[main] Upgrade to latest dependencies (#1355)

* upgrade to latest dependencies

bumping knative.dev/eventing c5ef068...0fe923c:
  > 0fe923c Use knative/action/go/downstream-test (# 6573)
  > 53a186d Update pelletier/go-toml/v2 to v2.0.5 (# 6574)
bumping knative.dev/serving e95e99d...d108ba9:
  > d108ba9 Allow setting seccompProfile to enable using restricted security profile (# 13401)
  > 388128b Run queue proxy with restricted profile (# 13376)
  > 6e597fa Enable emptyDir volumes for Knative Services (# 13405)
  > 6264c1b Fix path validation when running tests on Windows (# 13400)
bumping knative.dev/client be74c58...16f26ba:
  > 16f26ba upgrade to latest dependencies (# 1750)
  > 0323f52 upgrade to latest dependencies (# 1749)
bumping github.com/tektoncd/cli ffd3f27...5147967:
  > 5147967 New version v0.23.1
  > 8fe7ac6 fix error while deleting pr without status
  > 013a5df This will fix the version command failing for chain and operator
  > b5a12e1 Updates the configMap name for Operator version
  > 85aa47f Adds namespace where operator is installed
  > ec7cf5e New version v0.23.0
bumping github.com/tektoncd/triggers 4365edb...8b4da3f:
  > 8b4da3f Bump Go version to 1.17.8
  > efadb65 Fix CEL example: Wrong Param Name
  > 645dbbb Build tekton triggers with golang 1.17
  > a89a8fd Add v0.19.0 docs link

Signed-off-by: Knative Automation <[email protected]>

* Fix Tekton version

Signed-off-by: Knative Automation <[email protected]>
Co-authored-by: David Simansky <[email protected]>

go.mod

@@ -46,11 +46,11 @@ require (
 	k8s.io/apimachinery v0.25.2
 	k8s.io/client-go v1.5.2
 	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
-	knative.dev/client v0.34.1-0.20221013140753-be74c58ae0e5
-	knative.dev/eventing v0.34.1-0.20221017124757-c5ef0686df31
+	knative.dev/client v0.34.1-0.20221018194610-0b99fc58d67b
+	knative.dev/eventing v0.35.0
 	knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a
 	knative.dev/pkg v0.0.0-20221011175852-714b7630a836
-	knative.dev/serving v0.34.1-0.20221017132158-e95e99d6c188
+	knative.dev/serving v0.34.1-0.20221018142810-e82287df024c
 )
 
 require github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
@@ -97,7 +97,7 @@ require (
 	github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20220327082430-c57b701bfc08 // indirect
-	github.com/cloudevents/sdk-go/sql/v2 v2.0.0-20220930150014-52b12276cc4a // indirect
+	github.com/cloudevents/sdk-go/sql/v2 v2.8.0 // indirect
 	github.com/containerd/cgroups v1.0.3 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.12.0 // indirect
 	github.com/containers/storage v1.38.2 // indirect
@@ -241,6 +241,8 @@ require (
 )
 
 replace (
+	// Version used in Eventing
+	github.com/cloudevents/sdk-go/sql/v2 => github.com/cloudevents/sdk-go/sql/v2 v2.0.0-20220930150014-52b12276cc4a
 	// Tekton CLI uses newer version without currently used constructor code
 	github.com/hinshun/vt10x => github.com/hinshun/vt10x v0.0.0-20180809195222-d55458df857c
 	// update docker to be compatible with version used by pack and removes invalid pseudo-version

go.sum

@@ -2864,18 +2864,18 @@ k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-knative.dev/client v0.34.1-0.20221013140753-be74c58ae0e5 h1:c/js2jhUtouVp7mtajmqRGaO84qwCWXd73JDyNOq3Nc=
-knative.dev/client v0.34.1-0.20221013140753-be74c58ae0e5/go.mod h1:V7AR8YiKD2xesbVUeyFFmw3cPomfGbsdfP/S0zhTiZo=
-knative.dev/eventing v0.34.1-0.20221017124757-c5ef0686df31 h1:fOJj2lwlAeyByronb3UiG5gW5DIcBxF6G0YOdbSjCFY=
-knative.dev/eventing v0.34.1-0.20221017124757-c5ef0686df31/go.mod h1:w0Ddyjs/jG94prb90W+qRgqVQxr9pmh9i78TiED1gHY=
+knative.dev/client v0.34.1-0.20221018194610-0b99fc58d67b h1:ZDsJHEAjUKfdIa7pZLjR/k3i9hdWE5t6VbyMUCucHMU=
+knative.dev/client v0.34.1-0.20221018194610-0b99fc58d67b/go.mod h1:NfWs4IN43Q5WfcVM9XuhslmCq+tsReknbWL74AKuPmM=
+knative.dev/eventing v0.35.0 h1:0sn4Fc0OajdEf4s+0SucwzAIGvO3LZA/BZHsSwfjHes=
+knative.dev/eventing v0.35.0/go.mod h1:MEqB5frQ5jQ2/A+WHpDU2VNLXum+4o7TiMhTdCvji9w=
 knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a h1:yfq1OMrkyYkxDeM0pmAOeN4YF16R/WG0C+VvLBeq4uc=
 knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/networking v0.0.0-20221012062251-58f3e6239b4f h1:e/08+ofUjGjSYV2Usvb22IbkX4MjoiywbRtnXUK3FQY=
 knative.dev/networking v0.0.0-20221012062251-58f3e6239b4f/go.mod h1:GciicKYf4aWE138pT2ZKkZ/E10rd0Kt4ziX52A/HnVY=
 knative.dev/pkg v0.0.0-20221011175852-714b7630a836 h1:0N7Zo/O+xeUUebJPm9keBaGclrUoEbljr3J1MsqtaIM=
 knative.dev/pkg v0.0.0-20221011175852-714b7630a836/go.mod h1:DMTRDJ5WRxf/DrlOPzohzfhSuJggscLZ8EavOq9O/x8=
-knative.dev/serving v0.34.1-0.20221017132158-e95e99d6c188 h1:fDNdQSVQBc+2O7BIncZrUi6t6IJpS29ITEftNcEFcvU=
-knative.dev/serving v0.34.1-0.20221017132158-e95e99d6c188/go.mod h1:eKvzlUmOFunHbVqkP5kmrNKSsjpo9TrYjWk/TK/4eGA=
+knative.dev/serving v0.34.1-0.20221018142810-e82287df024c h1:6ZL+bWs4Z/UGOdVDVncaSzZmvA5VLd4maLuENlLzjfk=
+knative.dev/serving v0.34.1-0.20221018142810-e82287df024c/go.mod h1:eKvzlUmOFunHbVqkP5kmrNKSsjpo9TrYjWk/TK/4eGA=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=

vendor/knative.dev/serving/pkg/apis/config/features.go

@@ -63,7 +63,7 @@ func defaultFeaturesConfig() *Features {
 		PodSpecSchedulerName:             Disabled,
 		ContainerSpecAddCapabilities:     Disabled,
 		PodSpecTolerations:               Disabled,
-		PodSpecVolumesEmptyDir:           Disabled,
+		PodSpecVolumesEmptyDir:           Enabled,
 		PodSpecPersistentVolumeClaim:     Disabled,
 		PodSpecPersistentVolumeWrite:     Disabled,
 		QueueProxyMountPodInfo:           Disabled,

vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go

@@ -600,12 +600,14 @@ func PodSecurityContextMask(ctx context.Context, in *corev1.PodSecurityContext)
 	out.RunAsNonRoot = in.RunAsNonRoot
 	out.FSGroup = in.FSGroup
 	out.SupplementalGroups = in.SupplementalGroups
+	out.SeccompProfile = in.SeccompProfile
 
 	// Disallowed
 	// This list is unnecessary, but added here for clarity
 	out.SELinuxOptions = nil
 	out.WindowsOptions = nil
 	out.Sysctls = nil
+	out.FSGroupChangePolicy = nil
 
 	return out
 }
@@ -631,6 +633,9 @@ func SecurityContextMask(ctx context.Context, in *corev1.SecurityContext) *corev
 	// AllowPrivilegeEscalation when unset can behave the same way as true
 	// We do want the ability for folks to set this value to false
 	out.AllowPrivilegeEscalation = in.AllowPrivilegeEscalation
+	// SeccompProfile defaults to "unconstrained", but the safe values are
+	// "RuntimeDefault" or "Localhost" (with localhost path set)
+	out.SeccompProfile = in.SeccompProfile
 
 	// Disallowed
 	// This list is unnecessary, but added here for clarity

vendor/knative.dev/serving/pkg/apis/serving/k8s_validation.go

@@ -20,7 +20,7 @@ import (
 	"context"
 	"fmt"
 	"math"
-	"path/filepath"
+	"path"
 	"strings"
 
 	"github.com/google/go-containerregistry/pkg/name"
@@ -628,18 +628,18 @@ func validateVolumeMounts(mounts []corev1.VolumeMount, volumes map[string]corev1
 
 		if vm.MountPath == "" {
 			errs = errs.Also(apis.ErrMissingField("mountPath").ViaIndex(i))
-		} else if reservedPaths.Has(filepath.Clean(vm.MountPath)) {
+		} else if reservedPaths.Has(path.Clean(vm.MountPath)) {
 			errs = errs.Also((&apis.FieldError{
-				Message: fmt.Sprintf("mountPath %q is a reserved path", filepath.Clean(vm.MountPath)),
+				Message: fmt.Sprintf("mountPath %q is a reserved path", path.Clean(vm.MountPath)),
 				Paths:   []string{"mountPath"},
 			}).ViaIndex(i))
-		} else if !filepath.IsAbs(vm.MountPath) {
+		} else if !path.IsAbs(vm.MountPath) {
 			errs = errs.Also(apis.ErrInvalidValue(vm.MountPath, "mountPath").ViaIndex(i))
-		} else if seenMountPath.Has(filepath.Clean(vm.MountPath)) {
+		} else if seenMountPath.Has(path.Clean(vm.MountPath)) {
 			errs = errs.Also(apis.ErrInvalidValue(
 				fmt.Sprintf("%q must be unique", vm.MountPath), "mountPath").ViaIndex(i))
 		}
-		seenMountPath.Insert(filepath.Clean(vm.MountPath))
+		seenMountPath.Insert(path.Clean(vm.MountPath))
 
 		shouldCheckReadOnlyVolume := volumes[vm.Name].EmptyDir == nil && volumes[vm.Name].PersistentVolumeClaim == nil
 		if shouldCheckReadOnlyVolume && !vm.ReadOnly {

vendor/modules.txt

@@ -288,7 +288,7 @@ github.com/cespare/xxhash/v2
 github.com/chrismellard/docker-credential-acr-env/pkg/credhelper
 github.com/chrismellard/docker-credential-acr-env/pkg/registry
 github.com/chrismellard/docker-credential-acr-env/pkg/token
-# github.com/cloudevents/sdk-go/sql/v2 v2.0.0-20220930150014-52b12276cc4a
+# github.com/cloudevents/sdk-go/sql/v2 v2.8.0 => github.com/cloudevents/sdk-go/sql/v2 v2.0.0-20220930150014-52b12276cc4a
 ## explicit; go 1.17
 github.com/cloudevents/sdk-go/sql/v2
 github.com/cloudevents/sdk-go/sql/v2/expression
@@ -1651,7 +1651,7 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/client v0.34.1-0.20221013140753-be74c58ae0e5
+# knative.dev/client v0.34.1-0.20221018194610-0b99fc58d67b
 ## explicit; go 1.18
 knative.dev/client/lib/test
 knative.dev/client/pkg/apis/client
@@ -1667,7 +1667,7 @@ knative.dev/client/pkg/serving/v1
 knative.dev/client/pkg/util
 knative.dev/client/pkg/util/mock
 knative.dev/client/pkg/wait
-# knative.dev/eventing v0.34.1-0.20221017124757-c5ef0686df31
+# knative.dev/eventing v0.35.0
 ## explicit; go 1.18
 knative.dev/eventing/pkg/apis/config
 knative.dev/eventing/pkg/apis/duck
@@ -1744,7 +1744,7 @@ knative.dev/pkg/tracing/config
 knative.dev/pkg/tracing/propagation
 knative.dev/pkg/tracing/propagation/tracecontextb3
 knative.dev/pkg/tracker
-# knative.dev/serving v0.34.1-0.20221017132158-e95e99d6c188
+# knative.dev/serving v0.34.1-0.20221018142810-e82287df024c
 ## explicit; go 1.18
 knative.dev/serving/pkg/apis/autoscaling
 knative.dev/serving/pkg/apis/autoscaling/v1alpha1
@@ -1861,6 +1861,7 @@ sigs.k8s.io/structured-merge-diff/v4/value
 # sigs.k8s.io/yaml v1.3.0
 ## explicit; go 1.12
 sigs.k8s.io/yaml
+# github.com/cloudevents/sdk-go/sql/v2 => github.com/cloudevents/sdk-go/sql/v2 v2.0.0-20220930150014-52b12276cc4a
 # github.com/hinshun/vt10x => github.com/hinshun/vt10x v0.0.0-20180809195222-d55458df857c
 # github.com/openshift/source-to-image => github.com/boson-project/source-to-image v1.3.2
 # k8s.io/client-go => k8s.io/client-go v0.25.2