commit kyverno for openSUSE:Factory

Source-Sync Thu, 30 Apr 2026 11:31:40 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package kyverno for openSUSE:Factory checked 
in at 2026-04-30 20:30:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kyverno (Old)
 and      /work/SRC/openSUSE:Factory/.kyverno.new.30200 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "kyverno"

Thu Apr 30 20:30:41 2026 rev:59 rq:1350177 version:1.18.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/kyverno/kyverno.changes  2026-04-25 
21:35:58.550366478 +0200
+++ /work/SRC/openSUSE:Factory/.kyverno.new.30200/kyverno.changes       
2026-04-30 20:31:08.680641791 +0200
@@ -1,0 +2,74 @@
+Thu Apr 30 06:15:07 UTC 2026 - Johannes Kastl 
<[email protected]>
+
+- Update to version 1.18.0:
+  https://github.com/kyverno/kyverno/releases/tag/v1.18.0
+  * Highlights
+    - Secure HTTP calls with blocklist/allowlist: HTTP context
+      loading now enforces a configurable blocklist and scoped
+      token authorization, improving security posture for policies
+      that perform external HTTP calls (#15789, #15779).
+    - Namespaced image registry credentials:
+      imageRegistryCredentials can now reference namespaced secrets
+      and pod-level imagePullSecrets for image verification
+      (#15112).
+    - CLI expanded policy support: The kyverno apply and kyverno
+      test commands now support cleanup policies, HTTP/Envoy authz
+      policies, and mutateExisting MutatingPolicies (#15732,
+      #15645, #15691, #15253).
+    - Success event filtering: A new successEventActions ConfigMap
+      parameter allows fine-grained control over which success
+      events are emitted (#15466).
+  * New Features
+    - Allow output for missing resources in CLI tests (#14194)
+    - Support mutateExisting MutatingPolicy in CLI test (#15253)
+    - Support cleanup policies in kyverno apply command (#15732)
+    - Support HTTP/Envoy authz policies in kyverno apply (#15645)
+    - Support authz policies in kyverno test (#15691)
+  * Bug Fixes CLI
+    - Fix: CLI CRD support without cluster connection (#13565)
+    - Fix: bypass rule name matching for ruleless policies in CLI
+      (#15757)
+    - Fix: add list GVK to fake cluster scheme to prevent
+      mutateExisting panic (#15746)
+    - Fix: pass CRD-aware RESTMapper to GeneratingPolicy test path
+      (#15561)
+    - Fix: correct test result reporting for legacy policies and
+      CEL engine errors (#15361)
+    - Fix: display NonFatalErrors in CLI test command (#15725)
+    - Fix: return error instead of panic when
+      imageRegistryCredentials.secrets are used in CLI (#15061)
+    - Fix: add default message when rule message is empty in CLI
+      (#14700)
+    - Fix: three bugs in CLI apply command (#15317)
+    - Fix: CLI failing selector-based policies when they did not
+      match the resource (#15236)
+    - Fix: close leaked file handles in CLI apply command (#15151,
+      #15150)
+    - Fix: return proper error on non-OK HTTP status in CLI
+      resource and policy loading (#15153)
+    - Fix: prevent segfault when applying K8s-mode policy to JSON
+      payload (#15332)
+    - Fix: support piped v1.List objects in apply command (#13860)
+    - Fix: check all rules in the test in case no rule is specified
+      (#11739)
+  * Security / CVEs
+    - Fix: limit intermediate certs to mitigate CVE-2026-32280
+      (#15858)
+    - Fix CVE-2026-32283: upgrade Go toolchain to 1.26.2 (#15844)
+    - Fix CVE-2026-24686: bump go-tuf/v2 to v2.4.1 (#15579)
+    - Fix stdlib CVEs (#15483)
+  * Security and compatibility-relevant updates:
+    - Bump github.com/sigstore/cosign/v3 from 3.0.4 to 3.0.6
+      (#15321, #15798)
+    - Bump github.com/sigstore/sigstore to 1.10.5 (#15751)
+    - Bump github.com/sigstore/rekor to 1.5.1 (#15498)
+    - Bump github.com/google/go-containerregistry from 0.21.3 to
+      0.21.5 (#15797, #15852)
+    - Bump golang.org/x/crypto to 0.50.0 (#15551, #15830)
+    - Bump the Kubernetes group libraries (#15408, #15876)
+    - Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 (#15376)
+    - Bump sigs.k8s.io/controller-runtime to 0.23.3 (#15456)
+    - Routine dependency updates (grpc, otel, go-git, supercronic,
+      zerolog, envoy, and GitHub Actions)
+
+-------------------------------------------------------------------

Old:
----
  kyverno-1.17.2.obscpio

New:
----
  kyverno-1.18.0.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ kyverno.spec ++++++
--- /var/tmp/diff_new_pack.vH4qIz/_old  2026-04-30 20:31:10.164702129 +0200
+++ /var/tmp/diff_new_pack.vH4qIz/_new  2026-04-30 20:31:10.168702292 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           kyverno
-Version:        1.17.2
+Version:        1.18.0
 Release:        0
 Summary:        CLI and kubectl plugin for Kyverno
 License:        Apache-2.0
@@ -26,7 +26,7 @@
 Source1:        vendor.tar.gz
 BuildRequires:  bash-completion
 BuildRequires:  fish
-BuildRequires:  go1.25 >= 1.25.7
+BuildRequires:  go1.26 >= 1.26.0
 BuildRequires:  zsh
 
 %description

++++++ _service ++++++
--- /var/tmp/diff_new_pack.vH4qIz/_old  2026-04-30 20:31:10.224704569 +0200
+++ /var/tmp/diff_new_pack.vH4qIz/_new  2026-04-30 20:31:10.232704894 +0200
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/kyverno/kyverno</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v1.17.2</param>
+    <param name="revision">v1.18.0</param>
     <param name="match-tag">v*</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.vH4qIz/_old  2026-04-30 20:31:10.260706032 +0200
+++ /var/tmp/diff_new_pack.vH4qIz/_new  2026-04-30 20:31:10.268706358 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/kyverno/kyverno</param>
-              <param 
name="changesrevision">f64c0f5820a022d354c77316785d08511d2a5cc4</param></service></servicedata>
+              <param 
name="changesrevision">78e7560a5531fda5a39ffb119d7d8e47527d8aee</param></service></servicedata>
 (No newline at EOF)
 

++++++ kyverno-1.17.2.obscpio -> kyverno-1.18.0.obscpio ++++++
++++ 88182 lines of diff (skipped)

++++++ kyverno.obsinfo ++++++
--- /var/tmp/diff_new_pack.vH4qIz/_old  2026-04-30 20:31:20.873137509 +0200
+++ /var/tmp/diff_new_pack.vH4qIz/_new  2026-04-30 20:31:20.885137998 +0200
@@ -1,5 +1,5 @@
 name: kyverno
-version: 1.17.2
-mtime: 1776952787
-commit: f64c0f5820a022d354c77316785d08511d2a5cc4
+version: 1.18.0
+mtime: 1777459900
+commit: 78e7560a5531fda5a39ffb119d7d8e47527d8aee
 

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kyverno/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.kyverno.new.30200/vendor.tar.gz differ: char 13, 
line 1

commit kyverno for openSUSE:Factory

Reply via email to