🌱 Bump the dependencies group with 15 updates

[dependabot]

Bumps the dependencies group with 15 updates:

Package	From	To
github.com/coredns/corefile-migration	1.0.26	1.0.28
github.com/go-logr/logr	1.4.2	1.4.3
github.com/onsi/ginkgo/v2	2.23.3	2.25.3
github.com/onsi/gomega	1.36.3	1.38.2
go.etcd.io/etcd/api/v3	3.5.20	3.5.22
go.etcd.io/etcd/client/v3	3.5.20	3.5.22
google.golang.org/grpc	1.67.3	1.71.1
google.golang.org/protobuf	1.36.5	1.36.7
k8s.io/api	0.32.3	0.32.9
k8s.io/apimachinery	0.32.3	0.32.9
k8s.io/apiserver	0.32.3	0.32.9
k8s.io/client-go	0.32.3	0.32.9
sigs.k8s.io/cluster-api	1.10.1	1.10.6
sigs.k8s.io/cluster-api/test	1.10.1	1.10.6
sigs.k8s.io/yaml	1.4.0	1.6.0

Updates github.com/coredns/corefile-migration from 1.0.26 to 1.0.28

Release notes

Sourced from github.com/coredns/corefile-migration's releases.

v1.0.28

Corefile Migration v1.0.28

This release supports Corefile migrations through CoreDNS v1.12.4

Plugins supported: autopath, cache, errors, forward, health, hosts, k8s_external, kubernetes, loadbalance, log, loop, prometheus, proxy, ready, reload, rewrite, transfer

Corefile Migration v1.0.27

This release supports Corefile migrations through CoreDNS v1.12.3

Plugins supported: autopath, cache, errors, forward, health, hosts, k8s_external, kubernetes, loadbalance, log, loop, prometheus, proxy, ready, reload, rewrite, transfer

Commits

• be20f2d Merge pull request #93 from yashsingh74/update-1.12.4
• 2f44c90 support coredns v1.12.4
• 0c999c0 Merge pull request #92 from thevilledev/chore/coredns-v1.12.3
• 1abcffb chore: add support for CoreDNS v1.12.3
• 343971a Merge pull request #91 from thevilledev/chore/coredns-v1.12.2
• 5779d92 chore: add support for CoreDNS v1.12.2
• See full diff in compare view

Updates github.com/go-logr/logr from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.3

Minor release.

What's Changed

• Fix slog tests for 1.25 by @​hoeppi-google in go-logr/logr#361
• Remove one exception from Slog testing by @​thockin in go-logr/logr#362

New Contributors

• @​hoeppi-google made their first contribution in go-logr/logr#361

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

Commits

• 38a1c47 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18
• f08bedd build(deps): bump actions/setup-go from 5.4.0 to 5.5.0
• 6295e99 build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0
• 028840d build(deps): bump github/codeql-action from 3.28.15 to 3.28.17
• 511e5fa Merge pull request #367 from go-logr/dependabot/github_actions/github/codeql-...
• d806463 build(deps): bump github/codeql-action from 3.28.13 to 3.28.15
• 158c311 Merge pull request #366 from thockin/master
• c79ddb3 Update to support golangci-lint v2
• 20a64ba build(deps): bump github/codeql-action from 3.28.12 to 3.28.13
• 0385e14 Add comments around slog exceptions
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.23.3 to 2.25.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.25.3

2.25.3

Fixes

• emit --github-output group only for progress report itself [f01aed1]

v2.25.2

2.25.2

Fixes

Add github output group for progress report content

Maintenance

Bump Gomega

v2.25.1

2.25.1

Fixes

• fix(types): ignore nameless nodes on FullText() [10866d3]
• chore: fix some CodeQL warnings [2e42cff]

v2.25.0

2.25.0

AroundNode

This release introduces a new decorator to support more complex spec setup usecases.

AroundNode registers a function that runs before each individual node. This is considered a more advanced decorator.

Please read the docs for more information and some examples.

Allowed signatures:

• AroundNode(func()) - func will be called before the node is run.
• AroundNode(func(ctx context.Context) context.Context) - func can wrap the passed in context and return a new one which will be passed on to the node.
• AroundNode(func(ctx context.Context, body func(ctx context.Context))) - ctx is the context for the node and body is a function that must be called to run the node. This gives you complete control over what runs before and after the node.

Multiple AroundNode decorators can be applied to a single node and they will run in the order they are applied.

Unlike setup nodes like BeforeEach and DeferCleanup, AroundNode is guaranteed to run in the same goroutine as the decorated node. This is necessary when working with lower-level libraries that must run on a single thread (you can call runtime.LockOSThread() in the AroundNode to ensure that the node runs on a single thread).

Since AroundNode allows you to modify the context you can also use AroundNode to implement shared setup that attaches values to the context.

If applied to a container, AroundNode will run before every node in the container. Including setup nodes like BeforeEach and DeferCleanup.

AroundNode can also be applied to RunSpecs to run before every node in the suite. This opens up new mechanisms for instrumenting individual nodes across an entire suite.

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.25.3

Fixes

• emit --github-output group only for progress report itself [f01aed1]

2.25.2

Fixes

Add github output group for progress report content

Maintenance

Bump Gomega

2.25.1

Fixes

• fix(types): ignore nameless nodes on FullText() [10866d3]
• chore: fix some CodeQL warnings [2e42cff]

2.25.0

AroundNode

This release introduces a new decorator to support more complex spec setup usecases.

AroundNode registers a function that runs before each individual node. This is considered a more advanced decorator.

Please read the docs for more information and some examples.

Allowed signatures:

• AroundNode(func()) - func will be called before the node is run.
• AroundNode(func(ctx context.Context) context.Context) - func can wrap the passed in context and return a new one which will be passed on to the node.
• AroundNode(func(ctx context.Context, body func(ctx context.Context))) - ctx is the context for the node and body is a function that must be called to run the node. This gives you complete control over what runs before and after the node.

Multiple AroundNode decorators can be applied to a single node and they will run in the order they are applied.

Unlike setup nodes like BeforeEach and DeferCleanup, AroundNode is guaranteed to run in the same goroutine as the decorated node. This is necessary when working with lower-level libraries that must run on a single thread (you can call runtime.LockOSThread() in the AroundNode to ensure that the node runs on a single thread).

Since AroundNode allows you to modify the context you can also use AroundNode to implement shared setup that attaches values to the context.

If applied to a container, AroundNode will run before every node in the container. Including setup nodes like BeforeEach and DeferCleanup.

AroundNode can also be applied to RunSpecs to run before every node in the suite. This opens up new mechanisms for instrumenting individual nodes across an entire suite.

2.24.0

Features

... (truncated)

Commits

• ee2c0cd v2.25.3
• f01aed1 emit --github-output group only for progress report itself
• df6d755 v2.25.2
• 0ad3c4f bump gomega
• 83e2d4a add --github-output group for progress report content
• 1ec9114 v2.25.1
• 2e42cff chore: fix some CodeQL warnings
• 10866d3 fix(types): ignore nameless nodes on FullText()
• fcc0e74 v2.25.0
• 79e35c9 tidy up docs
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.36.3 to 1.38.2

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.38.2

1.38.2

• roll back to go 1.23.0 [c404969]

v1.38.1

1.38.1

Fixes

Numerous minor fixes and dependency bumps

v1.38.0

1.38.0

Features

• gstruct handles extra unexported fields [4ee7ed0]

Fixes

• support [] in IgnoringTopFunction function signatures (#851) [36bbf72]

Maintenance

• Bump golang.org/x/net from 0.40.0 to 0.41.0 (#846) [529d408]
• Fix typo [acd1f55]
• Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#835) [bae65a0]
• Bump nokogiri from 1.18.4 to 1.18.8 in /docs (#842) [8dda91f]
• Bump golang.org/x/net from 0.39.0 to 0.40.0 (#843) [212d812]
• Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#839) [59bd7f9]
• Bump nokogiri from 1.18.1 to 1.18.4 in /docs (#834) [328c729]
• Bump uri from 1.0.2 to 1.0.3 in /docs (#826) [9a798a1]
• Bump golang.org/x/net from 0.37.0 to 0.39.0 (#841) [04a72c6]

v1.37.0

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.38.2

• roll back to go 1.23.0 [c404969]

1.38.1

Fixes

Numerous minor fixes and dependency bumps

1.38.0

Features

• gstruct handles extra unexported fields [4ee7ed0]

Fixes

• support [] in IgnoringTopFunction function signatures (#851) [36bbf72]

Maintenance

• Bump golang.org/x/net from 0.40.0 to 0.41.0 (#846) [529d408]
• Fix typo [acd1f55]
• Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#835) [bae65a0]
• Bump nokogiri from 1.18.4 to 1.18.8 in /docs (#842) [8dda91f]
• Bump golang.org/x/net from 0.39.0 to 0.40.0 (#843) [212d812]
• Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#839) [59bd7f9]
• Bump nokogiri from 1.18.1 to 1.18.4 in /docs (#834) [328c729]
• Bump uri from 1.0.2 to 1.0.3 in /docs (#826) [9a798a1]
• Bump golang.org/x/net from 0.37.0 to 0.39.0 (#841) [04a72c6]

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

Commits

• 79b8a75 v1.38.2
• c404969 roll back to go 1.23.0
• c36e89a v1.38.1
• 92eaa57 go mod tidy
• b9ed3cd deprecate CompileTest*
• 2a5bf77 fix invalid fmt.Errorf
• 3e9e385 bump ginkgo
• 7f37abe Replace gopkg.in/yaml.v3 with go.yaml.in/yaml/v3
• 69e4761 fix(async_assertion): use correct error in errors.As
• 95737c0 Bump golang.org/x/net from 0.41.0 to 0.43.0 (#856)
• Additional commits viewable in compare view

Updates go.etcd.io/etcd/api/v3 from 3.5.20 to 3.5.22

Release notes

Sourced from go.etcd.io/etcd/api/v3's releases.

v3.5.22

Please check out CHANGELOG for a full list of changes. And make sure to read upgrade guide before upgrading etcd (there may be breaking changes).

For installation guides, please check out play.etcd.io and operating etcd. Latest support status for common architectures and operating systems can be found at supported platforms.

Linux

ETCD_VER=v3.5.22
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1 --no-same-owner
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
start a local etcd server
/tmp/etcd-download-test/etcd
write,read to etcd
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo

macOS (Darwin)

ETCD_VER=v3.5.22
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-darwin-amd64.zip -o /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
unzip /tmp/etcd-${ETCD_VER}-darwin-amd64.zip -d /tmp && rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
mv /tmp/etcd-${ETCD_VER}-darwin-amd64/* /tmp/etcd-download-test && rm -rf mv /tmp/etcd-${ETCD_VER}-darwin-amd64
</tr></table>

... (truncated)

Commits

• 7862c85 version: bump up to 3.5.22
• 37c44b0 Merge pull request #20380 from 4rivappa/add-20328-to-release-3.5
• fdd20ed ref: update help for --quota-backend-bytes
• a6ebeb0 Merge pull request #20366 from ahrtr/20250721_gitignore_3.5
• d512fe4 Add tools into .gitignore
• f8237ec Merge pull request #20367 from ahrtr/20250721_v2store_flaky_test_3.5
• 30e9581 Fix flaky TestCtlV2CustomContentWithAuthData
• 3df9b75 Merge pull request #20357 from ahrtr/20250718_custom_content_3.5
• 4ea36ac Fix v2store check returning wrong result even there isn't any auth data
• 13b8561 Add an e2e test to reproduce the custom content in v2store without auth data
• Additional commits viewable in compare view

Updates go.etcd.io/etcd/client/v3 from 3.5.20 to 3.5.22

Release notes

Sourced from go.etcd.io/etcd/client/v3's releases.

v3.5.22

Please check out CHANGELOG for a full list of changes. And make sure to read upgrade guide before upgrading etcd (there may be breaking changes).

For installation guides, please check out play.etcd.io and operating etcd. Latest support status for common architectures and operating systems can be found at supported platforms.

Linux

ETCD_VER=v3.5.22
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1 --no-same-owner
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
start a local etcd server
/tmp/etcd-download-test/etcd
write,read to etcd
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo

macOS (Darwin)

ETCD_VER=v3.5.22
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-darwin-amd64.zip -o /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
unzip /tmp/etcd-${ETCD_VER}-darwin-amd64.zip -d /tmp && rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
mv /tmp/etcd-${ETCD_VER}-darwin-amd64/* /tmp/etcd-download-test && rm -rf mv /tmp/etcd-${ETCD_VER}-darwin-amd64
</tr></table>

... (truncated)

Commits

• 7862c85 version: bump up to 3.5.22
• 37c44b0 Merge pull request #20380 from 4rivappa/add-20328-to-release-3.5
• fdd20ed ref: update help for --quota-backend-bytes
• a6ebeb0 Merge pull request #20366 from ahrtr/20250721_gitignore_3.5
• d512fe4 Add tools into .gitignore
• f8237ec Merge pull request #20367 from ahrtr/20250721_v2store_flaky_test_3.5
• 30e9581 Fix flaky TestCtlV2CustomContentWithAuthData
• 3df9b75 Merge pull request #20357 from ahrtr/20250718_custom_content_3.5
• 4ea36ac Fix v2store check returning wrong result even there isn't any auth data
• 13b8561 Add an e2e test to reproduce the custom content in v2store without auth data
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.67.3 to 1.71.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.71.1

Bug Fixes

• grpc: fix a bug causing an extra Read from the compressor if a compressed message is the same size as the limit. This could result in a panic with the built-in gzip compressor (#8178)
• xds: restore the behavior of reading the bootstrap config before creating the first xDS client instead of at package init time (#8164)
• stats/opentelemetry: use TextMapPropagator and TracerProvider from TraceOptions instead of OpenTelemetry globals (#8166)
• client: fix races when an http proxy is configured that could lead to deadlocks or panics (#8195)
• client: fix bug causing RPC failures with message "no children to pick from" when using a custom resolver that calls the deprecated NewAddress API (#8149)
• wrr: fix slow processing of address updates that could result in problems including RPC failures for servers with a large number of backends (#8179)

Release 1.71.0

API Changes

• balancer: Custom LB policies that record metrics must use the new MetricsRecorder method on Balancer.ClientConn instead of the removed Balancer.BuildOptions.MetricsRecorder field to obtain a metrics recorder. (#8027)
• balancer: balancer.ClientConn implementations must now embed a delegate implementation. This allows grpc-go to add new methods to the interface and remain backward compatible. (#8026)
• balancer/endpointsharding: The constructor accepts the child balancer's builder and a struct with optional configuration. (#8052)

New Features

• xds: Add support for dualstack via the additional_addresses field in the Endpoint resource. To disable this feature, set the environment variable GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS=false. (#8134)
• stats/opentelemetry: Add experimental support for OpenTelemetry tracing. (#7852)
• xds/internal/xdsclient: Add counter metrics for valid and invalid resource updates. (#8038)
• balancer/leastrequest, roundrobin: Add dualstack support. (#7969, #7966)
• balancer/endpointsharding: Balancers created with the new DisableAutoReconnect option will not attempt to call ExitIdle automatically on their children when the children report idle. (#8052)

Bug Fixes

• client: Fix support for proxies when using grpc.NewClient so the target is resolved by the proxy as expected. (#7881)
  • Added WithLocalDNSResolution() dial option to explicitly force target resolution on the client instead. (#7881)
• weightedtarget: Return erroring picker when no targets are configured. (#8070)
• xds: Fail RPCs with UNAVAILABLE when the EDS resource is missing or contains no endpoints (#8070)
• xdsclient: Fix a bug where connectivity failures were reported to resource watchers before trying all listed servers. (#8075)
• grpc: Fix the number of bytes reported in the error message when encoded messages are larger than 4GB. (#8033)
• xds: Fixed a bug preventing tests from creating multiple servers or channels with different bootstrap configs. (#8050)
• grpc: Fix message length checks when compression is enabled and maxReceiveMessageSize is MaxInt (#7918)
  • Special Thanks: @​vinothkumarr227

Documentation

• client: Improve documentation of grpc.NewClient and ClientConn.CanonicalTarget by providing examples. (#8078)
• examples/features/dualstack: New example demonstrating usage of endpoints and dualstack functionality. (#8098)

Release 1.70.0

Behavior Changes

• client: reject service configs containing an invalid retryPolicy in accordance with gRFCs A21 and A6. (#7905)
  • Note that this is a potential breaking change for some users using an invalid configuration, but continuing to allow this behavior would violate our cross-language compatibility requirements.

New Features

... (truncated)

Commits

• cdbdb75 Change version to v1.71.1 (#8206)
• 3a93562 Cherry-pick #8195 into v1.71.x (#8202)
• 208e03b Cherry-pick #8164 #8166 to v1.71.x (#8182)
• 8b7d2fe grpc: fix bug causing an extra Read if a compressed message is the same size ...
• 9c81a91 resolver: Make EndpointMap's Get, Set and Delete operations O(1) (#8179) (#8184)
• 8d46b21 grpc: Add endpoints in resolverWrapper.NewAddress (#8149) (#8151)
• 4775bba Change version to 1.71.1-dev (#8106)
• d01db5c Change version to 1.71.0 (#8105)
• 012f8bf xds: Enable dualstack flag (#8134)
• bf0c885 examples/features/dualstack: Demonstrate Dual Stack functionality (#8098) (#8...
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.5 to 1.36.7

Updates k8s.io/api from 0.32.3 to 0.32.9

Commits

• 9d55c1c Update dependencies to v0.32.9 tag
• See full diff in compare view

Updates k8s.io/apimachinery from 0.32.3 to 0.32.9

Commits

• See full diff in compare view

Updates k8s.io/apiserver from 0.32.3 to 0.32.9

Commits

• e0a49f3 Update dependencies to v0.32.9 tag
• 1ea4fbd Merge pull request #130773JoelSpeed/automated-cherry-pick-of-#130450
• 2b3ba41 Merge pull request #131159wojtek-t/automated-cherry-pick-of-#131020
• b90acb6 Fix race for sending errors in watch
• 1e00f2c Fix implementation of ContainsCIDR to allow non-equal addresses
• See full diff in compare view

Updates k8s.io/client-go from 0.32.3 to 0.32.9

Commits

• 5f44449 Update dependencies to v0.32.9 tag
• See full diff in compare view

Updates sigs.k8s.io/cluster-api from 1.10.1 to 1.10.6

Release notes

Sourced from sigs.k8s.io/cluster-api's releases.

v1.10.6

👌 Kubernetes version support

• Management Cluster: v1.28.x -> v1.33.x
• Workload Cluster: v1.26.x -> v1.33.x

More information about version support can be found here

Changes since v1.10.5

📈 Overview

• 1 new commit merged

🌱 Others

• Dependency: Bump github.com/go-viper/mapstructure/v2 to fix CVE (#12681)

Dependencies

Added

Nothing has changed.

Changed

• github.com/go-viper/mapstructure/v2: v2.3.0 → v2.4.0

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.10.5

👌 Kubernetes version support

• Management Cluster: v1.28.x -> v1.33.x
• Workload Cluster: v1.26.x -> v1.33.x

More information about version support can be found here

Changes since v1.10.4

📈 Overview

• 6 new commits merged
• 2 feature additions ✨
• 1 bug fixed 🐛

✨ New Features

• KCP: Bump corefile-migration to v1.0.27 (#12637)
• Runtime SDK: Add mTLS support to runtime extension server and client (#12519)

🐛 Bug Fixes

• MachineDeployment: Fix second rolling update for MD rolloutAfter (#12555)

🌱 Others

... (truncated)

Commits

• c378518 Merge pull request #12681 from sbueringer/pr-fix-cve-1.10-map
• a18dc3a Bump github.com/go-viper/mapstructure/v2 to fix CVE
• df6c089 Merge pull request #12637 from sbueringer/pr-bump-corefile-1.0.27-1.10
• a64b1b4 Bump corefile-migration to v1.0.27
• dd60425 Merge pull request #12612 from mboersma/bump-go-release-1.10
• f0479a2 Bump Go to v1.23.12
• 68fa7f4 Merge pull request #12566 from k8s-infra-cherrypick-robot/cherry-pick-12496-t...
• b99c488 Skipping test that is failing because of infra issues.
• 0d01d58 Merge pull request #12555 from k8s-infra-cherrypick-robot/cherry-pick-12261-t...
• 4a16622 Fix second rolling update for MD rolloutAfter
• Additional commits viewable in compare view

Updates sigs.k8s.io/cluster-api/test from 1.10.1 to 1.10.6

Release notes

Sourced from sigs.k8s.io/cluster-api/test's releases.

v1.10.6

👌 Kubernetes version support

• Management Cluster: v1.28.x -> v1.33.x
• Workload Cluster: v1.26.x -> v1.33.x

More information about version support can be found here

Changes since v1.10.5

📈 Overview

• 1 new commit merged

🌱 Others

• Dependency: Bump github.com/go-viper/mapstructure/v2 to fix CVE (#12681)

Dependencies

Added

Nothing has changed.

Changed

• github.com/go-viper/mapstructure/v2: v2.3.0 → v2.4.0

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.10.5

👌 Kubernetes version support

• Management Cluster: v1.28.x -> v1.33.x
• Workload Cluster: v1.26.x -> v1.33.x

More information about version support can be found here

Changes since v1.10.4

📈 Overview

• 6 new commits merged
• 2 feature additions ✨
• 1 bug fixed 🐛

✨ New Features

• KCP: Bump corefile-migration to v1.0.27 (#12637)
• Runtime SDK: Add mTLS support to runtime extension server and client (#12519)

🐛 Bug Fixes

• MachineDeployment: Fix second rolling update for MD rolloutAfter (#12555)

🌱 Others

... (truncated)

Commits

• c378518 Merge pull request #12681 from sbueringer/pr-fix-cve-1.10-map
• a18dc3a Bump github.com/go-viper/mapstructure/v2 to fix CVE
• df6c089 Merge pull request #12637 from sbueringer/pr-bump-corefile-1.0.27-1.10
• a64b1b4 Bump corefile-migration to v1.0.27
• dd60425 Merge pull request #12612 from mboersma/bump-go-release-1.10
• f0479a2 Bump Go to v1.23.12
• 68fa7f4 Merge pull request #12566 from k8s-infra-cherrypick-robot/cherry-pick-12496-t...
• b99c488 Skipping test that is failing because of infra issues.
• 0d01d58 Merge pull request #12555 from k8s-infra-cherrypick-robot/cherry-pick-12261-t...
• 4a16622 Fix second rolling update for MD rolloutAfter
• Additional commits viewable in compare view

Updates sigs.k8s.io/yaml from 1.4.0 to 1.6.0

Release notes

Sourced from sigs.k8s.io/yaml's releases.

v1.6.0

What's Changed

• Add "kyaml" support and yamlfmt by @​thockin in kubernetes-sigs/yaml#132

v1.5.0

• Bugfix: Handle unhashable keys during merge (kubernetes-sigs/yaml#122)
• Improvement: wrap errors returned by JSON unmarshal (kubernetes-sigs/yaml#106)
• Deprecation: Deprecate code in goyaml.v2 and goyaml.v3 directories, and redirect to equivalents in go.yaml.in/yaml/v2 and go.yaml.in/yaml/v3 (kubernetes-sigs/yaml#133)

Full Changelog: kubernetes-sigs/yaml@v1.4.0...v1.5.0

Commits

• 048d724 Merge pull request #132 from thockin/master
• 23c836c Bolster tests, mostly in error-handling
• 2e3340b Add compact output tests
• 4a4f539 Add test case for tabs in multi-line strings
• 13509ad Change which methods get a newline and fix tests
• 59c2c43 Add compact mode so KYAML can be used in more places
• abc1add kyaml: Implement escaping closer to YAML spec
• 7749171 Add a yamlfmt cmd
• a932007 Add KYAML support
• 0f318dc Merge pull request #134 from kubernetes-sigs/forgot-to-add-redirects-for-cons...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions