Skip to content

Bump the gomod-dependencies group with 13 updates#3047

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/gomod-dependencies-cc124e373a
Open

Bump the gomod-dependencies group with 13 updates#3047
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/gomod-dependencies-cc124e373a

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 9, 2026

Bumps the gomod-dependencies group with 13 updates:

Package From To
github.com/GoogleCloudPlatform/k8s-cloud-provider 1.32.0 1.34.0
github.com/prometheus/client_golang 1.22.0 1.23.2
github.com/spf13/cobra 1.9.1 1.10.2
github.com/spf13/pflag 1.0.6 1.0.9
golang.org/x/oauth2 0.34.0 0.35.0
google.golang.org/api 0.264.0 0.265.0
istio.io/api 0.0.0-20190809125725-591cf32c1d0e 1.29.0-rc.1
k8s.io/apiextensions-apiserver 0.34.0 0.35.0
k8s.io/apimachinery 0.34.0 0.35.0
k8s.io/client-go 0.34.0 0.35.0
k8s.io/cloud-provider 0.30.0 0.35.0
k8s.io/component-base 0.34.0 0.35.0
k8s.io/utils 0.0.0-20250604170112-4c0f3b243397 0.0.0-20251002143259-bc988d571ff4

Updates github.com/GoogleCloudPlatform/k8s-cloud-provider from 1.32.0 to 1.34.0

Release notes

Sourced from github.com/GoogleCloudPlatform/k8s-cloud-provider's releases.

v1.34.0

Summary

  • Support for Regional TargetTCPProxy
  • Support custom headers in requests
  • e2e testing fixes
  • Ability to return partial success from AggregatedList
  • Patch for global TargetHTTPSProxy

What's Changed

Full Changelog: GoogleCloudPlatform/k8s-cloud-provider@v1.33.0...v1.34.0

Commits
  • 7377992 Merge pull request #243 from kl52752/patch-https-proxy
  • 58812e0 Add Patch method for global TargetHTTPSProxy
  • e163b50 Merge pull request #241 from GoogleCloudPlatform/dependabot/go_modules/golang...
  • 417a64a Bump golang.org/x/crypto from 0.31.0 to 0.35.0
  • f45f962 Merge pull request #238 from bowei/pr-fixconst
  • 2ca43ad Fix non-const format strings
  • 19ea140 Fix non-const format string
  • 827fdbf Fix non-constant logf argument
  • b450481 Update year in generated files
  • e553d08 Merge pull request #237 from briantkennedy/agglist
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.22.0 to 1.23.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.23.2 - 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

Full Changelog: prometheus/client_golang@v1.23.1...v1.23.2

v1.23.1 - 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

Full Changelog: prometheus/client_golang@v1.23.0...v1.23.1

v1.23.0 - 2025-07-30

  • [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
  • [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
  • [FEATURE] Add exemplars for native histograms #1686
  • [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
  • [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
  • [BUGFIX] exp/api: client prompt return on context cancellation #1729

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.23.2 / 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

1.23.1 / 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

1.23.0 / 2025-07-30

  • [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
  • [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
  • [FEATURE] Add exemplars for native histograms #1686
  • [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
  • [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
  • [BUGFIX] exp/api: client prompt return on context cancellation #1729
Commits

Updates github.com/spf13/cobra from 1.9.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

  • chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

🔥✍🏼 Docs

🍂 Refactors

🤗 New Contributors

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

v1.10.1

🐛 Fix

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

  • If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
  • or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

... (truncated)

Commits

Updates github.com/spf13/pflag from 1.0.6 to 1.0.9

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.9

What's Changed

Full Changelog: spf13/pflag@v1.0.8...v1.0.9

v1.0.8

⚠️ Breaking Change

This version, while only a patch bump, includes a (very minor) breaking change: the flag.ParseErrorsWhitelist struct and corresponding FlagSet.parseErrorsWhitelist field have been renamed to ParseErrorsAllowlist.

This should result in compilation errors in any code that uses these fields, which can be fixed by adjusting the names at call sites. There is no change in semantics or behavior of the struct or field referred to by these names. If your code compiles without errors after bumping to/past v1.0.8, you are not affected by this change.

The breaking change was reverted in v1.0.9, by means of re-introducing the old names with deprecation warnings. The plan is still to remove them in a future release, so if your code does depend on the old names, please change them to use the new names at your earliest convenience.

What's Changed

New Contributors

Full Changelog: spf13/pflag@v1.0.7...v1.0.8

v1.0.7

What's Changed

New Contributors

... (truncated)

Commits
  • 1043857 Merge pull request #446 from spf13/fix-backwards-compat
  • 7412009 fix: Restore ParseErrorsWhitelist name for now
  • b9c16fa Merge pull request #444 from spf13/reset-args-even-if-empty
  • 40abc49 Merge pull request #443 from spf13/silence-errhelp
  • 1bf832c Use errors.Is instead of equality check
  • d25dd24 Reset args on re-parse even if empty
  • 094909d Merge pull request #365 from vaguecoder/str2str-sorted
  • ccb49e5 Print Default Values of String-to-String in Sorted Order
  • b55ffb6 fix: Don't print ErrHelp in ParseAll
  • 7c651d1 Merge pull request #407 from tmc/fix-errhelp
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.34.0 to 0.35.0

Commits

Updates google.golang.org/api from 0.264.0 to 0.265.0

Release notes

Sourced from google.golang.org/api's releases.

v0.265.0

0.265.0 (2026-02-04)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.265.0 (2026-02-04)

Features

Commits

Updates istio.io/api from 0.0.0-20190809125725-591cf32c1d0e to 1.29.0-rc.1

Commits

Updates k8s.io/apiextensions-apiserver from 0.34.0 to 0.35.0

Commits
  • a8d2a03 Update dependencies to v0.35.0 tag
  • b9eb912 Merge remote-tracking branch 'origin/master' into release-1.35
  • e526698 Bump golang.org/x/crypto to v0.45.0
  • fd7881d Merge pull request #135278 from aman4433/KUBE-134468
  • 8db5ab6 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • 4ed5bd4 vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • 704bc3d Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 7d598d7 Refactor: Contextualize CRDFinalizer to fix goroutine leak
  • 27e5803 Update vendored dependencies
  • c4e434c Merge pull request #134216 from Goend/master
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.34.0 to 0.35.0

Commits
  • 72d71ea Merge remote-tracking branch 'origin/master' into release-1.35
  • e2a2dbc Bump golang.org/x/crypto to v0.45.0
  • 2e9c228 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • f274aac vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • 9445443 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 52154f7 Update vendored dependencies
  • 5a348c5 KEP-5471: Extend tolerations operators (#134665)
  • 6f89492 Merge pull request #133648 from richabanker/merged-discovery
  • c77dde2 util/sort: Add MergePreservingRelativeOrder for topological sorting
  • 729c13d Merge pull request #134624 from yt2985/podcertificates-beta
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.34.0 to 0.35.0

Commits
  • 9bcb694 Update dependencies to v0.35.0 tag
  • 2d83546 Merge remote-tracking branch 'origin/master' into release-1.35
  • 56b4af2 Merge pull request #135591 from p0lyn0mial/upstream-watchlist-reflector-log-f...
  • 891f94c Merge remote-tracking branch 'origin/master' into release-1.35
  • 65ffe04 Merge pull request #135580 from serathius/client-go-transformer
  • 2fe4ac2 downgrade reflector watchlist fallback log to V(4)
  • 97256a6 Bump golang.org/x/crypto to v0.45.0
  • 46360b5 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • 171ef8c Use transformer in consistency checker
  • 3878a64 vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • Additional commits viewable in compare view

Updates k8s.io/cloud-provider from 0.30.0 to 0.35.0

Commits
  • f02e0a8 Update dependencies to v0.35.0 tag
  • f3d67f2 Merge remote-tracking branch 'origin/master' into release-1.35
  • 90ad0be Bump golang.org/x/crypto to v0.45.0
  • c2f691d Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • 4630afe vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • edd386f Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • fb5887f Update vendored dependencies
  • 080e91c Merge pull request #131220 from lukasmetzner/feat-ccm-watch-based-route-contr...
  • 314e0e6 refactor: rename and suitable docstring
  • 1f7c95a test: register kube features in unit tests
  • Additional commits viewable in compare view

Updates k8s.io/component-base from 0.34.0 to 0.35.0

Commits
  • 4e6b4eb Update dependencies to v0.35.0 tag
  • 5e09e27 Merge remote-tracking branch 'origin/master' into release-1.35
  • 518a1d0 Bump golang.org/x/crypto to v0.45.0
  • dffb9df Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • 622fcbc vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • 4461559 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 43140e8 Update vendored dependencies
  • c1ad413 Merge pull request #134870 from pmengelbert/pmengelbert/kuberc/4
  • 8209f50 Add client-go credential plugin to kuberc
  • 09c454e Merge pull request #134995 from yongruilin/flagz-kk-structure
  • Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20251002143259-bc988d571ff4

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Feb 9, 2026
@k8s-ci-robot
Copy link
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Feb 9, 2026
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign tortillazhawaii for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Bumps the gomod-dependencies group with 13 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/GoogleCloudPlatform/k8s-cloud-provider](https://github.com/GoogleCloudPlatform/k8s-cloud-provider) | `1.32.0` | `1.34.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.22.0` | `1.23.2` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.9.1` | `1.10.2` |
| [github.com/spf13/pflag](https://github.com/spf13/pflag) | `1.0.6` | `1.0.9` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.34.0` | `0.35.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.264.0` | `0.265.0` |
| [istio.io/api](https://github.com/istio/api) | `0.0.0-20190809125725-591cf32c1d0e` | `1.29.0-rc.1` |
| [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.34.0` | `0.35.0` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.34.0` | `0.35.0` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.34.0` | `0.35.0` |
| [k8s.io/cloud-provider](https://github.com/kubernetes/cloud-provider) | `0.30.0` | `0.35.0` |
| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.34.0` | `0.35.0` |
| [k8s.io/utils](https://github.com/kubernetes/utils) | `0.0.0-20250604170112-4c0f3b243397` | `0.0.0-20251002143259-bc988d571ff4` |


Updates `github.com/GoogleCloudPlatform/k8s-cloud-provider` from 1.32.0 to 1.34.0
- [Release notes](https://github.com/GoogleCloudPlatform/k8s-cloud-provider/releases)
- [Commits](GoogleCloudPlatform/k8s-cloud-provider@v1.32.0...v1.34.0)

Updates `github.com/prometheus/client_golang` from 1.22.0 to 1.23.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.22.0...v1.23.2)

Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.2
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.9.1...v1.10.2)

Updates `github.com/spf13/pflag` from 1.0.6 to 1.0.9
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](spf13/pflag@v1.0.6...v1.0.9)

Updates `golang.org/x/oauth2` from 0.34.0 to 0.35.0
- [Commits](golang/oauth2@v0.34.0...v0.35.0)

Updates `google.golang.org/api` from 0.264.0 to 0.265.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.264.0...v0.265.0)

Updates `istio.io/api` from 0.0.0-20190809125725-591cf32c1d0e to 1.29.0-rc.1
- [Commits](https://github.com/istio/api/commits/1.29.0-rc.1)

Updates `k8s.io/apiextensions-apiserver` from 0.34.0 to 0.35.0
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.34.0...v0.35.0)

Updates `k8s.io/apimachinery` from 0.34.0 to 0.35.0
- [Commits](kubernetes/apimachinery@v0.34.0...v0.35.0)

Updates `k8s.io/client-go` from 0.34.0 to 0.35.0
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.34.0...v0.35.0)

Updates `k8s.io/cloud-provider` from 0.30.0 to 0.35.0
- [Commits](kubernetes/cloud-provider@v0.30.0...v0.35.0)

Updates `k8s.io/component-base` from 0.34.0 to 0.35.0
- [Commits](kubernetes/component-base@v0.34.0...v0.35.0)

Updates `k8s.io/utils` from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20251002143259-bc988d571ff4
- [Commits](https://github.com/kubernetes/utils/commits)

---
updated-dependencies:
- dependency-name: github.com/GoogleCloudPlatform/k8s-cloud-provider
  dependency-version: 1.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: github.com/spf13/pflag
  dependency-version: 1.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-dependencies
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: google.golang.org/api
  dependency-version: 0.265.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: istio.io/api
  dependency-version: 1.29.0-rc.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/client-go
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/cloud-provider
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/component-base
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/utils
  dependency-version: 0.0.0-20251002143259-bc988d571ff4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/gomod-dependencies-cc124e373a branch from 63a8e25 to 53e76e5 Compare February 16, 2026 18:10
@k8s-ci-robot
Copy link
Contributor

@dependabot[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-ingress-gce-test 53e76e5 link true /test pull-ingress-gce-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. dependencies Pull requests that update a dependency file go Pull requests that update Go code ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant