diff --git a/go.mod b/go.mod index b3016b477..7b655f06c 100644 --- a/go.mod +++ b/go.mod @@ -10,13 +10,13 @@ require ( github.com/spf13/viper v1.21.0 gopkg.in/yaml.v2 v2.4.0 gotest.tools/v3 v3.5.2 - k8s.io/api v0.35.3 - k8s.io/apimachinery v0.35.3 - k8s.io/client-go v0.35.3 - knative.dev/client/pkg v0.0.0-20260416140638-89c2f233d6b4 + k8s.io/api v0.35.4 + k8s.io/apimachinery v0.35.4 + k8s.io/client-go v0.35.4 + knative.dev/client/pkg v0.0.0-20260420202211-51eb6e9bece0 knative.dev/hack v0.0.0-20260416140237-504af4d2178f - knative.dev/networking v0.0.0-20260414015937-f29b24983488 - knative.dev/serving v0.48.1-0.20260420102226-4a744332fc99 + knative.dev/networking v0.0.0-20260421015711-652da006c95d + knative.dev/serving v0.48.1-0.20260420155328-d8e0f47b61d2 ) require ( @@ -55,7 +55,7 @@ require ( github.com/kelseyhightower/envconfig v1.4.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.9.0 // indirect - github.com/moby/spdystream v0.5.0 // indirect + github.com/moby/spdystream v0.5.1 // indirect github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect @@ -98,14 +98,14 @@ require ( gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.35.3 // indirect - k8s.io/apiserver v0.35.3 // indirect + k8s.io/apiextensions-apiserver v0.35.4 // indirect + k8s.io/apiserver v0.35.4 // indirect k8s.io/cli-runtime v0.34.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect - knative.dev/eventing v0.48.1-0.20260414191034-3b3ea1d037e6 // indirect - knative.dev/pkg v0.0.0-20260416015135-a395c1078b3d // indirect + knative.dev/eventing v0.48.1-0.20260420100227-c76e74eeff85 // indirect + knative.dev/pkg v0.0.0-20260420135127-3cd6d6017a35 // indirect sigs.k8s.io/gateway-api v1.1.0 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect diff --git a/go.sum b/go.sum index 6cedbec69..c7312246a 100644 --- a/go.sum +++ b/go.sum @@ -112,8 +112,8 @@ github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4 github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= -github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/spdystream v0.5.1 h1:9sNYeYZUcci9R6/w7KDaFWEWeV4LStVG78Mpyq/Zm/Y= +github.com/moby/spdystream v0.5.1/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -285,36 +285,36 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= -k8s.io/api v0.35.3 h1:pA2fiBc6+N9PDf7SAiluKGEBuScsTzd2uYBkA5RzNWQ= -k8s.io/api v0.35.3/go.mod h1:9Y9tkBcFwKNq2sxwZTQh1Njh9qHl81D0As56tu42GA4= -k8s.io/apiextensions-apiserver v0.35.3 h1:2fQUhEO7P17sijylbdwt0nBdXP0TvHrHj0KeqHD8FiU= -k8s.io/apiextensions-apiserver v0.35.3/go.mod h1:tK4Kz58ykRpwAEkXUb634HD1ZAegEElktz/B3jgETd8= -k8s.io/apimachinery v0.35.3 h1:MeaUwQCV3tjKP4bcwWGgZ/cp/vpsRnQzqO6J6tJyoF8= -k8s.io/apimachinery v0.35.3/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= -k8s.io/apiserver v0.35.3 h1:D2eIcfJ05hEAEewoSDg+05e0aSRwx8Y4Agvd/wiomUI= -k8s.io/apiserver v0.35.3/go.mod h1:JI0n9bHYzSgIxgIrfe21dbduJ9NHzKJ6RchcsmIKWKY= +k8s.io/api v0.35.4 h1:P7nFYKl5vo9AGUp1Z+Pmd3p2tA7bX2wbFWCvDeRv988= +k8s.io/api v0.35.4/go.mod h1:yl4lqySWOgYJJf9RERXKUwE9g2y+CkuwG+xmcOK8wXU= +k8s.io/apiextensions-apiserver v0.35.4 h1:HeP+Upp7ItdvnyGmub0yoix+2z5+ev4M5cE5TCgtOUU= +k8s.io/apiextensions-apiserver v0.35.4/go.mod h1:ogQlk+stIE8mnoRthSYCwlOS12fVqgWFiErMwPaXA7c= +k8s.io/apimachinery v0.35.4 h1:xtdom9RG7e+yDp71uoXoJDWEE2eOiHgeO4GdBzwWpds= +k8s.io/apimachinery v0.35.4/go.mod h1:NNi1taPOpep0jOj+oRha3mBJPqvi0hGdaV8TCqGQ+cc= +k8s.io/apiserver v0.35.4 h1:vtuFqNFmF9bPRdHDL2lpK6qCTPWDreZJL4LRPwVM6ho= +k8s.io/apiserver v0.35.4/go.mod h1:JnBcb+J8kFXKpZkgcbcUnPBBHi4qgBii1I7dLxFY/oo= k8s.io/cli-runtime v0.34.1 h1:btlgAgTrYd4sk8vJTRG6zVtqBKt9ZMDeQZo2PIzbL7M= k8s.io/cli-runtime v0.34.1/go.mod h1:aVA65c+f0MZiMUPbseU/M9l1Wo2byeaGwUuQEQVVveE= -k8s.io/client-go v0.35.3 h1:s1lZbpN4uI6IxeTM2cpdtrwHcSOBML1ODNTCCfsP1pg= -k8s.io/client-go v0.35.3/go.mod h1:RzoXkc0mzpWIDvBrRnD+VlfXP+lRzqQjCmKtiwZ8Q9c= +k8s.io/client-go v0.35.4 h1:DN6fyaGuzK64UvnKO5fOA6ymSjvfGAnCAHAR0C66kD8= +k8s.io/client-go v0.35.4/go.mod h1:2Pg9WpsS4NeOpoYTfHHfMxBG8zFMSAUi4O/qoiJC3nY= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE= k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/client/pkg v0.0.0-20260416140638-89c2f233d6b4 h1:6C8Pg5HrPfhPB8P3r47cNDrQW/tDqciXBQdVjKqlcp8= -knative.dev/client/pkg v0.0.0-20260416140638-89c2f233d6b4/go.mod h1:ETBAuEqQmtH+o+aF0GA8f3Qu8LXwWgW8pI28vua3h+c= -knative.dev/eventing v0.48.1-0.20260414191034-3b3ea1d037e6 h1:maXR76gTo6zpNjZOir4npylXw5wQX2BcXisq8fcaf4c= -knative.dev/eventing v0.48.1-0.20260414191034-3b3ea1d037e6/go.mod h1:Y3FYNf5gNCIuqv+NzUAmqfbHJ8n+TxXSsZoV/20jfV0= +knative.dev/client/pkg v0.0.0-20260420202211-51eb6e9bece0 h1:IV+aWBP4mDiBAFNFP7RveR+XoBwMSGyHh9cW5hCxzwg= +knative.dev/client/pkg v0.0.0-20260420202211-51eb6e9bece0/go.mod h1:NIelLTmf9quo06I1DcN9ppxzWj8a/KHyj0MBmz/ZvcQ= +knative.dev/eventing v0.48.1-0.20260420100227-c76e74eeff85 h1:cIbAhw6JuoljtfWHaGR7LadmdZFaARe3JUvvIqAXsmU= +knative.dev/eventing v0.48.1-0.20260420100227-c76e74eeff85/go.mod h1:LHawjeS2AS4KfEb91YyY0wzyPmGu8fUjJU3wP7ANQ1E= knative.dev/hack v0.0.0-20260416140237-504af4d2178f h1:YTht2cGdhd++kSrhwcDutWpk1V1bi0vKpAs0h4xIjpw= knative.dev/hack v0.0.0-20260416140237-504af4d2178f/go.mod h1:L5RzHgbvam0u8QFHfzCX6MKxu/a/gIGEdaRBqNiVbl0= -knative.dev/networking v0.0.0-20260414015937-f29b24983488 h1:OZfg130Kbf1bibhmLITAVdu2S0P2y0utBc74SgakzcQ= -knative.dev/networking v0.0.0-20260414015937-f29b24983488/go.mod h1:hEhUDqidhueU6J/OXW0K9peQh8wIvFvIWTSHL/611og= -knative.dev/pkg v0.0.0-20260416015135-a395c1078b3d h1:u9tHGBMUh1CYgZOdIBxeXpjvEPNIXT/rCjWVFUtzzs8= -knative.dev/pkg v0.0.0-20260416015135-a395c1078b3d/go.mod h1:SvS4U6mNzjdSvasGVgnuox9eKsG9INWroDcpBo0wFnE= -knative.dev/serving v0.48.1-0.20260420102226-4a744332fc99 h1:kjYtKfH/Wwxv+5v+3xZ6HCiLWdV2YgVhKxVFs9htTvI= -knative.dev/serving v0.48.1-0.20260420102226-4a744332fc99/go.mod h1:wfLJHIJro1bT5SprGokqqUIwRkFTKFmNB+GAxqhrnpk= +knative.dev/networking v0.0.0-20260421015711-652da006c95d h1:8IA93AjVzaKFpKM8/U4h5gIJr4SFLsVMSiGYYzk0guY= +knative.dev/networking v0.0.0-20260421015711-652da006c95d/go.mod h1:iBWx05y07JPjBHvk+KLm4oOhMA6QZ54DeSqp75ln77Y= +knative.dev/pkg v0.0.0-20260420135127-3cd6d6017a35 h1:rTbIPgPE5j8ptHoDXBoiabWJCQeC1F1lPFtlN/wrQek= +knative.dev/pkg v0.0.0-20260420135127-3cd6d6017a35/go.mod h1:VtAr0jJJtx6qqoVx5eNd8YEnnsfyBE/GXPsTmp4nrtM= +knative.dev/serving v0.48.1-0.20260420155328-d8e0f47b61d2 h1:wyJWHtjpaOL9e9v9cw9E4dn024G7OGQ6Q0InEsNPgvQ= +knative.dev/serving v0.48.1-0.20260420155328-d8e0f47b61d2/go.mod h1:wfLJHIJro1bT5SprGokqqUIwRkFTKFmNB+GAxqhrnpk= sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= diff --git a/vendor/github.com/moby/spdystream/NOTICE b/vendor/github.com/moby/spdystream/NOTICE index b9b11c9ab..24e2e2aa3 100644 --- a/vendor/github.com/moby/spdystream/NOTICE +++ b/vendor/github.com/moby/spdystream/NOTICE @@ -3,3 +3,15 @@ Copyright 2014-2021 Docker Inc. This product includes software developed at Docker Inc. (https://www.docker.com/). + +SPDY implementation (spdy/) + +The spdy directory contains code derived from the Go project (golang.org/x/net). + +Copyright 2009-2013 The Go Authors. +Licensed under the BSD 3-Clause License. + +Modifications Copyright 2014-2021 Docker Inc. + +The BSD license text and Go patent grant are included in +spdy/LICENSE and spdy/PATENTS. diff --git a/vendor/github.com/moby/spdystream/connection.go b/vendor/github.com/moby/spdystream/connection.go index 1394d0ad4..69ce4777e 100644 --- a/vendor/github.com/moby/spdystream/connection.go +++ b/vendor/github.com/moby/spdystream/connection.go @@ -224,7 +224,13 @@ type Connection struct { // NewConnection creates a new spdy connection from an existing // network connection. func NewConnection(conn net.Conn, server bool) (*Connection, error) { - framer, framerErr := spdy.NewFramer(conn, conn) + return NewConnectionWithOptions(conn, server) +} + +// NewConnectionWithOptions creates a new spdy connection and applies frame +// parsing limits via options. +func NewConnectionWithOptions(conn net.Conn, server bool, opts ...spdy.FramerOption) (*Connection, error) { + framer, framerErr := spdy.NewFramerWithOptions(conn, conn, opts...) if framerErr != nil { return nil, framerErr } @@ -350,6 +356,9 @@ Loop: } else { debugMessage("(%p) EOF received", s) } + if spdyErr, ok := err.(*spdy.Error); ok && spdyErr.Err == spdy.InvalidControlFrame { + _ = s.conn.Close() + } break } var priority uint8 diff --git a/vendor/github.com/moby/spdystream/spdy/LICENSE b/vendor/github.com/moby/spdystream/spdy/LICENSE new file mode 100644 index 000000000..6a66aea5e --- /dev/null +++ b/vendor/github.com/moby/spdystream/spdy/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/moby/spdystream/spdy/PATENTS b/vendor/github.com/moby/spdystream/spdy/PATENTS new file mode 100644 index 000000000..733099041 --- /dev/null +++ b/vendor/github.com/moby/spdystream/spdy/PATENTS @@ -0,0 +1,22 @@ +Additional IP Rights Grant (Patents) + +"This implementation" means the copyrightable works distributed by +Google as part of the Go project. + +Google hereby grants to You a perpetual, worldwide, non-exclusive, +no-charge, royalty-free, irrevocable (except as stated in this section) +patent license to make, have made, use, offer to sell, sell, import, +transfer and otherwise run, modify and propagate the contents of this +implementation of Go, where such license applies only to those patent +claims, both currently owned or controlled by Google and acquired in +the future, licensable by Google that are necessarily infringed by this +implementation of Go. This grant does not include claims that would be +infringed only as a consequence of further modification of this +implementation. If you or your agent or exclusive licensee institute or +order or agree to the institution of patent litigation against any +entity (including a cross-claim or counterclaim in a lawsuit) alleging +that this implementation of Go or any code incorporated within this +implementation of Go constitutes direct or contributory patent +infringement, or inducement of patent infringement, then any patent +rights granted to you under this License for this implementation of Go +shall terminate as of the date such litigation is filed. diff --git a/vendor/github.com/moby/spdystream/spdy/dictionary.go b/vendor/github.com/moby/spdystream/spdy/dictionary.go index 392232f17..5a5ff0e14 100644 --- a/vendor/github.com/moby/spdystream/spdy/dictionary.go +++ b/vendor/github.com/moby/spdystream/spdy/dictionary.go @@ -1,19 +1,3 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - // Copyright 2013 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. diff --git a/vendor/github.com/moby/spdystream/spdy/options.go b/vendor/github.com/moby/spdystream/spdy/options.go new file mode 100644 index 000000000..ec03e0b9a --- /dev/null +++ b/vendor/github.com/moby/spdystream/spdy/options.go @@ -0,0 +1,25 @@ +package spdy + +// FramerOption allows callers to customize frame parsing limits. +type FramerOption func(*Framer) + +// WithMaxControlFramePayloadSize sets the control-frame payload limit. +func WithMaxControlFramePayloadSize(size uint32) FramerOption { + return func(f *Framer) { + f.maxFrameLength = size + } +} + +// WithMaxHeaderFieldSize sets the per-header name/value size limit. +func WithMaxHeaderFieldSize(size uint32) FramerOption { + return func(f *Framer) { + f.maxHeaderFieldSize = size + } +} + +// WithMaxHeaderCount sets the maximum number of headers in a frame. +func WithMaxHeaderCount(count uint32) FramerOption { + return func(f *Framer) { + f.maxHeaderCount = count + } +} diff --git a/vendor/github.com/moby/spdystream/spdy/read.go b/vendor/github.com/moby/spdystream/spdy/read.go index 75ea045b8..2abb69433 100644 --- a/vendor/github.com/moby/spdystream/spdy/read.go +++ b/vendor/github.com/moby/spdystream/spdy/read.go @@ -1,19 +1,3 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - // Copyright 2011 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. @@ -24,6 +8,7 @@ import ( "compress/zlib" "encoding/binary" "io" + "io/ioutil" "net/http" "strings" ) @@ -59,6 +44,11 @@ func (frame *SettingsFrame) read(h ControlFrameHeader, f *Framer) error { if err := binary.Read(f.r, binary.BigEndian, &numSettings); err != nil { return err } + // Each setting is 8 bytes (4-byte id + 4-byte value). + // Payload is 4 bytes for numSettings + numSettings*8. + if h.length < 4 || numSettings > (h.length-4)/8 { + return &Error{InvalidControlFrame, 0} + } frame.FlagIdValues = make([]SettingsFlagIdValue, numSettings) for i := uint32(0); i < numSettings; i++ { if err := binary.Read(f.r, binary.BigEndian, &frame.FlagIdValues[i].Id); err != nil { @@ -177,8 +167,19 @@ func (f *Framer) parseControlFrame(version uint16, frameType ControlFrameType) ( if err := binary.Read(f.r, binary.BigEndian, &length); err != nil { return nil, err } + maxControlFramePayload := uint32(MaxDataLength) + if f.maxFrameLength > 0 { + maxControlFramePayload = f.maxFrameLength + } + flags := ControlFlags((length & 0xff000000) >> 24) length &= 0xffffff + if length > maxControlFramePayload { + if _, err := io.CopyN(ioutil.Discard, f.r, int64(length)); err != nil { + return nil, err + } + return nil, &Error{InvalidControlFrame, 0} + } header := ControlFrameHeader{version, frameType, flags, length} cframe, err := newControlFrame(frameType) if err != nil { @@ -190,11 +191,22 @@ func (f *Framer) parseControlFrame(version uint16, frameType ControlFrameType) ( return cframe, nil } -func parseHeaderValueBlock(r io.Reader, streamId StreamId) (http.Header, error) { +func (f *Framer) parseHeaderValueBlock(r io.Reader, streamId StreamId) (http.Header, error) { var numHeaders uint32 if err := binary.Read(r, binary.BigEndian, &numHeaders); err != nil { return nil, err } + maxHeaders := defaultMaxHeaderCount + if f.maxHeaderCount > 0 { + maxHeaders = f.maxHeaderCount + } + if numHeaders > maxHeaders { + return nil, &Error{InvalidControlFrame, streamId} + } + maxFieldSize := defaultMaxHeaderFieldSize + if f.maxHeaderFieldSize > 0 { + maxFieldSize = f.maxHeaderFieldSize + } var e error h := make(http.Header, int(numHeaders)) for i := 0; i < int(numHeaders); i++ { @@ -202,6 +214,9 @@ func parseHeaderValueBlock(r io.Reader, streamId StreamId) (http.Header, error) if err := binary.Read(r, binary.BigEndian, &length); err != nil { return nil, err } + if length > maxFieldSize { + return nil, &Error{InvalidControlFrame, streamId} + } nameBytes := make([]byte, length) if _, err := io.ReadFull(r, nameBytes); err != nil { return nil, err @@ -217,6 +232,9 @@ func parseHeaderValueBlock(r io.Reader, streamId StreamId) (http.Header, error) if err := binary.Read(r, binary.BigEndian, &length); err != nil { return nil, err } + if length > maxFieldSize { + return nil, &Error{InvalidControlFrame, streamId} + } value := make([]byte, length) if _, err := io.ReadFull(r, value); err != nil { return nil, err @@ -256,7 +274,7 @@ func (f *Framer) readSynStreamFrame(h ControlFrameHeader, frame *SynStreamFrame) } reader = f.headerDecompressor } - frame.Headers, err = parseHeaderValueBlock(reader, frame.StreamId) + frame.Headers, err = f.parseHeaderValueBlock(reader, frame.StreamId) if !f.headerCompressionDisabled && (err == io.EOF && f.headerReader.N == 0 || f.headerReader.N != 0) { err = &Error{WrongCompressedPayloadSize, 0} } @@ -288,7 +306,7 @@ func (f *Framer) readSynReplyFrame(h ControlFrameHeader, frame *SynReplyFrame) e } reader = f.headerDecompressor } - frame.Headers, err = parseHeaderValueBlock(reader, frame.StreamId) + frame.Headers, err = f.parseHeaderValueBlock(reader, frame.StreamId) if !f.headerCompressionDisabled && (err == io.EOF && f.headerReader.N == 0 || f.headerReader.N != 0) { err = &Error{WrongCompressedPayloadSize, 0} } @@ -320,7 +338,7 @@ func (f *Framer) readHeadersFrame(h ControlFrameHeader, frame *HeadersFrame) err } reader = f.headerDecompressor } - frame.Headers, err = parseHeaderValueBlock(reader, frame.StreamId) + frame.Headers, err = f.parseHeaderValueBlock(reader, frame.StreamId) if !f.headerCompressionDisabled && (err == io.EOF && f.headerReader.N == 0 || f.headerReader.N != 0) { err = &Error{WrongCompressedPayloadSize, 0} } diff --git a/vendor/github.com/moby/spdystream/spdy/types.go b/vendor/github.com/moby/spdystream/spdy/types.go index a254a43ab..a5528618c 100644 --- a/vendor/github.com/moby/spdystream/spdy/types.go +++ b/vendor/github.com/moby/spdystream/spdy/types.go @@ -1,23 +1,9 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - // Copyright 2011 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. +// Modifications Copyright 2014-2021 Docker Inc. + // Package spdy implements the SPDY protocol (currently SPDY/3), described in // http://www.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3. package spdy @@ -63,8 +49,20 @@ const ( ) // MaxDataLength is the maximum number of bytes that can be stored in one frame. +// +// SPDY frame headers encode the payload length using a 24-bit field, +// so the maximum representable size for both data and control frames +// is 2^24-1 bytes. +// +// See the SPDY/3 specification, "Frame Format": +// https://www.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3-1/ const MaxDataLength = 1<<24 - 1 +const ( + defaultMaxHeaderFieldSize uint32 = 1 << 20 + defaultMaxHeaderCount uint32 = 1000 +) + // headerValueSepator separates multiple header values. const headerValueSeparator = "\x00" @@ -269,6 +267,10 @@ type Framer struct { r io.Reader headerReader io.LimitedReader headerDecompressor io.ReadCloser + + maxFrameLength uint32 // overrides the default frame payload length limit. + maxHeaderFieldSize uint32 // overrides the default per-header name/value length limit. + maxHeaderCount uint32 // overrides the default header count limit. } // NewFramer allocates a new Framer for a given SPDY connection, represented by @@ -276,6 +278,16 @@ type Framer struct { // from/to the Reader and Writer, so the caller should pass in an appropriately // buffered implementation to optimize performance. func NewFramer(w io.Writer, r io.Reader) (*Framer, error) { + return newFramer(w, r) +} + +// NewFramerWithOptions allocates a new Framer for a given SPDY connection and +// applies frame parsing limits via options. +func NewFramerWithOptions(w io.Writer, r io.Reader, opts ...FramerOption) (*Framer, error) { + return newFramer(w, r, opts...) +} + +func newFramer(w io.Writer, r io.Reader, opts ...FramerOption) (*Framer, error) { compressBuf := new(bytes.Buffer) compressor, err := zlib.NewWriterLevelDict(compressBuf, zlib.BestCompression, []byte(headerDictionary)) if err != nil { @@ -287,5 +299,10 @@ func NewFramer(w io.Writer, r io.Reader) (*Framer, error) { headerCompressor: compressor, r: r, } + for _, opt := range opts { + if opt != nil { + opt(framer) + } + } return framer, nil } diff --git a/vendor/github.com/moby/spdystream/spdy/write.go b/vendor/github.com/moby/spdystream/spdy/write.go index ab6d91f3b..75084d35d 100644 --- a/vendor/github.com/moby/spdystream/spdy/write.go +++ b/vendor/github.com/moby/spdystream/spdy/write.go @@ -1,19 +1,3 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - // Copyright 2011 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. @@ -23,6 +7,7 @@ package spdy import ( "encoding/binary" "io" + "math" "net/http" "strings" ) @@ -63,13 +48,21 @@ func (frame *RstStreamFrame) write(f *Framer) (err error) { func (frame *SettingsFrame) write(f *Framer) (err error) { frame.CFHeader.version = Version frame.CFHeader.frameType = TypeSettings - frame.CFHeader.length = uint32(len(frame.FlagIdValues)*8 + 4) + payloadLen := len(frame.FlagIdValues)*8 + 4 + if payloadLen > MaxDataLength { + return &Error{InvalidControlFrame, 0} + } + frame.CFHeader.length = uint32(payloadLen) // Serialize frame to Writer. if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { return } - if err = binary.Write(f.w, binary.BigEndian, uint32(len(frame.FlagIdValues))); err != nil { + n := len(frame.FlagIdValues) + if uint64(n) > math.MaxUint32 { + return &Error{InvalidControlFrame, 0} + } + if err = binary.Write(f.w, binary.BigEndian, uint32(n)); err != nil { return } for _, flagIdValue := range frame.FlagIdValues { @@ -170,29 +163,41 @@ func writeControlFrameHeader(w io.Writer, h ControlFrameHeader) error { func writeHeaderValueBlock(w io.Writer, h http.Header) (n int, err error) { n = 0 - if err = binary.Write(w, binary.BigEndian, uint32(len(h))); err != nil { + numHeaders := len(h) + if numHeaders > math.MaxInt32 { + return n, &Error{InvalidControlFrame, 0} + } + if err = binary.Write(w, binary.BigEndian, uint32(numHeaders)); err != nil { return } - n += 2 + n += 4 for name, values := range h { - if err = binary.Write(w, binary.BigEndian, uint32(len(name))); err != nil { + nameLen := len(name) + if nameLen > math.MaxInt32 { + return n, &Error{InvalidControlFrame, 0} + } + if err = binary.Write(w, binary.BigEndian, uint32(nameLen)); err != nil { return } - n += 2 + n += 4 name = strings.ToLower(name) if _, err = io.WriteString(w, name); err != nil { return } - n += len(name) + n += nameLen v := strings.Join(values, headerValueSeparator) - if err = binary.Write(w, binary.BigEndian, uint32(len(v))); err != nil { + vLen := len(v) + if vLen > math.MaxInt32 { + return n, &Error{InvalidControlFrame, 0} + } + if err = binary.Write(w, binary.BigEndian, uint32(vLen)); err != nil { return } - n += 2 + n += 4 if _, err = io.WriteString(w, v); err != nil { return } - n += len(v) + n += vLen } return } @@ -216,7 +221,11 @@ func (f *Framer) writeSynStreamFrame(frame *SynStreamFrame) (err error) { // Set ControlFrameHeader. frame.CFHeader.version = Version frame.CFHeader.frameType = TypeSynStream - frame.CFHeader.length = uint32(len(f.headerBuf.Bytes()) + 10) + hLen := len(f.headerBuf.Bytes()) + 10 + if hLen > MaxDataLength { + return &Error{InvalidControlFrame, 0} + } + frame.CFHeader.length = uint32(hLen) // Serialize frame to Writer. if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { @@ -260,7 +269,11 @@ func (f *Framer) writeSynReplyFrame(frame *SynReplyFrame) (err error) { // Set ControlFrameHeader. frame.CFHeader.version = Version frame.CFHeader.frameType = TypeSynReply - frame.CFHeader.length = uint32(len(f.headerBuf.Bytes()) + 4) + hLen := len(f.headerBuf.Bytes()) + 4 + if hLen > MaxDataLength { + return &Error{InvalidControlFrame, 0} + } + frame.CFHeader.length = uint32(hLen) // Serialize frame to Writer. if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { @@ -295,7 +308,11 @@ func (f *Framer) writeHeadersFrame(frame *HeadersFrame) (err error) { // Set ControlFrameHeader. frame.CFHeader.version = Version frame.CFHeader.frameType = TypeHeaders - frame.CFHeader.length = uint32(len(f.headerBuf.Bytes()) + 4) + hLen := len(f.headerBuf.Bytes()) + 4 + if hLen > MaxDataLength { + return &Error{InvalidControlFrame, 0} + } + frame.CFHeader.length = uint32(hLen) // Serialize frame to Writer. if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { @@ -323,7 +340,11 @@ func (f *Framer) writeDataFrame(frame *DataFrame) (err error) { if err = binary.Write(f.w, binary.BigEndian, frame.StreamId); err != nil { return } - flagsAndLength := uint32(frame.Flags)<<24 | uint32(len(frame.Data)) + dLen := len(frame.Data) + if dLen > MaxDataLength { + return &Error{InvalidDataFrame, frame.StreamId} + } + flagsAndLength := uint32(frame.Flags)<<24 | uint32(dLen) if err = binary.Write(f.w, binary.BigEndian, flagsAndLength); err != nil { return } diff --git a/vendor/k8s.io/apimachinery/pkg/api/validate/union.go b/vendor/k8s.io/apimachinery/pkg/api/validate/union.go index 03f45f866..32a2671f8 100644 --- a/vendor/k8s.io/apimachinery/pkg/api/validate/union.go +++ b/vendor/k8s.io/apimachinery/pkg/api/validate/union.go @@ -19,6 +19,7 @@ package validate import ( "context" "fmt" + "reflect" "strings" "k8s.io/apimachinery/pkg/api/operation" @@ -60,6 +61,10 @@ type UnionValidationOptions struct { // )...) // return errs // } +// +// Note that T is "any", rather than "comparable", because union-members can be +// slices, meaning T might be a struct with a slice, meaning it is not +// comparable. func Union[T any](_ context.Context, op operation.Operation, fldPath *field.Path, obj, oldObj T, union *UnionMembership, isSetFns ...ExtractorFn[T, bool]) field.ErrorList { options := UnionValidationOptions{ ErrorForEmpty: func(fldPath *field.Path, allFields []string) *field.Error { @@ -98,6 +103,10 @@ func Union[T any](_ context.Context, op operation.Operation, fldPath *field.Path // // It is not an error for the discriminatorValue to be unknown. That must be // validated on its own. +// +// Note that T is "any", rather than "comparable", because union-members can be +// slices, meaning T might be a struct with a slice, meaning it is not +// comparable. func DiscriminatedUnion[T any, D ~string](_ context.Context, op operation.Operation, fldPath *field.Path, obj, oldObj T, union *UnionMembership, discriminatorExtractor ExtractorFn[T, D], isSetFns ...ExtractorFn[T, bool]) (errs field.ErrorList) { if len(union.members) != len(isSetFns) { return field.ErrorList{ @@ -106,6 +115,7 @@ func DiscriminatedUnion[T any, D ~string](_ context.Context, op operation.Operat len(isSetFns), len(union.members))), } } + hasOldValue := !reflect.ValueOf(oldObj).IsZero() // because T is any, rather than comparable var changed bool discriminatorValue := discriminatorExtractor(obj) if op.Type == operation.Update { @@ -131,7 +141,7 @@ func DiscriminatedUnion[T any, D ~string](_ context.Context, op operation.Operat } // If the union discriminator and membership is unchanged, we don't need to // re-validate. - if op.Type == operation.Update && !changed { + if op.Type == operation.Update && hasOldValue && !changed { return nil } return errs @@ -195,6 +205,7 @@ func unionValidate[T any](op operation.Operation, fldPath *field.Path, } } + hasOldValue := !reflect.ValueOf(oldObj).IsZero() // because T is any, rather than comparable var specifiedFields []string var changed bool for i, fieldIsSet := range isSetFns { @@ -209,7 +220,7 @@ func unionValidate[T any](op operation.Operation, fldPath *field.Path, } // If the union membership is unchanged, we don't need to re-validate. - if op.Type == operation.Update && !changed { + if op.Type == operation.Update && hasOldValue && !changed { return nil } diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/register.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/register.go index 20d52b0e8..3f20655b0 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/register.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1alpha1/register.go @@ -36,7 +36,7 @@ const ( RequestReplyBrokerCACertsStatusAnnotationKey = "knative.dev/brokerCACerts" // RequestReplyBrokerAudienceStatusAnnotationKey is the RequestReply status - // anotation key used to specify the broker's OIDC audience + // annotation key used to specify the broker's OIDC audience RequestReplyBrokerAudienceStatusAnnotationKey = "knative.dev/brokerAudience" ) diff --git a/vendor/knative.dev/eventing/pkg/apis/sinks/register.go b/vendor/knative.dev/eventing/pkg/apis/sinks/register.go index 1994d5791..7090dcb1b 100644 --- a/vendor/knative.dev/eventing/pkg/apis/sinks/register.go +++ b/vendor/knative.dev/eventing/pkg/apis/sinks/register.go @@ -28,13 +28,13 @@ const ( ) var ( - // JobSinkResource respresents a Knative Eventing sink JobSink + // JobSinkResource represents a Knative Eventing sink JobSink JobSinkResource = schema.GroupResource{ Group: GroupName, Resource: "jobsinks", } - // IntegrationSinkResource respresents a Knative Eventing sink IntegrationSink + // IntegrationSinkResource represents a Knative Eventing sink IntegrationSink IntegrationSinkResource = schema.GroupResource{ Group: GroupName, Resource: "integrationsinks", diff --git a/vendor/knative.dev/eventing/pkg/apis/sources/register.go b/vendor/knative.dev/eventing/pkg/apis/sources/register.go index 9f3966f6f..63d01690a 100644 --- a/vendor/knative.dev/eventing/pkg/apis/sources/register.go +++ b/vendor/knative.dev/eventing/pkg/apis/sources/register.go @@ -35,30 +35,30 @@ const ( ) var ( - // ApiServerSourceResource respresents a Knative Eventing Sources ApiServerSource + // ApiServerSourceResource represents a Knative Eventing Sources ApiServerSource //nolint:staticcheck // Not capitalizing "API" ApiServerSourceResource = schema.GroupResource{ Group: GroupName, Resource: "apiserversources", } - // PingSourceResource respresents a Knative Eventing Sources PingSource + // PingSourceResource represents a Knative Eventing Sources PingSource PingSourceResource = schema.GroupResource{ Group: GroupName, Resource: "pingsources", } - // SinkBindingResource respresents a Knative Eventing Sources SinkBinding + // SinkBindingResource represents a Knative Eventing Sources SinkBinding SinkBindingResource = schema.GroupResource{ Group: GroupName, Resource: "sinkbindings", } - // ContainerSourceResource respresents a Knative Eventing Sources ContainerSource + // ContainerSourceResource represents a Knative Eventing Sources ContainerSource ContainerSourceResource = schema.GroupResource{ Group: GroupName, Resource: "containersources", } - // IntegrationSourceResource respresents a Knative Eventing Sources IntegrationSource + // IntegrationSourceResource represents a Knative Eventing Sources IntegrationSource IntegrationSourceResource = schema.GroupResource{ Group: GroupName, Resource: "integrationsources", diff --git a/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_types.go b/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_types.go index e3d30765e..7510771f0 100644 --- a/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_types.go +++ b/vendor/knative.dev/eventing/pkg/apis/sources/v1/apiserver_types.go @@ -134,7 +134,7 @@ type APIVersionKindSelector struct { // LabelSelector filters this source to objects to those resources pass the // label selector. - // More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors // +optional LabelSelector *metav1.LabelSelector `json:"selector,omitempty"` } diff --git a/vendor/modules.txt b/vendor/modules.txt index 05e4274ad..303890735 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -162,7 +162,7 @@ github.com/mailru/easyjson/jwriter # github.com/mitchellh/go-homedir v1.1.0 ## explicit github.com/mitchellh/go-homedir -# github.com/moby/spdystream v0.5.0 +# github.com/moby/spdystream v0.5.1 ## explicit; go 1.13 github.com/moby/spdystream github.com/moby/spdystream/spdy @@ -402,7 +402,7 @@ gotest.tools/v3/internal/assert gotest.tools/v3/internal/difflib gotest.tools/v3/internal/format gotest.tools/v3/internal/source -# k8s.io/api v0.35.3 +# k8s.io/api v0.35.4 ## explicit; go 1.25.0 k8s.io/api/admissionregistration/v1 k8s.io/api/admissionregistration/v1alpha1 @@ -462,11 +462,11 @@ k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1beta1 -# k8s.io/apiextensions-apiserver v0.35.3 +# k8s.io/apiextensions-apiserver v0.35.4 ## explicit; go 1.25.0 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 -# k8s.io/apimachinery v0.35.3 +# k8s.io/apimachinery v0.35.4 ## explicit; go 1.25.0 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -538,7 +538,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.35.3 +# k8s.io/apiserver v0.35.4 ## explicit; go 1.25.0 k8s.io/apiserver/pkg/storage/names # k8s.io/cli-runtime v0.34.1 @@ -547,7 +547,7 @@ k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.35.3 +# k8s.io/client-go v0.35.4 ## explicit; go 1.25.0 k8s.io/client-go/applyconfigurations k8s.io/client-go/applyconfigurations/admissionregistration/v1 @@ -926,7 +926,7 @@ k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/trace -# knative.dev/client/pkg v0.0.0-20260416140638-89c2f233d6b4 +# knative.dev/client/pkg v0.0.0-20260420202211-51eb6e9bece0 ## explicit; go 1.25.0 knative.dev/client/pkg/apis/client knative.dev/client/pkg/apis/client/v1alpha1 @@ -953,7 +953,7 @@ knative.dev/client/pkg/util/errors knative.dev/client/pkg/util/mock knative.dev/client/pkg/util/test knative.dev/client/pkg/wait -# knative.dev/eventing v0.48.1-0.20260414191034-3b3ea1d037e6 +# knative.dev/eventing v0.48.1-0.20260420100227-c76e74eeff85 ## explicit; go 1.25.0 knative.dev/eventing/pkg/apis/common/integration/v1alpha1 knative.dev/eventing/pkg/apis/config @@ -989,7 +989,7 @@ knative.dev/eventing/pkg/eventingtls # knative.dev/hack v0.0.0-20260416140237-504af4d2178f ## explicit; go 1.24 knative.dev/hack -# knative.dev/networking v0.0.0-20260414015937-f29b24983488 +# knative.dev/networking v0.0.0-20260421015711-652da006c95d ## explicit; go 1.25.0 knative.dev/networking/pkg/apis/networking knative.dev/networking/pkg/apis/networking/v1alpha1 @@ -1001,7 +1001,7 @@ knative.dev/networking/pkg/client/clientset/versioned/typed/networking/v1alpha1/ knative.dev/networking/pkg/config knative.dev/networking/pkg/http/header knative.dev/networking/pkg/ingress -# knative.dev/pkg v0.0.0-20260416015135-a395c1078b3d +# knative.dev/pkg v0.0.0-20260420135127-3cd6d6017a35 ## explicit; go 1.25.0 knative.dev/pkg/apis knative.dev/pkg/apis/duck @@ -1045,7 +1045,7 @@ knative.dev/pkg/test/ingress knative.dev/pkg/test/logging knative.dev/pkg/test/spoof knative.dev/pkg/tracker -# knative.dev/serving v0.48.1-0.20260420102226-4a744332fc99 +# knative.dev/serving v0.48.1-0.20260420155328-d8e0f47b61d2 ## explicit; go 1.25.0 knative.dev/serving/pkg/apis/autoscaling knative.dev/serving/pkg/apis/autoscaling/v1alpha1