chore(deps): Bump github.com/kyverno/kyverno from 1.12.0-alpha.1 to 1.12.0-rc.4

[dependabot]

Bumps github.com/kyverno/kyverno from 1.12.0-alpha.1 to 1.12.0-rc.4.

Release notes

Sourced from github.com/kyverno/kyverno's releases.

v1.12.0-rc.4

No release notes provided.

v1.12.0-rc.3

No release notes provided.

v1.12.0-rc.2

1.12 Release Notes

❗ Breaking (Potentially) ❗

• Policies using long-deprecated or invalid operators in conditions (ex., In and NotIn) will be blocked. Please see the current list of available operators here (#8624)

✨ Added ✨

• Added a global cache via a new Custom Resource called GlobalContextEntry allowing caching of any resource (#9591, #9595, #9601, #9602, #9614, #9615, #9618, #9619, #9620, #9621, #9643, #9652, #9678, #9710, #9813)
• Added the ability to configure the listening ports of webhooks for admission and cleanup controllers (#7728)
• Several new and improved abilities to reduce the scope of webhooks based on policy configurations, including support for the CEL-based matchConditions available in Kubernetes 1.27+ (#8065, #8437, #9483, #9599)
• Added a new container flag --protectManagedResources to the cleanup controller (#8566)
• Added a new container flag --renewBefore to the admission cleanup controllers to configure the cert renewal time (#8567)
• Added a new container flag --loggingtsFormat which can be used to change the time format of logs (#9276)
• Policy Exceptions now support conditions (#8577)
• Policy Exceptions now support excluding specific controls when using a Pod Security sub-rule validate.podSecurity (#9343, #9817)
• Pod Security sub-rule (validate.podSecurity) has a new ability to exclude based on restricted fields (exclude.restrictedField and associated values (#8585, #9770, #9658)
• Added a new field to verifyImages rules called skipImageReferences allowing you to exclude certain images (#8633)
• Added a new field to generate rules (data-type) called orphanDownstreamOnPolicyDelete which will preserve downstream resources when the policy/rule is deleted (#9579)
• Added the ability to deploy specific controllers with CRDs following suit (#8849, #9608)
• Added the ability to apply custom labels to Kyverno's webhooks, helpful especially for Argo CD users (#9015)
• Added support for more types of JSON patch operations like "move", "copy", and "test" (#9476)
• Policy Reports can now be generated from ValidatingAdmissionPolicies and their bindings (#9506)
• Created a new API group reports.kyverno.io for storing new ephemeral report kinds EphemeralReports and ClusterEphemeralReports (#9521, #9537)
• New is_external_url() JMESPath function to determine whether a given URL is an external URL (#8614)
• New sha256() JMESPath function to convert a string of any length to a fixed hash value (#9144)
• Kyverno CLI: Added a new migrate command which is used to migrate Kyverno resources to the current API version (#9296)
• Kyverno CLI: Added a new (experimental) json command which incorporates the Kyverno JSON subproject into the main CLI allowing for testing of any JSON content (#9639, #9651)
• Kyverno CLI: The test command now supports the same assertion trees available in Chainsaw (#9380)
• Kyverno CLI: The apply command now supports ValidatingAdmissionPolicyBindings (#9468, #9751, #9759)
• Kyverno CLI: apply and test commands now support Policy Exceptions (#9525, #9624, #9714, #9749)
• Kyverno CLI: Added a --resources flag as an alias for the existing --resource flag (#9749)

Helm

• Add chart parameters for setting revisionHistoryLimit (#8907)
• Allow excluding resources from config.resourceFilters (#8946)
• Allow defining ca-certificates bundle for Kyverno deployments (#8969)
• Clean up Helm change logs (#9057)
• Added ability to set extra environment variables globally (#9269)
• Added the ability to enable performance profiling to the chart (#9338)
• Added a global nodeSelector to the chart (#9339)
• Allow adding Pod labels to cleanup jobs in the chart (#9391)

... (truncated)

Commits

• 50f0829 release v1.12.0-rc.4 (#9999)
• 66ca7fb cherry-pick #9984 (#9997)
• 5d236da Latest api 1.12 (#9989)
• 265d57c release v1.12.0-rc.3 (#9969)
• 0b832a0 fix: cosign ctlog unit tests (#9970) (#9971)
• bd4666a fix: deferred loader panic when mutate and generate policies are applied (#99...
• 5d00419 Default exclusions in webhooks (#9948) (#9950)
• c8e930b release v1.12.0-rc.2 (#9914)
• b7adc9a fix(globalcontext): panics and validation (#9903) (#9910)
• f467e32 fix: properly update policy context after preexisting resource in violation c...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #108.