Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the github-dependencies group across 1 directory with 36 updates #1357

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump the github-dependencies group across 1 directory with 36 updates #1357

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 14, 2025
edited
Loading

Bumps the github-dependencies group with 22 updates in the / directory:

Package From To
github.com/miekg/dns 1.1.62 1.1.63
github.com/spf13/pflag 1.0.5 1.0.6
google.golang.org/grpc 1.69.2 1.71.0
github.com/google/go-cmp 0.6.0 0.7.0
github.com/onsi/ginkgo/v2 2.22.2 2.23.0
cel.dev/expr 0.19.1 0.22.0
github.com/cyphar/filepath-securejoin 0.3.6 0.4.1
github.com/emicklei/go-restful/v3 3.12.1 3.12.2
github.com/go-openapi/jsonpointer 0.21.0 0.21.1
github.com/google/cadvisor 0.51.0 0.52.1
github.com/grpc-ecosystem/grpc-gateway/v2 2.25.1 2.26.3
github.com/klauspost/compress 1.17.11 1.18.0
github.com/opencontainers/runtime-spec 1.2.0 1.2.1
github.com/spf13/cobra 1.8.1 1.9.1
go.etcd.io/etcd/api/v3 3.5.17 3.5.19
go.etcd.io/etcd/client/pkg/v3 3.5.17 3.5.19
go.etcd.io/etcd/client/v3 3.5.17 3.5.19
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc 0.58.0 0.60.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 0.58.0 0.60.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace 1.33.0 1.35.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc 1.33.0 1.35.0
golang.org/x/time 0.9.0 0.11.0

Updates github.com/miekg/dns from 1.1.62 to 1.1.63

Commits

Updates github.com/spf13/pflag from 1.0.5 to 1.0.6

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.6

What's Changed

New Contributors

Full Changelog: spf13/pflag@v1.0.5...v1.0.6

Commits

Updates google.golang.org/grpc from 1.69.2 to 1.71.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.71.0

API Changes

  • balancer: Custom LB policies that record metrics must use the new MetricsRecorder method on Balancer.ClientConn instead of the removed Balancer.BuildOptions.MetricsRecorder field to obtain a metrics recorder. (#8027)
  • balancer: balancer.ClientConn implementations must now embed a delegate implementation. This allows grpc-go to add new methods to the interface and remain backward compatible. (#8026)
  • balancer/endpointsharding: The constructor accepts the child balancer's builder and a struct with optional configuration. (#8052)

New Features

  • xds: Add support for dualstack via the additional_addresses field in the Endpoint resource. To disable this feature, set the environment variable GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS=false. (#8134)
  • stats/opentelemetry: Add experimental support for OpenTelemetry tracing. (#7852)
  • xds/internal/xdsclient: Add counter metrics for valid and invalid resource updates. (#8038)
  • balancer/leastrequest, roundrobin: Add dualstack support. (#7969, #7966)
  • balancer/endpointsharding: Balancers created with the new DisableAutoReconnect option will not attempt to call ExitIdle automatically on their children when the children report idle. (#8052)

Bug Fixes

  • client: Fix support for proxies when using grpc.NewClient so the target is resolved by the proxy as expected. (#7881)
    • Added WithLocalDNSResolution() dial option to explicitly force target resolution on the client instead. (#7881)
  • weightedtarget: Return erroring picker when no targets are configured. (#8070)
  • xds: Fail RPCs with UNAVAILABLE when the EDS resource is missing or contains no endpoints (#8070)
  • xdsclient: Fix a bug where connectivity failures were reported to resource watchers before trying all listed servers. (#8075)
  • grpc: Fix the number of bytes reported in the error message when encoded messages are larger than 4GB. (#8033)
  • xds: Fixed a bug preventing tests from creating multiple servers or channels with different bootstrap configs. (#8050)
  • grpc: Fix message length checks when compression is enabled and maxReceiveMessageSize is MaxInt (#7918)

Documentation

  • client: Improve documentation of grpc.NewClient and ClientConn.CanonicalTarget by providing examples. (#8078)
  • examples/features/dualstack: New example demonstrating usage of endpoints and dualstack functionality. (#8098)

Release 1.70.0

Behavior Changes

  • client: reject service configs containing an invalid retryPolicy in accordance with gRFCs A21 and A6. (#7905)
    • Note that this is a potential breaking change for some users using an invalid configuration, but continuing to allow this behavior would violate our cross-language compatibility requirements.

New Features

  • xdsclient: fallback to a secondary management server (if specified in the bootstrap configuration) when the primary is down is enabled by default. Can be disabled by setting the environment variable GRPC_EXPERIMENTAL_XDS_FALLBACK to false. (#7949)
  • experimental/credentials: experimental transport credentials are added which don't enforce ALPN. (#7980)
    • These credentials will be removed in an upcoming grpc-go release. Users must not rely on these credentials directly. Instead, they should either vendor a specific version of gRPC or copy the relevant credentials into their own codebase if absolutely necessary.

Bug Fixes

  • xds: fix a possible deadlock that happens when both the client application and the xDS management server (responsible for configuring the client) are using the xds:/// scheme in their target URIs. (#8011)

Performance

... (truncated)

Commits
  • d01db5c Change version to 1.71.0 (#8105)
  • 012f8bf xds: Enable dualstack flag (#8134)
  • bf0c885 examples/features/dualstack: Demonstrate Dual Stack functionality (#8098) (#8...
  • 05bdd66 ringhash: Remove TODO comment (#8096)
  • ddb2484 xds: remove obsolete xDS transport custom dialer option (#8079)
  • 8528f43 cleanup: replace Dial with NewClient (#7975)
  • ae2a04f ringhash: Replace DNS resolver before sending xDS Update in test (#8091)
  • e55819e lazy: Use channel to wait for resolver error being received in test (#8088)
  • b524c08 xdsclient: include xds node ID in errors from the WatchResource API (#8093)
  • 91eb6aa client: improve documentation of target strings (#8078)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.2 to 1.36.4

Updates github.com/google/go-cmp from 0.6.0 to 0.7.0

Release notes

Sourced from github.com/google/go-cmp's releases.

v0.7.0

New API:

  • (#367) Support compare functions with SortSlices and SortMaps

Panic messaging:

  • (#370) Detect proto.Message types when failing to export a field
Commits

Updates github.com/onsi/ginkgo/v2 from 2.22.2 to 2.23.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.23.0

2.23.0

Ginkgo 2.23.0 adds a handful of methods to GinkgoT() to make it compatible with the testing.TB interface in Go 1.24. GinkgoT().Context(), in particular, is a useful shorthand for generating a new context that will clean itself up in a DeferCleanup(). This has subtle behavior differences from the golang implementation but should make sense in a Ginkgo... um... context.

Features

  • bump to go 1.24.0 - support new testing.TB methods and add a test to cover testing.TB regressions [37a511b]

Fixes

  • fix edge case where build -o is pointing at an explicit file, not a directory [7556a86]
  • Fix binary paths when precompiling multiple suites. [4df06c6]

Maintenance

  • Fix: Correct Markdown list rendering in MIGRATING_TO_V2.md [cbcf39a]
  • docs: fix test workflow badge (#1512) [9b261ff]
  • Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#1516) [00f19c8]
  • Bump golang.org/x/tools from 0.28.0 to 0.30.0 (#1515) [e98a4df]
  • Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#1504) [60cc4e2]
  • Bump github-pages from 231 to 232 in /docs (#1447) [fea6f2d]
  • Bump rexml from 3.2.8 to 3.3.9 in /docs (#1497) [31d7813]
  • Bump webrick from 1.8.1 to 1.9.1 in /docs (#1501) [fc3bbd6]
  • Code linting (#1500) [aee0d56]
  • change interface{} to any (#1502) [809a710]
Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.23.0

Ginkgo 2.23.0 adds a handful of methods to GinkgoT() to make it compatible with the testing.TB interface in Go 1.24. GinkgoT().Context(), in particular, is a useful shorthand for generating a new context that will clean itself up in a DeferCleanup(). This has subtle behavior differences from the golang implementation but should make sense in a Ginkgo... um... context.

Features

  • bump to go 1.24.0 - support new testing.TB methods and add a test to cover testing.TB regressions [37a511b]

Fixes

  • fix edge case where build -o is pointing at an explicit file, not a directory [7556a86]
  • Fix binary paths when precompiling multiple suites. [4df06c6]

Maintenance

  • Fix: Correct Markdown list rendering in MIGRATING_TO_V2.md [cbcf39a]
  • docs: fix test workflow badge (#1512) [9b261ff]
  • Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#1516) [00f19c8]
  • Bump golang.org/x/tools from 0.28.0 to 0.30.0 (#1515) [e98a4df]
  • Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#1504) [60cc4e2]
  • Bump github-pages from 231 to 232 in /docs (#1447) [fea6f2d]
  • Bump rexml from 3.2.8 to 3.3.9 in /docs (#1497) [31d7813]
  • Bump webrick from 1.8.1 to 1.9.1 in /docs (#1501) [fc3bbd6]
  • Code linting (#1500) [aee0d56]
  • change interface{} to any (#1502) [809a710]
Commits
  • 1d705bc v2.23.0
  • 37a511b bump to go 1.24.0 - support new testing.TB methods and add a test to cover te...
  • 7556a86 fix edge case where build -o is pointing at an explicit file, not a directory
  • 4df06c6 Fix binary paths when precompiling multiple suites.
  • cbcf39a Fix: Correct Markdown list rendering in MIGRATING_TO_V2.md
  • 9b261ff docs: fix test workflow badge (#1512)
  • 00f19c8 Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#1516)
  • e98a4df Bump golang.org/x/tools from 0.28.0 to 0.30.0 (#1515)
  • 60cc4e2 Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#1504)
  • fea6f2d Bump github-pages from 231 to 232 in /docs (#1447)
  • Additional commits viewable in compare view

Updates cel.dev/expr from 0.19.1 to 0.22.0

Release notes

Sourced from cel.dev/expr's releases.

Release v0.22.0

What's Changed

  • Add test_suite and test_config under conformance #441

New Contributors

Full Changelog: google/cel-spec@v0.21.2...v0.22.0

v0.21.2

What's Changed

Full Changelog: google/cel-spec@v0.21.1...v0.21.2

v0.21.1

What's Changed

Full Changelog: google/cel-spec@v0.21.0...v0.21.1

v0.21.0

What's Changed

Full Changelog: google/cel-spec@v0.20.0...v0.21.0

v0.20.0

What's Changed

Full Changelog: google/cel-spec@v0.19.2...v0.20.0

v0.19.2

What's Changed

Full Changelog: google/cel-spec@v0.19.1...v0.19.2

Commits
  • d564205 Add test_suite and test_config under conformance (#441)
  • b2bd60e Fix misspellings again (#443)
  • f8cfe20 Fix typeo in string_ext.textproto (#442)
  • 261e335 Fix and document string.format (#436)
  • bfe4f8b Add java_lite_proto_library targets to canonical CEL protos. Deprecate explai...
  • 1435466 Indicate that CEL is an official Google product (#439)
  • 23e240d Add conformance tests for quoted field selectors. (#431)
  • 25227dd Fix strings.format tests (#435)
  • 19866ce clarify Unicode handling (#423)
  • 8fdb299 tests to verify parsers ignore whitespace and comments (#430)
  • Additional commits viewable in compare view

Updates github.com/cyphar/filepath-securejoin from 0.3.6 to 0.4.1

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.4.1

This release fixes a regression introduced in one of the hardening features added to filepath-securejoin 0.4.0.

  • The restrictions added for root paths passed to SecureJoin in 0.4.0 was found to be too strict and caused some regressions when folks tried to update, so this restriction has been relaxed to only return an error if the path contains a .. component. We still recommend users use filepath.Clean (and even filepath.EvalSymlinks) on the root path they are using, but at least you will no longer be punished for "trivial" unclean paths. (#46)

Signed-off-by: Aleksa Sarai [email protected]

v0.4.0

This release primarily includes a few minor breaking changes to make the MkdirAll and SecureJoin interfaces more robust against accidental misuse.

  • SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

    While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

    All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

    Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

  • MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

    However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.4.1] - 2025-01-28

Fixed

  • The restrictions added for root paths passed to SecureJoin in 0.4.0 was found to be too strict and caused some regressions when folks tried to update, so this restriction has been relaxed to only return an error if the path contains a .. component. We still recommend users use filepath.Clean (and even filepath.EvalSymlinks) on the root path they are using, but at least you will no longer be punished for "trivial" unclean paths.

[0.4.0] - 2025-01-13

Breaking

  • SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

    While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

    All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

    Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

  • MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

    However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

Commits
  • 7abd870 VERSION: release v0.4.1
  • 509a359 merge #47 into cyphar/filepath-securejoin:main
  • fbaef26 join: loosen cleanliness requirements for SecureJoin root
  • 54460df merge #45 into cyphar/filepath-securejoin:main
  • 14e6cfe VERSION: back to development
  • 9a17e6b VERSION: release v0.4.0
  • e410d4a merge #44 into cyphar/filepath-securejoin:main
  • ea4e5b6 gha: add GOARCH=386 build check
  • 0c2fbe6 mkdirall: switch to os.FileMode argument
  • f3a512c merge #43 into cyphar/filepath-securejoin:main
  • Additional commits viewable in compare view

Updates github.com/emicklei/go-restful/v3 from 3.12.1 to 3.12.2

Changelog

Sourced from github.com/emicklei/go-restful/v3's changelog.

[v3.12.2] - 2025-02-21

  • allow empty payloads in post,put,patch, issue #580 ( thanks @​liggitt, Jordan Liggitt)
Commits
  • d59fac5 Bump the github-actions group across 1 directory with 3 updates (#582)
  • 35bc7ae allow empty payloads in post,put,patch, issue #580 (#581)
  • ffa1d91 Bump the github-actions group across 1 directory with 2 updates (#578)
  • 2aacac8 Bump actions/setup-go from 5.1.0 to 5.2.0 in the github-actions group (#573)
  • 60b49be Bump the github-actions group across 1 directory with 2 updates (#572)
  • bcbb0e6 Bump the github-actions group across 1 directory with 3 updates (#569)
  • e38aee0 Update CHANGES.md
  • 2ad39f9 Bump step-security/harden-runner in the github-actions group (#566)
  • 361c568 Bump the github-actions group across 1 directory with 4 updates (#564)
  • 33de948 dependabot to group PRs (#557)
  • Additional commits viewable in compare view

Updates github.com/go-openapi/jsonpointer from 0.21.0 to 0.21.1

Commits
  • 6bb743a updated dependencies
  • ba7dfd1 re-enacted dependabot auto-merge
  • 381b78e fixed undue move of reflect declarations
  • 31411a0 Relint
  • 2bee274 Merge pull request #39 from go-openapi/dependabot/go_modules/github.com/stret...
  • c1d9e8d Bump github.com/stretchr/testify from 1.9.0 to 1.10.0
  • ad6963c Bump codecov/codecov-action in the development-dependencies group
  • 6368b84 Bump golangci/golangci-lint-action in the development-dependencies group
  • 5ef89de Bump golangci/golangci-lint-action in the development-dependencies group
  • 026fa61 Bump the development-dependencies group with 1 update
  • See full diff in compare view

Updates github.com/go-openapi/swag from 0.23.0 to 0.23.1

Commits
  • 87317ee re-enacted dependabot auto-merge
  • 223b27e Relint
  • 06305b8 Bump github.com/mailru/easyjson in the other-dependencies group (#98)
  • 4bc9026 Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#97)
  • 06326a3 Bump codecov/codecov-action in the development-dependencies group
  • 0640ba3 Bump golangci/golangci-lint-action in the development-dependencies group
  • 3d6928a Bump golangci/golangci-lint-action in the development-dependencies group
  • 10a3a2f Bump the development-dependencies group with 1 update
  • See full diff in compare view

Updates github.com/google/cadvisor from 0.51.0 to 0.52.1

Commits
  • 0b675de Make resctrl optional/pluggable
  • b518a3d Merge pull request #3666 from dims/bump-to-newer-opencontainers/image-spec-v1...
  • 8a7da69 Bump to newer opencontainers/image-spec @ v1.1.1
  • 0bf663a Merge pull request #3664 from dims/switch-to-opencontainers-cgroups-repository
  • d448bc1 Bump from 1.22 to 1.24 golang
  • c12dff2 Switch to opencontainers/cgroups repository
  • 5bd422f Merge pull request #3649 from xinau/xinau/add-psi-metrics
  • 20e5af2 Expose PSI metric for CPU full
  • e238b08 Use 1e6/9 instead of time for conversion
  • 94a027c Add minor improvements to PSI metrics
  • Additional commits viewable in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.25.1 to 2.26.3

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.26.3

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.26.2...v2.26.3

v2.26.2

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.26.1...v2.26.2

v2.26.1

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.26.0...v2.26.1

v2.26.0

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.25.1...v2.26.0

Commits
  • e80a2e5 mod: downgrade to Go 1.23 (#5313)
  • 72466fe chore(deps): update googleapis digest to 0c50144 (#5314)
  • a337874 chore(deps): update googleapis digest to 938783f (#5311)
  • 22bb6bf chore(deps): update googleapis digest to d51753b (#5310)
  • 470a32d docs(install-guide): update Go 1.24 tool directive usage (#5298)
  • d9141b9 chore(deps): update googleapis digest to 05f571e (#5307)
  • e70c53c Update gorelease base
  • 641f83f chore(deps): update googleapis digest to c414002 (#5305)
  • 260ccbd Revert "feat: expose invalid argument error to clients in bidirectional strea...
  • c18bc4e fix(deps): update google.golang.org/genproto/googleapis/rpc digest to a0af3ef...
  • Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.17.11 to 1.18.0

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.0

What's Changed

New Contributors

Full Changelog: klauspost/compress@v1.17.11...v1.18.0

Commits
  • 8e79dc4 Deprecate Go 1.21 and add 1.24 (#1055)
  • df8e99c build(deps): bump the github-actions group with 2 updates (

@dependabot
build(deps): bump the github-dependencies group across 1 directory wi…
2d94419 
…th 36 updates

Bumps the github-dependencies group with 22 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/miekg/dns](https://github.com/miekg/dns) | `1.1.62` | `1.1.63` |
| [github.com/spf13/pflag](https://github.com/spf13/pflag) | `1.0.5` | `1.0.6` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.69.2` | `1.71.0` |
| [github.com/google/go-cmp](https://github.com/google/go-cmp) | `0.6.0` | `0.7.0` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.22.2` | `2.23.0` |
| [cel.dev/expr](https://github.com/google/cel-spec) | `0.19.1` | `0.22.0` |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.3.6` | `0.4.1` |
| [github.com/emicklei/go-restful/v3](https://github.com/emicklei/go-restful) | `3.12.1` | `3.12.2` |
| [github.com/go-openapi/jsonpointer](https://github.com/go-openapi/jsonpointer) | `0.21.0` | `0.21.1` |
| [github.com/google/cadvisor](https://github.com/google/cadvisor) | `0.51.0` | `0.52.1` |
| [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) | `2.25.1` | `2.26.3` |
| [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.17.11` | `1.18.0` |
| [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec) | `1.2.0` | `1.2.1` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.8.1` | `1.9.1` |
| [go.etcd.io/etcd/api/v3](https://github.com/etcd-io/etcd) | `3.5.17` | `3.5.19` |
| [go.etcd.io/etcd/client/pkg/v3](https://github.com/etcd-io/etcd) | `3.5.17` | `3.5.19` |
| [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) | `3.5.17` | `3.5.19` |
| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.58.0` | `0.60.0` |
| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.58.0` | `0.60.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.33.0` | `1.35.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.33.0` | `1.35.0` |
| [golang.org/x/time](https://github.com/golang/time) | `0.9.0` | `0.11.0` |



Updates `github.com/miekg/dns` from 1.1.62 to 1.1.63
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](miekg/dns@v1.1.62...v1.1.63)

Updates `github.com/spf13/pflag` from 1.0.5 to 1.0.6
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](spf13/pflag@v1.0.5...v1.0.6)

Updates `google.golang.org/grpc` from 1.69.2 to 1.71.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.69.2...v1.71.0)

Updates `google.golang.org/protobuf` from 1.36.2 to 1.36.4

Updates `github.com/google/go-cmp` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](google/go-cmp@v0.6.0...v0.7.0)

Updates `github.com/onsi/ginkgo/v2` from 2.22.2 to 2.23.0
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.22.2...v2.23.0)

Updates `cel.dev/expr` from 0.19.1 to 0.22.0
- [Release notes](https://github.com/google/cel-spec/releases)
- [Commits](google/cel-spec@v0.19.1...v0.22.0)

Updates `github.com/cyphar/filepath-securejoin` from 0.3.6 to 0.4.1
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.3.6...v0.4.1)

Updates `github.com/emicklei/go-restful/v3` from 3.12.1 to 3.12.2
- [Release notes](https://github.com/emicklei/go-restful/releases)
- [Changelog](https://github.com/emicklei/go-restful/blob/v3/CHANGES.md)
- [Commits](emicklei/go-restful@v3.12.1...v3.12.2)

Updates `github.com/go-openapi/jsonpointer` from 0.21.0 to 0.21.1
- [Commits](go-openapi/jsonpointer@v0.21.0...v0.21.1)

Updates `github.com/go-openapi/swag` from 0.23.0 to 0.23.1
- [Commits](go-openapi/swag@v0.23.0...v0.23.1)

Updates `github.com/google/cadvisor` from 0.51.0 to 0.52.1
- [Release notes](https://github.com/google/cadvisor/releases)
- [Changelog](https://github.com/google/cadvisor/blob/master/CHANGELOG.md)
- [Commits](google/cadvisor@v0.51.0...v0.52.1)

Updates `github.com/grpc-ecosystem/grpc-gateway/v2` from 2.25.1 to 2.26.3
- [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases)
- [Changelog](https://github.com/grpc-ecosystem/grpc-gateway/blob/main/.goreleaser.yml)
- [Commits](grpc-ecosystem/grpc-gateway@v2.25.1...v2.26.3)

Updates `github.com/klauspost/compress` from 1.17.11 to 1.18.0
- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](klauspost/compress@v1.17.11...v1.18.0)

Updates `github.com/opencontainers/image-spec` from 1.1.0 to 1.1.1
- [Release notes](https://github.com/opencontainers/image-spec/releases)
- [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md)
- [Commits](opencontainers/image-spec@v1.1.0...v1.1.1)

Updates `github.com/opencontainers/runc` from 1.2.4 to 1.2.5
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md)
- [Commits](opencontainers/runc@v1.2.4...v1.2.5)

Updates `github.com/opencontainers/runtime-spec` from 1.2.0 to 1.2.1
- [Release notes](https://github.com/opencontainers/runtime-spec/releases)
- [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog)
- [Commits](opencontainers/runtime-spec@v1.2.0...v1.2.1)

Updates `github.com/prometheus/common` from 0.61.0 to 0.62.0
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md)
- [Commits](prometheus/common@v0.61.0...v0.62.0)

Updates `github.com/spf13/cobra` from 1.8.1 to 1.9.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.8.1...v1.9.1)

Updates `go.etcd.io/etcd/api/v3` from 3.5.17 to 3.5.19
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.5.17...v3.5.19)

Updates `go.etcd.io/etcd/client/pkg/v3` from 3.5.17 to 3.5.19
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.5.17...v3.5.19)

Updates `go.etcd.io/etcd/client/v3` from 3.5.17 to 3.5.19
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.5.17...v3.5.19)

Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.58.0 to 0.60.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.58.0...zpages/v0.60.0)

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.58.0 to 0.60.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.58.0...zpages/v0.60.0)

Updates `go.opentelemetry.io/otel` from 1.33.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.35.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.33.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.35.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.33.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.35.0)

Updates `go.opentelemetry.io/otel/metric` from 1.33.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.35.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.33.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.35.0)

Updates `go.opentelemetry.io/otel/trace` from 1.33.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.33.0...v1.35.0)

Updates `golang.org/x/mod` from 0.22.0 to 0.23.0
- [Commits](golang/mod@v0.22.0...v0.23.0)

Updates `golang.org/x/oauth2` from 0.25.0 to 0.27.0
- [Commits](golang/oauth2@v0.25.0...v0.27.0)

Updates `golang.org/x/time` from 0.9.0 to 0.11.0
- [Commits](golang/time@v0.9.0...v0.11.0)

Updates `golang.org/x/tools` from 0.29.0 to 0.30.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.29.0...v0.30.0)

Updates `google.golang.org/genproto/googleapis/api` from 0.0.0-20250106144421-5f5ef82da422 to 0.0.0-20250303144028-a0af3efb3deb
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20250106144421-5f5ef82da422 to 0.0.0-20250303144028-a0af3efb3deb
- [Commits](https://github.com/googleapis/go-genproto/commits)

---
updated-dependencies:
- dependency-name: github.com/miekg/dns
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/spf13/pflag
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: cel.dev/expr
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/emicklei/go-restful/v3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/go-openapi/jsonpointer
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/go-openapi/swag
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/google/cadvisor
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/klauspost/compress
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/opencontainers/image-spec
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/opencontainers/runc
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/opencontainers/runtime-spec
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/prometheus/common
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/spf13/cobra
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.etcd.io/etcd/api/v3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: go.etcd.io/etcd/client/pkg/v3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: golang.org/x/mod
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: golang.org/x/oauth2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: golang.org/x/time
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: golang.org/x/tools
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: google.golang.org/genproto/googleapis/api
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. labels Mar 14, 2025
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 14, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign jsafrane for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot
Copy link
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Mar 14, 2025
@k8s-ci-robot
Copy link
Contributor

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-kubernetes-csi-external-provisioner-unit 2d94419 link true /test pull-kubernetes-csi-external-provisioner-unit
pull-kubernetes-csi-external-provisioner-1-31-on-kubernetes-1-31 2d94419 link true /test pull-kubernetes-csi-external-provisioner-1-31-on-kubernetes-1-31
pull-kubernetes-csi-external-provisioner-distributed-on-kubernetes-1-26 2d94419 link true /test pull-kubernetes-csi-external-provisioner-distributed-on-kubernetes-1-26
pull-kubernetes-csi-external-provisioner-1-32-on-kubernetes-1-32 2d94419 link false /test pull-kubernetes-csi-external-provisioner-1-32-on-kubernetes-1-32
pull-kubernetes-csi-external-provisioner-1-30-on-kubernetes-1-30 2d94419 link true /test pull-kubernetes-csi-external-provisioner-1-30-on-kubernetes-1-30

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andyzhangx andyzhangx Awaiting requested review from andyzhangx

@ggriffiths ggriffiths Awaiting requested review from ggriffiths

Assignees
No one assigned
Labels
area/dependency Issues or PRs related to dependency changes cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@k8s-ci-robot