From 6fc2acff2c074e10e123128a8f76aec8bc167e3b Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 25 Apr 2024 14:13:17 +0000
Subject: [PATCH] Update vendir https://github.com/giantswarm/kyverno to
 v1.11.4

---
 .../charts/kyverno-policies/.helmignore        |  1 +
 .../charts/kyverno-policies/Chart.yaml         | 18 ++++--------------
 .../charts/kyverno-policies/README.md          |  7 ++++---
 .../baseline/disallow-capabilities.yaml        |  2 +-
 .../baseline/disallow-host-namespaces.yaml     |  2 +-
 .../templates/baseline/disallow-host-path.yaml |  2 +-
 .../baseline/disallow-host-ports.yaml          |  2 +-
 .../baseline/disallow-host-process.yaml        |  2 +-
 .../disallow-privileged-containers.yaml        |  2 +-
 .../baseline/disallow-proc-mount.yaml          |  2 +-
 .../templates/baseline/disallow-selinux.yaml   |  2 +-
 .../baseline/restrict-apparmor-profiles.yaml   |  2 +-
 .../templates/baseline/restrict-seccomp.yaml   |  2 +-
 .../templates/baseline/restrict-sysctls.yaml   |  2 +-
 .../other/require-non-root-groups.yaml         |  2 +-
 .../disallow-capabilities-strict.yaml          |  2 +-
 .../disallow-privilege-escalation.yaml         |  2 +-
 .../require-run-as-non-root-user.yaml          |  2 +-
 .../restricted/require-run-as-nonroot.yaml     |  2 +-
 .../restricted/restrict-seccomp-strict.yaml    |  2 +-
 .../restricted/restrict-volume-types.yaml      |  2 +-
 .../charts/kyverno-policies/values.yaml        |  8 ++++++--
 vendir.lock.yml                                |  6 +++---
 vendir.yml                                     |  2 +-
 24 files changed, 37 insertions(+), 41 deletions(-)

diff --git a/helm/kyverno-policies/charts/kyverno-policies/.helmignore b/helm/kyverno-policies/charts/kyverno-policies/.helmignore
index 20b07486..85df807a 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/.helmignore
+++ b/helm/kyverno-policies/charts/kyverno-policies/.helmignore
@@ -1,2 +1,3 @@
+.helmignore
 ci/
 README.md.gotmpl
diff --git a/helm/kyverno-policies/charts/kyverno-policies/Chart.yaml b/helm/kyverno-policies/charts/kyverno-policies/Chart.yaml
index 1c41bfc5..5ad93a7f 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/Chart.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 type: application
 name: kyverno-policies
-version: 3.0.4
-appVersion: v1.10.3
+version: 3.1.4
+appVersion: v1.11.4
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 description: Kubernetes Pod Security Standards implemented as Kyverno policies
 keywords:
@@ -15,19 +15,9 @@ home: https://kyverno.io/policies/
 sources:
   - https://github.com/kyverno/policies
 maintainers:
-  - name: Nirmata
-    url: https://kyverno.io/
+  - name: kyverno-maintainers
+    email: cncf-kyverno-maintainers@lists.cncf.io
 kubeVersion: ">=1.16.0-0"
 annotations:
   artifacthub.io/operator: "false"
   artifacthub.io/prerelease: "false"
-  # valid kinds are: added, changed, deprecated, removed, fixed and security
-  artifacthub.io/changes: |
-    - kind: added
-      description: Add ability to configure autogen behavior
-    - kind: fixed
-      description: Support for customLabels, they were ignored up to now
-    - kind: removed
-      description: "Walk back change in PSS policy to send to to_upper"
-    - kind: fixed
-      description: Skip DELETE requests on policies using deny statements
diff --git a/helm/kyverno-policies/charts/kyverno-policies/README.md b/helm/kyverno-policies/charts/kyverno-policies/README.md
index 6a5ffeee..ade3a9c7 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/README.md
+++ b/helm/kyverno-policies/charts/kyverno-policies/README.md
@@ -2,7 +2,7 @@
 
 Kubernetes Pod Security Standards implemented as Kyverno policies
 
-![Version: 3.0.4](https://img.shields.io/badge/Version-3.0.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.10.3](https://img.shields.io/badge/AppVersion-v1.10.3-informational?style=flat-square)
+![Version: 3.1.4](https://img.shields.io/badge/Version-3.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.11.4](https://img.shields.io/badge/AppVersion-v1.11.4-informational?style=flat-square)
 
 ## About
 
@@ -63,13 +63,14 @@ The command removes all the Kubernetes components associated with the chart and
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| policyKind | string | `"ClusterPolicy"` | Policy kind (`ClusterPolicy`, `Policy`) Set to `Policy` if you need namespaced policies and not cluster policies |
 | podSecurityStandard | string | `"baseline"` | Pod Security Standard profile (`baseline`, `restricted`, `privileged`, `custom`). For more info https://kyverno.io/policies/pod-security. |
 | podSecuritySeverity | string | `"medium"` | Pod Security Standard (`low`, `medium`, `high`). |
 | podSecurityPolicies | list | `[]` | Policies to include when `podSecurityStandard` is `custom`. |
 | includeOtherPolicies | list | `[]` | Additional policies to include from `other`. |
 | includeRestrictedPolicies | list | `[]` | Additional policies to include from `restricted`. |
 | failurePolicy | string | `"Fail"` | API server behavior if the webhook fails to respond ('Ignore', 'Fail') For more info: https://kyverno.io/docs/writing-policies/policy-settings/ |
-| validationFailureAction | string | `"audit"` | Validation failure action (`audit`, `enforce`). For more info https://kyverno.io/docs/writing-policies/validate. |
+| validationFailureAction | string | `"Audit"` | Validation failure action (`Audit`, `Enforce`). For more info https://kyverno.io/docs/writing-policies/validate. |
 | validationFailureActionByPolicy | object | `{}` | Define validationFailureActionByPolicy for specific policies. Override the defined `validationFailureAction` with a individual validationFailureAction for individual Policies. |
 | validationFailureActionOverrides | object | `{"all":[]}` | Define validationFailureActionOverrides for specific policies. The overrides for `all` will apply to all policies. |
 | policyExclude | object | `{}` | Exclude resources from individual policies. Policies with multiple rules can have individual rules excluded by using the name of the rule as the key in the `policyExclude` map. |
@@ -92,7 +93,7 @@ Kubernetes: `>=1.16.0-0`
 
 | Name | Email | Url |
 | ---- | ------ | --- |
-| Nirmata |  | <https://kyverno.io/> |
+| kyverno-maintainers | <cncf-kyverno-maintainers@lists.cncf.io> |  |
 
 ## Changes
 
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-capabilities.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-capabilities.yaml
index 993a7c77..80c8f8ff 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-capabilities.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-capabilities.yaml
@@ -2,7 +2,7 @@
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 {{- include "kyverno-policies.supportedKyvernoCheck" (dict "top" . "ver" ">= 1.6.0-0") }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-namespaces.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-namespaces.yaml
index 894beec5..0709da5b 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-namespaces.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-namespaces.yaml
@@ -1,7 +1,7 @@
 {{- $name := "disallow-host-namespaces" }}
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-path.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-path.yaml
index 8793ef3a..c4d14268 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-path.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-path.yaml
@@ -1,7 +1,7 @@
 {{- $name := "disallow-host-path" }}
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-ports.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-ports.yaml
index 67ec3b9c..cb29db05 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-ports.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-ports.yaml
@@ -1,7 +1,7 @@
 {{- $name := "disallow-host-ports" }}
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-process.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-process.yaml
index 8ad2d0c8..1205f4ec 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-process.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-host-process.yaml
@@ -1,7 +1,7 @@
 {{- $name := "disallow-host-process" }}
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-privileged-containers.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-privileged-containers.yaml
index 1d65f029..b0ce149e 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-privileged-containers.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-privileged-containers.yaml
@@ -1,7 +1,7 @@
 {{- $name := "disallow-privileged-containers" }}
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-proc-mount.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-proc-mount.yaml
index c607738c..3d215d02 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-proc-mount.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-proc-mount.yaml
@@ -1,7 +1,7 @@
 {{- $name := "disallow-proc-mount" }}
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-selinux.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-selinux.yaml
index 89d0209d..d8785a92 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-selinux.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/disallow-selinux.yaml
@@ -1,7 +1,7 @@
 {{- $name := "disallow-selinux" }}
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-apparmor-profiles.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-apparmor-profiles.yaml
index b58c6877..3db9a943 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-apparmor-profiles.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-apparmor-profiles.yaml
@@ -1,7 +1,7 @@
 {{- $name := "restrict-apparmor-profiles" }}
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-seccomp.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-seccomp.yaml
index 99dbcabc..a62fdfe6 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-seccomp.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-seccomp.yaml
@@ -1,7 +1,7 @@
 {{- $name := "restrict-seccomp" }}
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-sysctls.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-sysctls.yaml
index 7e3da6ad..8e74fa85 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-sysctls.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/baseline/restrict-sysctls.yaml
@@ -1,7 +1,7 @@
 {{- $name := "restrict-sysctls" }}
 {{- if eq (include "kyverno-policies.podSecurityBaseline" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/other/require-non-root-groups.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/other/require-non-root-groups.yaml
index 759fab90..411f3ede 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/other/require-non-root-groups.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/other/require-non-root-groups.yaml
@@ -1,7 +1,7 @@
 {{- $name := "require-non-root-groups" }}
 {{- if eq (include "kyverno-policies.podSecurityOther" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/disallow-capabilities-strict.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/disallow-capabilities-strict.yaml
index 46ea01b1..8d1bca94 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/disallow-capabilities-strict.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/disallow-capabilities-strict.yaml
@@ -2,7 +2,7 @@
 {{- if eq (include "kyverno-policies.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 {{- include "kyverno-policies.supportedKyvernoCheck" (dict "top" . "ver" ">= 1.6.0-0") }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/disallow-privilege-escalation.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/disallow-privilege-escalation.yaml
index 687a2eb4..56148903 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/disallow-privilege-escalation.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/disallow-privilege-escalation.yaml
@@ -1,7 +1,7 @@
 {{- $name := "disallow-privilege-escalation" }}
 {{- if eq (include "kyverno-policies.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/require-run-as-non-root-user.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/require-run-as-non-root-user.yaml
index f4087735..baeaf077 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/require-run-as-non-root-user.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/require-run-as-non-root-user.yaml
@@ -1,7 +1,7 @@
 {{- $name := "require-run-as-non-root-user" }}
 {{- if eq (include "kyverno-policies.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/require-run-as-nonroot.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/require-run-as-nonroot.yaml
index 406689f3..5ec363f7 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/require-run-as-nonroot.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/require-run-as-nonroot.yaml
@@ -1,7 +1,7 @@
 {{- $name := "require-run-as-nonroot" }}
 {{- if eq (include "kyverno-policies.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/restrict-seccomp-strict.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/restrict-seccomp-strict.yaml
index af8888fe..e5138b6a 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/restrict-seccomp-strict.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/restrict-seccomp-strict.yaml
@@ -1,7 +1,7 @@
 {{- $name := "restrict-seccomp-strict" }}
 {{- if eq (include "kyverno-policies.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/restrict-volume-types.yaml b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/restrict-volume-types.yaml
index f5e221c7..31a9cecb 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/restrict-volume-types.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/templates/restricted/restrict-volume-types.yaml
@@ -2,7 +2,7 @@
 {{- if eq (include "kyverno-policies.podSecurityRestricted" (merge (dict "name" $name) .)) "true" }}
 {{- include "kyverno-policies.supportedKyvernoCheck" (dict "top" . "ver" ">= 1.6.0-0") }}
 apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+kind: {{ .Values.policyKind }}
 metadata:
   name: {{ $name }}
   annotations:
diff --git a/helm/kyverno-policies/charts/kyverno-policies/values.yaml b/helm/kyverno-policies/charts/kyverno-policies/values.yaml
index 4fe5dc7f..ad61561a 100644
--- a/helm/kyverno-policies/charts/kyverno-policies/values.yaml
+++ b/helm/kyverno-policies/charts/kyverno-policies/values.yaml
@@ -1,3 +1,7 @@
+# -- Policy kind (`ClusterPolicy`, `Policy`)
+# Set to `Policy` if you need namespaced policies and not cluster policies
+policyKind: ClusterPolicy
+
 # -- Pod Security Standard profile (`baseline`, `restricted`, `privileged`, `custom`).
 # For more info https://kyverno.io/policies/pod-security.
 podSecurityStandard: baseline
@@ -20,9 +24,9 @@ includeRestrictedPolicies: []
 # For more info: https://kyverno.io/docs/writing-policies/policy-settings/
 failurePolicy: Fail
 
-# -- Validation failure action (`audit`, `enforce`).
+# -- Validation failure action (`Audit`, `Enforce`).
 # For more info https://kyverno.io/docs/writing-policies/validate.
-validationFailureAction: audit
+validationFailureAction: Audit
 
 # -- Define validationFailureActionByPolicy for specific policies.
 # Override the defined `validationFailureAction` with a individual validationFailureAction for individual Policies.
diff --git a/vendir.lock.yml b/vendir.lock.yml
index 4664ea3e..a5b3dbd4 100644
--- a/vendir.lock.yml
+++ b/vendir.lock.yml
@@ -2,10 +2,10 @@ apiVersion: vendir.k14s.io/v1alpha1
 directories:
 - contents:
   - git:
-      commitTitle: release 1.10.3 (#8006)...
-      sha: 8137b4b8afd7ab1464a42e717dc83f1cc471a4a1
+      commitTitle: release 1.11.4 (#9453)...
+      sha: 6c88cf5ee12dcf0c3ecfc29b893864216a05b828
       tags:
-      - v1.10.3
+      - v1.11.4
     path: .
   path: helm/kyverno-policies/charts/kyverno-policies
 kind: LockConfig
diff --git a/vendir.yml b/vendir.yml
index 3fbb575b..3bba0ce9 100644
--- a/vendir.yml
+++ b/vendir.yml
@@ -6,7 +6,7 @@ directories:
   - path: .
     git:
       url: https://github.com/giantswarm/kyverno
-      ref: v1.10.3
+      ref: v1.11.4
     includePaths:
       - charts/kyverno-policies/**
     newRootPath: charts/kyverno-policies