Helm upgrade to v3.11.1 for CVE-2023-25165 (#2933)

* Update Helm to v3.11.1

Updatate go.mod, go.sum, and vendor directory.

Signed-off-by: Todd Short <[email protected]>

* Run go fmt

Plus some manual edits.

Signed-off-by: Todd Short <[email protected]>

* Update from make verify

Signed-off-by: Todd Short <[email protected]>

* Fix golangci-lint issues

Signed-off-by: Todd Short <[email protected]>

* Client updates due to controller-runtime

Status is now updated using SubResource methods and options

Signed-off-by: Todd Short <[email protected]>

---------

Signed-off-by: Todd Short <[email protected]>

pkg/api/client/clientset/versioned/fake/decorator.go

@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,

pkg/controller/install/deployment.go

@@ -175,7 +175,7 @@ func (i *StrategyDeploymentInstaller) deploymentForSpec(name string, spec appsv1
 	// By default, each deployment created by OLM could spawn up to 10 replicaSets.
 	// By setting the deployments revisionHistoryLimit to 1, OLM will only create up
 	// to 2 ReplicaSets per deployment it manages, saving memory.
-	dep.Spec.RevisionHistoryLimit = pointer.Int32Ptr(1)
+	dep.Spec.RevisionHistoryLimit = pointer.Int32(1)
 
 	hash = HashDeploymentSpec(dep.Spec)
 	dep.Labels[DeploymentSpecHashLabelKey] = hash

pkg/controller/operators/catalog/operator_test.go

@@ -1333,7 +1333,8 @@ func TestCompetingCRDOwnersExist(t *testing.T) {
 			expectedResult: true,
 		},
 	}
-	for _, tt := range tests {
+	for _, xt := range tests {
+		tt := xt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 

pkg/controller/operators/olm/operator_test.go

@@ -3852,7 +3852,8 @@ func TestUpdates(t *testing.T) {
 			in:   []*v1alpha1.ClusterServiceVersion{c, a, b},
 		},
 	}
-	for _, tt := range tests {
+	for _, xt := range tests {
+		tt := xt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 

pkg/lib/catalogsource/catalogsource_update.go

@@ -12,7 +12,8 @@ import (
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/api/client/clientset/versioned"
 )
 
-/* UpdateStatus can be used to update the status of the provided catalog source. Note that
+/*
+UpdateStatus can be used to update the status of the provided catalog source. Note that
 the caller is responsible for ensuring accurate status values in the catsrc argument (i.e.
 the status is used as-is).
 
@@ -34,7 +35,8 @@ func UpdateStatus(logger *logrus.Entry, client versioned.Interface, catsrc *v1al
 	return nil
 }
 
-/* UpdateStatusWithConditions can be used to update the status conditions for the provided catalog source.
+/*
+UpdateStatusWithConditions can be used to update the status conditions for the provided catalog source.
 This function will make no changes to the other status fields (those fields will be used as-is).
 If the provided conditions do not result in any status condition changes, then the API server will not be updated.
 Note that the caller is responsible for ensuring accurate status values for all other fields.
@@ -71,7 +73,8 @@ func UpdateStatusWithConditions(logger *logrus.Entry, client versioned.Interface
 	return nil
 }
 
-/* UpdateSpecAndStatusConditions can be used to update the catalog source with the provided status conditions.
+/*
+UpdateSpecAndStatusConditions can be used to update the catalog source with the provided status conditions.
 This will update the spec and status portions of the catalog source. Calls to the API server will occur
 even if the provided conditions result in no changes.
 
@@ -98,7 +101,8 @@ func UpdateSpecAndStatusConditions(logger *logrus.Entry, client versioned.Interf
 	return nil
 }
 
-/* RemoveStatusConditions can be used to remove the status conditions for the provided catalog source.
+/*
+RemoveStatusConditions can be used to remove the status conditions for the provided catalog source.
 This function will make no changes to the other status fields (those fields will be used as-is).
 If the provided conditions do not result in any status condition changes, then the API server will not be updated.
 Note that the caller is responsible for ensuring accurate status values for all other fields.

pkg/lib/controller-runtime/client/fake_ssa.go

@@ -35,8 +35,7 @@ type fakeStatusWriter struct {
 	k8scontrollerclient.StatusWriter
 }
 
-func (c fakeStatusWriter) Patch(ctx context.Context, obj k8scontrollerclient.Object, patch k8scontrollerclient.Patch, opts ...k8scontrollerclient.PatchOption) error {
-	patch, opts = convertApplyToMergePatch(patch, opts...)
+func (c fakeStatusWriter) Patch(ctx context.Context, obj k8scontrollerclient.Object, patch k8scontrollerclient.Patch, opts ...k8scontrollerclient.SubResourcePatchOption) error {
 	return c.StatusWriter.Patch(ctx, obj, patch, opts...)
 }
 

pkg/lib/controller-runtime/client/ssa.go

@@ -90,10 +90,11 @@ type ServerSideApplier struct {
 // plan := &InstallPlan{}
 // plan.SetNamespace("ns")
 // plan.SetName("install-123def")
-// Eventually(c.Apply(plan, func(p *v1alpha1.InstallPlan) error {
-//		p.Spec.Approved = true
-//		return nil
-// })).Should(Succeed())
+//
+//	Eventually(c.Apply(plan, func(p *v1alpha1.InstallPlan) error {
+//			p.Spec.Approved = true
+//			return nil
+//	})).Should(Succeed())
 func (c *ServerSideApplier) Apply(ctx context.Context, obj Object, changeFunc interface{}) func() error {
 	// Ensure given object is a pointer
 	objType := reflect.TypeOf(obj)
@@ -182,7 +183,10 @@ func (c *ServerSideApplier) Apply(ctx context.Context, obj Object, changeFunc in
 			return err
 		}
 
-		if err := c.client.Status().Patch(ctx, cp, k8scontrollerclient.Apply, k8scontrollerclient.ForceOwnership, c.Owner); err != nil {
+		pos := &k8scontrollerclient.SubResourcePatchOptions{}
+		k8scontrollerclient.ForceOwnership.ApplyToPatch(&pos.PatchOptions)
+
+		if err := c.client.Status().Patch(ctx, cp, k8scontrollerclient.Apply, pos, c.Owner); err != nil {
 			fmt.Printf("second patch error: %s\n", err)
 			return err
 		}

pkg/lib/kubernetes/pkg/printers/tablegenerator.go

@@ -150,7 +150,9 @@ func (h *HumanReadableGenerator) TableHandler(columnDefinitions []metav1beta1.Ta
 // ValidateRowPrintHandlerFunc validates print handler signature.
 // printFunc is the function that will be called to print an object.
 // It must be of the following type:
-//  func printFunc(object ObjectType, options GenerateOptions) ([]metav1beta1.TableRow, error)
+//
+//	func printFunc(object ObjectType, options GenerateOptions) ([]metav1beta1.TableRow, error)
+//
 // where ObjectType is the type of the object that will be printed, and the first
 // return value is an array of rows, with each row containing a number of cells that
 // match the number of columns defined for that printer function.

pkg/lib/operatorlister/lister.go

@@ -28,6 +28,7 @@ import (
 //go:generate go run github.com/maxbrunsfeld/counterfeiter/v6 -o ./operatorlisterfakes/fake_clusterserviceversion_v1alpha1_namespace_lister.go ../../api/client/listers/operators/v1alpha1.ClusterServiceVersionNamespaceLister
 
 // OperatorLister is a union of versioned informer listers
+//
 //go:generate go run github.com/maxbrunsfeld/counterfeiter/v6 . OperatorLister
 type OperatorLister interface {
 	AppsV1() AppsV1Lister

pkg/lib/operatorstatus/csv_handler.go

@@ -86,8 +86,8 @@ type handler struct {
 // OnAddOrUpdate is invoked when a CSV has been added or edited. We tap into
 // this notification and do the following:
 //
-// a. Make sure this is the CSV related to the cluster operator resource we are
-//    tracking. Otherwise, do nothing.
+// a. Make sure this is the CSV related to the cluster operator resource we are tracking. Otherwise, do nothing.
+//
 // b. If this is the right CSV then send it to the monitor.
 func (h *handler) OnAddOrUpdate(in *v1alpha1.ClusterServiceVersion) {
 	h.onNotification(in, false)
@@ -96,8 +96,8 @@ func (h *handler) OnAddOrUpdate(in *v1alpha1.ClusterServiceVersion) {
 // OnDelete is invoked when a CSV has been deleted. We tap into
 // this notification and do the following:
 //
-// a. Make sure this is the CSV related to the cluster operator resource we are
-//    tracking. Otherwise, do nothing.
+// a. Make sure this is the CSV related to the cluster operator resource we are tracking. Otherwise, do nothing.
+//
 // b. If this is the right CSV then send it to the monitor.
 func (h *handler) OnDelete(in *v1alpha1.ClusterServiceVersion) {
 	h.onNotification(in, true)

pkg/lib/proxy/overridden.go

@@ -6,8 +6,9 @@ import (
 
 // IsOverridden returns true if the given container overrides proxy env variable(s).
 // We apply the following rule:
-//   If a container already defines any of the proxy env variable then it
-//   overrides all of these.
+//
+//	If a container already defines any of the proxy env variable then it
+//	overrides all of these.
 func IsOverridden(envVar []corev1.EnvVar) (overrides bool) {
 	for _, envVarName := range allProxyEnvVarNames {
 		_, found := find(envVar, envVarName)