Update module github.com/kyverno/kyverno to v1.13.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/kyverno/kyverno	v1.12.5 -> v1.13.1

---

Release Notes

kyverno/kyverno (github.com/kyverno/kyverno)

v1.13.1

Compare Source

✨ Added ✨

• Added the validation check for webhook configurations using CEL (#​11461)

🐛 Fixed 🐛

• Skipped Azure keychain-based login for MCR registry (#​11480)
• Fixed a validate issue to match failure action case-insensitively when validating an old object (#​11486)
• Fixed the missing emitWarning field in the v2beta1 policy (#​11489)
• Fixed the CLI to support VAP stable version v1 (#​11501)
• Fixed the auto-gen rules regarding celPreconditions (#​11503)
• Fixed a CLI issue by setting the default namespace for namespaced policies (#​11505)
• Fixed the configurable namespaceSelector list in the webhook (#​11516)
• Fixed an issue that the image verification rule blocks resource's update (#​11529)
• Fixed the policy validation message to include keywords "immutable fields" (#​11549)
• Fixed a panic issue for the admission controller when processing the validate rule (#​11550)

Helm

• Corrected Helm configuration behavior for global image registry (#​11482)

🔧 Others 🔧

• Switched to use the digest instead of the tag (#​11492)

v1.13.0

Compare Source

Note

• Removed deprecated flag reportsChunkSize.
• Added --tufRootRaw flag to pass tuf root for custom sigstore deployments.

v1.12.6

Compare Source

🐛 Fixed 🐛

• Change: Disable updaterequest cleanup cronjob (#​10678)
• Fix(helm): Remove namespace from RoleBinding/roleRef field (#​10685)
• Fix: Properly use useCache field in image verification policies (#​10709)
• Fix: Check for the client being nil before applying a mutation (#​10726)
• Fix: Resource namespace checks for Kyverno CLI (#​10738)
• Fix: Range through all resources to build webhook (#​10748)
• Fix: Get namespace labels before creating a policy context (#​10773)
• Fix: Wrong evaluation of pod security standard version (#​10924)
• Fix: Frequent API GET/UPDATE requests regarding webhooks reconciliation when no policies (#​11203, #​11225, #​11230, #​11233)

🔧 Others 🔧

• Fix: Bump docker in release 1.12 (#​11088)
• Fix: Updated Go version to v1.22.7 to address CVE-2024-34156 (#​11142)
• Chore: Bump chainsaw (#​10687)
• Chore: Bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible (#​10750)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 79 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.23.0 -> 1.23.3
k8s.io/api	v0.31.0 -> v0.31.1
k8s.io/apiextensions-apiserver	v0.31.0 -> v0.31.1
k8s.io/apimachinery	v0.31.0 -> v0.31.1
k8s.io/client-go	v0.31.0 -> v0.31.1
cloud.google.com/go/compute/metadata	v0.3.0 -> v0.5.0
github.com/Azure/go-autorest/autorest/adal	v0.9.23 -> v0.9.24
github.com/Azure/go-autorest/autorest/azure/auth	v0.5.12 -> v0.5.13
github.com/Microsoft/go-winio	v0.6.1 -> v0.6.2
github.com/alibabacloud-go/alibabacloud-gateway-spi	v0.0.4 -> v0.0.5
github.com/alibabacloud-go/debug	v1.0.0 -> v1.0.1
github.com/alibabacloud-go/openapi-util	v0.1.0 -> v0.1.1
github.com/aliyun/credentials-go	v1.3.2 -> v1.3.8
github.com/aptible/supercronic	v0.2.29 -> v0.2.30
github.com/aws/aws-sdk-go-v2	v1.26.0 -> v1.30.5
github.com/aws/aws-sdk-go-v2/config	v1.27.9 -> v1.27.33
github.com/aws/aws-sdk-go-v2/credentials	v1.17.9 -> v1.17.32
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.0 -> v1.16.13
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.4 -> v1.3.17
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.4 -> v2.6.17
github.com/aws/aws-sdk-go-v2/internal/ini	v1.8.0 -> v1.8.1
github.com/aws/aws-sdk-go-v2/service/ecr	v1.24.7 -> v1.33.0
github.com/aws/aws-sdk-go-v2/service/ecrpublic	v1.21.6 -> v1.25.6
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.11.1 -> v1.11.4
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.11.6 -> v1.11.19
github.com/aws/aws-sdk-go-v2/service/sso	v1.20.3 -> v1.22.7
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.23.3 -> v1.26.7
github.com/aws/aws-sdk-go-v2/service/sts	v1.28.5 -> v1.30.7
github.com/aws/smithy-go	v1.20.1 -> v1.20.4
github.com/awslabs/amazon-ecr-credential-helper/ecr-login	v0.0.0-20240116161626-88cfadc80e8f -> v0.0.0-20240909191326-0ee4ec5d16bf
github.com/buildkite/agent/v3	v3.62.0 -> v3.78.0
github.com/buildkite/go-pipeline	v0.3.2 -> v0.11.0
github.com/buildkite/interpolate	v0.0.0-20200526001904-07f35b4ae251 -> v0.1.3
github.com/cloudflare/circl	v1.3.7 -> v1.4.0
github.com/coreos/go-oidc/v3	v3.10.0 -> v3.11.0
github.com/docker/cli	v25.0.1+incompatible -> v27.2.0+incompatible
github.com/docker/docker-credential-helpers	v0.8.1 -> v0.8.2
github.com/go-jose/go-jose/v4	v4.0.1 -> v4.0.4
github.com/google/certificate-transparency-go	v1.1.8 -> v1.2.1
github.com/google/go-containerregistry	v0.19.1 -> v0.20.2
github.com/google/s2a-go	v0.1.7 -> v0.1.8
github.com/googleapis/enterprise-certificate-proxy	v0.3.2 -> v0.3.3
github.com/hashicorp/go-retryablehttp	v0.7.5 -> v0.7.7
github.com/in-toto/in-toto-golang	v0.9.0 -> v0.9.1-0.20240317085821-8e2966059a09
github.com/klauspost/compress	v1.17.5 -> v1.17.9
github.com/letsencrypt/boulder	v0.0.0-20240127020530-97a19b18d21e -> v0.0.0-20240823215653-da7865cb107b
github.com/oleiade/reflections	v1.0.1 -> v1.1.0
github.com/open-policy-agent/gatekeeper/v3	v3.14.0 -> v3.17.0
github.com/open-policy-agent/opa	v0.63.0 -> v0.67.1
github.com/pelletier/go-toml/v2	v2.1.1 -> v2.2.3
github.com/prometheus/client_golang	v1.19.1 -> v1.20.4
github.com/prometheus/common	v0.55.0 -> v0.59.1
github.com/rogpeppe/go-internal	v1.12.0 -> v1.12.1-0.20240709150035-ccf4b4329d21
github.com/sagikazarmark/locafero	v0.4.0 -> v0.6.0
github.com/sigstore/cosign/v2	v2.2.4 -> v2.4.0
github.com/sigstore/fulcio	v1.4.5 -> v1.6.3
github.com/sigstore/sigstore	v1.8.3 -> v1.8.10
github.com/spf13/cast	v1.6.0 -> v1.7.0
github.com/spf13/viper	v1.18.2 -> v1.19.0
github.com/spiffe/go-spiffe/v2	v2.2.0 -> v2.3.0
github.com/tektoncd/chains	v0.19.0 -> v0.22.0
github.com/xanzy/go-gitlab	v0.102.0 -> v0.108.0
go.mongodb.org/mongo-driver	v1.14.0 -> v1.16.1
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.53.0 -> v0.55.0
go.opentelemetry.io/otel	v1.28.0 -> v1.30.0
go.opentelemetry.io/otel/metric	v1.28.0 -> v1.30.0
go.opentelemetry.io/otel/sdk	v1.28.0 -> v1.30.0
go.opentelemetry.io/otel/trace	v1.28.0 -> v1.30.0
go.step.sm/crypto	v0.44.2 -> v0.51.1
golang.org/x/exp	v0.0.0-20240719175910-8a7402abbf56 -> v0.0.0-20240823005443-9b4947da3948
golang.org/x/oauth2	v0.21.0 -> v0.23.0
golang.org/x/time	v0.5.0 -> v0.6.0
google.golang.org/api	v0.172.0 -> v0.195.0
google.golang.org/genproto/googleapis/rpc	v0.0.0-20240701130421-f6361c86f094 -> v0.0.0-20240903143218-8af14fe29dc1
google.golang.org/grpc	v1.65.0 -> v1.67.0
k8s.io/component-base	v0.31.0 -> v0.31.1
k8s.io/kubectl	v0.29.2 -> v0.31.0
k8s.io/pod-security-admission	v0.29.2 -> v0.31.0
k8s.io/utils	v0.0.0-20240711033017-18e509b52bc8 -> v0.0.0-20240902221715-702e33fdd3c3
sigs.k8s.io/release-utils	v0.7.7 -> v0.8.4