* fix: match image digests with any algorithm, not only sha256
IsImageMatched hard-coded '@sha256:' in its regex, while Split accepts any
digest algorithm. An image pinned with a non-sha256 digest (e.g.
nginx@sha512:...) was not matched, so the ImageTagTransformer silently left
it unchanged and the user's images: override was ignored. Generalize the
digest algorithm in the regex to match what Split accepts.
Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com>
* Address review: match OCI digest grammar and test spec example algorithms
Broaden the digest-algorithm match to the OCI grammar (algorithm components
separated by +._-), so multihash+base58 and other registered/unregistered
algorithms match, not just [a-zA-Z][a-zA-Z0-9]*. Add test cases using the
descriptor example algorithms: a full-length sha512 digest and
multihash+base58.
Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com>
---------
Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com>
Updates k8s.io/kube-openapi from v0.0.0-20241212222426-2c72e554b1e7 to
v0.0.0-20260502001324-b7f5293f4787 across api, kyaml, and kustomize modules,
then propagates the change across all workspace modules via make workspace-sync.
The new kube-openapi release switched from the monolithic go-openapi/swag
(v0.23.0) to the refactored split sub-modules (go-openapi/swag/* v0.25.4).
The old swag carried github.com/mailru/easyjson as a dependency; the new
sub-modules do not. After go mod tidy, easyjson and josharian/intern are
fully removed from all three module graphs.
Also upgraded: github.com/google/gnostic-models v0.6.9 → v0.7.0 (pulled
in by the same kube-openapi update).
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
* Reject paths with inner '..' in FileLoader.New to prevent silent misresolution
* Refactor hasInnerDotDot to two-phase loop eliminating mutable state
* Narrow check to embedded '..' segments to allow legitimate winding paths
* Fix gofmt alignment and trailing whitespace in new test functions
* Fix pre-existing lint errors in fileloader_test.go
Delimiter options were ignored for replacements targeting
structured data. Reuse the same value setting function
as replacements targeting regular values.
The github.com/pkg/errors package is unmaintained and archived.
It was pulled in as a transitive dependency through json-patch v4.12.0.
Upgrading to v4.13.0 removes this dependency while maintaining API
compatibility.
json-patch commit: evanphx/json-patch@106306d
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Add test to validate that empty files don't produce an error when using
the `path` option of the `patches` convenience.
Add test to validate that using the deprecated patchesStrategicMerge
still produces an error and no changes have been introduced in old
features.
* fix: performance recession when propagating namespace to helm
* fix: handle passing namespace downstream more elegant
* Revert "fix: handle passing namespace downstream more elegant"
This reverts commit 976a7cf2aa.
* Revert "fix: performance recession when propagating namespace to helm"
This reverts commit c7612d1dba.
* fix: use annotation to identify helm chart generated resources
* fix: deduplicate code
* fix: missing import in NamespaceTransformer.go
* ci: allow manual trigger of pipeline in fork
* Revert "ci: allow manual trigger of pipeline in fork"
This reverts commit 8948788fe2.
* fix: test cases
* chore: fix code comment was on wrong line
* chore: fix code comment was on wrong line pt2
* update go 1.24.6
* fix non-constant format string error
* update golang.org/x/tools@v0.36.0 and github.com/golangci/golangci-lint@v1.64.8 to pass execute golangci-lint
* add a verpose diff output to prow test
* remove pluginator binary version from generated files
* feat: Add regex support for Replacement selectors
* Add new tests for regex support
* Earlier exit with rejectAny, and fix linting
* Add example Use cases using regex
