Skip to content

Build(deps): bump the gomod-backward-compatible group across 1 directory with 7 updates#767

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-backward-compatible-fe6f041776
Closed

Build(deps): bump the gomod-backward-compatible group across 1 directory with 7 updates#767
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-backward-compatible-fe6f041776

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 26, 2025
edited
Loading

Bumps the gomod-backward-compatible group with 5 updates in the / directory:

Package From To
github.com/hashicorp/vault/sdk 0.15.2 0.17.0
github.com/operator-framework/operator-lib 0.17.0 0.18.0
k8s.io/api 0.32.3 0.33.1
k8s.io/client-go 0.32.3 0.33.1
sigs.k8s.io/controller-runtime 0.20.4 0.21.0

Updates github.com/hashicorp/vault/sdk from 0.15.2 to 0.17.0

Changelog

Sourced from github.com/hashicorp/vault/sdk's changelog.

1.15.16 Enterprise

October 09, 2024

SECURITY:

  • secrets/identity: A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their privileges to Vault's root policy (CVE-2024-9180) HCSEC-2024-21

IMPROVEMENTS:

  • core: log at level ERROR rather than INFO when all seals are unhealthy. [GH-28564]

BUG FIXES:

  • auth/cert: When using ocsp_ca_certificates, an error was produced though extra certs validation succeeded. [GH-28597]
  • auth/token: Fix token TTL calculation so that it uses max_lease_ttl tune value for tokens created via auth/token/create. [GH-28498]

1.15.15 Enterprise

September 25, 2024

SECURITY:

CHANGES:

  • core: Bump Go version to 1.22.7.
  • secrets/ssh: Add a flag, allow_empty_principals to allow keys or certs to apply to any user/principal. [GH-28466]

BUG FIXES:

  • secret/aws: Fixed potential panic after step-down and the queue has not repopulated. [GH-28330]
  • auth/cert: During certificate validation, OCSP requests are debug logged even if Vault's log level is above DEBUG. [GH-28450]
  • auth/cert: ocsp_ca_certificates field was not honored when validating OCSP responses signed by a CA that did not issue the certificate. [GH-28309]
  • auth: Updated error handling for missing login credentials in AppRole and UserPass auth methods to return a 400 error instead of a 500 error. [GH-28441]
  • core: Fixed an issue where maximum request duration timeout was not being added to all requests containing strings sys/monitor and sys/events. With this change, timeout is now added to all requests except monitor and events endpoint. [GH-28230]

1.15.14 Enterprise

August 29, 2024

CHANGES:

  • activity (enterprise): filter all fields in client count responses by the request namespace [GH-27790]
  • core: Bump Go version to 1.22.6

IMPROVEMENTS:

  • activity log: Changes how new client counts in the current month are estimated, in order to return more visibly sensible totals. [GH-27547]
  • activity: /sys/internal/counters/activity will now include a warning if the specified usage period contains estimated client counts. [GH-28068]
  • cli: vault operator usage will now include a warning if the specified usage period contains estimated client counts. [GH-28068]
  • core/activity: Ensure client count queries that include the current month return consistent results by sorting the clients before performing estimation [GH-28062]

... (truncated)

Commits

Updates github.com/operator-framework/operator-lib from 0.17.0 to 0.18.0

Release notes

Sourced from github.com/operator-framework/operator-lib's releases.

v0.18.0

What's Changed

Full Changelog: operator-framework/operator-lib@v0.17.0...v0.18.0

Commits
  • 8962264 🌱 Bump github.com/prometheus/client_model from 0.6.1 to 0.6.2 (#235)
  • 061100a 🌱 Bump github.com/prometheus/client_golang (#234)
  • 0eee528 🌱 Bump github.com/onsi/gomega from 1.36.3 to 1.37.0 (#232)
  • bc741ec 🌱 Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#233)
  • d6cd10b 🌱 Bump golang.org/x/net from 0.37.0 to 0.38.0 (#237)
  • b73816b 🌱 Bump sigs.k8s.io/controller-runtime from 0.20.3 to 0.20.4 (#231)
  • f20c789 🌱 Bump github.com/onsi/gomega from 1.36.2 to 1.36.3 (#230)
  • 9075535 🌱 Bump github.com/onsi/ginkgo/v2 from 2.23.0 to 2.23.1 (#228)
  • 0b7e760 🌱 Bump golang.org/x/net from 0.35.0 to 0.36.0 (#227)
  • 6e1d202 🌱 Bump sigs.k8s.io/controller-runtime from 0.20.2 to 0.20.3 (#226)
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.21.1 to 1.22.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.22.0 - 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)
  • [FEATURE] prometheus: Add new CollectorFunc utility #1724
  • [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
  • [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
  • [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765
Commits
  • d50be25 Cut 1.22.0 (#1793)
  • 1043db7 Cut 1.22.0-rc.0 (#1768)
  • e575c9c promhttp: Isolate zstd support and klauspost/compress library use to promhttp...
  • f2276aa Merge pull request #1764 from prometheus/dependabot/github_actions/github-act...
  • 9df772c build(deps): bump peter-evans/create-pull-request
  • a3548c5 Merge pull request #1754 from saswatamcode/exp-eh
  • 60fd2b0 Remove go.work file for now
  • 8f9d0de exp: Add dependabot config
  • c5cf981 Merge pull request #1762 from prometheus/release-1.21
  • e84c305 exp: Reset snappy buf (#1756)
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.32.3 to 0.33.1

Commits
  • 04f698e Update dependencies to v0.33.1 tag
  • 16cedc7 Merge pull request #131088 from atiratree/rename-terminating-replicas-fg
  • dc88679 Merge pull request #131103 from ahrtr/etcd_sdk_20250328
  • 4a456a2 bump etcd 3.5.21 sdk
  • 96e38c9 rename DeploymentPodReplacementPolicy FG to DeploymentReplicaSetTerminatingRe...
  • c21a017 Merge pull request #129970 from mortent/AddResourceV1beta2API
  • d0673db Run make update
  • 118546d Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
  • f9401a3 Merge pull request #130797 from jm-franc/configurable-tolerance
  • 9b3e544 Generated UPDATE_COMPATIBILITY_FIXTURE_DATA
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.32.3 to 0.33.1

Commits
  • 173776a Merge pull request #131708tigrato/automated-cherry-pick-of-#131702
  • a3d1fde fix: fixes a possible panic in NewYAMLToJSONDecoder
  • 955939f bump etcd 3.5.21 sdk
  • e8a77bd Merge pull request #130910 from googs1025/fix/datarace
  • 7e8c77e Merge pull request #130906 from serathius/streaming-validation
  • 27fd396 flake: fix data race for func TestBackoff_Step
  • 8bcc6f1 Update kube-openapi and integrate streaming tags validation
  • 6ce776c Merge pull request #130857 from thockin/kk_small_vg_diffs
  • f2c94d6 Comment on origin and JSON schema
  • b63ba07 Use origin in validateFalse's own test
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.32.3 to 0.33.1

Commits
  • e7397e5 Update dependencies to v0.33.1 tag
  • ecbbb06 bump etcd 3.5.21 sdk
  • 2086688 Merge pull request #129970 from mortent/AddResourceV1beta2API
  • dba34c7 Run make update
  • e359642 Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
  • 3bf0a05 Merge pull request #130797 from jm-franc/configurable-tolerance
  • 7a03a3b Generated files
  • 1676beb Refresh autogenerated files following the configurable tolerance updates.
  • 387edb8 Merge pull request #130967 from aojea/listers
  • 21dc3b4 benchmark to show inefficient linear search lookup
  • Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.20.4 to 0.21.0

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.21.0

Highlights

  • Bump to Kubernetes v1.33 libraries
  • Improvements for priority queue (#2374)
  • envtest now has an option to download envtest binaries (can be used to replace setup-envtest depending on use case)
  • Metric improvements: native histograms, all Go runtime metrics are enabled now
  • Various bug fixes
  • New reviewers: @​troy0820, @​JoelSpeed!!

⚠️ Breaking Changes

  • Bump to k8s.io/* v0.33.0 and Go 1.24 (#3104 #3142 #3161 #3204 #3215)
  • config: Stop enabling client-side ratelimiter by default (#3119)
    • Previous behavior can be preserved by setting QPS 20 and Burst 30 on the rest.Config
  • controller: NewUnmanaged/NewTypedUnmanaged: Stop requiring a manager (#3141)
  • reconcile: Deprecate Result.Requeue (#3107)

✨ New Features

  • controller: priority queue:
    • Add debug logging for the state of the priority queue (#3075)
    • Add priority label to queue depth metric (#3156)
    • Leverage IsInInitialList (#3162)
    • Remove redundant WithLowPriorityWhenUnchanged in builder (#3168)
    • Retain the priority after Reconcile (#3167)
    • Set priority automatically in handlers (#3111 #3152 #3160 #3174)
  • envtest: Add Environment.KubeConfig field (#2278)
  • envtest: Add option to download envtest binaries (#3135 #3137)
  • events: Add IsInInitialList to TypedCreateEvent (#3162)
  • log/zap: Enable panic log level (#3186)
  • logging: Adopt WarningHandlerWithContext (#3176)
  • logging: Improve logging by adopting contextual logging (#3149)
  • metrics: Adopt native histograms (#3165)
  • metrics: Expose all Go runtime metrics (#3070)

🐛 Bug Fixes

  • apiutil: restmapper: Respect preferred version (#3151)
  • builder: webhook: Fix custom path for webhook conflicts (#3102)
  • cache: Clone maps to prevent data races when concurrently creating caches using the same options (#3078)
  • cache: Stop accumulating lists in multi-namespace cache implementation (#3195)
  • cache: List out of global cache when present and necessary (#3126)
  • client: Return error if pagination is used with the cached client (#3134)
  • controller: Support WaitForSync in TypedSyncingSource (#3084)
  • controller: priority queue: Fix behavior of rate limit option in priorityqueue.AddWithOpts (#3103)
  • controller: priority queue: Yet another queue_depth metric fix (#3085)
  • controllerutil: CreateOrUpdate: Avoid panic when the MutateFn is nil (#2828)
  • envtest: Fix nil pointer exception in Stop() (#3153)
  • fake client: Fix data races when writing to the scheme (#3143)

... (truncated)

Commits
  • 71f7db5 Merge pull request #3225 from troy0820/troy0820/prepare-for-0.21-release
  • 52d8779 update README with go version
  • ab37f74 Merge pull request #3223 from troy0820/troy0820/return-warnings-on-webhooks
  • 250a88f return warnings on webhooks
  • 85ee7a9 Merge pull request #3217 from kubernetes-sigs/dependabot/github_actions/all-g...
  • 81f1fae 🌱 Bump the all-github-actions group across 1 directory with 3 updates
  • d9a2274 Merge pull request #3187 from dongjiang1989/update-golangci-lint-v2
  • 9c38211 update golangci-lint to v2
  • 9b5f6a7 Merge pull request #3208 from troy0820/troy0820/api-machinery-marshal
  • b3278df use sigs.k8s.io/json to unmarshal in fakeclient
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot requested a review from a team as a code owner May 26, 2025 00:05
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 26, 2025
@dependabot
Build(deps): bump the gomod-backward-compatible group across 1 direct…
9927b62 
…ory with 7 updates

Bumps the gomod-backward-compatible group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) | `0.15.2` | `0.17.0` |
| [github.com/operator-framework/operator-lib](https://github.com/operator-framework/operator-lib) | `0.17.0` | `0.18.0` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.32.3` | `0.33.1` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.32.3` | `0.33.1` |
| [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.20.4` | `0.21.0` |



Updates `github.com/hashicorp/vault/sdk` from 0.15.2 to 0.17.0
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v1.10-v1.15.md)
- [Commits](hashicorp/vault@sdk/v0.15.2...sdk/v0.17.0)

Updates `github.com/operator-framework/operator-lib` from 0.17.0 to 0.18.0
- [Release notes](https://github.com/operator-framework/operator-lib/releases)
- [Commits](operator-framework/operator-lib@v0.17.0...v0.18.0)

Updates `github.com/prometheus/client_golang` from 1.21.1 to 1.22.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.21.1...v1.22.0)

Updates `k8s.io/api` from 0.32.3 to 0.33.1
- [Commits](kubernetes/api@v0.32.3...v0.33.1)

Updates `k8s.io/apimachinery` from 0.32.3 to 0.33.1
- [Commits](kubernetes/apimachinery@v0.32.3...v0.33.1)

Updates `k8s.io/client-go` from 0.32.3 to 0.33.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.32.3...v0.33.1)

Updates `sigs.k8s.io/controller-runtime` from 0.20.4 to 0.21.0
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.20.4...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/sdk
  dependency-version: 0.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/operator-framework/operator-lib
  dependency-version: 0.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: k8s.io/api
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: k8s.io/client-go
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/gomod-backward-compatible-fe6f041776 branch from d68ea70 to 9927b62 Compare May 27, 2025 19:53
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 2, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jun 2, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/gomod-backward-compatible-fe6f041776 branch June 2, 2025 00:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants