From 4976a211ad89642f751b515b26863c96cd5ed940 Mon Sep 17 00:00:00 2001
From: Huabing Zhao <zhaohuabing@gmail.com>
Date: Fri, 20 Dec 2024 06:29:30 +0000
Subject: [PATCH] bump osv scanner to 1.9.2

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
---
 .github/workflows/osv-scanner.yml                     |  7 ++-----
 .../kubernetes/proxy/testdata/daemonsets/custom.yaml  | 11 +----------
 .../proxy/testdata/daemonsets/default-env.yaml        | 11 +----------
 .../proxy/testdata/daemonsets/extension-env.yaml      | 11 +----------
 .../kubernetes/proxy/testdata/daemonsets/volumes.yaml | 11 +----------
 .../kubernetes/proxy/testdata/deployments/custom.yaml | 11 +----------
 .../deployments/custom_with_initcontainers.yaml       | 11 +----------
 .../proxy/testdata/deployments/default-env.yaml       | 11 +----------
 .../proxy/testdata/deployments/extension-env.yaml     | 11 +----------
 .../proxy/testdata/deployments/volumes.yaml           | 11 +----------
 10 files changed, 11 insertions(+), 95 deletions(-)

diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
index 90dfcbfa9e6..94446ef4976 100644
--- a/.github/workflows/osv-scanner.yml
+++ b/.github/workflows/osv-scanner.yml
@@ -21,7 +21,7 @@ jobs:
     if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
     runs-on: ubuntu-latest
     steps:
-    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@19ec1116569a47416e11a45848722b1af31a857b"  # v1.9.0
+    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@e994fd8ab13fe1394942045f5945cd39c6c2d68e" # v1.9.2
       with:
         scan-args: |-
           --skip-git
@@ -37,10 +37,7 @@ jobs:
     if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/setup-go@v5
-      with:
-        go-version: '1.23.4' # The Go version to download (if necessary) and use.
-    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@19ec1116569a47416e11a45848722b1af31a857b"  # v1.9.0
+    - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@e994fd8ab13fe1394942045f5945cd39c6c2d68e" # v1.9.2
       with:
         scan-args: |-
           --skip-git
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml
index 87727e4be1c..1214f149ee2 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml
@@ -336,16 +336,7 @@ spec:
             cpu: 10m
             memory: 32Mi
         securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
+          privileged: true
         startupProbe:
           failureThreshold: 30
           httpGet:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml
index 7827b9eccc7..2af1e053bcb 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml
@@ -335,16 +335,7 @@ spec:
             cpu: 10m
             memory: 32Mi
         securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
+          privileged: true
         startupProbe:
           failureThreshold: 30
           httpGet:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml
index b75e8ec22ad..50f2fbb6149 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml
@@ -339,16 +339,7 @@ spec:
             cpu: 10m
             memory: 32Mi
         securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
+          privileged: true
         startupProbe:
           failureThreshold: 30
           httpGet:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml
index 53ec48429c1..fdd2a5ad81b 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml
@@ -339,16 +339,7 @@ spec:
             cpu: 10m
             memory: 32Mi
         securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
+          privileged: true
         startupProbe:
           failureThreshold: 30
           httpGet:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml
index a312bb39a61..6d0ef21c6f6 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml
@@ -341,16 +341,7 @@ spec:
             cpu: 10m
             memory: 32Mi
         securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
+          privileged: true
         startupProbe:
           failureThreshold: 30
           httpGet:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml
index e4518aa9be7..4913ef2f881 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml
@@ -343,16 +343,7 @@ spec:
             cpu: 10m
             memory: 32Mi
         securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
+          privileged: true
         startupProbe:
           failureThreshold: 30
           httpGet:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml
index 5d34ac37081..e3d1a9eac5e 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml
@@ -340,16 +340,7 @@ spec:
             cpu: 10m
             memory: 32Mi
         securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
+          privileged: true
         startupProbe:
           failureThreshold: 30
           httpGet:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml
index 232fa80b00f..25c91f46023 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml
@@ -344,16 +344,7 @@ spec:
             cpu: 10m
             memory: 32Mi
         securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
+          privileged: true
         startupProbe:
           failureThreshold: 30
           httpGet:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml
index 282e038d84b..4a6e420c035 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml
@@ -344,16 +344,7 @@ spec:
             cpu: 10m
             memory: 32Mi
         securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
+          privileged: true
         startupProbe:
           failureThreshold: 30
           httpGet: