chore(deps): update all non-major dependencies

.github/workflows/ci.yml

@@ -16,7 +16,7 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: "1.22"
+          go-version: "1.23"
       - run: make unit-tests
       - name: Upload unit-tests coverage to Codecov
         uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
@@ -35,7 +35,7 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: "1.22"
+          go-version: "1.23"
       - run: make integration-tests-envtest
       - run: make integration-tests-real-cluster
       - name: Upload integration-tests coverage to Codecov
@@ -55,11 +55,11 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: "1.22"
+          go-version: "1.23"
       - name: golangci-lint
         uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
         with:
-          version: v1.59.1
+          version: v1.60.3
 
   shellcheck:
     name: Shellcheck

.github/workflows/container-image.yml

@@ -59,7 +59,7 @@ jobs:
       - name: Build and push container image
         if: ${{ inputs.push-image }}
         id: build-image
-        uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 # v6.6.1
+        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
         with:
           context: .
           file: ./Dockerfile
@@ -72,7 +72,7 @@ jobs:
         # and they run on amd64 arch, let's skip the arm64 build for now.
         name: Build linux/amd64 container image
         if: ${{ inputs.push-image == false }}
-        uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 # v6.6.1
+        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
         with:
           context: .
           file: ./Dockerfile

.github/workflows/release.yml

@@ -26,7 +26,7 @@ jobs:
       - name: Install Golang
         uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: "1.22"
+          go-version: "1.23"
 
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

.github/workflows/sbom.yml

@@ -24,10 +24,10 @@ jobs:
         uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
 
       - name: Install the syft command
-        uses: kubewarden/github-actions/syft-installer@ec1c08ac56d3c16dfb7933b849da6370638fba54 # v3.3.1
+        uses: kubewarden/github-actions/syft-installer@cc9e5cedccd286c6f9f9ffe59a121f72478a4f26 # v3.3.3
 
       - name: Install the crane command
-        uses: kubewarden/github-actions/crane-installer@ec1c08ac56d3c16dfb7933b849da6370638fba54 # v3.3.1
+        uses: kubewarden/github-actions/crane-installer@cc9e5cedccd286c6f9f9ffe59a121f72478a4f26 # v3.3.3
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.22 as builder
+FROM golang:1.23 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

Makefile

@@ -197,10 +197,10 @@ GINKGO ?= $(LOCALBIN)/ginkgo-$(GINGKO_VERSION)
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.4.1
-CONTROLLER_TOOLS_VERSION ?= v0.15.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.1
 ENVTEST_VERSION ?= release-0.18
-GOLANGCI_LINT_VERSION ?= v1.59.1
-GINGKO_VERSION ?= v2.19.1
+GOLANGCI_LINT_VERSION ?= v1.60.3
+GINGKO_VERSION ?= v2.20.1
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.

config/crd/bases/policies.kubewarden.io_admissionpolicies.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.15.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: admissionpolicies.policies.kubewarden.io
 spec:
   group: policies.kubewarden.io
@@ -116,7 +116,6 @@ spec:
                         Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.
                         CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
 
-
                         'object' - The object from the incoming request. The value is null for DELETE requests.
                         'oldObject' - The existing object. The value is null for CREATE requests.
                         'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).
@@ -126,7 +125,6 @@ spec:
                           request resource.
                         Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
 
-
                         Required.
                       type: string
                     name:
@@ -139,7 +137,6 @@ spec:
                         '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an
                         optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
 
-
                         Required.
                       type: string
                   required:
@@ -298,7 +295,6 @@ spec:
                       description: |-
                         Resources is a list of resources this rule applies to.
 
-
                         For example:
                         'pods' means pods.
                         'pods/log' means the log subresource of pods.
@@ -307,11 +303,9 @@ spec:
                         '*/scale' means all scale subresources.
                         '*/*' means all resources and their subresources.
 
-
                         If wildcard is present, the validation rule will ensure resources do not
                         overlap with each other.
 
-
                         Depending on the enclosing object, subresources might not be allowed.
                         Required.
                       items:
@@ -377,16 +371,8 @@ spec:
                   "PolicyServerServiceReconciled" and
                   "AdmissionPolicyActive"
                 items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource.\n---\nThis struct is intended for
-                    direct use as an array at the field path .status.conditions.  For
-                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
-                    observations of a foo's current state.\n\t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
-                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
-                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
-                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
-                    \   // other fields\n\t}"
+                  description: Condition contains details for one aspect of the current
+                    state of this API Resource.
                   properties:
                     lastTransitionTime:
                       description: |-
@@ -427,12 +413,7 @@ spec:
                       - Unknown
                       type: string
                     type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        ---
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-                        useful (see .node.status.conditions), the ability to deconflict is important.
-                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
                       maxLength: 316
                       pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                       type: string
@@ -677,7 +658,6 @@ spec:
                       description: |-
                         Resources is a list of resources this rule applies to.
 
-
                         For example:
                         'pods' means pods.
                         'pods/log' means the log subresource of pods.
@@ -686,11 +666,9 @@ spec:
                         '*/scale' means all scale subresources.
                         '*/*' means all resources and their subresources.
 
-
                         If wildcard is present, the validation rule will ensure resources do not
                         overlap with each other.
 
-
                         Depending on the enclosing object, subresources might not be allowed.
                         Required.
                       items:
@@ -756,16 +734,8 @@ spec:
                   "PolicyServerServiceReconciled" and
                   "AdmissionPolicyActive"
                 items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource.\n---\nThis struct is intended for
-                    direct use as an array at the field path .status.conditions.  For
-                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
-                    observations of a foo's current state.\n\t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
-                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
-                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
-                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
-                    \   // other fields\n\t}"
+                  description: Condition contains details for one aspect of the current
+                    state of this API Resource.
                   properties:
                     lastTransitionTime:
                       description: |-
@@ -806,12 +776,7 @@ spec:
                       - Unknown
                       type: string
                     type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        ---
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-                        useful (see .node.status.conditions), the ability to deconflict is important.
-                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
                       maxLength: 316
                       pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                       type: string

config/crd/bases/policies.kubewarden.io_admissionpolicygroups.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.15.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   name: admissionpolicygroups.policies.kubewarden.io
 spec:
   group: policies.kubewarden.io
@@ -131,7 +131,6 @@ spec:
                         Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.
                         CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
 
-
                         'object' - The object from the incoming request. The value is null for DELETE requests.
                         'oldObject' - The existing object. The value is null for CREATE requests.
                         'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).
@@ -141,7 +140,6 @@ spec:
                           request resource.
                         Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
 
-
                         Required.
                       type: string
                     name:
@@ -154,7 +152,6 @@ spec:
                         '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an
                         optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
 
-
                         Required.
                       type: string
                   required:
@@ -357,7 +354,6 @@ spec:
                       description: |-
                         Resources is a list of resources this rule applies to.
 
-
                         For example:
                         'pods' means pods.
                         'pods/log' means the log subresource of pods.
@@ -366,11 +362,9 @@ spec:
                         '*/scale' means all scale subresources.
                         '*/*' means all resources and their subresources.
 
-
                         If wildcard is present, the validation rule will ensure resources do not
                         overlap with each other.
 
-
                         Depending on the enclosing object, subresources might not be allowed.
                         Required.
                       items:
@@ -429,16 +423,8 @@ spec:
                   "PolicyServerServiceReconciled" and
                   "AdmissionPolicyActive"
                 items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource.\n---\nThis struct is intended for
-                    direct use as an array at the field path .status.conditions.  For
-                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
-                    observations of a foo's current state.\n\t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
-                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
-                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
-                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
-                    \   // other fields\n\t}"
+                  description: Condition contains details for one aspect of the current
+                    state of this API Resource.
                   properties:
                     lastTransitionTime:
                       description: |-
@@ -479,12 +465,7 @@ spec:
                       - Unknown
                       type: string
                     type:
-                      description: |-
-                        type of condition in CamelCase or in foo.example.com/CamelCase.
-                        ---
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-                        useful (see .node.status.conditions), the ability to deconflict is important.
-                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
                       maxLength: 316
                       pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                       type: string