Skip to content

Build(deps): bump the gomod-backward-compatible group across 1 directory with 6 updates#765

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-backward-compatible-b508249985
Closed

Build(deps): bump the gomod-backward-compatible group across 1 directory with 6 updates#765
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-backward-compatible-b508249985

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 19, 2025
edited
Loading

Bumps the gomod-backward-compatible group with 4 updates in the / directory: github.com/hashicorp/vault/sdk, github.com/operator-framework/operator-lib, k8s.io/api and k8s.io/client-go.

Updates github.com/hashicorp/vault/sdk from 0.15.2 to 0.16.0

Changelog

Sourced from github.com/hashicorp/vault/sdk's changelog.

1.15.16 Enterprise

October 09, 2024

SECURITY:

  • secrets/identity: A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their privileges to Vault's root policy (CVE-2024-9180) HCSEC-2024-21

IMPROVEMENTS:

  • core: log at level ERROR rather than INFO when all seals are unhealthy. [GH-28564]

BUG FIXES:

  • auth/cert: When using ocsp_ca_certificates, an error was produced though extra certs validation succeeded. [GH-28597]
  • auth/token: Fix token TTL calculation so that it uses max_lease_ttl tune value for tokens created via auth/token/create. [GH-28498]

1.15.15 Enterprise

September 25, 2024

SECURITY:

CHANGES:

  • core: Bump Go version to 1.22.7.
  • secrets/ssh: Add a flag, allow_empty_principals to allow keys or certs to apply to any user/principal. [GH-28466]

BUG FIXES:

  • secret/aws: Fixed potential panic after step-down and the queue has not repopulated. [GH-28330]
  • auth/cert: During certificate validation, OCSP requests are debug logged even if Vault's log level is above DEBUG. [GH-28450]
  • auth/cert: ocsp_ca_certificates field was not honored when validating OCSP responses signed by a CA that did not issue the certificate. [GH-28309]
  • auth: Updated error handling for missing login credentials in AppRole and UserPass auth methods to return a 400 error instead of a 500 error. [GH-28441]
  • core: Fixed an issue where maximum request duration timeout was not being added to all requests containing strings sys/monitor and sys/events. With this change, timeout is now added to all requests except monitor and events endpoint. [GH-28230]

1.15.14 Enterprise

August 29, 2024

CHANGES:

  • activity (enterprise): filter all fields in client count responses by the request namespace [GH-27790]
  • core: Bump Go version to 1.22.6

IMPROVEMENTS:

  • activity log: Changes how new client counts in the current month are estimated, in order to return more visibly sensible totals. [GH-27547]
  • activity: /sys/internal/counters/activity will now include a warning if the specified usage period contains estimated client counts. [GH-28068]
  • cli: vault operator usage will now include a warning if the specified usage period contains estimated client counts. [GH-28068]
  • core/activity: Ensure client count queries that include the current month return consistent results by sorting the clients before performing estimation [GH-28062]

... (truncated)

Commits

Updates github.com/operator-framework/operator-lib from 0.17.0 to 0.18.0

Release notes

Sourced from github.com/operator-framework/operator-lib's releases.

v0.18.0

What's Changed

Full Changelog: operator-framework/operator-lib@v0.17.0...v0.18.0

Commits
  • 8962264 🌱 Bump github.com/prometheus/client_model from 0.6.1 to 0.6.2 (#235)
  • 061100a 🌱 Bump github.com/prometheus/client_golang (#234)
  • 0eee528 🌱 Bump github.com/onsi/gomega from 1.36.3 to 1.37.0 (#232)
  • bc741ec 🌱 Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#233)
  • d6cd10b 🌱 Bump golang.org/x/net from 0.37.0 to 0.38.0 (#237)
  • b73816b 🌱 Bump sigs.k8s.io/controller-runtime from 0.20.3 to 0.20.4 (#231)
  • f20c789 🌱 Bump github.com/onsi/gomega from 1.36.2 to 1.36.3 (#230)
  • 9075535 🌱 Bump github.com/onsi/ginkgo/v2 from 2.23.0 to 2.23.1 (#228)
  • 0b7e760 🌱 Bump golang.org/x/net from 0.35.0 to 0.36.0 (#227)
  • 6e1d202 🌱 Bump sigs.k8s.io/controller-runtime from 0.20.2 to 0.20.3 (#226)
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.21.1 to 1.22.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.22.0 - 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765
Commits
  • d50be25 Cut 1.22.0 (#1793)
  • 1043db7 Cut 1.22.0-rc.0 (#1768)
  • e575c9c promhttp: Isolate zstd support and klauspost/compress library use to promhttp...
  • f2276aa Merge pull request #1764 from prometheus/dependabot/github_actions/github-act...
  • 9df772c build(deps): bump peter-evans/create-pull-request
  • a3548c5 Merge pull request #1754 from saswatamcode/exp-eh
  • 60fd2b0 Remove go.work file for now
  • 8f9d0de exp: Add dependabot config
  • c5cf981 Merge pull request #1762 from prometheus/release-1.21
  • e84c305 exp: Reset snappy buf (#1756)
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.32.3 to 0.33.1

Commits
  • 04f698e Update dependencies to v0.33.1 tag
  • 16cedc7 Merge pull request #131088 from atiratree/rename-terminating-replicas-fg
  • dc88679 Merge pull request #131103 from ahrtr/etcd_sdk_20250328
  • 4a456a2 bump etcd 3.5.21 sdk
  • 96e38c9 rename DeploymentPodReplacementPolicy FG to DeploymentReplicaSetTerminatingRe...
  • c21a017 Merge pull request #129970 from mortent/AddResourceV1beta2API
  • d0673db Run make update
  • 118546d Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
  • f9401a3 Merge pull request #130797 from jm-franc/configurable-tolerance
  • 9b3e544 Generated UPDATE_COMPATIBILITY_FIXTURE_DATA
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.32.3 to 0.33.1

Commits
  • 173776a Merge pull request #131708tigrato/automated-cherry-pick-of-#131702
  • a3d1fde fix: fixes a possible panic in NewYAMLToJSONDecoder
  • 955939f bump etcd 3.5.21 sdk
  • e8a77bd Merge pull request #130910 from googs1025/fix/datarace
  • 7e8c77e Merge pull request #130906 from serathius/streaming-validation
  • 27fd396 flake: fix data race for func TestBackoff_Step
  • 8bcc6f1 Update kube-openapi and integrate streaming tags validation
  • 6ce776c Merge pull request #130857 from thockin/kk_small_vg_diffs
  • f2c94d6 Comment on origin and JSON schema
  • b63ba07 Use origin in validateFalse's own test
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.32.3 to 0.33.1

Commits
  • e7397e5 Update dependencies to v0.33.1 tag
  • ecbbb06 bump etcd 3.5.21 sdk
  • 2086688 Merge pull request #129970 from mortent/AddResourceV1beta2API
  • dba34c7 Run make update
  • e359642 Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
  • 3bf0a05 Merge pull request #130797 from jm-franc/configurable-tolerance
  • 7a03a3b Generated files
  • 1676beb Refresh autogenerated files following the configurable tolerance updates.
  • 387edb8 Merge pull request #130967 from aojea/listers
  • 21dc3b4 benchmark to show inefficient linear search lookup
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Build(deps): bump the gomod-backward-compatible group across 1 direct…
20ca9da 
…ory with 6 updates

Bumps the gomod-backward-compatible group with 4 updates in the / directory: [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault), [github.com/operator-framework/operator-lib](https://github.com/operator-framework/operator-lib), [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/client-go](https://github.com/kubernetes/client-go).


Updates `github.com/hashicorp/vault/sdk` from 0.15.2 to 0.16.0
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v1.10-v1.15.md)
- [Commits](hashicorp/vault@sdk/v0.15.2...sdk/v0.16.0)

Updates `github.com/operator-framework/operator-lib` from 0.17.0 to 0.18.0
- [Release notes](https://github.com/operator-framework/operator-lib/releases)
- [Commits](operator-framework/operator-lib@v0.17.0...v0.18.0)

Updates `github.com/prometheus/client_golang` from 1.21.1 to 1.22.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.21.1...v1.22.0)

Updates `k8s.io/api` from 0.32.3 to 0.33.1
- [Commits](kubernetes/api@v0.32.3...v0.33.1)

Updates `k8s.io/apimachinery` from 0.32.3 to 0.33.1
- [Commits](kubernetes/apimachinery@v0.32.3...v0.33.1)

Updates `k8s.io/client-go` from 0.32.3 to 0.33.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.32.3...v0.33.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/sdk
  dependency-version: 0.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/operator-framework/operator-lib
  dependency-version: 0.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: k8s.io/api
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: k8s.io/client-go
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 19, 2025
@dependabot dependabot bot requested a review from a team as a code owner May 19, 2025 00:34
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 19, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github May 26, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this May 26, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/gomod-backward-compatible-b508249985 branch May 26, 2025 00:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants