File polaris.changes of Package polaris
-------------------------------------------------------------------
Wed Jun 18 04:30:02 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 9.6.4:
* INS-1097: Fix CVE-2025-22874 for polaris (#1122)
-------------------------------------------------------------------
Thu Apr 24 15:25:25 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 9.6.3:
* INS-933 - pullPolicyNotAlways is crashing webhook mutations
(#1115)
* Bump golang.org/x/net from 0.33.0 to 0.36.0 (#1108)
* Bump k8s.io/client-go from 0.32.0 to 0.32.2 (#1103)
* Bump k8s.io/apimachinery from 0.32.0 to 0.32.2 (#1102)
* Bump sigs.k8s.io/controller-runtime from 0.19.3 to 0.20.2
(#1101)
* fixed pdbMinAvailableGreaterThanHPAMinReplicas and added
validation for pdbMinAvailableEqualToHPAMinReplicas. (#1073)
-------------------------------------------------------------------
Thu Jan 02 17:12:53 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 9.6.1:
* INSIGHTS-593 Fix Polaris vulerabilities (#1094)
* update supporting libs and bump alpine to 3.21 (#1093)
* Bump k8s.io/client-go from 0.31.2 to 0.31.3 (#1084)
* Bump k8s.io/api from 0.31.2 to 0.31.3 (#1083)
* Bump sigs.k8s.io/controller-runtime from 0.19.1 to 0.19.2
(#1086)
* Bump k8s.io/apimachinery from 0.31.2 to 0.31.3 (#1087)
-------------------------------------------------------------------
Wed Nov 13 14:38:02 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 9.6.0:
* INSIGHTS-475 Add 3 new checks to polaris (#1082)
* Bump k8s.io/client-go from 0.31.1 to 0.31.2 (#1078)
* Bump sigs.k8s.io/controller-runtime from 0.19.0 to 0.19.1
(#1079)
* Bump github.com/fatih/color from 1.17.0 to 1.18.0 (#1081)
* Bump k8s.io/api from 0.31.1 to 0.31.2 (#1077)
-------------------------------------------------------------------
Wed Oct 23 09:06:43 UTC 2024 - opensuse_buildservice@ojkastl.de
- add subpackages for shell completions
- Update to version 9.5.0:
* Add --merge-config flag to support merging with default
configuration (#1075)
* Fix: rolebindingRolePodExecAttach check (#1070)
-------------------------------------------------------------------
Fri Sep 27 20:32:35 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 9.4.1:
* Updated Go to 1.22.7 to fix vulnerabilities (#1069)
* Managed by Terraform
-------------------------------------------------------------------
Sat Sep 21 13:33:50 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 9.4.0:
* INSIGHTS-358 Bump polaris libs (#1068)
* Managed by Terraform
-------------------------------------------------------------------
Sat Sep 14 08:16:10 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 9.3.0:
* INSIGHTS-8 Polaris: Harden admission against rogue pods (#1064)
* docs: update documentation from template (#1063)
-------------------------------------------------------------------
Thu Jul 18 18:56:37 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 9.2.1:
* fix pdbMinAvailableGreaterThanHPAMinReplicas check when
minAvailable is not present (#1062)
-------------------------------------------------------------------
Wed Jul 10 08:28:39 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 9.2.0:
* INSIGHTS-157 - PDB <> HPA check (#1057)
-------------------------------------------------------------------
Wed Jul 03 15:57:15 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 9.1.1:
* INSIGHTS-156 - Fix typo and improve failure message (#1055)
* INSIGHTS-159 - use go templating instead of custom function
validation (#1056)
-------------------------------------------------------------------
Wed Jul 03 15:53:36 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 9.1.0:
* fix changelog for release (#1054)
* INSIGHTS-90 - implement HPA minAvailable and HPA maxAvailable
checks (#1053)
* fix typo for minAvailable and maxAvailable (#1050)
-------------------------------------------------------------------
Fri Mar 15 21:54:48 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 9.0.1:
* Fix comments handling in addOrReplaceValue function (#1039)
-------------------------------------------------------------------
Fri Mar 15 21:52:40 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 9.0.0:
* FWI-5820 - remove packr in favor of go:embed (#1035)
* FWI-5804 - expose issue fixer and mutations in the library
(#1032)
-------------------------------------------------------------------
Fri Mar 15 21:48:15 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 8.5.6:
* Fix trying to list cluster-level resources (#1004)
* Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#1024)
* Bump k8s.io/client-go from 0.27.3 to 0.29.0 (#1021)
-------------------------------------------------------------------
Wed Feb 14 19:59:13 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 8.5.5:
* fix missing PDB check (#1027)
-------------------------------------------------------------------
Thu Jan 04 18:44:24 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 8.5.4:
* fix: conditional expressions should be at very top of
additionalSchemaStrings (#1025)
* Update alpine to 3.19 (#1022)
-------------------------------------------------------------------
Tue Dec 12 17:22:29 UTC 2023 - kastl@b1-systems.de
- Update to version 8.5.3:
* FWI-5385 Add quiet flag to polaris audit CLI command to
suppress 'upload to Insights' prompt (#1017)
* Managed by Terraform
-------------------------------------------------------------------
Wed Nov 01 19:21:58 UTC 2023 - kastl@b1-systems.de
- Update to version 8.5.2:
* Using controller-utils to get workloads (#1012)
-------------------------------------------------------------------
Wed Sep 06 05:34:59 UTC 2023 - kastl@b1-systems.de
- Update to version 8.5.1:
* Fix numerical resource ranges (#991)
* Update topologySpreadConstraint.yaml (#971)
-------------------------------------------------------------------
Tue Sep 05 15:00:11 UTC 2023 - kastl@b1-systems.de
- Update to version 8.5.0:
* Add helm-skip-tests flag (#986)
* update CLI documentation (#967)
* Bump k8s.io/apimachinery from 0.27.3 to 0.27.4 (#977)
* feat: handle multiple values files (#974)
-------------------------------------------------------------------
Mon Jul 17 04:59:19 UTC 2023 - kastl@b1-systems.de
- Update to version 8.4.0:
* change kubernetes.io/ label from name to instance (#973)
-------------------------------------------------------------------
Thu Jul 06 13:08:02 UTC 2023 - kastl@b1-systems.de
- Update to version 8.3.0:
* Add insights prompt (#968)
* Bump github.com/AlecAivazis/survey/v2 from 2.3.6 to 2.3.7
(#961)
* Add option to filter audit results by severity level (#969)
* Bump k8s.io/client-go from 0.27.2 to 0.27.3 (#960)
-------------------------------------------------------------------
Fri Jun 23 07:12:40 UTC 2023 - kastl@b1-systems.de
- Update to version 8.2.4:
* Fix nil pointer issue with webhook (#966)
-------------------------------------------------------------------
Thu Jun 22 05:07:36 UTC 2023 - kastl@b1-systems.de
- Update to version 8.2.3:
* add test for required fields on builtin checks (#965)
* FWI-4307 - fix checks category (#964)
-------------------------------------------------------------------
Wed Jun 14 17:36:49 UTC 2023 - kastl@b1-systems.de
- Update to version 8.2.2:
* fix cert dir arg (#958)
* Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#957)
-------------------------------------------------------------------
Mon Jun 12 19:54:04 UTC 2023 - kastl@b1-systems.de
- Update to version 8.2.1:
* tweak net listener to localhost - removing unwanted popup
(#955)
* redirect user to cluster action-items instead of cluster
overview (#956)
-------------------------------------------------------------------
Mon Jun 12 19:50:03 UTC 2023 - kastl@b1-systems.de
- Update to version 8.2.0:
* Minor fixes for NSA checks (#952)
-------------------------------------------------------------------
Mon Jun 12 19:48:46 UTC 2023 - kastl@b1-systems.de
- Update to version 8.1.0:
* improve cluster-name flag description (#954)
* FWI-4190 - Upload polaris results to Fairwinds Insights support
(#948)
* update some dependencies in go and CI (#951)
-------------------------------------------------------------------
Thu Jun 01 05:26:22 UTC 2023 - kastl@b1-systems.de
- Update to version 8.0.0:
* Update checks severities (#950)
-------------------------------------------------------------------
Wed May 17 04:40:00 UTC 2023 - kastl@b1-systems.de
- Update to version 7.4.2:
* move to latest alpine (#944)
* Update checks documentation (#936)
* Managed by Terraform
-------------------------------------------------------------------
Mon Apr 03 12:05:07 UTC 2023 - kastl@b1-systems.de
- Update to version 7.4.1:
* Update documentation from template (#935)
* Update documentation from template (#934)
-------------------------------------------------------------------
Mon Apr 03 12:03:10 UTC 2023 - kastl@b1-systems.de
- Update to version 7.4.0:
* Update documentation from template (#926)
* chore(ci): Upgrade Github CI/CD to non-deprecated actions
(#933)
* Update package-lock.json (#923)
* Bump golang.org/x/net from 0.6.0 to 0.7.0 (#922)
* Skip https certificate verification (#920)
-------------------------------------------------------------------
Fri Feb 10 06:15:24 UTC 2023 - kastl@b1-systems.de
- Update to version 7.3.2:
* update alpine (#918)
-------------------------------------------------------------------
Fri Feb 10 06:14:07 UTC 2023 - kastl@b1-systems.de
- Update to version 7.3.1:
* update go modules (#917)
* Fix #908 by generating release name (#909)
* Update dangerousCapabilities.yaml (#866)
-------------------------------------------------------------------
Thu Jan 05 20:31:31 UTC 2023 - kastl@b1-systems.de
- Update to version 7.3.0:
* sc/rd 71 add plg link (#896)
* Update documentation from template (#899)
* Fix #547 - add a check for topologySpreadConstraint (#879)
-------------------------------------------------------------------
Wed Jan 04 15:46:41 UTC 2023 - kastl@b1-systems.de
- Update to version 7.2.1:
* update dependencies (#898)
* Bump alpine from 3.16 to 3.17 (#885)
* Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#870)
* Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#869)
* Managed by Terraform
* refactor: move from io/ioutil to io and os packages (#858)
-------------------------------------------------------------------
Tue Nov 15 09:21:33 UTC 2022 - kastl@b1-systems.de
- Update to version 7.2.0:
* FWI-2719: Enable new RBAC / sensitive content / Pod exec checks, add `hasPrefix` and `hasSuffix` functions to the GO template, exempt `system:` name prefixes for RBAC checks, sensitive content checks ignore `valueFrom`, (#832)
* Managed by Terraform
* update dependencies (#867)
* Bump k8s.io/api from 0.25.0 to 0.25.3 (#862)
* FWI-2912: Add logging to improve debugging of JSON Schema (#859)
* Fix CI tag filters and re-enable docs (#852)
-------------------------------------------------------------------
Sun Sep 25 07:04:04 UTC 2022 - kastl@b1-systems.de
- Update to version 7.1.5:
* Fix 7e099521
* Define tag filters for all jobs in the workflow
* Re-enable build/push of documentation
* Build docker images using goreleaser and support arm64 (#845)
-------------------------------------------------------------------
Sun Sep 25 07:01:57 UTC 2022 - kastl@b1-systems.de
- Update to version 7.1.4:
* fix packr (#851)
* fix goreleaser version
* update goreleaser (#850)
* update docs (#846)
* Add debug info to kube resources, better caching strategy (#840)
* update deps (#841)
* [FWI-2357] Let Polaris modify YAML without losing comments/formatting (#821)
* Add warning message for multi-schema checks in admission (#839)
* Update README.md (#833)
* update dependencies (#836)
* Managed by Terraform
* Omit empty results, make pretty output less verbose (#767)
* Update changelog.md (#825)
* Bump k8s.io/client-go from 0.24.3 to 0.24.4 (#828)
* FWI-2547: Add checks for RBAC allowing execing or attaching to a Pod (#820)
* FWI-2582: Add `clusterrolebindingClusterAdmin`, `rolebindingClusterAdminRole`, and `rolebindingClusterAdminClusterRole` checks + schema tests (#823)
- no releases between 7.0.2 and 7.1.4 upstream
https://github.com/FairwindsOps/polaris/releases
-------------------------------------------------------------------
Wed Sep 07 07:02:05 UTC 2022 - kastl@b1-systems.de
- Update to version 7.0.2:
* fix polaris cves (#824)
* Fix namespace checking when validating additional schemas which are not namespaced (#822)
* Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (#815)
* Bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.3 (#814)
* Bump k8s.io/client-go from 0.24.1 to 0.24.3 (#806)
* FWI-2509: Add sensitiveContainerEnvVar and sensitiveConfigMapContent checks (#817)
* FWI-2476: Add missingNetworkPolicy, automountServiceAccountToken, and linuxHardening checks (#816)
* `target: container` also populates `.Polaris.PodSpec|PodTemplate` + a new `.Polaris.Container` representing the currently checked container, `GetPodTemplate` serializes data to work around a DeepCopy bug with type int (#812)
* fix: properly remove emojis in pretty format with no color (#765)
* Bump github.com/stretchr/testify from 1.7.1 to 1.8.0 (#786)
* Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#813)
* Bump k8s.io/api from 0.24.1 to 0.24.3 (#808)
* Suppress empty results when --only-show-failed-tests is passed (#811)
* Bump alpine from 3.16.0 to 3.16.1 (#810)
* Fix `resourceKindMap.addResource()` to not assume every Kind has an APIGroup (#805)
* Update docs to reflect `target: PodTemplate` RE: PR #801 (#804)
* Add `target PodTemplate` which exposes the full Pod (not only the spec) (#801)
* expose `Polaris.PodSpec` for PodSpec targeted checks (#793)
-------------------------------------------------------------------
Sat Jul 16 19:27:30 UTC 2022 - kastl@b1-systems.de
- Update to version 7.0.1:
* update changelog and docs (#800)
* Update fairwinds-insights.yaml (#799)
-------------------------------------------------------------------
Sat Jul 16 19:24:18 UTC 2022 - kastl@b1-systems.de
- Update to version 7.0.0:
* add docs for mutation (#792)
* Enable pullPolicyNotAlways (#795)
* Add `checks` flag to fix specific checks (#797)
* fix webhook test (#798)
* Add flag to enable mutations in webhook (#794)
* Use orb to publish docs (#791)
* ensure path exists when adding mutations (#789)
* Expose GetValidateResults function to be used in the polaris package (#763)
* update dependencies (#777)
* skip incomplete or broken YAML - warn user (#678)
* Change `target: Pod` to `target: PodSpec` (#726)
* Bump alpine from 3.15.4 to 3.16.0 (#773)
* fix issue when the files-path is actual file path instead of directory (#761)
-------------------------------------------------------------------
Fri May 6 06:09:30 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
- BuildRequire go1.17
-------------------------------------------------------------------
Thu May 05 15:23:32 UTC 2022 - kastl@b1-systems.de
- Update to version 6.0.0:
* Added Mutation webhook (#755)
* update release process (#744)
* update go modules (#743)
* Add fix command to mutate and update IaC (#746)
* Managed by Terraform
* fix kinds (#752)
* Save last podspec when walking owner hierarchy (#748)
* Bump alpine from 3.15.3 to 3.15.4 (#745)
* Added more mutations and refactor test to test each mutation separately (#734)
-------------------------------------------------------------------
Thu Apr 14 19:55:05 UTC 2022 - kastl@b1-systems.de
- Update to version 5.2.0:
* Add a --namespace flag to the in-cluster audit (#742)
* merge the list of resources from custom checks and the generated controller list before deduplicating them (#727)
* audit check specific checks when passing checks args (#737)
* update x/text (#740)
* Bump alpine from 3.15.2 to 3.15.3 (#739)
* Fix license headers (#736)
* Bump alpine from 3.15.1 to 3.15.2 (#733)
* Add mutation field to `imagePolicyNotAlways` (#712)
* Bump alpine from 3.15.0 to 3.15.1 (#731)
* Bump golang from 1.17.7 to 1.17.8 (#716)
-------------------------------------------------------------------
Wed Mar 16 18:04:35 UTC 2022 - kastl@b1-systems.de
- Update to version 5.1.0:
* Release 5.1 (#720)
* Nobletrout/add kubectx support (#719)
* bounce out once we hit a type we know to avoid CRD problems (#718)
* Managed by Terraform
* Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 (#687)
* Bump golang from 1.16 to 1.17.7 (#705)
* Bump alpine from 3.14 to 3.15.0 (#704)
-------------------------------------------------------------------
Wed Feb 23 09:01:22 UTC 2022 - kastl@b1-systems.de
- Update to version 5.0.1:
* CI/CD Updates - get publish secrets from vault. Update goreleaser. Sign checksums. Enable experimental docker features to move towards multi-arch support (#710)
* Update documentation from template (#702)
* Update goreleaser to v1.1.0 (#700)
* Benchmark banner image (#696)
-------------------------------------------------------------------
Mon Jan 24 08:44:34 UTC 2022 - kastl@b1-systems.de
- Update to version 5.0.0:
* Update serverity for polaris check (#690)
* Delete .github/ISSUE_TEMPLATE/bug_report.md
* Delete .github/ISSUE_TEMPLATE/bug.yaml
* Delete .github/ISSUE_TEMPLATE/bug_report.md
* Delete .github/stale.yml
* Correct URL to download polaris tar (#660)
* fix: add space before "in namespace" output (#650)
-------------------------------------------------------------------
Wed Jan 05 19:13:47 UTC 2022 - kastl@b1-systems.de
- Update to version 4.2.0:
* fix configuration syntax for goreleaser (#644)
* prep for 4.2.0 release and helm chart update (#643)
* update goreleaser and make sure to build darwin arm build for homebrew (#642)
* Bump sigs.k8s.io/controller-runtime from 0.10.0 to 0.10.1 (#640)
* Bump k8s.io/api from 0.22.1 to 0.22.2 (#630)
* config: new flags '--disallow-(config|annotation)-exemptions' (#636)
* Bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 (#639)
* Bump github.com/fatih/color from 1.12.0 to 1.13.0 (#641)
* Update documentation from template (#634)
* Bump github.com/thoas/go-funk from 0.9.0 to 0.9.1 (#624)
* Update README.md (#627)
-------------------------------------------------------------------
Wed Jan 05 18:27:12 UTC 2022 - kastl@b1-systems.de
- Update to version 4.1.0:
* bump to 4.1.0 (#623)
* Bump sigs.k8s.io/controller-runtime from 0.9.6 to 0.10.0 (#621)
* handle case-insensitivity for capabilities (#619)
* change test for PDB disruptions (#620)
-------------------------------------------------------------------
Wed Jan 5 18:26:31 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
- Update to version 4.0.9:
* 195619f empty commit
-------------------------------------------------------------------
Wed Jan 05 17:48:29 UTC 2022 - kastl@b1-systems.de
- Update to version 4.0.8:
* bump version, add docs, fix up dashboard (#595)
* bump alpine (#610)
* Bump url-parse from 1.5.1 to 1.5.3 in /docs (#611)
* Bump path-parse from 1.0.6 to 1.0.7 in /docs (#607)
* Bump k8s.io/client-go from 0.21.2 to 0.22.0 (#603)
* Bump sigs.k8s.io/controller-runtime from 0.9.3 to 0.9.6 (#608)
* Update documentation from template (#609)
* Managed by Terraform
* better support for namespaces in additional schemas (#593)
* Bump sigs.k8s.io/controller-runtime from 0.9.2 to 0.9.3 (#594)
* Bump color-string from 1.5.4 to 1.5.5 in /docs (#588)
* Bump k8s.io/api from 0.21.2 to 0.21.3 (#590)
* Bump github.com/spf13/cobra from 1.1.3 to 1.2.1 (#582)
-------------------------------------------------------------------
Wed Jan 05 17:47:32 UTC 2022 - kastl@b1-systems.de
- Update to version 4.0.7:
* fix goreleaser format
-------------------------------------------------------------------
Wed Jan 05 17:46:25 UTC 2022 - kastl@b1-systems.de
- Update to version 4.0.6:
* bump version
* Fix helm-values (#591)
* Update .goreleaser.yml (#592)
* Bump prismjs from 1.23.0 to 1.24.0 in /docs (#580)
* Bump github.com/thoas/go-funk from 0.8.0 to 0.9.0 (#584)
* Bump sigs.k8s.io/controller-runtime from 0.9.0 to 0.9.2 (#579)
-------------------------------------------------------------------
Wed Jan 05 15:17:06 UTC 2022 - kastl@b1-systems.de
- Update to version 4.0.5:
* bump version (#587)
* Fixed repeated names on dashboard (#586)
-------------------------------------------------------------------
Wed Jan 05 15:15:48 UTC 2022 - kastl@b1-systems.de
- Update to version 4.0.4:
* bump version (#578)
* fix dashboard banner (#577)
* fix webhook for top-level resources (#576)
-------------------------------------------------------------------
Wed Jan 05 15:14:06 UTC 2022 - kastl@b1-systems.de
- Update to version 4.0.3:
* bump version, update changelog (#575)
* Bump ini from 1.3.5 to 1.3.8 in /docs (#574)
* Bump prismjs from 1.22.0 to 1.23.0 in /docs (#573)
* Bump elliptic from 6.5.3 to 6.5.4 in /docs (#572)
* Bump lodash from 4.17.20 to 4.17.21 in /docs (#571)
* fix score when onlyOutputFailed is true (#563)
* Bump y18n from 4.0.0 to 4.0.3 in /docs (#570)
* Bump url-parse from 1.4.7 to 1.5.1 in /docs (#569)
* Bump browserslist from 4.14.7 to 4.16.6 in /docs (#568)
* Bump dns-packet from 1.3.1 to 1.3.4 in /docs (#567)
* Bump postcss from 7.0.35 to 7.0.36 in /docs (#566)
* Bump ssri from 6.0.1 to 6.0.2 in /docs (#565)
* Bump ws from 6.2.1 to 6.2.2 in /docs (#564)
* add banner (#560)
* Bump k8s.io/client-go from 0.21.1 to 0.21.2 (#561)
* Bump sigs.k8s.io/controller-runtime from 0.9.0-alpha.1 to 0.9.0 (#559)
* process helm templates method (#556)
* Update README.md (#557)
-------------------------------------------------------------------
Wed May 26 18:45:35 UTC 2021 - Johannes Kastl <kastl@b1-systems.de>
- initial version of package polaris
