Bump the gomod-dependencies group with 13 updates

[dependabot]

Bumps the gomod-dependencies group with 13 updates:

Package	From	To
github.com/GoogleCloudPlatform/k8s-cloud-provider	1.32.0	1.34.0
github.com/prometheus/client_golang	1.22.0	1.23.2
github.com/spf13/cobra	1.9.1	1.10.2
github.com/spf13/pflag	1.0.6	1.0.9
golang.org/x/oauth2	0.34.0	0.35.0
google.golang.org/api	0.264.0	0.265.0
istio.io/api	0.0.0-20190809125725-591cf32c1d0e	1.29.0-rc.1
k8s.io/apiextensions-apiserver	0.34.0	0.35.0
k8s.io/apimachinery	0.34.0	0.35.0
k8s.io/client-go	0.34.0	0.35.0
k8s.io/cloud-provider	0.30.0	0.35.0
k8s.io/component-base	0.34.0	0.35.0
k8s.io/utils	0.0.0-20250604170112-4c0f3b243397	0.0.0-20251002143259-bc988d571ff4

Updates github.com/GoogleCloudPlatform/k8s-cloud-provider from 1.32.0 to 1.34.0

Release notes

Sourced from github.com/GoogleCloudPlatform/k8s-cloud-provider's releases.

v1.34.0

Summary

• Support for Regional TargetTCPProxy
• Support custom headers in requests
• e2e testing fixes
• Ability to return partial success from AggregatedList
• Patch for global TargetHTTPSProxy

What's Changed

• Add support for region target TCP proxies. by @​briantkennedy in GoogleCloudPlatform/k8s-cloud-provider#224
• Add Fallback Cleanup by @​AwesomePatrol in GoogleCloudPlatform/k8s-cloud-provider#225
• Fix calls to NetworkServices List by @​AwesomePatrol in GoogleCloudPlatform/k8s-cloud-provider#226
• Add resource key to observer CallContext. by @​briantkennedy in GoogleCloudPlatform/k8s-cloud-provider#228
• Add option for sending custom headers in requests. by @​briantkennedy in GoogleCloudPlatform/k8s-cloud-provider#229
• Fix observe_test.go by @​briantkennedy in GoogleCloudPlatform/k8s-cloud-provider#230
• Cleantool by @​briantkennedy in GoogleCloudPlatform/k8s-cloud-provider#234
• Bump golang.org/x/crypto from 0.24.0 to 0.31.0 by @​dependabot in GoogleCloudPlatform/k8s-cloud-provider#235
• Add option for returning partial success when using AggregatedList. by @​briantkennedy in GoogleCloudPlatform/k8s-cloud-provider#237
• Fix compile errors due to non-const format strings by @​bowei in GoogleCloudPlatform/k8s-cloud-provider#238
• Bump golang.org/x/crypto from 0.31.0 to 0.35.0 by @​dependabot in GoogleCloudPlatform/k8s-cloud-provider#241
• Add Patch method for global TargetHTTPSProxy by @​kl52752 in GoogleCloudPlatform/k8s-cloud-provider#243

Full Changelog: GoogleCloudPlatform/k8s-cloud-provider@v1.33.0...v1.34.0

Commits

• 7377992 Merge pull request #243 from kl52752/patch-https-proxy
• 58812e0 Add Patch method for global TargetHTTPSProxy
• e163b50 Merge pull request #241 from GoogleCloudPlatform/dependabot/go_modules/golang...
• 417a64a Bump golang.org/x/crypto from 0.31.0 to 0.35.0
• f45f962 Merge pull request #238 from bowei/pr-fixconst
• 2ca43ad Fix non-const format strings
• 19ea140 Fix non-const format string
• 827fdbf Fix non-constant logf argument
• b450481 Update year in generated files
• e553d08 Merge pull request #237 from briantkennedy/agglist
• Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.22.0 to 1.23.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.23.2 - 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

• [release-1.23] Upgrade to prometheus/common@v0.66.1 by @​aknuds1 in prometheus/client_golang#1869
• [release-1.23] Cut v1.23.2 by @​aknuds1 in prometheus/client_golang#1870

Full Changelog: prometheus/client_golang@v1.23.1...v1.23.2

v1.23.1 - 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

• [release-1.23] Upgrade to prometheus/common v0.66 by @​aknuds1 in prometheus/client_golang#1866
• [release-1.23] Cut v1.23.1 by @​aknuds1 in prometheus/client_golang#1867

Full Changelog: prometheus/client_golang@v1.23.0...v1.23.1

v1.23.0 - 2025-07-30

• [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
• [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
• [FEATURE] Add exemplars for native histograms #1686
• [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
• [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
• [BUGFIX] exp/api: client prompt return on context cancellation #1729

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.23.2 / 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

1.23.1 / 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

1.23.0 / 2025-07-30

• [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
• [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
• [FEATURE] Add exemplars for native histograms #1686
• [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
• [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
• [BUGFIX] exp/api: client prompt return on context cancellation #1729

Commits

• 8179a56 Cut v1.23.2 (#1870)
• 4142b59 Merge pull request #1869 from prometheus/arve/upgrade-common
• 4ff40f0 Cut v1.23.1 (#1867)
• 989b029 Upgrade to prometheus/common v0.66 (#1866)
• e4b2208 Cut v1.23.0 (#1848)
• d9492af cut v1.23.0-rc.1 (#1842)
• aeae8a0 Cut v1.23.0-rc.0 (#1837)
• b157309 Update common Prometheus files (#1832)
• a704e28 build(deps): bump the github-actions group with 3 updates (#1826)
• c774311 Fix errNotImplemented reference (#1835)
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.9.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

v1.10.1

🐛 Fix

• chore: upgrade pflags v1.0.9 by @​jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

• Bump pflag to 1.0.8 by @​tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

• If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
• or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

... (truncated)

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• 7da941c chore: Bump pflag to v1.0.9 (#2305)
• 51d6751 Bump pflag to 1.0.8 (#2303)
• 3f3b818 Update README.md with new logo
• dcaf42e Add Periscope to the list of projects using Cobra (#2299)
• Additional commits viewable in compare view

Updates github.com/spf13/pflag from 1.0.6 to 1.0.9

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.9

What's Changed

• fix: Restore ParseErrorsWhitelist name for now by @​tomasaschan in spf13/pflag#446

Full Changelog: spf13/pflag@v1.0.8...v1.0.9

v1.0.8

⚠️ Breaking Change

This version, while only a patch bump, includes a (very minor) breaking change: the flag.ParseErrorsWhitelist struct and corresponding FlagSet.parseErrorsWhitelist field have been renamed to ParseErrorsAllowlist.

This should result in compilation errors in any code that uses these fields, which can be fixed by adjusting the names at call sites. There is no change in semantics or behavior of the struct or field referred to by these names. If your code compiles without errors after bumping to/past v1.0.8, you are not affected by this change.

The breaking change was reverted in v1.0.9, by means of re-introducing the old names with deprecation warnings. The plan is still to remove them in a future release, so if your code does depend on the old names, please change them to use the new names at your earliest convenience.

What's Changed

• Remove Redundant "Unknown-Flag" Error by @​vaguecoder in spf13/pflag#364
• Switching from whitelist to Allowlist terminology by @​dubrie in spf13/pflag#261
• Omit zero time.Time default from usage line by @​mologie in spf13/pflag#438
• implement CopyToGoFlagSet by @​pohly in spf13/pflag#330
• flag: Emulate stdlib behavior and do not print ErrHelp by @​tmc in spf13/pflag#407
• Print Default Values of String-to-String in Sorted Order by @​vaguecoder in spf13/pflag#365
• fix: Don't print ErrHelp in ParseAll by @​tomasaschan in spf13/pflag#443
• Reset args on re-parse even if empty by @​tomasaschan in spf13/pflag#444

New Contributors

• @​vaguecoder made their first contribution in spf13/pflag#364
• @​dubrie made their first contribution in spf13/pflag#261
• @​mologie made their first contribution in spf13/pflag#438
• @​pohly made their first contribution in spf13/pflag#330
• @​tmc made their first contribution in spf13/pflag#407
• @​tomasaschan made their first contribution in spf13/pflag#443

Full Changelog: spf13/pflag@v1.0.7...v1.0.8

v1.0.7

What's Changed

• Fix defaultIsZeroValue check for generic Value types by @​MidnightRocket in spf13/pflag#422
• feat: Use structs for errors returned by pflag. by @​eth-p in spf13/pflag#425
• Fix typos by @​co63oc in spf13/pflag#428
• fix #423 : Add helper function and some documentation to parse shorthand go test flags. by @​valdar in spf13/pflag#424
• add support equivalent to golang flag.TextVar(), also fixes the test failure as described in #368 by @​hujun-open in spf13/pflag#418
• add support for Func() and BoolFunc() #426 by @​LeGEC in spf13/pflag#429
• fix: correct argument length check in FlagSet.Parse by @​ShawnJeffersonWang in spf13/pflag#409
• fix usage message for func flags, fix arguments order by @​LeGEC in spf13/pflag#431
• Add support for time.Time flags by @​max-frank in spf13/pflag#348

New Contributors

• @​MidnightRocket made their first contribution in spf13/pflag#422

... (truncated)

Commits

• 1043857 Merge pull request #446 from spf13/fix-backwards-compat
• 7412009 fix: Restore ParseErrorsWhitelist name for now
• b9c16fa Merge pull request #444 from spf13/reset-args-even-if-empty
• 40abc49 Merge pull request #443 from spf13/silence-errhelp
• 1bf832c Use errors.Is instead of equality check
• d25dd24 Reset args on re-parse even if empty
• 094909d Merge pull request #365 from vaguecoder/str2str-sorted
• ccb49e5 Print Default Values of String-to-String in Sorted Order
• b55ffb6 fix: Don't print ErrHelp in ParseAll
• 7c651d1 Merge pull request #407 from tmc/fix-errhelp
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.34.0 to 0.35.0

Commits

• 89ff2e1 google: add safer credentials JSON loading options.
• See full diff in compare view

Updates google.golang.org/api from 0.264.0 to 0.265.0

Release notes

Sourced from google.golang.org/api's releases.

v0.265.0

0.265.0 (2026-02-04)

Features

• Add checksums for single chunk json uploads (#3448) (0f1cb7b)
• all: Auto-regenerate discovery clients (#3473) (e617dd5)
• all: Auto-regenerate discovery clients (#3476) (986f556)
• all: Auto-regenerate discovery clients (#3477) (cdb1738)
• all: Auto-regenerate discovery clients (#3479) (2aa3478)
• all: Auto-regenerate discovery clients (#3480) (29bd843)
• all: Auto-regenerate discovery clients (#3482) (afa65b7)

Changelog

Sourced from google.golang.org/api's changelog.

0.265.0 (2026-02-04)

Features

• Add checksums for single chunk json uploads (#3448) (0f1cb7b)
• all: Auto-regenerate discovery clients (#3473) (e617dd5)
• all: Auto-regenerate discovery clients (#3476) (986f556)
• all: Auto-regenerate discovery clients (#3477) (cdb1738)
• all: Auto-regenerate discovery clients (#3479) (2aa3478)
• all: Auto-regenerate discovery clients (#3480) (29bd843)
• all: Auto-regenerate discovery clients (#3482) (afa65b7)

Commits

• e6edc1d chore(main): release 0.265.0 (#3474)
• afa65b7 feat(all): auto-regenerate discovery clients (#3482)
• 0554404 chore: Migrate gsutil usage to gcloud storage (#3466)
• 84932f3 chore: replace old go teams with cloud-sdk-go-team (#3475)
• 242927a chore: Migrate gsutil usage to gcloud storage (#3469)
• 0f1cb7b feat: add checksums for single chunk json uploads (#3448)
• e92945d chore: Migrate gsutil usage to gcloud storage (#3470)
• ba218c1 chore: Migrate gsutil usage to gcloud storage (#3468)
• 2e7d0f5 chore: Migrate gsutil usage to gcloud storage (#3471)
• 460b37c chore: Migrate gsutil usage to gcloud storage (#3467)
• Additional commits viewable in compare view

Updates istio.io/api from 0.0.0-20190809125725-591cf32c1d0e to 1.29.0-rc.1

Commits

• See full diff in compare view

Updates k8s.io/apiextensions-apiserver from 0.34.0 to 0.35.0

Commits

• a8d2a03 Update dependencies to v0.35.0 tag
• b9eb912 Merge remote-tracking branch 'origin/master' into release-1.35
• e526698 Bump golang.org/x/crypto to v0.45.0
• fd7881d Merge pull request #135278 from aman4433/KUBE-134468
• 8db5ab6 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
• 4ed5bd4 vendor: update vendor and license metadata after replacing BeTrue usage in cs...
• 704bc3d Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
• 7d598d7 Refactor: Contextualize CRDFinalizer to fix goroutine leak
• 27e5803 Update vendored dependencies
• c4e434c Merge pull request #134216 from Goend/master
• Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.34.0 to 0.35.0

Commits

• 72d71ea Merge remote-tracking branch 'origin/master' into release-1.35
• e2a2dbc Bump golang.org/x/crypto to v0.45.0
• 2e9c228 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
• f274aac vendor: update vendor and license metadata after replacing BeTrue usage in cs...
• 9445443 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
• 52154f7 Update vendored dependencies
• 5a348c5 KEP-5471: Extend tolerations operators (#134665)
• 6f89492 Merge pull request #133648 from richabanker/merged-discovery
• c77dde2 util/sort: Add MergePreservingRelativeOrder for topological sorting
• 729c13d Merge pull request #134624 from yt2985/podcertificates-beta
• Additional commits viewable in compare view

Updates k8s.io/client-go from 0.34.0 to 0.35.0

Commits

• 9bcb694 Update dependencies to v0.35.0 tag
• 2d83546 Merge remote-tracking branch 'origin/master' into release-1.35
• 56b4af2 Merge pull request #135591 from p0lyn0mial/upstream-watchlist-reflector-log-f...
• 891f94c Merge remote-tracking branch 'origin/master' into release-1.35
• 65ffe04 Merge pull request #135580 from serathius/client-go-transformer
• 2fe4ac2 downgrade reflector watchlist fallback log to V(4)
• 97256a6 Bump golang.org/x/crypto to v0.45.0
• 46360b5 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
• 171ef8c Use transformer in consistency checker
• 3878a64 vendor: update vendor and license metadata after replacing BeTrue usage in cs...
• Additional commits viewable in compare view

Updates k8s.io/cloud-provider from 0.30.0 to 0.35.0

Commits

• f02e0a8 Update dependencies to v0.35.0 tag
• f3d67f2 Merge remote-tracking branch 'origin/master' into release-1.35
• 90ad0be Bump golang.org/x/crypto to v0.45.0
• c2f691d Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
• 4630afe vendor: update vendor and license metadata after replacing BeTrue usage in cs...
• edd386f Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
• fb5887f Update vendored dependencies
• 080e91c Merge pull request #131220 from lukasmetzner/feat-ccm-watch-based-route-contr...
• 314e0e6 refactor: rename and suitable docstring
• 1f7c95a test: register kube features in unit tests
• Additional commits viewable in compare view

Updates k8s.io/component-base from 0.34.0 to 0.35.0

Commits

• 4e6b4eb Update dependencies to v0.35.0 tag
• 5e09e27 Merge remote-tracking branch 'origin/master' into release-1.35
• 518a1d0 Bump golang.org/x/crypto to v0.45.0
• dffb9df Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
• 622fcbc vendor: update vendor and license metadata after replacing BeTrue usage in cs...
• 4461559 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
• 43140e8 Update vendored dependencies
• c1ad413 Merge pull request #134870 from pmengelbert/pmengelbert/kuberc/4
• 8209f50 Add client-go credential plugin to kuberc
• 09c454e Merge pull request #134995 from yongruilin/flagz-kk-structure
• Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20251002143259-bc988d571ff4

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign tortillazhawaii for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

@dependabot[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-ingress-gce-test	53e76e5	link	true	/test pull-ingress-gce-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.