml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml index 92e37f805b1fa..7ee7bd76dc517 100644 --- a/manifests/ha/base/redis-ha/chart/upstream.yaml +++ b/manifests/ha/base/redis-ha/chart/upstream.yaml @@ -1071,7 +1071,7 @@ spec: topologyKey: kubernetes.io/hostname initContainers: - name: config-init - image: haproxy:2.6.12-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent resources: {} @@ -1089,7 +1089,7 @@ spec: mountPath: /data containers: - name: haproxy - image: haproxy:2.6.12-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent securityContext: null diff --git a/manifests/ha/base/redis-ha/chart/values.yaml b/manifests/ha/base/redis-ha/chart/values.yaml index a1e1be949b65e..d30c4bc31bb80 100644 --- a/manifests/ha/base/redis-ha/chart/values.yaml +++ b/manifests/ha/base/redis-ha/chart/values.yaml @@ -11,7 +11,7 @@ redis-ha: IPv6: enabled: false image: - tag: 2.6.12-alpine + tag: 2.6.14-alpine containerSecurityContext: null timeout: server: 6m diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index e8afa2dd2b17a..79389514b6c28 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -19853,7 +19853,7 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - - image: haproxy:2.6.12-alpine + - image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -19890,7 +19890,7 @@ spec: - /readonly/haproxy_init.sh command: - sh - image: haproxy:2.6.12-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index b193db90768c5..f9ba40eb24f8f 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1881,7 +1881,7 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - - image: haproxy:2.6.12-alpine + - image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -1918,7 +1918,7 @@ spec: - /readonly/haproxy_init.sh command: - sh - image: haproxy:2.6.12-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: From 653b4856081eaa22a8faecefc2c50b6a53b004f6 Mon Sep 17 00:00:00 2001 From: Morre Date: Wed, 14 Jun 2023 18:13:47 +0200 Subject: [PATCH 155/252] docs: add documentation for child elements of path (#14044) * docs: add documentation for child elements of path When using go templating, the parent `{{ path }}` becomes `{{ .path.path }}, however, the other values are not at `{{ .path.path.* }}`, but at `{{ .path.* }}`. This documentation update seeks to make this easier to understand since we just ran into this. Signed-off-by: Morre * Update docs/operator-manual/applicationset/GoTemplate.md Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Morre --------- Signed-off-by: Morre Signed-off-by: Morre Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/operator-manual/applicationset/GoTemplate.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/operator-manual/applicationset/GoTemplate.md b/docs/operator-manual/applicationset/GoTemplate.md index c663ea788185a..e8700ea8d31d2 100644 --- a/docs/operator-manual/applicationset/GoTemplate.md +++ b/docs/operator-manual/applicationset/GoTemplate.md @@ -98,6 +98,10 @@ By activating Go Templating, `{{ .path }}` becomes an object. Therefore, some ch generators' templating: - `{{ path }}` becomes `{{ .path.path }}` +- `{{ path.basename }}` becomes `{{ .path.basename }}` +- `{{ path.basenameNormalized }}` becomes `{{ .path.basenameNormalized }}` +- `{{ path.filename }}` becomes `{{ .path.filename }}` +- `{{ path.filenameNormalized }}` becomes `{{ .path.filenameNormalized }}` - `{{ path[n] }}` becomes `{{ index .path.segments n }}` Here is an example: From a66bfcc594178438097275b9635a0ca7844ae5b7 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Wed, 14 Jun 2023 12:26:46 -0400 Subject: [PATCH 156/252] docs: add golang upgrade note for 2.5 (#14048) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/operator-manual/upgrading/2.4-2.5.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/operator-manual/upgrading/2.4-2.5.md b/docs/operator-manual/upgrading/2.4-2.5.md index a9376abdc49c9..8971c7cd8e3a4 100644 --- a/docs/operator-manual/upgrading/2.4-2.5.md +++ b/docs/operator-manual/upgrading/2.4-2.5.md @@ -197,3 +197,8 @@ response and will therefore fail to create/update the Application. To solve the issue, upgrade the CLI to at least 2.5.16, or 2.6.7. CLIs older than 2.5.0-rc1 are unaffected. + +## Golang upgrade in 2.5.20 + +In 2.5.20, we upgrade the Golang version used to build Argo CD from 1.18 to 1.19. If you use Argo CD as a library, you +may need to upgrade your Go version. From 9403f256c08ebc127d7ff6282bfef707863db15a Mon Sep 17 00:00:00 2001 From: Tom Smith Date: Wed, 14 Jun 2023 10:30:12 -0600 Subject: [PATCH 157/252] docs: Clarify ingress-nginx ssl termination example (#13913) * Clarify ingress-nginx ssl termination example Signed-off-by: Thomas Smith * Expand on ingress-nginx ssl termination section context Co-authored-by: Nicholas Morey Signed-off-by: Tom Smith --------- Signed-off-by: Thomas Smith Signed-off-by: Tom Smith Co-authored-by: Nicholas Morey Co-authored-by: pasha-codefresh --- docs/operator-manual/ingress.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md index ee048f3ad6b16..d60165e284542 100644 --- a/docs/operator-manual/ingress.md +++ b/docs/operator-manual/ingress.md @@ -242,10 +242,11 @@ spec: secretName: argocd-server-tls # as expected by argocd-server ``` -### Option 2: Multiple Ingress Objects And Hosts +### Option 2: SSL Termination at Ingress Controller -Since ingress-nginx Ingress supports only a single protocol per Ingress object, an alternative -way would be to define two Ingress objects. One for HTTP/HTTPS, and the other for gRPC: +An alternative approach is to perform the SSL termination at the Ingress. Since an `ingress-nginx` Ingress supports only a single protocol per Ingress object, two Ingress objects need to be defined using the `nginx.ingress.kubernetes.io/backend-protocol` annotation, one for HTTP/HTTPS and the other for gRPC. + +Each ingress will be for a different domain (`argocd.example.com` and `grpc.argocd.example.com`). This requires that the Ingress resources use different TLS `secretName`s to avoid unexpected behavior. HTTP/HTTPS Ingress: ```yaml @@ -273,7 +274,7 @@ spec: tls: - hosts: - argocd.example.com - secretName: argocd-server-tls # do not change, this is provided by Argo CD + secretName: argocd-ingress-http ``` gRPC Ingress: @@ -301,7 +302,7 @@ spec: tls: - hosts: - grpc.argocd.example.com - secretName: argocd-server-tls # do not change, this is provided by Argo CD + secretName: argocd-ingress-grpc ``` The API server should then be run with TLS disabled. Edit the `argocd-server` deployment to add the From ecbe53ce30c1d3a1ad5cff51254625500d182ac7 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Wed, 14 Jun 2023 15:07:56 -0400 Subject: [PATCH 158/252] docs: note CLI incompatibilities (#14049) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- docs/operator-manual/upgrading/2.6-2.7.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/operator-manual/upgrading/2.6-2.7.md b/docs/operator-manual/upgrading/2.6-2.7.md index 1eff785703f9c..fa7fba02bf1b7 100644 --- a/docs/operator-manual/upgrading/2.6-2.7.md +++ b/docs/operator-manual/upgrading/2.6-2.7.md @@ -90,3 +90,19 @@ If your environment uses Kustomize JSON patches to modify the Redis server name, to the 2.7 manifests. If it does, you can remove the patch and instead set the Redis server name via the `redis.server` field in the argocd-cmd-params-cm ConfigMap. That value will be passed to the necessary components via `valueFrom` environment variables. + +## `argocd applicationset` CLI incompatibilities for ApplicationSets with list generators + +If you are running Argo CD v2.7.0-2.7.2 server-side, then CLI versions outside that range will incorrectly handle list +generators. That is because the gRPC interface for those versions used the `elements` field number for the new +`elementsYaml` field. + +If you are running the Argo CD CLI versions v2.7.0-2.7.2 with a server-side version of v2.7.3 or later, then the CLI +will send the contents of the `elements` field to the server, which will interpret it as the `elementsYaml` field. This +will cause the ApplicationSet to fail at runtime with an error similar to this: + +``` +error unmarshling decoded ElementsYaml error converting YAML to JSON: yaml: control characters are not allowed +``` + +Be sure to use CLI version v2.7.3 or later with server-side version v2.7.3 or later. From 495d09309631ef884df61bca1bffec7206a34ec8 Mon Sep 17 00:00:00 2001 From: mugi <62197019+mugioka@users.noreply.github.com> Date: Thu, 15 Jun 2023 04:20:43 +0900 Subject: [PATCH 159/252] fix(cli): support application in any namespace with `argocd app diff` (#13978) (#13980) Closes https://github.com/argoproj/argo-cd/issues/13978. Signed-off-by: mugioka --- cmd/argocd/commands/app.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index 79c89cdc2d57d..995a559ce402d 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -1035,7 +1035,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg unstructureds = append(unstructureds, obj) } groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace) - items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.Name) + items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace)) } else if diffOptions.serversideRes != nil { var unstructureds []*unstructured.Unstructured for _, mfst := range diffOptions.serversideRes.Manifests { @@ -1044,7 +1044,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg unstructureds = append(unstructureds, obj) } groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace) - items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.Name) + items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace)) } else { for i := range resources.Items { res := resources.Items[i] From bc9e7bd92b5cfc5d6b5dba02cb0b11d6d888d86b Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Wed, 14 Jun 2023 17:17:51 -0400 Subject: [PATCH 160/252] chore(deps): bump ubuntu base image version (#14024) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- Dockerfile | 2 +- test/container/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f8965cb922c5a..896ab2f05dd90 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:9a0bdde4188b896a372804be2384015e90e3f84906b750c1a53539b585fbbe7f +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:ac58ff7fe25edc58bdf0067ca99df00014dbd032e2246d30a722fa348fd799a5 #################################################################################################### # Builder image # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image diff --git a/test/container/Dockerfile b/test/container/Dockerfile index 7886e2c8c16a4..73d0c269648c9 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -15,7 +15,7 @@ FROM docker.io/library/registry:2.8@sha256:41f413c22d6156587e2a51f3e80c09808b8c7 FROM docker.io/bitnami/kubectl:1.26@sha256:90d54ce960bf00b6d06cf1c69075a120d88e9f3237096b237c0a5efcacd5ed0b as kubectl -FROM docker.io/library/ubuntu:22.04@sha256:9a0bdde4188b896a372804be2384015e90e3f84906b750c1a53539b585fbbe7f +FROM docker.io/library/ubuntu:22.04@sha256:ac58ff7fe25edc58bdf0067ca99df00014dbd032e2246d30a722fa348fd799a5 ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install --fix-missing -y \ From 3cb7ecae5de7c2ef7709969c83d3e49e508cf203 Mon Sep 17 00:00:00 2001 From: Thomas Decaux Date: Wed, 14 Jun 2023 19:52:06 -0400 Subject: [PATCH 161/252] feat: add health-checks for snapshot volume (#13979) Signed-off-by: ebuildy --- .../VolumeSnapshot/health.lua | 18 +++++++++++++++++ .../VolumeSnapshot/health_test.yaml | 14 +++++++++++++ .../VolumeSnapshot/testdata/bad.yaml | 14 +++++++++++++ .../VolumeSnapshot/testdata/good.yaml | 15 ++++++++++++++ .../VolumeSnapshot/testdata/initializing.yaml | 7 +++++++ .../VolumeSnapshotContent/health.lua | 18 +++++++++++++++++ .../VolumeSnapshotContent/health_test.yaml | 13 ++++++++++++ .../VolumeSnapshotContent/testdata/bad.yaml | 12 +++++++++++ .../VolumeSnapshotContent/testdata/good.yaml | 20 +++++++++++++++++++ .../testdata/initializing.yaml | 7 +++++++ 10 files changed, 138 insertions(+) create mode 100644 resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health.lua create mode 100644 resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health_test.yaml create mode 100644 resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/bad.yaml create mode 100644 resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/good.yaml create mode 100644 resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/initializing.yaml create mode 100644 resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health.lua create mode 100644 resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health_test.yaml create mode 100644 resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/bad.yaml create mode 100644 resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/good.yaml create mode 100644 resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/initializing.yaml diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health.lua b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health.lua new file mode 100644 index 0000000000000..aa10e766dac18 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health.lua @@ -0,0 +1,18 @@ +hs = {} + +if obj.status ~= nil and obj.status.readyToUse then + hs.status = "Healthy" + hs.message = "Ready to use" + return hs +end + +if obj.status ~= nil and obj.status.error ~= nil then + hs.status = "Degraded" + hs.message = obj.status.error.message + return hs +end + +hs.status = "Progressing" +hs.message = "Waiting for status" + +return hs diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health_test.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health_test.yaml new file mode 100644 index 0000000000000..7914d4acdd3d8 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/health_test.yaml @@ -0,0 +1,14 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for status" + inputPath: testdata/initializing.yaml +- healthStatus: + status: Healthy + message: "Ready to use" + inputPath: testdata/good.yaml +- healthStatus: + status: Degraded + message: "VolumeSnapshotContent is dynamically provisioned while expecting a pre-provisioned one" + inputPath: testdata/bad.yaml + diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/bad.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/bad.yaml new file mode 100644 index 0000000000000..2d7447f1334e7 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/bad.yaml @@ -0,0 +1,14 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: data-04-06-2023 +spec: + source: + volumeSnapshotContentName: data-04-06-2023 +status: + error: + message: >- + VolumeSnapshotContent is dynamically provisioned while expecting a + pre-provisioned one + time: '2023-06-05T14:51:25Z' + readyToUse: false diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/good.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/good.yaml new file mode 100644 index 0000000000000..b8a82eff5b45c --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/good.yaml @@ -0,0 +1,15 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + finalizers: + - snapshot.storage.kubernetes.io/volumesnapshot-as-source-protection + - snapshot.storage.kubernetes.io/volumesnapshot-bound-protection +status: + boundVolumeSnapshotContentName: snapcontent-7db10be0-424c-4ed2-9dfe-6c2120eae05b + creationTime: '2023-06-04T19:13:20Z' + readyToUse: true + restoreSize: 1Ti +spec: + source: + persistentVolumeClaimName: mask-data-process-trcxk-mysql-data + volumeSnapshotClassName: azure-tools diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/initializing.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/initializing.yaml new file mode 100644 index 0000000000000..3df029d9a46cf --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshot/testdata/initializing.yaml @@ -0,0 +1,7 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: data-04-06-2023 +spec: + driver: disk.csi.azure.com +status: {} diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health.lua b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health.lua new file mode 100644 index 0000000000000..aa10e766dac18 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health.lua @@ -0,0 +1,18 @@ +hs = {} + +if obj.status ~= nil and obj.status.readyToUse then + hs.status = "Healthy" + hs.message = "Ready to use" + return hs +end + +if obj.status ~= nil and obj.status.error ~= nil then + hs.status = "Degraded" + hs.message = obj.status.error.message + return hs +end + +hs.status = "Progressing" +hs.message = "Waiting for status" + +return hs diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health_test.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health_test.yaml new file mode 100644 index 0000000000000..6cc455afabe0a --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/health_test.yaml @@ -0,0 +1,13 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for status" + inputPath: testdata/initializing.yaml +- healthStatus: + status: Healthy + message: "Ready to use" + inputPath: testdata/good.yaml +- healthStatus: + status: Degraded + message: "Failed to check and update snapshot content" + inputPath: testdata/bad.yaml diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/bad.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/bad.yaml new file mode 100644 index 0000000000000..d8d3d3d7b5ff0 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/bad.yaml @@ -0,0 +1,12 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotContent +metadata: + name: data-04-06-2023 +spec: + driver: disk.csi.azure.com +status: + error: + message: >- + Failed to check and update snapshot content + time: '2023-06-05T15:44:50Z' + readyToUse: false diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/good.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/good.yaml new file mode 100644 index 0000000000000..56166bec0c859 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/good.yaml @@ -0,0 +1,20 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotContent +metadata: + creationTimestamp: '2023-06-04T19:13:19Z' + finalizers: + - snapshot.storage.kubernetes.io/volumesnapshotcontent-bound-protection +status: + creationTime: 1685906000388294100 + readyToUse: true + restoreSize: 1099511627776 + snapshotHandle: >- + /subscriptions/XXXXXX +spec: + driver: disk.csi.azure.com + source: + volumeHandle: >- + /subscriptions/XXXXXX + volumeSnapshotClassName: azure-tools + volumeSnapshotRef: + apiVersion: snapshot.storage.k8s.io/v1 diff --git a/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/initializing.yaml b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/initializing.yaml new file mode 100644 index 0000000000000..8558cf3e44966 --- /dev/null +++ b/resource_customizations/snapshot.storage.k8s.io/VolumeSnapshotContent/testdata/initializing.yaml @@ -0,0 +1,7 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotContent +metadata: + name: data-04-06-2023 +spec: + driver: disk.csi.azure.com +status: {} From b47daa589c50c824dac53583308d34bc8f4e2c5d Mon Sep 17 00:00:00 2001 From: JenTing Date: Thu, 15 Jun 2023 18:20:56 +0800 Subject: [PATCH 162/252] Add the default resource exclusions (#13897) Signed-off-by: JenTing Co-authored-by: pasha-codefresh --- docs/operator-manual/declarative-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index edc06193d5d86..452e592d4c2be 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -655,7 +655,7 @@ stringData: ## Resource Exclusion/Inclusion -Resources can be excluded from discovery and sync so that Argo CD is unaware of them. For example, `events.k8s.io` and `metrics.k8s.io` are always excluded. Use cases: +Resources can be excluded from discovery and sync so that Argo CD is unaware of them. For example, the apiGroup/kind `events.k8s.io/*`, `metrics.k8s.io/*`, `coordination.k8s.io/Lease`, and `""/Endpoints` are always excluded. Use cases: * You have temporal issues and you want to exclude problematic resources. * There are many of a kind of resources that impacts Argo CD's performance. From 3185cc081c4fd4678ca8b35918530be946ebd229 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Jun 2023 10:59:00 -0400 Subject: [PATCH 163/252] chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (#14069) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.2.0 to 0.3.0. - [Commits](https://github.com/golang/sync/compare/v0.2.0...v0.3.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b18c18cdacecf..8c23b1f17dec9 100644 --- a/go.mod +++ b/go.mod @@ -78,7 +78,7 @@ require ( golang.org/x/crypto v0.10.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/oauth2 v0.9.0 - golang.org/x/sync v0.2.0 + golang.org/x/sync v0.3.0 golang.org/x/term v0.9.0 google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 google.golang.org/grpc v1.55.0 diff --git a/go.sum b/go.sum index a650a877d7e3a..592e6a7bd3617 100644 --- a/go.sum +++ b/go.sum @@ -1286,8 +1286,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= -golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= From bbc51fba03b2888d39a4271e07c926cc7c268de7 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Thu, 15 Jun 2023 11:47:22 -0400 Subject: [PATCH 164/252] fix(ui): soften readiness gate failure message (#13972) (#14076) * fix(ui): soften readiness gate failure message (#13972) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * null check everything Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- .../application-node-info.tsx | 21 ++++++++++--------- ...> readiness-gates-not-passed-warning.scss} | 2 +- ...=> readiness-gates-not-passed-warning.tsx} | 20 +++++++++--------- ui/src/app/applications/components/utils.tsx | 7 ++++--- 4 files changed, 26 insertions(+), 24 deletions(-) rename ui/src/app/applications/components/application-node-info/{readiness-gates-failed-warning.scss => readiness-gates-not-passed-warning.scss} (72%) rename ui/src/app/applications/components/application-node-info/{readiness-gates-failed-warning.tsx => readiness-gates-not-passed-warning.tsx} (62%) diff --git a/ui/src/app/applications/components/application-node-info/application-node-info.tsx b/ui/src/app/applications/components/application-node-info/application-node-info.tsx index dbc2ce8703190..05c3dcae95ab3 100644 --- a/ui/src/app/applications/components/application-node-info/application-node-info.tsx +++ b/ui/src/app/applications/components/application-node-info/application-node-info.tsx @@ -9,16 +9,9 @@ import * as models from '../../../shared/models'; import {services} from '../../../shared/services'; import {ResourceTreeNode} from '../application-resource-tree/application-resource-tree'; import {ApplicationResourcesDiff} from '../application-resources-diff/application-resources-diff'; -import { - ComparisonStatusIcon, - formatCreationTimestamp, - getPodReadinessGatesState, - getPodReadinessGatesState as _getPodReadinessGatesState, - getPodStateReason, - HealthStatusIcon -} from '../utils'; +import {ComparisonStatusIcon, formatCreationTimestamp, getPodReadinessGatesState, getPodStateReason, HealthStatusIcon} from '../utils'; import './application-node-info.scss'; -import {ReadinessGatesFailedWarning} from './readiness-gates-failed-warning'; +import {ReadinessGatesNotPassedWarning} from './readiness-gates-not-passed-warning'; const RenderContainerState = (props: {container: any}) => { const state = (props.container.state?.waiting && 'waiting') || (props.container.state?.terminated && 'terminated') || (props.container.state?.running && 'running'); @@ -278,6 +271,14 @@ export const ApplicationNodeInfo = (props: { } const readinessGatesState = React.useMemo(() => { + // If containers are not ready then readiness gate status is not important. + if (!props.live?.status?.containerStatuses?.length) { + return null; + } + if (props.live?.status?.containerStatuses?.some((containerStatus: {ready: boolean}) => !containerStatus.ready)) { + return null; + } + if (props.live && props.node?.kind === 'Pod') { return getPodReadinessGatesState(props.live); } @@ -287,7 +288,7 @@ export const ApplicationNodeInfo = (props: { return (
    - {Boolean(readinessGatesState) && } + {Boolean(readinessGatesState) && }
    {attributes.map(attr => ( diff --git a/ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.scss b/ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.scss similarity index 72% rename from ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.scss rename to ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.scss index b7c9ad7f0bd50..7887918671396 100644 --- a/ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.scss +++ b/ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.scss @@ -3,7 +3,7 @@ .white-box { &__readiness-gates-alert { padding: 20px; - border-left: 6px solid $argo-status-failed-color !important; + border-left: 6px solid $argo-status-warning-color !important; ul { margin-bottom: 0; diff --git a/ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.tsx b/ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.tsx similarity index 62% rename from ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.tsx rename to ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.tsx index c38dc598d6634..31af11b1d0349 100644 --- a/ui/src/app/applications/components/application-node-info/readiness-gates-failed-warning.tsx +++ b/ui/src/app/applications/components/application-node-info/readiness-gates-not-passed-warning.tsx @@ -1,29 +1,29 @@ import * as React from 'react'; import {selectPostfix} from '../utils'; -import './readiness-gates-failed-warning.scss'; +import './readiness-gates-not-passed-warning.scss'; -export interface ReadinessGatesFailedWarningProps { +export interface ReadinessGatesNotPassedWarningProps { readinessGatesState: { nonExistingConditions: string[]; - failedConditions: string[]; + notPassedConditions: string[]; }; } -export const ReadinessGatesFailedWarning = ({readinessGatesState}: ReadinessGatesFailedWarningProps) => { - if (readinessGatesState.failedConditions.length > 0 || readinessGatesState.nonExistingConditions.length > 0) { +export const ReadinessGatesNotPassedWarning = ({readinessGatesState}: ReadinessGatesNotPassedWarningProps) => { + if (readinessGatesState.notPassedConditions.length > 0 || readinessGatesState.nonExistingConditions.length > 0) { return (
    -
    Readiness Gates Failing:
    +
    Readiness Gates Not Passing:
      - {readinessGatesState.failedConditions.length > 0 && ( + {readinessGatesState.notPassedConditions.length > 0 && (
    • - The status of pod readiness gate{selectPostfix(readinessGatesState.failedConditions, '', 's')}{' '} - {readinessGatesState.failedConditions + The status of pod readiness gate{selectPostfix(readinessGatesState.notPassedConditions, '', 's')}{' '} + {readinessGatesState.notPassedConditions .map(t => `"${t}"`) .join(', ') .trim()}{' '} - {selectPostfix(readinessGatesState.failedConditions, 'is', 'are')} False. + {selectPostfix(readinessGatesState.notPassedConditions, 'is', 'are')} False.
      • )} {readinessGatesState.nonExistingConditions.length > 0 && ( diff --git a/ui/src/app/applications/components/utils.tsx b/ui/src/app/applications/components/utils.tsx index 3819f7d911074..d096658bb7d8f 100644 --- a/ui/src/app/applications/components/utils.tsx +++ b/ui/src/app/applications/components/utils.tsx @@ -946,11 +946,12 @@ export function getPodStateReason(pod: appModels.State): {message: string; reaso return {reason, message, netContainerStatuses}; } -export const getPodReadinessGatesState = (pod: appModels.State): {nonExistingConditions: string[]; failedConditions: string[]} => { +export const getPodReadinessGatesState = (pod: appModels.State): {nonExistingConditions: string[]; notPassedConditions: string[]} => { + // if pod does not have readiness gates then return empty status if (!pod.spec?.readinessGates?.length) { return { nonExistingConditions: [], - failedConditions: [] + notPassedConditions: [] }; } @@ -989,7 +990,7 @@ export const getPodReadinessGatesState = (pod: appModels.State): {nonExistingCon return { nonExistingConditions, - failedConditions + notPassedConditions: failedConditions }; }; From cec07ee1ceecdb31ca9c0cd7e350a9b1041de74a Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Thu, 15 Jun 2023 17:17:04 -0400 Subject: [PATCH 165/252] fix(cmp): discover plugins relative to app path (#13940) (#13946) * fix(cmp): discover plugins relative to app path (#13940) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * securejoin Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * intuitive constant names Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * comments Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * add missing import Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- cmpserver/plugin/plugin.go | 21 +++++++++++----- cmpserver/plugin/plugin_test.go | 24 +++++++++---------- common/common.go | 17 +++++++------ .../config-management-plugins.md | 4 ++-- go.mod | 1 + go.sum | 1 + test/e2e/testdata/cmp-fileName/plugin.yaml | 2 +- util/app/discovery/discovery.go | 8 +++---- util/cert/cert.go | 4 ++-- util/git/creds.go | 2 +- util/gpg/gpg.go | 8 +++---- util/helm/cmd.go | 2 +- 12 files changed, 54 insertions(+), 40 deletions(-) diff --git a/cmpserver/plugin/plugin.go b/cmpserver/plugin/plugin.go index 08be235315dde..ca67ccecf214a 100644 --- a/cmpserver/plugin/plugin.go +++ b/cmpserver/plugin/plugin.go @@ -24,6 +24,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/io/files" "github.com/argoproj/gitops-engine/pkg/utils/kube" + "github.com/cyphar/filepath-securejoin" "github.com/mattn/go-zglob" log "github.com/sirupsen/logrus" ) @@ -182,7 +183,7 @@ func getTempDirMustCleanup(baseDir string) (workDir string, cleanup func(), err if err := os.RemoveAll(workDir); err != nil { log.WithFields(map[string]interface{}{ common.SecurityField: common.SecurityHigh, - common.SecurityCWEField: 459, + common.SecurityCWEField: common.SecurityCWEIncompleteCleanup, }).Errorf("Failed to clean up temp directory: %s", err) } } @@ -302,7 +303,7 @@ func (s *Service) matchRepositoryGeneric(stream MatchRepositoryStream) error { return fmt.Errorf("match repository error receiving stream: %w", err) } - isSupported, isDiscoveryEnabled, err := s.matchRepository(bufferedCtx, workDir, metadata.GetEnv()) + isSupported, isDiscoveryEnabled, err := s.matchRepository(bufferedCtx, workDir, metadata.GetEnv(), metadata.GetAppRelPath()) if err != nil { return fmt.Errorf("match repository error: %w", err) } @@ -315,12 +316,20 @@ func (s *Service) matchRepositoryGeneric(stream MatchRepositoryStream) error { return nil } -func (s *Service) matchRepository(ctx context.Context, workdir string, envEntries []*apiclient.EnvEntry) (isSupported bool, isDiscoveryEnabled bool, err error) { +func (s *Service) matchRepository(ctx context.Context, workdir string, envEntries []*apiclient.EnvEntry, appRelPath string) (isSupported bool, isDiscoveryEnabled bool, err error) { config := s.initConstants.PluginConfig + appPath, err := securejoin.SecureJoin(workdir, appRelPath) + if err != nil { + log.WithFields(map[string]interface{}{ + common.SecurityField: common.SecurityHigh, + common.SecurityCWEField: common.SecurityCWEIncompleteCleanup, + }).Errorf("error joining workdir %q and appRelPath %q: %v", workdir, appRelPath, err) + } + if config.Spec.Discover.FileName != "" { log.Debugf("config.Spec.Discover.FileName is provided") - pattern := filepath.Join(workdir, config.Spec.Discover.FileName) + pattern := filepath.Join(appPath, config.Spec.Discover.FileName) matches, err := filepath.Glob(pattern) if err != nil { e := fmt.Errorf("error finding filename match for pattern %q: %w", pattern, err) @@ -332,7 +341,7 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie if config.Spec.Discover.Find.Glob != "" { log.Debugf("config.Spec.Discover.Find.Glob is provided") - pattern := filepath.Join(workdir, config.Spec.Discover.Find.Glob) + pattern := filepath.Join(appPath, config.Spec.Discover.Find.Glob) // filepath.Glob doesn't have '**' support hence selecting third-party lib // https://github.com/golang/go/issues/11862 matches, err := zglob.Glob(pattern) @@ -348,7 +357,7 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie if len(config.Spec.Discover.Find.Command.Command) > 0 { log.Debugf("Going to try runCommand.") env := append(os.Environ(), environ(envEntries)...) - find, err := runCommand(ctx, config.Spec.Discover.Find.Command, workdir, env) + find, err := runCommand(ctx, config.Spec.Discover.Find.Command, appPath, env) if err != nil { return false, true, fmt.Errorf("error running find command: %w", err) } diff --git a/cmpserver/plugin/plugin_test.go b/cmpserver/plugin/plugin_test.go index 3096e6736bc23..936a38caba934 100644 --- a/cmpserver/plugin/plugin_test.go +++ b/cmpserver/plugin/plugin_test.go @@ -100,7 +100,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -115,7 +115,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -130,7 +130,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - _, _, err := f.service.matchRepository(context.Background(), f.path, f.env) + _, _, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.ErrorContains(t, err, "syntax error") @@ -145,7 +145,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -162,7 +162,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -179,7 +179,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - _, _, err := f.service.matchRepository(context.Background(), f.path, f.env) + _, _, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.ErrorContains(t, err, "error finding glob match for pattern") @@ -196,7 +196,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -215,7 +215,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) assert.False(t, match) @@ -233,7 +233,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -253,7 +253,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) @@ -272,7 +272,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.Error(t, err) @@ -285,7 +285,7 @@ func TestMatchRepository(t *testing.T) { f := setup(t, withDiscover(d)) // when - match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env) + match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then assert.NoError(t, err) diff --git a/common/common.go b/common/common.go index c44b4e7364e00..7204a0d4bd5c6 100644 --- a/common/common.go +++ b/common/common.go @@ -321,13 +321,16 @@ const ( // Security severity logging const ( - SecurityField = "security" - SecurityCWEField = "CWE" - SecurityEmergency = 5 // Indicates unmistakably malicious events that should NEVER occur accidentally and indicates an active attack (i.e. brute forcing, DoS) - SecurityCritical = 4 // Indicates any malicious or exploitable event that had a side effect (i.e. secrets being left behind on the filesystem) - SecurityHigh = 3 // Indicates likely malicious events but one that had no side effects or was blocked (i.e. out of bounds symlinks in repos) - SecurityMedium = 2 // Could indicate malicious events, but has a high likelihood of being user/system error (i.e. access denied) - SecurityLow = 1 // Unexceptional entries (i.e. successful access logs) + SecurityField = "security" + // SecurityCWEField is the logs field for the CWE associated with a log line. CWE stands for Common Weakness Enumeration. See https://cwe.mitre.org/ + SecurityCWEField = "CWE" + SecurityCWEIncompleteCleanup = 459 + SecurityCWEMissingReleaseOfFileDescriptor = 775 + SecurityEmergency = 5 // Indicates unmistakably malicious events that should NEVER occur accidentally and indicates an active attack (i.e. brute forcing, DoS) + SecurityCritical = 4 // Indicates any malicious or exploitable event that had a side effect (i.e. secrets being left behind on the filesystem) + SecurityHigh = 3 // Indicates likely malicious events but one that had no side effects or was blocked (i.e. out of bounds symlinks in repos) + SecurityMedium = 2 // Could indicate malicious events, but has a high likelihood of being user/system error (i.e. access denied) + SecurityLow = 1 // Unexceptional entries (i.e. successful access logs) ) // TokenVerificationError is a generic error message for a failure to verify a JWT diff --git a/docs/operator-manual/config-management-plugins.md b/docs/operator-manual/config-management-plugins.md index 0334b2c168faa..792cd7ca53a54 100644 --- a/docs/operator-manual/config-management-plugins.md +++ b/docs/operator-manual/config-management-plugins.md @@ -67,8 +67,8 @@ spec: # Only one of fileName, find.glob, or find.command should be specified. If multiple are specified then only the # first (in that order) is evaluated. discover: - # fileName is a glob pattern (https://pkg.go.dev/path/filepath#Glob) that is applied to the repository's root - # directory (not the Application source directory). If there is a match, this plugin may be used for the repository. + # fileName is a glob pattern (https://pkg.go.dev/path/filepath#Glob) that is applied to the Application's source + # directory. If there is a match, this plugin may be used for the Application. fileName: "./subdir/s*.yaml" find: # This does the same thing as fileName, but it supports double-start (nested directory) glob patterns. diff --git a/go.mod b/go.mod index 8c23b1f17dec9..a5c82e159fc40 100644 --- a/go.mod +++ b/go.mod @@ -19,6 +19,7 @@ require ( github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 github.com/casbin/casbin/v2 v2.70.0 github.com/coreos/go-oidc/v3 v3.6.0 + github.com/cyphar/filepath-securejoin v0.2.3 github.com/dustin/go-humanize v1.0.1 github.com/evanphx/json-patch v5.6.0+incompatible github.com/fsnotify/fsnotify v1.6.0 diff --git a/go.sum b/go.sum index 592e6a7bd3617..f40ce652a5ed7 100644 --- a/go.sum +++ b/go.sum @@ -241,6 +241,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= diff --git a/test/e2e/testdata/cmp-fileName/plugin.yaml b/test/e2e/testdata/cmp-fileName/plugin.yaml index 1263c60054880..766278c79e773 100644 --- a/test/e2e/testdata/cmp-fileName/plugin.yaml +++ b/test/e2e/testdata/cmp-fileName/plugin.yaml @@ -7,4 +7,4 @@ spec: generate: command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"'] discover: - fileName: "cmp-fileName/subdir/s*.yaml" + fileName: "subdir/s*.yaml" diff --git a/util/app/discovery/discovery.go b/util/app/discovery/discovery.go index 7710ffbabebf7..21fbe5fd4bf36 100644 --- a/util/app/discovery/discovery.go +++ b/util/app/discovery/discovery.go @@ -93,7 +93,7 @@ func DetectConfigManagementPlugin(ctx context.Context, appPath, repoPath, plugin pluginSockFilePath := common.GetPluginSockFilePath() log.WithFields(log.Fields{ common.SecurityField: common.SecurityLow, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Debugf("pluginSockFilePath is: %s", pluginSockFilePath) if pluginName != "" { @@ -160,7 +160,7 @@ func cmpSupports(ctx context.Context, pluginSockFilePath, appPath, repoPath, fil if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error dialing to cmp-server for plugin %s, %v", fileName, err) return nil, nil, false } @@ -169,7 +169,7 @@ func cmpSupports(ctx context.Context, pluginSockFilePath, appPath, repoPath, fil if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("repository %s is not the match because %v", repoPath, err) io.Close(conn) return nil, nil, false @@ -182,7 +182,7 @@ func cmpSupports(ctx context.Context, pluginSockFilePath, appPath, repoPath, fil } log.WithFields(log.Fields{ common.SecurityField: common.SecurityLow, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Debugf("Reponse from socket file %s does not support %v", fileName, repoPath) io.Close(conn) return nil, nil, false diff --git a/util/cert/cert.go b/util/cert/cert.go index c7ac284c20314..3826c72b7d6e7 100644 --- a/util/cert/cert.go +++ b/util/cert/cert.go @@ -135,7 +135,7 @@ func ParseTLSCertificatesFromPath(sourceFile string) ([]string, error) { if err = fileHandle.Close(); err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", fileHandle.Name(), err) } }() @@ -199,7 +199,7 @@ func ParseSSHKnownHostsFromPath(sourceFile string) ([]string, error) { if err = fileHandle.Close(); err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", fileHandle.Name(), err) } }() diff --git a/util/git/creds.go b/util/git/creds.go index 76655de34913c..c3d09574eeb84 100644 --- a/util/git/creds.go +++ b/util/git/creds.go @@ -279,7 +279,7 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { if err = file.Close(); err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", file.Name(), err) } }() diff --git a/util/gpg/gpg.go b/util/gpg/gpg.go index 140fe4932336e..681c22d310e23 100644 --- a/util/gpg/gpg.go +++ b/util/gpg/gpg.go @@ -170,7 +170,7 @@ func writeKeyToFile(keyData string) (string, error) { if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", f.Name(), err) } }() @@ -275,7 +275,7 @@ func InitializeGnuPG() error { if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", f.Name(), err) } }() @@ -302,7 +302,7 @@ func ImportPGPKeysFromString(keyData string) ([]*appsv1.GnuPGPublicKey, error) { if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", f.Name(), err) } }() @@ -430,7 +430,7 @@ func SetPGPTrustLevel(pgpKeys []*appsv1.GnuPGPublicKey, trustLevel string) error if err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", f.Name(), err) } }() diff --git a/util/helm/cmd.go b/util/helm/cmd.go index 0ee376538096f..4714d0fbe8807 100644 --- a/util/helm/cmd.go +++ b/util/helm/cmd.go @@ -176,7 +176,7 @@ func writeToTmp(data []byte) (string, argoio.Closer, error) { if err = file.Close(); err != nil { log.WithFields(log.Fields{ common.SecurityField: common.SecurityMedium, - common.SecurityCWEField: 775, + common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, }).Errorf("error closing file %q: %v", file.Name(), err) } }() From 435d17504b2ed61c0c0871129ee5a1f6294bbd14 Mon Sep 17 00:00:00 2001 From: Jorge Turrado Ferrero Date: Thu, 15 Jun 2023 23:43:25 +0200 Subject: [PATCH 166/252] fix: Multi source apps resolve revision in .status field (#14081) Signed-off-by: Jorge Turrado --- controller/state.go | 7 +++++++ controller/state_test.go | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/controller/state.go b/controller/state.go index 147e0393ef309..94b3ea166f229 100644 --- a/controller/state.go +++ b/controller/state.go @@ -173,6 +173,13 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp } for i, source := range sources { + // The iteration values are assigned to the respective iteration variables as in an assignment statement. + // The iteration variables may be declared by the “range” clause using a form of short variable declaration (:=). + // In this case their types are set to the types of the respective iteration values and their scope is the block of the "for" statement; + // they are re-used in each iteration. If the iteration variables are declared outside the "for" statement, + // after execution their values will be those of the last iteration. + // https://golang.org/ref/spec#For_statements + source := source if len(revisions) < len(sources) || revisions[i] == "" { revisions[i] = source.TargetRevision } diff --git a/controller/state_test.go b/controller/state_test.go index 623e04213e300..db57a7b2c76ea 100644 --- a/controller/state_test.go +++ b/controller/state_test.go @@ -318,6 +318,45 @@ func TestCompareAppStateExtraHook(t *testing.T) { assert.Equal(t, 0, len(app.Status.Conditions)) } +// TestAppRevisions tests that revisions are properly propagated +func TestAppRevisions(t *testing.T) { + obj1 := NewPod() + obj1.SetNamespace(test.FakeDestNamespace) + data := fakeData{ + manifestResponse: &apiclient.ManifestResponse{ + Manifests: []string{toJSON(t, obj1)}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "abc123", + }, + managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured), + } + ctrl := newFakeController(&data) + + // single source + { + app := newFakeApp() + revisions := make([]string, 0) + revisions = append(revisions, "") + compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources()) + assert.NotNil(t, compRes) + assert.NotNil(t, compRes.syncStatus) + assert.NotEmpty(t, compRes.syncStatus.Revision) + assert.Len(t, compRes.syncStatus.Revisions, 0) + } + // multisource + { + app := newFakeMultiSourceApp() + revisions := make([]string, 0) + revisions = append(revisions, "") + compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources()) + assert.NotNil(t, compRes) + assert.NotNil(t, compRes.syncStatus) + assert.Empty(t, compRes.syncStatus.Revision) + assert.Len(t, compRes.syncStatus.Revisions, 2) + } +} + func toJSON(t *testing.T, obj *unstructured.Unstructured) string { data, err := json.Marshal(obj) assert.NoError(t, err) From a89adf3c55f948bc3e1904f32a9bbbf54981395f Mon Sep 17 00:00:00 2001 From: Alexander Proschek Date: Fri, 16 Jun 2023 03:11:56 -0700 Subject: [PATCH 167/252] docs: Fix example domain typo (#13896) Signed-off-by: Alexander Proschek Co-authored-by: pasha-codefresh --- docs/user-guide/multiple_sources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/multiple_sources.md b/docs/user-guide/multiple_sources.md index 5aef3825389f7..2547a4af7bf4a 100644 --- a/docs/user-guide/multiple_sources.md +++ b/docs/user-guide/multiple_sources.md @@ -56,7 +56,7 @@ spec: helm: valueFiles: - $values/charts/prometheus/values.yaml - - repoURL: 'https://git.example.gom/org/value-files.git' + - repoURL: 'https://git.example.com/org/value-files.git' targetRevision: dev ref: values ``` From 8785b30268f5649c507c7efbd915b8cc8eff6e22 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Jun 2023 07:30:41 -0400 Subject: [PATCH 168/252] chore(deps): bump github.com/aws/aws-sdk-go from 1.44.282 to 1.44.283 (#14094) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.282 to 1.44.283. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.282...v1.44.283) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a5c82e159fc40..ac5da0996d10e 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/argoproj/gitops-engine v0.7.1-0.20230526233214-ad9a694fe4bc github.com/argoproj/notifications-engine v0.4.1-0.20230228182525-f754726f03da github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d - github.com/aws/aws-sdk-go v1.44.282 + github.com/aws/aws-sdk-go v1.44.283 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 diff --git a/go.sum b/go.sum index f40ce652a5ed7..63b36805656b3 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.282 h1:ZPB9QhwxmMIEC8ja0DdFowOl5fODWaZ6s2cZ40fx6r8= -github.com/aws/aws-sdk-go v1.44.282/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.283 h1:ObMaIvdhHJM2sIrbcljd7muHBaFb+Kp/QsX6iflGDg4= +github.com/aws/aws-sdk-go v1.44.283/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From 0deed6d265dfda7a5c505d31aa2c4b4e76dbb8a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Jun 2023 12:16:44 +0000 Subject: [PATCH 169/252] chore(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.0 (#14093) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.55.0 to 1.56.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.55.0...v1.56.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 14 ++++++++------ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index ac5da0996d10e..4e833943d75fe 100644 --- a/go.mod +++ b/go.mod @@ -81,8 +81,8 @@ require ( golang.org/x/oauth2 v0.9.0 golang.org/x/sync v0.3.0 golang.org/x/term v0.9.0 - google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 - google.golang.org/grpc v1.55.0 + google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 + google.golang.org/grpc v1.56.0 google.golang.org/protobuf v1.30.0 gopkg.in/go-playground/webhooks.v5 v5.17.0 gopkg.in/square/go-jose.v2 v2.6.0 @@ -105,7 +105,7 @@ require ( ) require ( - cloud.google.com/go/compute v1.18.0 // indirect + cloud.google.com/go/compute v1.19.1 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect diff --git a/go.sum b/go.sum index 63b36805656b3..564f0f11885e0 100644 --- a/go.sum +++ b/go.sum @@ -26,8 +26,8 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY= -cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= +cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY= +cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= @@ -202,6 +202,7 @@ github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= @@ -281,6 +282,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8= github.com/euank/go-kmsg-parser v2.0.0+incompatible/go.mod h1:MhmAMZ8V4CYH4ybgdRwPr2TU5ThnS43puaKEMpja1uw= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -1601,8 +1603,8 @@ google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxH google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA= -google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1627,8 +1629,8 @@ google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= -google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= +google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= From 3dabad5b825e990778fbba432650398b2be1e521 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Jun 2023 13:05:32 +0000 Subject: [PATCH 170/252] chore(deps): bump github.com/prometheus/client_golang (#14092) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.15.1 to 1.16.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 4e833943d75fe..3ff902b44a1eb 100644 --- a/go.mod +++ b/go.mod @@ -58,7 +58,7 @@ require ( github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 github.com/olekukonko/tablewriter v0.0.5 github.com/patrickmn/go-cache v2.1.0+incompatible - github.com/prometheus/client_golang v1.15.1 + github.com/prometheus/client_golang v1.16.0 github.com/r3labs/diff v1.1.0 github.com/redis/go-redis/v9 v9.0.5 github.com/robfig/cron/v3 v3.0.1 @@ -203,7 +203,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.42.0 // indirect - github.com/prometheus/procfs v0.9.0 // indirect + github.com/prometheus/procfs v0.10.1 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/rs/cors v1.8.0 // indirect github.com/russross/blackfriday v1.6.0 // indirect diff --git a/go.sum b/go.sum index 564f0f11885e0..a2918d901a46d 100644 --- a/go.sum +++ b/go.sum @@ -860,8 +860,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI= -github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= +github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= +github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -883,8 +883,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= -github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= +github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= +github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quobyte/api v0.1.8/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI= github.com/r3labs/diff v1.1.0 h1:V53xhrbTHrWFWq3gI4b94AjgEJOerO1+1l0xyHOBi8M= From 0cf9dee3c4cf19d7209969fbd9c8c13cb9f2fc5f Mon Sep 17 00:00:00 2001 From: Ankit Charolia Date: Fri, 16 Jun 2023 16:31:14 +0200 Subject: [PATCH 171/252] chore: add ZDF to USERS.md (#14099) Signed-off-by: Ankit Charolia --- USERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/USERS.md b/USERS.md index cf455d2ab87e7..6133e71bfee9a 100644 --- a/USERS.md +++ b/USERS.md @@ -298,5 +298,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Yieldlab](https://www.yieldlab.de/) 1. [Youverify](https://youverify.co/) 1. [Yubo](https://www.yubo.live/) +1. [ZDF](https://www.zdf.de/) 1. [Zimpler](https://www.zimpler.com/) 1. [ZOZO](https://corp.zozo.com/) From 0496867b90a15c40201d33c2c5876ccfd7c202dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Jun 2023 15:39:14 +0000 Subject: [PATCH 172/252] chore(deps): bump github.com/casbin/casbin/v2 from 2.70.0 to 2.71.0 (#14095) Bumps [github.com/casbin/casbin/v2](https://github.com/casbin/casbin) from 2.70.0 to 2.71.0. - [Release notes](https://github.com/casbin/casbin/releases) - [Changelog](https://github.com/casbin/casbin/blob/master/.releaserc.json) - [Commits](https://github.com/casbin/casbin/compare/v2.70.0...v2.71.0) --- updated-dependencies: - dependency-name: github.com/casbin/casbin/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3ff902b44a1eb..c27bad4725318 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 - github.com/casbin/casbin/v2 v2.70.0 + github.com/casbin/casbin/v2 v2.71.0 github.com/coreos/go-oidc/v3 v3.6.0 github.com/cyphar/filepath-securejoin v0.2.3 github.com/dustin/go-humanize v1.0.1 diff --git a/go.sum b/go.sum index a2918d901a46d..764b7e8253337 100644 --- a/go.sum +++ b/go.sum @@ -167,8 +167,8 @@ github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= -github.com/casbin/casbin/v2 v2.70.0 h1:CuoWeWpMj6GsXf5K1npAKHEMb+9k9QE/Mo7cVZmSJ98= -github.com/casbin/casbin/v2 v2.70.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= +github.com/casbin/casbin/v2 v2.71.0 h1:pVzHKXkGgOXIjksEwnrOjNu5CE4xy6aAVzdR8td2gSc= +github.com/casbin/casbin/v2 v2.71.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= From dea3848caeca304c063ebcb7646c6080c4162a99 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Fri, 16 Jun 2023 12:29:58 -0400 Subject: [PATCH 173/252] chore: remove references to ARGOCD_REDIS (#13434) --- ...argocd-application-controller-statefulset.yaml | 6 ------ .../overlays/argocd-repo-server-deployment.yaml | 6 ------ .../base/overlays/argocd-server-deployment.yaml | 5 ----- manifests/ha/install.yaml | 15 --------------- manifests/ha/namespace-install.yaml | 15 --------------- 5 files changed, 47 deletions(-) diff --git a/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml b/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml index e077dbd97ef58..c288595170914 100644 --- a/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml +++ b/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml @@ -9,9 +9,3 @@ spec: - name: argocd-application-controller args: - /usr/local/bin/argocd-application-controller - env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.server diff --git a/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml b/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml index e26bae4c8bc09..b237cf6c13b24 100644 --- a/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml +++ b/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml @@ -24,9 +24,3 @@ spec: - name: argocd-repo-server args: - /usr/local/bin/argocd-repo-server - env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.server diff --git a/manifests/ha/base/overlays/argocd-server-deployment.yaml b/manifests/ha/base/overlays/argocd-server-deployment.yaml index 351e6cbce76b8..49eb31b1b0f29 100644 --- a/manifests/ha/base/overlays/argocd-server-deployment.yaml +++ b/manifests/ha/base/overlays/argocd-server-deployment.yaml @@ -25,10 +25,5 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: '2' - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.server args: - /usr/local/bin/argocd-server diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 79389514b6c28..554f92e1738c6 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -19958,11 +19958,6 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -20238,11 +20233,6 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -20559,11 +20549,6 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index f9ba40eb24f8f..9326842f5d76a 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1986,11 +1986,6 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -2266,11 +2261,6 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -2587,11 +2577,6 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: - - name: ARGOCD_REDIS - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT From 8f63ba3ee78384f77e7866c04c27aea08ef29dad Mon Sep 17 00:00:00 2001 From: asingh <11219262+ashutosh16@users.noreply.github.com> Date: Fri, 16 Jun 2023 13:39:57 -0700 Subject: [PATCH 174/252] fix(ui): use react link to route to relative deep-link path (#13529) Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> --- ui/src/app/shared/components/deep-links.tsx | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/ui/src/app/shared/components/deep-links.tsx b/ui/src/app/shared/components/deep-links.tsx index f7881bff537d9..6d9f614ea9661 100644 --- a/ui/src/app/shared/components/deep-links.tsx +++ b/ui/src/app/shared/components/deep-links.tsx @@ -1,4 +1,5 @@ -import * as React from 'react'; +import React from 'react'; +import {Link} from 'react-router-dom'; import {LinkInfo} from '../models'; export const DeepLinks = (props: {links: LinkInfo[]}) => { @@ -7,10 +8,17 @@ export const DeepLinks = (props: {links: LinkInfo[]}) => {
      {(links || []).map((link: LinkInfo) => (
      - - -
      {link.title}
      -       + {link.url.startsWith('http') ? ( + + +
      {link.title}
      +       + ) : ( + + +
      {link.title}
      + + )} {link.description && <>({link.description})}
      ))} From a400ad11d7a66d87962faf1dcca6c305125c8879 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 19 Jun 2023 02:04:32 -0500 Subject: [PATCH 175/252] feat(ui): enable gzip for UI assets by default (#13944) * feat(ui): enable gzip for UI assets by default Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * update docs Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: pasha-codefresh --- cmd/argocd-server/commands/argocd_server.go | 2 +- docs/operator-manual/argocd-cmd-params-cm.yaml | 4 ++-- docs/operator-manual/server-commands/argocd-server.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/argocd-server/commands/argocd_server.go b/cmd/argocd-server/commands/argocd_server.go index b4ae0d19d9981..b9ef17a79c832 100644 --- a/cmd/argocd-server/commands/argocd_server.go +++ b/cmd/argocd-server/commands/argocd_server.go @@ -228,7 +228,7 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&repoServerAddress, "repo-server", env.StringFromEnv("ARGOCD_SERVER_REPO_SERVER", common.DefaultRepoServerAddr), "Repo server address") command.Flags().StringVar(&dexServerAddress, "dex-server", env.StringFromEnv("ARGOCD_SERVER_DEX_SERVER", common.DefaultDexServerAddr), "Dex server address") command.Flags().BoolVar(&disableAuth, "disable-auth", env.ParseBoolFromEnv("ARGOCD_SERVER_DISABLE_AUTH", false), "Disable client authentication") - command.Flags().BoolVar(&enableGZip, "enable-gzip", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_GZIP", false), "Enable GZIP compression") + command.Flags().BoolVar(&enableGZip, "enable-gzip", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_GZIP", true), "Enable GZIP compression") command.AddCommand(cli.NewVersionCmd(cliName)) command.Flags().StringVar(&listenHost, "address", env.StringFromEnv("ARGOCD_SERVER_LISTEN_ADDRESS", common.DefaultAddressAPIServer), "Listen on given address") command.Flags().IntVar(&listenPort, "port", common.DefaultPortAPIServer, "Listen on given port") diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml index 47ec108c6512e..bbb139581b297 100644 --- a/docs/operator-manual/argocd-cmd-params-cm.yaml +++ b/docs/operator-manual/argocd-cmd-params-cm.yaml @@ -92,8 +92,8 @@ data: server.dex.server.strict.tls: "false" # Disable client authentication server.disable.auth: "false" - # Enable GZIP compression - server.enable.gzip: "false" + # Toggle GZIP compression + server.enable.gzip: "true" # Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin") server.x.frame.options: "sameorigin" # The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") diff --git a/docs/operator-manual/server-commands/argocd-server.md b/docs/operator-manual/server-commands/argocd-server.md index 65a11def34848..e120c757b2ec1 100644 --- a/docs/operator-manual/server-commands/argocd-server.md +++ b/docs/operator-manual/server-commands/argocd-server.md @@ -32,7 +32,7 @@ argocd-server [flags] --dex-server-plaintext Use a plaintext client (non-TLS) to connect to dex server --dex-server-strict-tls Perform strict validation of TLS certificates when connecting to dex server --disable-auth Disable client authentication - --enable-gzip Enable GZIP compression + --enable-gzip Enable GZIP compression (default true) --enable-proxy-extension Enable Proxy Extension feature --gloglevel int Set the glog logging level -h, --help help for argocd-server From 89ba316138ede35abcd5d8fad4bd4e4812c19722 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 19 Jun 2023 03:15:45 -0500 Subject: [PATCH 176/252] docs: Update release info for 2.8 (#14077) * docs: update release dates Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * update Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Leo Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * 2.10 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: pasha-codefresh --- docs/developer-guide/release-process-and-cadence.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/developer-guide/release-process-and-cadence.md b/docs/developer-guide/release-process-and-cadence.md index 535c6fe84a66b..051de617f0776 100644 --- a/docs/developer-guide/release-process-and-cadence.md +++ b/docs/developer-guide/release-process-and-cadence.md @@ -9,9 +9,11 @@ These are the upcoming releases dates: | Release | Release Planning Meeting | Release Candidate 1 | General Availability | Release Champion | Checklist | |---------|--------------------------|-----------------------|----------------------|-------------------------------------------------------|---------------------------------------------------------------| | v2.6 | Monday, Dec. 12, 2022 | Monday, Dec. 19, 2022 | Monday, Feb. 6, 2023 | [William Tam](https://github.com/wtam2018) | [checklist](https://github.com/argoproj/argo-cd/issues/11563) | -| v2.7 | Monday, Mar. 6, 2023 | Monday, Mar. 20, 2023 | Monday, May. 1, 2023 | [Pavel Kostohrys](https://github.com/pasha-codefresh) | -| v2.8 | Monday, Jun. 5, 2023 | Monday, Jun. 19, 2023 | Monday, Aug. 7, 2023 | [Keith Chong](https://github.keithchong) -| v2.9 | Monday, Sep. 4, 2023 | Monday, Sep. 18, 2023 | Monday, Nov. 6, 2023 | +| v2.7 | Monday, Mar. 6, 2023 | Monday, Mar. 20, 2023 | Monday, May. 1, 2023 | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/12762) | +| v2.8 | Monday, Jun. 20, 2023 | Monday, Jun. 26, 2023 | Monday, Aug. 7, 2023 | [Keith Chong](https://github.com/keithchong) | [checklist](https://github.com/argoproj/argo-cd/issues/13742) | +| v2.9 | Monday, Sep. 4, 2023 | Monday, Sep. 18, 2023 | Monday, Nov. 6, 2023 | [Leonardo Almeida](https://github.com/leoluz) | [checklist](https://github.com/argoproj/argo-cd/issues/14078) | +| v2.10 | Monday, Dec. 4, 2023 | Monday, Dec. 18, 2023 | Monday, Feb. 5, 2024 | + Actual release dates might differ from the plan by a few days. From a952b016ceec76affcd13e388ef6d61a0a73aef0 Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 19 Jun 2023 04:13:33 -0500 Subject: [PATCH 177/252] docs: fix code highlighting (#14022) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: pasha-codefresh --- mkdocs.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index 5cfb049d867b8..4797426bbb4b5 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -8,7 +8,8 @@ extra_javascript: - assets/versions.js markdown_extensions: - markdown_include.include -- codehilite +- codehilite: + css_class: highlight - admonition - toc: permalink: true From 698aef34ec64a4234061c539aadb43acfed0a25a Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 19 Jun 2023 05:40:44 -0500 Subject: [PATCH 178/252] docs: add CRD specification example files to docs (#14021) * docs: add CRD specification example files to docs Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * pages for declarative files, too Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: pasha-codefresh --- .../applicationset-specification.md | 7 +++++ docs/operator-manual/argocd-cm-yaml.md | 7 +++++ .../argocd-cmd-params-cm-yaml.md | 7 +++++ docs/operator-manual/argocd-rbac-cm-yaml.md | 7 +++++ .../operator-manual/argocd-repo-creds-yaml.md | 7 +++++ .../argocd-repositories-yaml.md | 7 +++++ docs/operator-manual/argocd-secret-yaml.md | 7 +++++ .../argocd-ssh-known-hosts-cm-yaml.md | 7 +++++ .../argocd-tls-certs-cm-yaml.md | 7 +++++ docs/operator-manual/declarative-setup.md | 30 +++++++++---------- docs/operator-manual/project-specification.md | 7 +++++ docs/user-guide/application-specification.md | 7 +++++ mkdocs.yml | 3 ++ 13 files changed, 95 insertions(+), 15 deletions(-) create mode 100644 docs/operator-manual/applicationset/applicationset-specification.md create mode 100644 docs/operator-manual/argocd-cm-yaml.md create mode 100644 docs/operator-manual/argocd-cmd-params-cm-yaml.md create mode 100644 docs/operator-manual/argocd-rbac-cm-yaml.md create mode 100644 docs/operator-manual/argocd-repo-creds-yaml.md create mode 100644 docs/operator-manual/argocd-repositories-yaml.md create mode 100644 docs/operator-manual/argocd-secret-yaml.md create mode 100644 docs/operator-manual/argocd-ssh-known-hosts-cm-yaml.md create mode 100644 docs/operator-manual/argocd-tls-certs-cm-yaml.md create mode 100644 docs/operator-manual/project-specification.md create mode 100644 docs/user-guide/application-specification.md diff --git a/docs/operator-manual/applicationset/applicationset-specification.md b/docs/operator-manual/applicationset/applicationset-specification.md new file mode 100644 index 0000000000000..8899057bf7ff6 --- /dev/null +++ b/docs/operator-manual/applicationset/applicationset-specification.md @@ -0,0 +1,7 @@ +# ApplicationSet Specification + +The following describes all the available fields of an ApplicationSet: + +```yaml +{!docs/operator-manual/applicationset.yaml!} +``` diff --git a/docs/operator-manual/argocd-cm-yaml.md b/docs/operator-manual/argocd-cm-yaml.md new file mode 100644 index 0000000000000..666e78d03fc1b --- /dev/null +++ b/docs/operator-manual/argocd-cm-yaml.md @@ -0,0 +1,7 @@ +# argocd-cm.yaml example + +An example of an argocd-cm.yaml file: + +```yaml +{!docs/operator-manual/argocd-cm.yaml!} +``` diff --git a/docs/operator-manual/argocd-cmd-params-cm-yaml.md b/docs/operator-manual/argocd-cmd-params-cm-yaml.md new file mode 100644 index 0000000000000..1cdba010fcfc6 --- /dev/null +++ b/docs/operator-manual/argocd-cmd-params-cm-yaml.md @@ -0,0 +1,7 @@ +# argocd-cmd-params-cm.yaml example + +An example of an argocd-cmd-params-cm.yaml file: + +```yaml +{!docs/operator-manual/argocd-cmd-params-cm.yaml!} +``` diff --git a/docs/operator-manual/argocd-rbac-cm-yaml.md b/docs/operator-manual/argocd-rbac-cm-yaml.md new file mode 100644 index 0000000000000..c0dbcde428543 --- /dev/null +++ b/docs/operator-manual/argocd-rbac-cm-yaml.md @@ -0,0 +1,7 @@ +# argocd-rbac-cm.yaml example + +An example of an argocd-rbac-cm.yaml file: + +```yaml +{!docs/operator-manual/argocd-rbac-cm.yaml!} +``` diff --git a/docs/operator-manual/argocd-repo-creds-yaml.md b/docs/operator-manual/argocd-repo-creds-yaml.md new file mode 100644 index 0000000000000..dca214068405c --- /dev/null +++ b/docs/operator-manual/argocd-repo-creds-yaml.md @@ -0,0 +1,7 @@ +# argocd-repo-creds.yaml example + +An example of an argocd-repo-creds.yaml file: + +```yaml +{!docs/operator-manual/argocd-repo-creds.yaml!} +``` diff --git a/docs/operator-manual/argocd-repositories-yaml.md b/docs/operator-manual/argocd-repositories-yaml.md new file mode 100644 index 0000000000000..c9c99357c391a --- /dev/null +++ b/docs/operator-manual/argocd-repositories-yaml.md @@ -0,0 +1,7 @@ +# argocd-repositories.yaml example + +An example of an argocd-repositories.yaml file: + +```yaml +{!docs/operator-manual/argocd-repositories.yaml!} +``` diff --git a/docs/operator-manual/argocd-secret-yaml.md b/docs/operator-manual/argocd-secret-yaml.md new file mode 100644 index 0000000000000..33a88a8e96ee2 --- /dev/null +++ b/docs/operator-manual/argocd-secret-yaml.md @@ -0,0 +1,7 @@ +# argocd-secret.yaml example + +An example of an argocd-secret.yaml file: + +```yaml +{!docs/operator-manual/argocd-secret.yaml!} +``` diff --git a/docs/operator-manual/argocd-ssh-known-hosts-cm-yaml.md b/docs/operator-manual/argocd-ssh-known-hosts-cm-yaml.md new file mode 100644 index 0000000000000..4a5977f61e842 --- /dev/null +++ b/docs/operator-manual/argocd-ssh-known-hosts-cm-yaml.md @@ -0,0 +1,7 @@ +# argocd-ssh-known-hosts-cm.yaml example + +An example of an argocd-ssh-known-hosts-cm.yaml file: + +```yaml +{!docs/operator-manual/argocd-ssh-known-hosts-cm.yaml!} +``` diff --git a/docs/operator-manual/argocd-tls-certs-cm-yaml.md b/docs/operator-manual/argocd-tls-certs-cm-yaml.md new file mode 100644 index 0000000000000..e18b54d6e117e --- /dev/null +++ b/docs/operator-manual/argocd-tls-certs-cm-yaml.md @@ -0,0 +1,7 @@ +# argocd-tls-certs-cm.yaml example + +An example of an argocd-tls-certs-cm.yaml file: + +```yaml +{!docs/operator-manual/argocd-tls-certs-cm.yaml!} +``` diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index 452e592d4c2be..3441d4b50792f 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -8,16 +8,16 @@ All resources, including `Application` and `AppProject` specs, have to be instal ### Atomic configuration -| Sample File | Resource Name | Kind | Description | -|-------------|---------------|------|-------------| -| [`argocd-cm.yaml`](argocd-cm.yaml) | argocd-cm | ConfigMap | General Argo CD configuration | -| [`argocd-repositories.yaml`](argocd-repositories.yaml) | my-private-repo / istio-helm-repo / private-helm-repo / private-repo | Secrets | Sample repository connection details | -| [`argocd-repo-creds.yaml`](argocd-repo-creds.yaml) | argoproj-https-creds / argoproj-ssh-creds / github-creds / github-enterprise-creds | Secrets | Sample repository credential templates | -| [`argocd-cmd-params-cm.yaml`](argocd-cmd-params-cm.yaml) | argocd-cmd-params-cm | ConfigMap | Argo CD env variables configuration | -| [`argocd-secret.yaml`](argocd-secret.yaml) | argocd-secret | Secret | User Passwords, Certificates (deprecated), Signing Key, Dex secrets, Webhook secrets | -| [`argocd-rbac-cm.yaml`](argocd-rbac-cm.yaml) | argocd-rbac-cm | ConfigMap | RBAC Configuration | -| [`argocd-tls-certs-cm.yaml`](argocd-tls-certs-cm.yaml) | argocd-tls-certs-cm | ConfigMap | Custom TLS certificates for connecting Git repositories via HTTPS (v1.2 and later) | -| [`argocd-ssh-known-hosts-cm.yaml`](argocd-ssh-known-hosts-cm.yaml) | argocd-ssh-known-hosts-cm | ConfigMap | SSH known hosts data for connecting Git repositories via SSH (v1.2 and later) | +| Sample File | Resource Name | Kind | Description | +|-----------------------------------------------------------------------|------------------------------------------------------------------------------------|-----------|--------------------------------------------------------------------------------------| +| [`argocd-cm.yaml`](argocd-cm-yaml.md) | argocd-cm | ConfigMap | General Argo CD configuration | +| [`argocd-repositories.yaml`](argocd-repositories-yaml.md) | my-private-repo / istio-helm-repo / private-helm-repo / private-repo | Secrets | Sample repository connection details | +| [`argocd-repo-creds.yaml`](argocd-repo-creds.yaml) | argoproj-https-creds / argoproj-ssh-creds / github-creds / github-enterprise-creds | Secrets | Sample repository credential templates | +| [`argocd-cmd-params-cm.yaml`](argocd-cmd-params-cm-yaml.md) | argocd-cmd-params-cm | ConfigMap | Argo CD env variables configuration | +| [`argocd-secret.yaml`](argocd-secret-yaml.md) | argocd-secret | Secret | User Passwords, Certificates (deprecated), Signing Key, Dex secrets, Webhook secrets | +| [`argocd-rbac-cm.yaml`](argocd-rbac-cm-yaml.md) | argocd-rbac-cm | ConfigMap | RBAC Configuration | +| [`argocd-tls-certs-cm.yaml`](argocd-tls-certs-cm-yaml.md) | argocd-tls-certs-cm | ConfigMap | Custom TLS certificates for connecting Git repositories via HTTPS (v1.2 and later) | +| [`argocd-ssh-known-hosts-cm.yaml`](argocd-ssh-known-hosts-cm-yaml.md) | argocd-ssh-known-hosts-cm | ConfigMap | SSH known hosts data for connecting Git repositories via SSH (v1.2 and later) | For each specific kind of ConfigMap and Secret resource, there is only a single supported resource name (as listed in the above table) - if you need to merge things you need to do it before creating them. @@ -26,11 +26,11 @@ For each specific kind of ConfigMap and Secret resource, there is only a single ### Multiple configuration objects -| Sample File | Kind | Description | -|-------------|------|-------------| -| [`application.yaml`](application.yaml) | Application | Example application spec | -| [`project.yaml`](project.yaml) | AppProject | Example project spec | -| - | Secret | Repository credentials | +| Sample File | Kind | Description | +|------------------------------------------------------------------|-------------|--------------------------| +| [`application.yaml`](../user-guide/application-specification.md) | Application | Example application spec | +| [`project.yaml`](./project-specification.md) | AppProject | Example project spec | +| - | Secret | Repository credentials | For `Application` and `AppProject` resources, the name of the resource equals the name of the application or project within Argo CD. This also means that application and project names are unique within a given Argo CD installation - you cannot have the same application name for two different applications. diff --git a/docs/operator-manual/project-specification.md b/docs/operator-manual/project-specification.md new file mode 100644 index 0000000000000..4d18eb1a9dd1b --- /dev/null +++ b/docs/operator-manual/project-specification.md @@ -0,0 +1,7 @@ +# Project Specification + +The following describes all the available fields of a Project: + +```yaml +{!docs/operator-manual/project.yaml!} +``` diff --git a/docs/user-guide/application-specification.md b/docs/user-guide/application-specification.md new file mode 100644 index 0000000000000..4f581b19a47fa --- /dev/null +++ b/docs/user-guide/application-specification.md @@ -0,0 +1,7 @@ +# Application Specification + +The following describes all the available fields of an Application: + +```yaml +{!docs/operator-manual/application.yaml!} +``` diff --git a/mkdocs.yml b/mkdocs.yml index 4797426bbb4b5..008b85c1d1376 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -110,6 +110,7 @@ nav: - Application Pruning & Resource Deletion: operator-manual/applicationset/Application-Deletion.md - Progressive Syncs: operator-manual/applicationset/Progressive-Syncs.md - Git File Generator Globbing: operator-manual/applicationset/Generators-Git-File-Globbing.md + - ApplicationSet Specification Reference: operator-manual/applicationset/applicationset-specification.md - Server Configuration Parameters: - operator-manual/server-commands/argocd-server.md - operator-manual/server-commands/argocd-application-controller.md @@ -135,6 +136,7 @@ nav: - operator-manual/upgrading/1.2-1.3.md - operator-manual/upgrading/1.1-1.2.md - operator-manual/upgrading/1.0-1.1.md + - Project Specification Reference: operator-manual/project-specification.md - User Guide: - user-guide/index.md - user-guide/application_sources.md @@ -172,6 +174,7 @@ nav: - user-guide/extra_info.md - Notification subscriptions: user-guide/subscriptions.md - Command Reference: user-guide/commands/argocd.md + - Application Specification Reference: user-guide/application-specification.md - Developer Guide: - developer-guide/index.md - Architecture: From 3a1030bc241e504a8048f8dfad6e8fddc37c2efa Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Mon, 19 Jun 2023 06:52:02 -0500 Subject: [PATCH 179/252] Revert "feat: add monaco-kubernetes for editing IntelliSense (#12778)" (#14000) This reverts commit f8e016dea859ad43b82a4c12544546ef9d6dc9ce. Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: pasha-codefresh --- test/container/Dockerfile | 1 - ui/jest.config.js | 2 +- ui/package.json | 3 +- .../app/shared/components/monaco-editor.tsx | 8 +- .../components/yaml-editor/yaml-config.ts | 54 ---- .../components/yaml-editor/yaml-editor.tsx | 7 +- ui/src/app/webpack.config.js | 12 +- ui/yarn.lock | 262 +----------------- 8 files changed, 12 insertions(+), 337 deletions(-) delete mode 100644 ui/src/app/shared/components/yaml-editor/yaml-config.ts diff --git a/test/container/Dockerfile b/test/container/Dockerfile index 73d0c269648c9..d3be410c417e2 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -5,7 +5,6 @@ FROM docker.io/library/redis:7.0.11@sha256:f50031a49f41e493087fb95f96fdb3523bb25 # architecture, so we create a symlink here to facilitate copying. RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu - # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version FROM docker.io/library/node:20.2.0@sha256:14f0471d0478fbb9177d0f9e8c146dc872273dcdcfc7fea93a27ed81fc6b0e96 as node diff --git a/ui/jest.config.js b/ui/jest.config.js index dd5d29b688e59..abd8a45bcecd6 100644 --- a/ui/jest.config.js +++ b/ui/jest.config.js @@ -1,6 +1,6 @@ module.exports = { preset: 'ts-jest', - testEnvironment: 'jsdom', + testEnvironment: 'node', reporters: ['default', 'jest-junit'], collectCoverage: true, transformIgnorePatterns: ['node_modules/(?!(argo-ui)/)'], diff --git a/ui/package.json b/ui/package.json index 7574954ea2edc..ee15bf6883d82 100644 --- a/ui/package.json +++ b/ui/package.json @@ -5,7 +5,7 @@ "scripts": { "start": "webpack-dev-server --config ./src/app/webpack.config.js --mode development", "docker": "./scripts/build_docker.sh", - "build": "find ./dist -type f -not -name gitkeep -delete && webpack --config ./src/app/webpack.config.js --mode production --stats-children", + "build": "find ./dist -type f -not -name gitkeep -delete && webpack --config ./src/app/webpack.config.js --mode production", "lint": "tsc --noEmit --project ./src/app && tslint -p ./src/app", "lint:fix": "tslint -p ./src/app --fix", "test": "jest" @@ -31,7 +31,6 @@ "minimatch": "^3.1.2", "moment": "^2.29.4", "monaco-editor": "^0.33.0", - "monaco-kubernetes": "0.2.2", "path": "^0.12.7", "prop-types": "^15.8.1", "react": "^16.9.3", diff --git a/ui/src/app/shared/components/monaco-editor.tsx b/ui/src/app/shared/components/monaco-editor.tsx index cc7bfb0a2df6c..817e4c8ae6bcb 100644 --- a/ui/src/app/shared/components/monaco-editor.tsx +++ b/ui/src/app/shared/components/monaco-editor.tsx @@ -1,7 +1,6 @@ import * as React from 'react'; import * as monacoEditor from 'monaco-editor'; -import {configure, LanguageSettings} from 'monaco-kubernetes'; export interface EditorInput { text: string; @@ -12,7 +11,7 @@ export interface MonacoProps { minHeight?: number; vScrollBar: boolean; editor?: { - options?: monacoEditor.editor.IEditorOptions & {settings?: LanguageSettings}; + options?: monacoEditor.editor.IEditorOptions; input: EditorInput; getApi?: (api: monacoEditor.editor.IEditor) => any; }; @@ -29,10 +28,6 @@ const MonacoEditorLazy = React.lazy(() => const Component = (props: MonacoProps) => { const [height, setHeight] = React.useState(0); - React.useEffect(() => { - configure(props.editor.options.settings); - }, [props.editor.options.settings]); - return (
      const editor = monaco.editor.create(el, { ...props.editor.options, scrollBeyondLastLine: props.vScrollBar, - renderValidationDecorations: 'on', scrollbar: { handleMouseWheel: false, vertical: props.vScrollBar ? 'visible' : 'hidden' diff --git a/ui/src/app/shared/components/yaml-editor/yaml-config.ts b/ui/src/app/shared/components/yaml-editor/yaml-config.ts deleted file mode 100644 index 985cbd3ab736e..0000000000000 --- a/ui/src/app/shared/components/yaml-editor/yaml-config.ts +++ /dev/null @@ -1,54 +0,0 @@ -import {LanguageSettings} from 'monaco-kubernetes'; - -/** - * The configuration of the editor. - */ -export type EditorConfig = { - /** - * Whether to use monaco-kubernetes in the editor. - * - * Enhancements - * - * - Schema validation for both well-known resources - * (e.g. Deployment, Ingress, etc) and Argo CRDs. This - * includes autocomplete and other common IntelliSense. - * - Adds semantical validation which includes the most - * prevalent Kubernetes hardening guidelines and additional - * rules to prevent misconfigurations in Argo CD CRDs. - * - * @remark All heavy lifting is done in a web worker which - * leaves the main thread free for rendering the UI. - */ - useKubernetesEditor: boolean; - - /** - * Configuration of monaco-kubernetes. - */ - - settings?: LanguageSettings; -}; - -export const DEFAULT_EDITOR_CONFIG: EditorConfig = { - useKubernetesEditor: true, - settings: { - // @see https://github.com/kubeshop/monokle-core/blob/main/packages/validation/docs/configuration.md - validation: { - plugins: { - 'yaml-syntax': true, - 'kubernetes-schema': true, - 'open-policy-agent': true, - 'argo': true - }, - rules: { - // @see https://github.com/kubeshop/monokle-core/blob/main/packages/validation/docs/core-plugins.md#open-policy-agent - 'open-policy-agent/no-latest-image': 'warn', - 'open-policy-agent/no-low-user-id': 'warn', - 'open-policy-agent/no-low-group-id': 'warn', - 'open-policy-agent/no-elevated-process': 'err', - 'open-policy-agent/no-sys-admin': 'err', - 'open-policy-agent/no-host-mounted-path': 'err', - 'open-policy-agent/no-host-port-access': 'err' - } - } - } -}; diff --git a/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx b/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx index 31c6943b6101c..d60e13e570200 100644 --- a/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx +++ b/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx @@ -5,7 +5,6 @@ import * as React from 'react'; import {Consumer} from '../../context'; import {MonacoEditor} from '../monaco-editor'; -import {DEFAULT_EDITOR_CONFIG, EditorConfig} from './yaml-config'; const jsonMergePatch = require('json-merge-patch'); require('./yaml-editor.scss'); @@ -19,7 +18,6 @@ export class YamlEditor extends React.Component< onSave?: (patch: string, patchType: string) => Promise; onCancel?: () => any; minHeight?: number; - config?: EditorConfig; }, { editing: boolean; @@ -35,7 +33,6 @@ export class YamlEditor extends React.Component< public render() { const props = this.props; const yaml = props.input ? jsYaml.safeDump(props.input) : ''; - const config = props.config ?? DEFAULT_EDITOR_CONFIG; return (
      @@ -100,8 +97,8 @@ export class YamlEditor extends React.Component< minHeight={props.minHeight} vScrollBar={props.vScrollbar} editor={{ - input: {text: yaml, language: config.useKubernetesEditor ? 'kubernetes' : 'yaml'}, - options: {readOnly: !this.state.editing, minimap: {enabled: false}, settings: config.settings}, + input: {text: yaml, language: 'yaml'}, + options: {readOnly: !this.state.editing, minimap: {enabled: false}}, getApi: api => { this.model = api.getModel() as monacoEditor.editor.ITextModel; } diff --git a/ui/src/app/webpack.config.js b/ui/src/app/webpack.config.js index b01967df22730..9bfcaa1f85d97 100644 --- a/ui/src/app/webpack.config.js +++ b/ui/src/app/webpack.config.js @@ -93,17 +93,7 @@ const config = { }), new MonacoWebpackPlugin({ // https://github.com/microsoft/monaco-editor-webpack-plugin#options - languages: ['yaml'], - customLanguages: [ - { - label: 'kubernetes', - entry: 'monaco-kubernetes', - worker: { - id: 'monaco-kubernetes/kubernetesWorker', - entry: 'monaco-kubernetes/worker' - } - } - ] + languages: ['yaml'] }) ], devServer: { diff --git a/ui/yarn.lock b/ui/yarn.lock index eec815da77f34..6eba1ee0a69a9 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -1452,23 +1452,6 @@ "@jridgewell/resolve-uri" "^3.0.3" "@jridgewell/sourcemap-codec" "^1.4.10" -"@monokle/validation@^0.15.1": - version "0.15.1" - resolved "https://registry.yarnpkg.com/@monokle/validation/-/validation-0.15.1.tgz#ec4e494665048c19c341add5d9a9aa6d66682bec" - integrity sha512-fJVKTgJ0+NiZ5Niu6aUQwtbUrLDV48jCh1/yQNQpLFYtIr7iRabbD6AJknHMjwHxR3XABUzgwcuvYYxHlNvajg== - dependencies: - "@open-policy-agent/opa-wasm" "1.8.0" - "@rollup/plugin-virtual" "3.0.1" - ajv "6.12.6" - change-case "4.1.2" - isomorphic-fetch "3.0.0" - lodash "4.17.21" - node-fetch "3.3.0" - require-from-string "2.0.2" - rollup "3.18.0" - yaml "2.1.1" - zod "3.19.1" - "@nodelib/fs.scandir@2.1.5": version "2.1.5" resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5" @@ -1498,14 +1481,6 @@ mkdirp "^1.0.4" rimraf "^3.0.2" -"@open-policy-agent/opa-wasm@1.8.0": - version "1.8.0" - resolved "https://registry.yarnpkg.com/@open-policy-agent/opa-wasm/-/opa-wasm-1.8.0.tgz#a4bcd4ccc4de10bf3ca1a3fddf7b7a7f7dfae536" - integrity sha512-IFXh52ndKH5iWsB5ysWpjDxLtA5nUCMgalV7gbzW9VfjyDvu7Iq3G3wz3cXYtK1VWa94EeYi8oIrTrzzg33szQ== - dependencies: - sprintf-js "^1.1.2" - yaml "^1.10.2" - "@redocly/ajv@^8.6.4": version "8.6.4" resolved "https://registry.yarnpkg.com/@redocly/ajv/-/ajv-8.6.4.tgz#94053e7a9d4146d1a4feacd3813892873f229a85" @@ -1537,11 +1512,6 @@ resolved "https://registry.yarnpkg.com/@redocly/react-dropdown-aria/-/react-dropdown-aria-2.0.12.tgz#2e3af2b1b8e9123487109400d6117f0d4a8445a6" integrity sha512-feQEZlyBvQsbT/fvpJ4jJ5OLGaUPpnskHYDsY8DGpPymN+HUeDQrqkBEbbKRwMKidFTI2cxk2kJNNTnvdS9jyw== -"@rollup/plugin-virtual@3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@rollup/plugin-virtual/-/plugin-virtual-3.0.1.tgz#cea7e489481cc0ca91516c047f8c53c1cfb1adf6" - integrity sha512-fK8O0IL5+q+GrsMLuACVNk2x21g3yaw+sG2qn16SnUd3IlBsQyvWxLMGHmCmXRMecPjGRSZ/1LmZB4rjQm68og== - "@sinonjs/commons@^1.7.0": version "1.8.3" resolved "https://registry.yarnpkg.com/@sinonjs/commons/-/commons-1.8.3.tgz#3802ddd21a50a949b6721ddd72da36e67e7f1b2d" @@ -1799,7 +1769,7 @@ resolved "https://registry.yarnpkg.com/@types/js-yaml/-/js-yaml-3.12.1.tgz#5c6f4a1eabca84792fbd916f0cb40847f123c656" integrity sha512-SGGAhXLHDx+PK4YLNcNGa6goPf9XRWQNAUUbffkwVGGXIxmDKWyGGL4inzq2sPmExu431Ekb9aEMn9BkPqEYFA== -"@types/json-schema@*", "@types/json-schema@^7.0.0", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9": +"@types/json-schema@*", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9": version "7.0.11" resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.11.tgz#d421b6c527a3037f7c84433fd2c4229e016863d3" integrity sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ== @@ -2270,7 +2240,7 @@ ajv-keywords@^5.0.0: dependencies: fast-deep-equal "^3.1.3" -ajv@6.12.6, ajv@^6.1.0, ajv@^6.12.4, ajv@^6.12.5: +ajv@^6.1.0, ajv@^6.12.4, ajv@^6.12.5: version "6.12.6" resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4" integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g== @@ -2921,15 +2891,6 @@ caniuse-lite@^1.0.30001317: resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001319.tgz#eb4da4eb3ecdd409f7ba1907820061d56096e88f" integrity sha512-xjlIAFHucBRSMUo1kb5D4LYgcN1M45qdKP++lhqowDpwJwGkpIRTt5qQqnhxjj1vHcI7nrJxWhCC1ATrCEBTcw== -capital-case@^1.0.4: - version "1.0.4" - resolved "https://registry.yarnpkg.com/capital-case/-/capital-case-1.0.4.tgz#9d130292353c9249f6b00fa5852bee38a717e669" - integrity sha512-ds37W8CytHgwnhGGTi88pcPyR15qoNkOpYwmMMfnWqqWgESapLqvDx6huFjQ5vqWSn2Z06173XNA7LtMOeUh1A== - dependencies: - no-case "^3.0.4" - tslib "^2.0.3" - upper-case-first "^2.0.2" - capture-exit@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/capture-exit/-/capture-exit-2.0.0.tgz#fb953bfaebeb781f62898239dabb426d08a509a4" @@ -2965,24 +2926,6 @@ chalk@^4.0.0: ansi-styles "^4.1.0" supports-color "^7.1.0" -change-case@4.1.2: - version "4.1.2" - resolved "https://registry.yarnpkg.com/change-case/-/change-case-4.1.2.tgz#fedfc5f136045e2398c0410ee441f95704641e12" - integrity sha512-bSxY2ws9OtviILG1EiY5K7NNxkqg/JnRnFxLtKQ96JaviiIxi7djMrSd0ECT9AC+lttClmYwKw53BWpOMblo7A== - dependencies: - camel-case "^4.1.2" - capital-case "^1.0.4" - constant-case "^3.0.4" - dot-case "^3.0.4" - header-case "^2.0.4" - no-case "^3.0.4" - param-case "^3.0.4" - pascal-case "^3.1.2" - path-case "^3.0.4" - sentence-case "^3.0.4" - snake-case "^3.0.4" - tslib "^2.0.3" - char-regex@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/char-regex/-/char-regex-1.0.2.tgz#d744358226217f981ed58f479b1d6bcc29545dcf" @@ -3249,15 +3192,6 @@ connect-history-api-fallback@^1.6.0: resolved "https://registry.yarnpkg.com/connect-history-api-fallback/-/connect-history-api-fallback-1.6.0.tgz#8b32089359308d111115d81cad3fceab888f97bc" integrity sha512-e54B99q/OUoH64zYYRf3HBP5z24G38h5D3qXu23JGRoigpX5Ss4r9ZnDk3g0Z8uQC2x2lPaJ+UlWBc1ZWBWdLg== -constant-case@^3.0.4: - version "3.0.4" - resolved "https://registry.yarnpkg.com/constant-case/-/constant-case-3.0.4.tgz#3b84a9aeaf4cf31ec45e6bf5de91bdfb0589faf1" - integrity sha512-I2hSBi7Vvs7BEuJDr5dDHfzb/Ruj3FyvFyh7KLilAjNQw3Be+xgqUBA2W6scVEcL0hL1dwPRtIqEPVUCKkSsyQ== - dependencies: - no-case "^3.0.4" - tslib "^2.0.3" - upper-case "^2.0.2" - content-disposition@0.5.4: version "0.5.4" resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.4.tgz#8b82b4efac82512a02bb0b1dcec9d2c5e8eb5bfe" @@ -3459,11 +3393,6 @@ dagre@^0.8.5: graphlib "^2.1.8" lodash "^4.17.15" -data-uri-to-buffer@^4.0.0: - version "4.0.1" - resolved "https://registry.yarnpkg.com/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz#d8feb2b2881e6a4f58c2e08acfd0e2834e26222e" - integrity sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A== - data-urls@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/data-urls/-/data-urls-2.0.0.tgz#156485a72963a970f5d5821aaf642bef2bf2db9b" @@ -4429,14 +4358,6 @@ fb-watchman@^2.0.0: dependencies: bser "2.1.1" -fetch-blob@^3.1.2, fetch-blob@^3.1.4: - version "3.2.0" - resolved "https://registry.yarnpkg.com/fetch-blob/-/fetch-blob-3.2.0.tgz#f09b8d4bbd45adc6f0c20b7e787e793e309dcce9" - integrity sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ== - dependencies: - node-domexception "^1.0.0" - web-streams-polyfill "^3.0.3" - fill-range@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-4.0.0.tgz#d544811d428f98eb06a63dc402d2403c328c38f7" @@ -4533,13 +4454,6 @@ form-data@^4.0.0: combined-stream "^1.0.8" mime-types "^2.1.12" -formdata-polyfill@^4.0.10: - version "4.0.10" - resolved "https://registry.yarnpkg.com/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz#24807c31c9d402e002ab3d8c720144ceb8848423" - integrity sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g== - dependencies: - fetch-blob "^3.1.2" - formidable@^2.1.2: version "2.1.2" resolved "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz#fa973a2bec150e4ce7cac15589d7a25fc30ebd89" @@ -4813,14 +4727,6 @@ he@^1.2.0: resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f" integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw== -header-case@^2.0.4: - version "2.0.4" - resolved "https://registry.yarnpkg.com/header-case/-/header-case-2.0.4.tgz#5a42e63b55177349cf405beb8d775acabb92c063" - integrity sha512-H/vuk5TEEVZwrR0lp2zed9OCo1uAILMlx0JEMgC26rzyJJ3N1v6XkwHHXJQdR2doSjcGPM6OKPYoJgf0plJ11Q== - dependencies: - capital-case "^1.0.4" - tslib "^2.0.3" - hexoid@^1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/hexoid/-/hexoid-1.0.0.tgz#ad10c6573fb907de23d9ec63a711267d9dc9bc18" @@ -5366,14 +5272,6 @@ isobject@^3.0.0, isobject@^3.0.1: resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df" integrity sha1-TkMekrEalzFjaqH5yNHMvP2reN8= -isomorphic-fetch@3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/isomorphic-fetch/-/isomorphic-fetch-3.0.0.tgz#0267b005049046d2421207215d45d6a262b8b8b4" - integrity sha512-qvUtwJ3j6qwsF3jLxkZ72qCgjMysPzDfeV240JHiGZsANBYd+EEuu35v7dfrJ9Up0Ak07D7GGSkGhCHTqg/5wA== - dependencies: - node-fetch "^2.6.1" - whatwg-fetch "^3.4.1" - istanbul-lib-coverage@^3.0.0, istanbul-lib-coverage@^3.2.0: version "3.2.0" resolved "https://registry.yarnpkg.com/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.0.tgz#189e7909d0a39fa5a3dfad5b03f71947770191d3" @@ -6074,11 +5972,6 @@ json5@^1.0.1: dependencies: minimist "^1.2.0" -jsonc-parser@^3.0.0: - version "3.2.0" - resolved "https://registry.yarnpkg.com/jsonc-parser/-/jsonc-parser-3.2.0.tgz#31ff3f4c2b9793f89c67212627c51c6394f88e76" - integrity sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w== - kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.2.0: version "3.2.2" resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64" @@ -6199,7 +6092,7 @@ lodash.memoize@4.x: resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe" integrity sha1-vMbEmkKihA7Zl/Mj6tpezRguC/4= -lodash@4.17.21, lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.2.1, lodash@^4.6.1, lodash@^4.7.0: +lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.2.1, lodash@^4.6.1, lodash@^4.7.0: version "4.17.21" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== @@ -6499,34 +6392,6 @@ monaco-editor@^0.33.0: resolved "https://registry.yarnpkg.com/monaco-editor/-/monaco-editor-0.33.0.tgz#842e244f3750a2482f8a29c676b5684e75ff34af" integrity sha512-VcRWPSLIUEgQJQIE0pVT8FcGBIgFoxz7jtqctE+IiCxWugD0DwgyQBcZBhdSrdMC84eumoqMZsGl2GTreOzwqw== -monaco-kubernetes@0.2.2: - version "0.2.2" - resolved "https://registry.yarnpkg.com/monaco-kubernetes/-/monaco-kubernetes-0.2.2.tgz#d6ae0fc4e7c8f43640f47131cd15b56f9bd7aceb" - integrity sha512-nw7QfoIIRkSDPW2VyX6ub1vd/HmP9KPy0ZNqEMLavrXLGdZmPD9C8eLZqNruF3edkXUqkk69ZNQmxXeJS7ZIvg== - dependencies: - "@monokle/validation" "^0.15.1" - "@types/json-schema" "^7.0.0" - jsonc-parser "^3.0.0" - monaco-marker-data-provider "^1.0.0" - monaco-worker-manager "^2.0.0" - nanoid "4.0.0" - path-browserify "^1.0.0" - prettier "^2.0.0" - vscode-languageserver-textdocument "^1.0.0" - vscode-languageserver-types "^3.0.0" - vscode-uri "^3.0.0" - yaml "^2.0.0" - -monaco-marker-data-provider@^1.0.0: - version "1.1.1" - resolved "https://registry.yarnpkg.com/monaco-marker-data-provider/-/monaco-marker-data-provider-1.1.1.tgz#0ca69f367152f5aa12cec2bda95f32b7403e876f" - integrity sha512-PGB7TJSZE5tmHzkxv/OEwK2RGNC2A7dcq4JRJnnj31CUAsfmw0Gl+1QTrH0W0deKhcQmQM0YVPaqgQ+0wCt8Mg== - -monaco-worker-manager@^2.0.0: - version "2.0.1" - resolved "https://registry.yarnpkg.com/monaco-worker-manager/-/monaco-worker-manager-2.0.1.tgz#f67c54dfca34ed4b225d5de84e77b24b4e36de8a" - integrity sha512-kdPL0yvg5qjhKPNVjJoym331PY/5JC11aPJXtCZNwWRvBr6jhkIamvYAyiY5P1AWFmNOy0aRDRoMdZfa71h8kg== - ms@2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" @@ -6555,11 +6420,6 @@ multicast-dns@^6.0.1: dns-packet "^1.3.1" thunky "^1.0.2" -nanoid@4.0.0: - version "4.0.0" - resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-4.0.0.tgz#6e144dee117609232c3f415c34b0e550e64999a5" - integrity sha512-IgBP8piMxe/gf73RTQx7hmnhwz0aaEXYakvqZyE302IXW3HyVNhdNGC+O2MwMAVhLEnvXlvKtGbtJf6wvHihCg== - nanoid@^3.1.22: version "3.2.0" resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.2.0.tgz#62667522da6673971cca916a6d3eff3f415ff80c" @@ -6610,11 +6470,6 @@ no-case@^3.0.4: lower-case "^2.0.2" tslib "^2.0.3" -node-domexception@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/node-domexception/-/node-domexception-1.0.0.tgz#6888db46a1f71c0b76b3f7555016b63fe64766e5" - integrity sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ== - node-fetch-h2@^2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/node-fetch-h2/-/node-fetch-h2-2.3.0.tgz#c6188325f9bd3d834020bf0f2d6dc17ced2241ac" @@ -6622,15 +6477,6 @@ node-fetch-h2@^2.3.0: dependencies: http2-client "^1.2.5" -node-fetch@3.3.0: - version "3.3.0" - resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-3.3.0.tgz#37e71db4ecc257057af828d523a7243d651d91e4" - integrity sha512-BKwRP/O0UvoMKp7GNdwPlObhYGB5DQqwhEDQlNKuoqwVYSxkSZCSbHjnFFmUEtwSKRPU4kNK8PbDYYitwaE3QA== - dependencies: - data-uri-to-buffer "^4.0.0" - fetch-blob "^3.1.4" - formdata-polyfill "^4.0.10" - node-fetch@^2.2.0, node-fetch@^2.6.1: version "2.6.7" resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad" @@ -6986,19 +6832,11 @@ pascalcase@^0.1.1: resolved "https://registry.yarnpkg.com/pascalcase/-/pascalcase-0.1.1.tgz#b363e55e8006ca6fe21784d2db22bd15d7917f14" integrity sha1-s2PlXoAGym/iF4TS2yK9FdeRfxQ= -path-browserify@^1.0.0, path-browserify@^1.0.1: +path-browserify@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/path-browserify/-/path-browserify-1.0.1.tgz#d98454a9c3753d5790860f16f68867b9e46be1fd" integrity sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g== -path-case@^3.0.4: - version "3.0.4" - resolved "https://registry.yarnpkg.com/path-case/-/path-case-3.0.4.tgz#9168645334eb942658375c56f80b4c0cb5f82c6f" - integrity sha512-qO4qCFjXqVTrcbPt/hQfhTQ+VhFsqNKOPtytgNKkKxSoEp3XPUQ8ObFuePylOIok5gjn69ry8XiULxCwot3Wfg== - dependencies: - dot-case "^3.0.4" - tslib "^2.0.3" - path-exists@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-3.0.0.tgz#ce0ebeaa5f78cb18925ea7d810d7b59b010fd515" @@ -7232,11 +7070,6 @@ prettier@1.19: resolved "https://registry.yarnpkg.com/prettier/-/prettier-1.19.1.tgz#f7d7f5ff8a9cd872a7be4ca142095956a60797cb" integrity sha512-s7PoyDv/II1ObgQunCbB9PdLmUcBZcnWOcxDh7O0N/UwDEsHyqkW+Qh28jW+mVuCdx7gLB0BotYI1Y6uI9iyew== -prettier@^2.0.0: - version "2.8.4" - resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.8.4.tgz#34dd2595629bfbb79d344ac4a91ff948694463c3" - integrity sha512-vIS4Rlc2FNh0BySk3Wkd6xmwxB0FpOndW5fisM5H8hsZSxU2VWVB5CWIkIjWvrHjIhxk2g3bfMKM87zNTrZddw== - pretty-error@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/pretty-error/-/pretty-error-4.0.0.tgz#90a703f46dd7234adb46d0f84823e9d1cb8f10d6" @@ -8281,7 +8114,7 @@ require-directory@^2.1.1: resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42" integrity sha1-jGStX9MNqxyXbiNE/+f3kqam30I= -require-from-string@2.0.2, require-from-string@^2.0.1, require-from-string@^2.0.2: +require-from-string@^2.0.1, require-from-string@^2.0.2: version "2.0.2" resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909" integrity sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw== @@ -8366,13 +8199,6 @@ rimraf@^3.0.0, rimraf@^3.0.2: dependencies: glob "^7.1.3" -rollup@3.18.0: - version "3.18.0" - resolved "https://registry.yarnpkg.com/rollup/-/rollup-3.18.0.tgz#2354ba63ba66d6a09c652c3ea0dbcd9dad72bbde" - integrity sha512-J8C6VfEBjkvYPESMQYxKHxNOh4A5a3FlP+0BETGo34HEcE4eTlgCrO2+eWzlu2a/sHs2QUkZco+wscH7jhhgWg== - optionalDependencies: - fsevents "~2.3.2" - rsvp@^4.8.4: version "4.8.5" resolved "https://registry.yarnpkg.com/rsvp/-/rsvp-4.8.5.tgz#c8f155311d167f68f21e168df71ec5b083113734" @@ -8572,15 +8398,6 @@ send@0.17.2: range-parser "~1.2.1" statuses "~1.5.0" -sentence-case@^3.0.4: - version "3.0.4" - resolved "https://registry.yarnpkg.com/sentence-case/-/sentence-case-3.0.4.tgz#3645a7b8c117c787fde8702056225bb62a45131f" - integrity sha512-8LS0JInaQMCRoQ7YUytAo/xUu5W2XnQxV2HI/6uM6U7CITS1RqPElr30V6uIqyMKM9lJGRVFy5/4CuzcixNYSg== - dependencies: - no-case "^3.0.4" - tslib "^2.0.3" - upper-case-first "^2.0.2" - serialize-javascript@^5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-5.0.1.tgz#7886ec848049a462467a97d3d918ebb2aaf934f4" @@ -8764,14 +8581,6 @@ slugify@~1.4.7: resolved "https://registry.yarnpkg.com/slugify/-/slugify-1.4.7.tgz#e42359d505afd84a44513280868e31202a79a628" integrity sha512-tf+h5W1IrjNm/9rKKj0JU2MDMruiopx0jjVA5zCdBtcGjfp0+c5rHw/zADLC3IeKlGHtVbHtpfzvYA0OYT+HKg== -snake-case@^3.0.4: - version "3.0.4" - resolved "https://registry.yarnpkg.com/snake-case/-/snake-case-3.0.4.tgz#4f2bbd568e9935abdfd593f34c691dadb49c452c" - integrity sha512-LAOh4z89bGQvl9pFfNF8V146i7o7/CqFPbqzYgP+yYzDIDeS9HaNFtXABamRW+AQzEVODcvE79ljJ+8a9YSdMg== - dependencies: - dot-case "^3.0.4" - tslib "^2.0.3" - snapdragon-node@^2.0.1: version "2.1.1" resolved "https://registry.yarnpkg.com/snapdragon-node/-/snapdragon-node-2.1.1.tgz#6c175f86ff14bdb0724563e8f3c1b021a286853b" @@ -8910,11 +8719,6 @@ split-string@^3.0.1, split-string@^3.0.2: dependencies: extend-shallow "^3.0.0" -sprintf-js@^1.1.2: - version "1.1.2" - resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.2.tgz#da1765262bf8c0f571749f2ad6c26300207ae673" - integrity sha512-VE0SOVEHCk7Qc8ulkWw3ntAzXuqf7S2lvwQaDLRnUeIEaKNQJzV6BwmLKhOqT61aGhfUMrXeaBk+oDGCzvhcug== - sprintf-js@~1.0.2: version "1.0.3" resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" @@ -9580,20 +9384,6 @@ unset-value@^1.0.0: has-value "^0.3.1" isobject "^3.0.0" -upper-case-first@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/upper-case-first/-/upper-case-first-2.0.2.tgz#992c3273f882abd19d1e02894cc147117f844324" - integrity sha512-514ppYHBaKwfJRK/pNC6c/OxfGa0obSnAl106u97Ed0I625Nin96KAjttZF6ZL3e1XLtphxnqrOi9iWgm+u+bg== - dependencies: - tslib "^2.0.3" - -upper-case@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/upper-case/-/upper-case-2.0.2.tgz#d89810823faab1df1549b7d97a76f8662bae6f7a" - integrity sha512-KgdgDGJt2TpuwBUIjgG6lzw2GWFRCW9Qkfkiv0DxqHHLYJHmtmdUIKcZd8rHgFSjopVTlw6ggzCm1b8MFQwikg== - dependencies: - tslib "^2.0.3" - uri-js@^4.2.2: version "4.2.2" resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.2.2.tgz#94c540e1ff772956e2299507c010aea6c8838eb0" @@ -9690,21 +9480,6 @@ vary@~1.1.2: resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc" integrity sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg== -vscode-languageserver-textdocument@^1.0.0: - version "1.0.8" - resolved "https://registry.yarnpkg.com/vscode-languageserver-textdocument/-/vscode-languageserver-textdocument-1.0.8.tgz#9eae94509cbd945ea44bca8dcfe4bb0c15bb3ac0" - integrity sha512-1bonkGqQs5/fxGT5UchTgjGVnfysL0O8v1AYMBjqTbWQTFn721zaPGDYFkOKtfDgFiSgXM3KwaG3FMGfW4Ed9Q== - -vscode-languageserver-types@^3.0.0: - version "3.17.3" - resolved "https://registry.yarnpkg.com/vscode-languageserver-types/-/vscode-languageserver-types-3.17.3.tgz#72d05e47b73be93acb84d6e311b5786390f13f64" - integrity sha512-SYU4z1dL0PyIMd4Vj8YOqFvHu7Hz/enbWtpfnVbJHU4Nd1YNYx8u0ennumc6h48GQNeOLxmwySmnADouT/AuZA== - -vscode-uri@^3.0.0: - version "3.0.7" - resolved "https://registry.yarnpkg.com/vscode-uri/-/vscode-uri-3.0.7.tgz#6d19fef387ee6b46c479e5fb00870e15e58c1eb8" - integrity sha512-eOpPHogvorZRobNqJGhapa0JdwaxpjVvyBp0QIUMRMSf8ZAlqOdEquKuRmw9Qwu0qXtJIWqFtMkmvJjUZmMjVA== - w3c-hr-time@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/w3c-hr-time/-/w3c-hr-time-1.0.2.tgz#0a89cdf5cc15822df9c360543676963e0cc308cd" @@ -9748,11 +9523,6 @@ wbuf@^1.1.0, wbuf@^1.7.3: dependencies: minimalistic-assert "^1.0.0" -web-streams-polyfill@^3.0.3: - version "3.2.1" - resolved "https://registry.yarnpkg.com/web-streams-polyfill/-/web-streams-polyfill-3.2.1.tgz#71c2718c52b45fd49dbeee88634b3a60ceab42a6" - integrity sha512-e0MO3wdXWKrLbL0DgGnUV7WHVuw9OUvL4hjgnPkIeEvESk74gAITi5G606JtZPp39cd8HA9VQzCIvA49LpPN5Q== - webidl-conversions@^3.0.0: version "3.0.1" resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871" @@ -9920,11 +9690,6 @@ whatwg-encoding@^1.0.5: dependencies: iconv-lite "0.4.24" -whatwg-fetch@^3.4.1: - version "3.6.2" - resolved "https://registry.yarnpkg.com/whatwg-fetch/-/whatwg-fetch-3.6.2.tgz#dced24f37f2624ed0281725d51d0e2e3fe677f8c" - integrity sha512-bJlen0FcuU/0EMLrdbJ7zOnW6ITZLrZMIarMUVmdKtsGvZna8vxKYaexICWPfZ8qwf9fzNq+UEIZrnSaApt6RA== - whatwg-mimetype@^2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf" @@ -10045,21 +9810,11 @@ yaml-ast-parser@0.0.43: resolved "https://registry.yarnpkg.com/yaml-ast-parser/-/yaml-ast-parser-0.0.43.tgz#e8a23e6fb4c38076ab92995c5dca33f3d3d7c9bb" integrity sha512-2PTINUwsRqSd+s8XxKaJWQlUuEMHJQyEuh2edBbW8KNJz0SJPwUSD2zRWqezFEdN7IzAgeuYHFUCF7o8zRdZ0A== -yaml@2.1.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.1.1.tgz#1e06fb4ca46e60d9da07e4f786ea370ed3c3cfec" - integrity sha512-o96x3OPo8GjWeSLF+wOAbrPfhFOGY0W00GNaxCDv+9hkcDJEnev1yh8S7pgHF0ik6zc8sQLuL8hjHjJULZp8bw== - -yaml@^1.10.0, yaml@^1.10.2: +yaml@^1.10.0: version "1.10.2" resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.10.2.tgz#2301c5ffbf12b467de8da2333a459e29e7920e4b" integrity sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg== -yaml@^2.0.0: - version "2.2.1" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.2.1.tgz#3014bf0482dcd15147aa8e56109ce8632cd60ce4" - integrity sha512-e0WHiYql7+9wr4cWMx3TVQrNwejKaEe7/rHNmQmqRjazfOP5W8PB6Jpebb5o6fIapbz9o9+2ipcaTM2ZwDI6lw== - yargs-parser@20.x, yargs-parser@^20.2.2: version "20.2.9" resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee" @@ -10105,8 +9860,3 @@ yocto-queue@^0.1.0: version "0.1.0" resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-0.1.0.tgz#0294eb3dee05028d31ee1a5fa2c556a6aaf10a1b" integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q== - -zod@3.19.1: - version "3.19.1" - resolved "https://registry.yarnpkg.com/zod/-/zod-3.19.1.tgz#112f074a97b50bfc4772d4ad1576814bd8ac4473" - integrity sha512-LYjZsEDhCdYET9ikFu6dVPGp2YH9DegXjdJToSzD9rO6fy4qiRYFoyEYwps88OseJlPyl2NOe2iJuhEhL7IpEA== From b392917e8defa94ac349cb6af45b28b8932b3bdf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jun 2023 10:39:35 -0400 Subject: [PATCH 180/252] chore(deps): bump github.com/casbin/casbin/v2 from 2.71.0 to 2.71.1 (#14120) Bumps [github.com/casbin/casbin/v2](https://github.com/casbin/casbin) from 2.71.0 to 2.71.1. - [Release notes](https://github.com/casbin/casbin/releases) - [Changelog](https://github.com/casbin/casbin/blob/master/.releaserc.json) - [Commits](https://github.com/casbin/casbin/compare/v2.71.0...v2.71.1) --- updated-dependencies: - dependency-name: github.com/casbin/casbin/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c27bad4725318..500958e872d8e 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 - github.com/casbin/casbin/v2 v2.71.0 + github.com/casbin/casbin/v2 v2.71.1 github.com/coreos/go-oidc/v3 v3.6.0 github.com/cyphar/filepath-securejoin v0.2.3 github.com/dustin/go-humanize v1.0.1 diff --git a/go.sum b/go.sum index 764b7e8253337..ea58d78dbd4af 100644 --- a/go.sum +++ b/go.sum @@ -167,8 +167,8 @@ github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= -github.com/casbin/casbin/v2 v2.71.0 h1:pVzHKXkGgOXIjksEwnrOjNu5CE4xy6aAVzdR8td2gSc= -github.com/casbin/casbin/v2 v2.71.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= +github.com/casbin/casbin/v2 v2.71.1 h1:LRHyqM0S1LzM/K59PmfUIN0ZJfLgcOjL4OhOQI/FNXU= +github.com/casbin/casbin/v2 v2.71.1/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= From 41dc06d90318b8b01978a66cefc8ebb1567f8fe2 Mon Sep 17 00:00:00 2001 From: Narhari Motivaras <49451740+narharim@users.noreply.github.com> Date: Tue, 20 Jun 2023 19:44:47 +0530 Subject: [PATCH 181/252] fix(gitpod): changed permission of gocache folder (#14122) Signed-off-by: Narhari Motivaras --- .gitpod.Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile index 42b5cfea72e0e..981c5625f678e 100644 --- a/.gitpod.Dockerfile +++ b/.gitpod.Dockerfile @@ -13,6 +13,8 @@ ENV GOCACHE=/go-build-cache RUN apt-get install redis-server -y RUN go install github.com/mattn/goreman@latest +RUN chown -R gitpod:gitpod /go-build-cache + USER gitpod ENV ARGOCD_REDIS_LOCAL=true From 59e6f2c3ac5029e018cae7bb8f08204597fae773 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20W=C3=B6hrl?= Date: Tue, 20 Jun 2023 18:08:21 +0200 Subject: [PATCH 182/252] fix: retain count and order of revisions for multi source apps (#14108) (#14113) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: retain order of revisions for multi source apps (#14108) Signed-off-by: Lukas Wöhrl * fix: retain revision for multi source app with ref-repos Signed-off-by: Lukas Wöhrl * calculate commitSHA before quitting manifest generation Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Lukas Wöhrl Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- controller/appcontroller_test.go | 20 +++++++- controller/state.go | 41 +++++----------- controller/state_test.go | 75 ++++++++++++++++++++--------- reposerver/repository/repository.go | 23 +++++---- 4 files changed, 95 insertions(+), 64 deletions(-) diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index d49aa6e8d5499..0458f02ca8d2d 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -49,6 +49,7 @@ type namespacedResource struct { type fakeData struct { apps []runtime.Object manifestResponse *apiclient.ManifestResponse + manifestResponses []*apiclient.ManifestResponse managedLiveObjs map[kube.ResourceKey]*unstructured.Unstructured namespacedResources map[kube.ResourceKey]namespacedResource configMapData map[string]string @@ -65,7 +66,15 @@ func newFakeController(data *fakeData) *ApplicationController { // Mock out call to GenerateManifest mockRepoClient := mockrepoclient.RepoServerServiceClient{} - mockRepoClient.On("GenerateManifest", mock.Anything, mock.Anything).Return(data.manifestResponse, nil) + + if len(data.manifestResponses) > 0 { + for _, response := range data.manifestResponses { + mockRepoClient.On("GenerateManifest", mock.Anything, mock.Anything).Return(response, nil).Once() + } + } else { + mockRepoClient.On("GenerateManifest", mock.Anything, mock.Anything).Return(data.manifestResponse, nil) + } + mockRepoClientset := mockrepoclient.Clientset{RepoServerServiceClient: &mockRepoClient} secret := corev1.Secret{ @@ -222,9 +231,14 @@ spec: project: default sources: - path: some/path + helm: + valueFiles: + - $values_test/values.yaml repoURL: https://github.com/argoproj/argocd-example-apps.git - path: some/other/path repoURL: https://github.com/argoproj/argocd-example-apps-fake.git + - ref: values_test + repoURL: https://github.com/argoproj/argocd-example-apps-fake-ref.git syncPolicy: automated: {} status: @@ -236,6 +250,7 @@ status: revisions: - HEAD - HEAD + - HEAD phase: Succeeded startedAt: 2018-09-21T23:50:25Z syncResult: @@ -250,11 +265,14 @@ status: revisions: - aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa - bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb + - cccccccccccccccccccccccccccccccccccccccc sources: - path: some/path repoURL: https://github.com/argoproj/argocd-example-apps.git - path: some/other/path repoURL: https://github.com/argoproj/argocd-example-apps-fake.git + - path: some/other/path + repoURL: https://github.com/argoproj/argocd-example-apps-fake-ref.git ` var fakeAppWithDestName = ` diff --git a/controller/state.go b/controller/state.go index 94b3ea166f229..c4b54b5c32b0e 100644 --- a/controller/state.go +++ b/controller/state.go @@ -106,7 +106,7 @@ type appStateManager struct { persistResourceHealth bool } -func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject) ([]*unstructured.Unstructured, map[*v1alpha1.ApplicationSource]*apiclient.ManifestResponse, error) { +func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error) { ts := stats.NewTimingStats() helmRepos, err := m.db.ListHelmRepositories(context.Background()) @@ -163,7 +163,7 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp } defer io.Close(conn) - manifestInfoMap := make(map[*v1alpha1.ApplicationSource]*apiclient.ManifestResponse) + manifestInfos := make([]*apiclient.ManifestResponse, 0) targetObjs := make([]*unstructured.Unstructured, 0) // Store the map of all sources having ref field into a map for applications with sources field @@ -173,13 +173,6 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp } for i, source := range sources { - // The iteration values are assigned to the respective iteration variables as in an assignment statement. - // The iteration variables may be declared by the “range” clause using a form of short variable declaration (:=). - // In this case their types are set to the types of the respective iteration values and their scope is the block of the "for" statement; - // they are re-used in each iteration. If the iteration variables are declared outside the "for" statement, - // after execution their values will be those of the last iteration. - // https://golang.org/ref/spec#For_statements - source := source if len(revisions) < len(sources) || revisions[i] == "" { revisions[i] = source.TargetRevision } @@ -223,20 +216,14 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp return nil, nil, err } - // GenerateManifest can return empty ManifestResponse without error if app has multiple sources - // and if any of the source does not have path and chart field not specified. - // In that scenario, we continue to the next source - if app.Spec.HasMultipleSources() && len(manifestInfo.Manifests) == 0 { - continue - } - targetObj, err := unmarshalManifests(manifestInfo.Manifests) if err != nil { return nil, nil, err } targetObjs = append(targetObjs, targetObj...) - manifestInfoMap[&source] = manifestInfo + + manifestInfos = append(manifestInfos, manifestInfo) } ts.AddCheckpoint("unmarshal_ms") @@ -246,7 +233,7 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp } logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) logCtx.Info("getRepoObjs stats") - return targetObjs, manifestInfoMap, nil + return targetObjs, manifestInfos, nil } func unmarshalManifests(manifests []string) ([]*unstructured.Unstructured, error) { @@ -407,7 +394,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 var targetObjs []*unstructured.Unstructured now := metav1.Now() - var manifestInfoMap map[*v1alpha1.ApplicationSource]*apiclient.ManifestResponse + var manifestInfos []*apiclient.ManifestResponse if len(localManifests) == 0 { // If the length of revisions is not same as the length of sources, @@ -419,7 +406,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } } - targetObjs, manifestInfoMap, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project) + targetObjs, manifestInfos, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project) if err != nil { targetObjs = make([]*unstructured.Unstructured, 0) conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) @@ -442,9 +429,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } } // empty out manifestInfoMap - for as := range manifestInfoMap { - delete(manifestInfoMap, as) - } + manifestInfos = make([]*apiclient.ManifestResponse, 0) } ts.AddCheckpoint("git_ms") @@ -524,12 +509,12 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } manifestRevisions := make([]string, 0) - for _, manifestInfo := range manifestInfoMap { + for _, manifestInfo := range manifestInfos { manifestRevisions = append(manifestRevisions, manifestInfo.Revision) } // restore comparison using cached diff result if previous comparison was performed for the same revision - revisionChanged := len(manifestInfoMap) != len(sources) || !reflect.DeepEqual(app.Status.Sync.Revisions, manifestRevisions) + revisionChanged := len(manifestInfos) != len(sources) || !reflect.DeepEqual(app.Status.Sync.Revisions, manifestRevisions) specChanged := !reflect.DeepEqual(app.Status.Sync.ComparedTo, v1alpha1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination, Sources: sources}) _, refreshRequested := app.IsRefreshRequested() @@ -698,7 +683,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 // Git has already performed the signature verification via its GPG interface, and the result is available // in the manifest info received from the repository server. We now need to form our opinion about the result // and stop processing if we do not agree about the outcome. - for _, manifestInfo := range manifestInfoMap { + for _, manifestInfo := range manifestInfos { if gpg.IsGPGEnabled() && verifySignature && manifestInfo != nil { conditions = append(conditions, verifyGnuPGSignature(manifestInfo.Revision, project, manifestInfo)...) } @@ -715,11 +700,11 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } if hasMultipleSources { - for _, manifestInfo := range manifestInfoMap { + for _, manifestInfo := range manifestInfos { compRes.appSourceTypes = append(compRes.appSourceTypes, v1alpha1.ApplicationSourceType(manifestInfo.SourceType)) } } else { - for _, manifestInfo := range manifestInfoMap { + for _, manifestInfo := range manifestInfos { compRes.appSourceType = v1alpha1.ApplicationSourceType(manifestInfo.SourceType) break } diff --git a/controller/state_test.go b/controller/state_test.go index db57a7b2c76ea..537c0208e734b 100644 --- a/controller/state_test.go +++ b/controller/state_test.go @@ -318,8 +318,8 @@ func TestCompareAppStateExtraHook(t *testing.T) { assert.Equal(t, 0, len(app.Status.Conditions)) } -// TestAppRevisions tests that revisions are properly propagated -func TestAppRevisions(t *testing.T) { +// TestAppRevisions tests that revisions are properly propagated for a single source app +func TestAppRevisionsSingleSource(t *testing.T) { obj1 := NewPod() obj1.SetNamespace(test.FakeDestNamespace) data := fakeData{ @@ -333,28 +333,57 @@ func TestAppRevisions(t *testing.T) { } ctrl := newFakeController(&data) - // single source - { - app := newFakeApp() - revisions := make([]string, 0) - revisions = append(revisions, "") - compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources()) - assert.NotNil(t, compRes) - assert.NotNil(t, compRes.syncStatus) - assert.NotEmpty(t, compRes.syncStatus.Revision) - assert.Len(t, compRes.syncStatus.Revisions, 0) - } - // multisource - { - app := newFakeMultiSourceApp() - revisions := make([]string, 0) - revisions = append(revisions, "") - compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources()) - assert.NotNil(t, compRes) - assert.NotNil(t, compRes.syncStatus) - assert.Empty(t, compRes.syncStatus.Revision) - assert.Len(t, compRes.syncStatus.Revisions, 2) + app := newFakeApp() + revisions := make([]string, 0) + revisions = append(revisions, "") + compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources()) + assert.NotNil(t, compRes) + assert.NotNil(t, compRes.syncStatus) + assert.NotEmpty(t, compRes.syncStatus.Revision) + assert.Len(t, compRes.syncStatus.Revisions, 0) + +} + +// TestAppRevisions tests that revisions are properly propagated for a multi source app +func TestAppRevisionsMultiSource(t *testing.T) { + obj1 := NewPod() + obj1.SetNamespace(test.FakeDestNamespace) + data := fakeData{ + manifestResponses: []*apiclient.ManifestResponse{ + { + Manifests: []string{toJSON(t, obj1)}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "abc123", + }, + { + Manifests: []string{toJSON(t, obj1)}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "def456", + }, + { + Manifests: []string{}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "ghi789", + }, + }, + managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured), } + ctrl := newFakeController(&data) + + app := newFakeMultiSourceApp() + revisions := make([]string, 0) + revisions = append(revisions, "") + compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources()) + assert.NotNil(t, compRes) + assert.NotNil(t, compRes.syncStatus) + assert.Empty(t, compRes.syncStatus.Revision) + assert.Len(t, compRes.syncStatus.Revisions, 3) + assert.Equal(t, "abc123", compRes.syncStatus.Revisions[0]) + assert.Equal(t, "def456", compRes.syncStatus.Revisions[1]) + assert.Equal(t, "ghi789", compRes.syncStatus.Revisions[2]) } func toJSON(t *testing.T, obj *unstructured.Unstructured) string { diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 0937ff10d3667..f2939cda88533 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -337,14 +337,6 @@ func (s *Service) runRepoOperation( defer settings.sem.Release(1) } - // do not generate manifests if Path and Chart fields are not set for a source in Multiple Sources - if hasMultipleSources && source.Path == "" && source.Chart == "" { - log.WithFields(map[string]interface{}{ - "source": source, - }).Debugf("not generating manifests as path and chart fields are empty") - return nil - } - if source.IsHelm() { if settings.noCache { err = helmClient.CleanChartCache(source.Chart, revision) @@ -510,6 +502,17 @@ func (s *Service) GenerateManifest(ctx context.Context, q *apiclient.ManifestReq var promise *ManifestResponsePromise operation := func(repoRoot, commitSHA, cacheKey string, ctxSrc operationContextSrc) error { + // do not generate manifests if Path and Chart fields are not set for a source in Multiple Sources + if q.HasMultipleSources && q.ApplicationSource.Path == "" && q.ApplicationSource.Chart == "" { + log.WithFields(map[string]interface{}{ + "source": q.ApplicationSource, + }).Debugf("not generating manifests as path and chart fields are empty") + res = &apiclient.ManifestResponse{ + Revision: commitSHA, + } + return nil + } + promise = s.runManifestGen(ctx, repoRoot, commitSHA, cacheKey, ctxSrc, q) // The fist channel to send the message will resume this operation. // The main purpose for using channels here is to be able to unlock @@ -542,10 +545,6 @@ func (s *Service) GenerateManifest(ctx context.Context, q *apiclient.ManifestReq return nil, err } } - - if q.HasMultipleSources && err == nil && res == nil { - res = &apiclient.ManifestResponse{} - } return res, err } From 70473d264074f449e2f74ffc67ccb6f808fcfb66 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 12:12:20 -0400 Subject: [PATCH 183/252] [Bot] docs: Update Snyk reports (#14110) Signed-off-by: CI Co-authored-by: CI --- docs/snyk/index.md | 60 +- docs/snyk/master/argocd-iac-install.html | 162 ++-- .../master/argocd-iac-namespace-install.html | 162 ++-- docs/snyk/master/argocd-test.html | 4 +- .../master/ghcr.io_dexidp_dex_v2.36.0.html | 2 +- docs/snyk/master/haproxy_2.6.12-alpine.html | 861 ------------------ docs/snyk/master/haproxy_2.6.14-alpine.html | 492 ++++++++++ .../quay.io_argoproj_argocd_latest.html | 176 +--- docs/snyk/master/redis_7.0.11-alpine.html | 212 +---- docs/snyk/v2.5.18/haproxy_2.6.12-alpine.html | 861 ------------------ .../argocd-iac-install.html | 166 ++-- .../argocd-iac-namespace-install.html | 166 ++-- .../{v2.5.18 => v2.5.19}/argocd-test.html | 2 +- .../ghcr.io_dexidp_dex_v2.36.0.html | 2 +- docs/snyk/v2.5.19/haproxy_2.6.14-alpine.html | 492 ++++++++++ .../quay.io_argoproj_argocd_v2.5.19.html} | 378 ++++---- .../redis_7.0.11-alpine.html | 212 +---- .../argocd-iac-install.html | 166 ++-- .../argocd-iac-namespace-install.html | 166 ++-- .../snyk/{v2.6.9 => v2.6.10}/argocd-test.html | 4 +- .../ghcr.io_dexidp_dex_v2.36.0.html | 2 +- docs/snyk/v2.6.10/haproxy_2.6.14-alpine.html | 492 ++++++++++ .../quay.io_argoproj_argocd_v2.6.10.html} | 486 ++-------- .../redis_7.0.11-alpine.html | 212 +---- docs/snyk/v2.6.9/haproxy_2.6.12-alpine.html | 861 ------------------ docs/snyk/v2.7.4/haproxy_2.6.12-alpine.html | 861 ------------------ docs/snyk/v2.7.4/redis_7.0.11-alpine.html | 694 -------------- .../argocd-iac-install.html | 166 ++-- .../argocd-iac-namespace-install.html | 166 ++-- docs/snyk/{v2.7.4 => v2.7.5}/argocd-test.html | 4 +- .../ghcr.io_dexidp_dex_v2.36.0.html | 2 +- docs/snyk/v2.7.5/haproxy_2.6.14-alpine.html | 492 ++++++++++ .../quay.io_argoproj_argocd_v2.7.5.html} | 340 ++----- docs/snyk/v2.7.5/redis_7.0.11-alpine.html | 492 ++++++++++ 34 files changed, 3534 insertions(+), 6482 deletions(-) delete mode 100644 docs/snyk/master/haproxy_2.6.12-alpine.html create mode 100644 docs/snyk/master/haproxy_2.6.14-alpine.html delete mode 100644 docs/snyk/v2.5.18/haproxy_2.6.12-alpine.html rename docs/snyk/{v2.5.18 => v2.5.19}/argocd-iac-install.html (92%) rename docs/snyk/{v2.5.18 => v2.5.19}/argocd-iac-namespace-install.html (92%) rename docs/snyk/{v2.5.18 => v2.5.19}/argocd-test.html (99%) rename docs/snyk/{v2.7.4 => v2.5.19}/ghcr.io_dexidp_dex_v2.36.0.html (99%) create mode 100644 docs/snyk/v2.5.19/haproxy_2.6.14-alpine.html rename docs/snyk/{v2.6.9/quay.io_argoproj_argocd_v2.6.9.html => v2.5.19/quay.io_argoproj_argocd_v2.5.19.html} (94%) rename docs/snyk/{v2.5.18 => v2.5.19}/redis_7.0.11-alpine.html (52%) rename docs/snyk/{v2.6.9 => v2.6.10}/argocd-iac-install.html (92%) rename docs/snyk/{v2.6.9 => v2.6.10}/argocd-iac-namespace-install.html (92%) rename docs/snyk/{v2.6.9 => v2.6.10}/argocd-test.html (99%) rename docs/snyk/{v2.5.18 => v2.6.10}/ghcr.io_dexidp_dex_v2.36.0.html (99%) create mode 100644 docs/snyk/v2.6.10/haproxy_2.6.14-alpine.html rename docs/snyk/{v2.5.18/quay.io_argoproj_argocd_v2.5.18.html => v2.6.10/quay.io_argoproj_argocd_v2.6.10.html} (87%) rename docs/snyk/{v2.6.9 => v2.6.10}/redis_7.0.11-alpine.html (52%) delete mode 100644 docs/snyk/v2.6.9/haproxy_2.6.12-alpine.html delete mode 100644 docs/snyk/v2.7.4/haproxy_2.6.12-alpine.html delete mode 100644 docs/snyk/v2.7.4/redis_7.0.11-alpine.html rename docs/snyk/{v2.7.4 => v2.7.5}/argocd-iac-install.html (92%) rename docs/snyk/{v2.7.4 => v2.7.5}/argocd-iac-namespace-install.html (92%) rename docs/snyk/{v2.7.4 => v2.7.5}/argocd-test.html (99%) rename docs/snyk/{v2.6.9 => v2.7.5}/ghcr.io_dexidp_dex_v2.36.0.html (99%) create mode 100644 docs/snyk/v2.7.5/haproxy_2.6.14-alpine.html rename docs/snyk/{v2.7.4/quay.io_argoproj_argocd_v2.7.4.html => v2.7.5/quay.io_argoproj_argocd_v2.7.5.html} (91%) create mode 100644 docs/snyk/v2.7.5/redis_7.0.11-alpine.html diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 2083ce137778f..c245fe6bb8104 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -16,47 +16,47 @@ recent minor releases. | [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 | | [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 0 | 0 | | [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | -| [haproxy:2.6.12-alpine](master/haproxy_2.6.12-alpine.html) | 0 | 1 | 1 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 18 | -| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 1 | 0 | 0 | +| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.7.4 +### v2.7.5 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.7.4/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.7.4/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.36.0](v2.7.4/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | -| [haproxy:2.6.12-alpine](v2.7.4/haproxy_2.6.12-alpine.html) | 0 | 1 | 1 | 0 | -| [argocd:v2.7.4](v2.7.4/quay.io_argoproj_argocd_v2.7.4.html) | 0 | 0 | 1 | 18 | -| [redis:7.0.11-alpine](v2.7.4/redis_7.0.11-alpine.html) | 0 | 1 | 0 | 0 | -| [install.yaml](v2.7.4/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.7.4/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.7.5/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.7.5/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.36.0](v2.7.5/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.14-alpine](v2.7.5/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.7.5](v2.7.5/quay.io_argoproj_argocd_v2.7.5.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](v2.7.5/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.7.5/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.7.5/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.6.9 +### v2.6.10 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.6.9/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.6.9/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.36.0](v2.6.9/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | -| [haproxy:2.6.12-alpine](v2.6.9/haproxy_2.6.12-alpine.html) | 0 | 1 | 1 | 0 | -| [argocd:v2.6.9](v2.6.9/quay.io_argoproj_argocd_v2.6.9.html) | 0 | 0 | 1 | 18 | -| [redis:7.0.11-alpine](v2.6.9/redis_7.0.11-alpine.html) | 0 | 1 | 0 | 0 | -| [install.yaml](v2.6.9/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.6.9/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.6.10/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.6.10/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.36.0](v2.6.10/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.14-alpine](v2.6.10/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.6.10](v2.6.10/quay.io_argoproj_argocd_v2.6.10.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](v2.6.10/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.6.10/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.6.10/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.5.18 +### v2.5.19 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.5.18/argocd-test.html) | 0 | 0 | 2 | 0 | -| [ui/yarn.lock](v2.5.18/argocd-test.html) | 0 | 0 | 4 | 0 | -| [dex:v2.36.0](v2.5.18/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | -| [haproxy:2.6.12-alpine](v2.5.18/haproxy_2.6.12-alpine.html) | 0 | 1 | 1 | 0 | -| [argocd:v2.5.18](v2.5.18/quay.io_argoproj_argocd_v2.5.18.html) | 0 | 0 | 1 | 18 | -| [redis:7.0.11-alpine](v2.5.18/redis_7.0.11-alpine.html) | 0 | 1 | 0 | 0 | -| [install.yaml](v2.5.18/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.5.18/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.5.19/argocd-test.html) | 0 | 0 | 2 | 0 | +| [ui/yarn.lock](v2.5.19/argocd-test.html) | 0 | 0 | 4 | 0 | +| [dex:v2.36.0](v2.5.19/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.14-alpine](v2.5.19/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.5.19](v2.5.19/quay.io_argoproj_argocd_v2.5.19.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](v2.5.19/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.5.19/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.5.19/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 2c9c5b2ca1223..3b60777333f64 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      June 11th 2023, 12:18:14 am (UTC+00:00)

      +

      June 18th 2023, 12:19:01 am (UTC+00:00)

      Scanned the following path: @@ -494,7 +494,7 @@

      Role with dangerous permissions

      -

      More about this issue

      +

      More about this issue

      @@ -540,7 +540,7 @@

      Role with dangerous permissions

      -

      More about this issue

      +

      More about this issue

      @@ -586,7 +586,7 @@

      Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -632,7 +632,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -678,7 +678,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -724,7 +724,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -770,7 +770,7 @@

    Container could be running with outdated image

    -

    More about this issue

    +

    More about this issue

    @@ -822,7 +822,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -880,7 +880,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -938,7 +938,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -996,7 +996,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1054,7 +1054,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1112,7 +1112,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1170,7 +1170,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1228,7 +1228,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1286,7 +1286,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1344,7 +1344,7 @@

    Container is running with multiple open ports

    -

    More about this issue

    +

    More about this issue

    @@ -1396,7 +1396,7 @@

    Container is running without liveness probe

    -

    More about this issue

    +

    More about this issue

    @@ -1448,7 +1448,7 @@

    Container is running without liveness probe

    -

    More about this issue

    +

    More about this issue

    @@ -1500,7 +1500,7 @@

    Container is running without liveness probe

    -

    More about this issue

    +

    More about this issue

    @@ -1552,7 +1552,7 @@

    Container is running without liveness probe

    -

    More about this issue

    +

    More about this issue

    @@ -1604,7 +1604,7 @@

    Container is running without liveness probe

    -

    More about this issue

    +

    More about this issue

    @@ -1656,7 +1656,7 @@

    Container is running without memory limit

    -

    More about this issue

    +

    More about this issue

    @@ -1714,7 +1714,7 @@

    Container is running without memory limit

    -

    More about this issue

    +

    More about this issue

    @@ -1772,7 +1772,7 @@

    Container is running without memory limit

    -

    More about this issue

    +

    More about this issue

    @@ -1830,7 +1830,7 @@

    Container is running without memory limit

    -

    More about this issue

    +

    More about this issue

    @@ -1888,7 +1888,7 @@

    Container is running without memory limit

    -

    More about this issue

    +

    More about this issue

    @@ -1946,7 +1946,7 @@

    Container is running without memory limit

    -

    More about this issue

    +

    More about this issue

    @@ -2004,7 +2004,7 @@

    Container is running without memory limit

    -

    More about this issue

    +

    More about this issue

    @@ -2062,7 +2062,7 @@

    Container is running without memory limit

    -

    More about this issue

    +

    More about this issue

    @@ -2120,7 +2120,7 @@

    Container is running without memory limit

    -

    More about this issue

    +

    More about this issue

    @@ -2178,7 +2178,7 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: @@ -2218,7 +2218,7 @@

    Remediation

    • -

    More about this issue

    +

    More about this issue

    @@ -2234,7 +2234,7 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: @@ -2274,7 +2274,7 @@

    Remediation

    • -

    More about this issue

    +

    More about this issue

    @@ -2290,7 +2290,7 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: @@ -2330,7 +2330,7 @@

    Remediation

    • -

    More about this issue

    +

    More about this issue

    @@ -2346,7 +2346,7 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: @@ -2386,7 +2386,7 @@

    Remediation

    • -

    More about this issue

    +

    More about this issue

    @@ -2402,7 +2402,7 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: @@ -2442,7 +2442,7 @@

    Remediation

    • -

    More about this issue

    +

    More about this issue

    @@ -2458,7 +2458,7 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: @@ -2498,7 +2498,7 @@

    Remediation

    • -

    More about this issue

    +

    More about this issue

    @@ -2514,7 +2514,7 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: @@ -2554,7 +2554,7 @@

    Remediation

    • -

    More about this issue

    +

    More about this issue

    @@ -2570,7 +2570,7 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: @@ -2610,7 +2610,7 @@

    Remediation

    • -

    More about this issue

    +

    More about this issue

    @@ -2626,7 +2626,7 @@

    Container's UID could clash with host's UID
  • - Public ID: SNYK-CC-K8S-11 + Public ID: SNYK-CC-K8S-11
  • Introduced through: @@ -2666,7 +2666,7 @@

    Remediation

    • -

    More about this issue

    +

    More about this issue

    diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index a412f0ed99d2c..683e5dc759f5a 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 11th 2023, 12:18:27 am (UTC+00:00)

    +

    June 18th 2023, 12:19:13 am (UTC+00:00)

    Scanned the following path: @@ -494,7 +494,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -540,7 +540,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -586,7 +586,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -632,7 +632,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -678,7 +678,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -724,7 +724,7 @@

    Role with dangerous permissions

    -

    More about this issue

    +

    More about this issue

    @@ -770,7 +770,7 @@

    Container could be running with outdated image

    -

    More about this issue

    +

    More about this issue

    @@ -822,7 +822,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -880,7 +880,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -938,7 +938,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -996,7 +996,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1054,7 +1054,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1112,7 +1112,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1170,7 +1170,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1228,7 +1228,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1286,7 +1286,7 @@

    Container has no CPU limit

    -

    More about this issue

    +

    More about this issue

    @@ -1344,7 +1344,7 @@

    Container is running with multiple open ports

    -

    More about this issue

    +

    More about this issue

    @@ -1396,7 +1396,7 @@

    Container is running without liveness probe

    -

    More about this issue

    +

    More about this issue

    @@ -1448,7 +1448,7 @@

    Container is running without liveness probe

    -

    More about this issue

    +

    More about this issue

    @@ -1500,7 +1500,7 @@

    Container is running without liveness probe