Bump the golang group across 1 directory with 22 updates

[dependabot]

Bumps the golang group with 13 updates in the / directory:

Package	From	To
github.com/cert-manager/cert-manager	1.16.2	1.17.0
github.com/vmware-tanzu/velero	1.15.1	1.15.2
golang.org/x/mod	0.22.0	0.23.0
k8s.io/api	0.32.0	0.32.1
k8s.io/apiextensions-apiserver	0.32.0	0.32.1
sigs.k8s.io/controller-runtime	0.19.4	0.20.1
github.com/evanphx/json-patch/v5	5.9.0	5.9.11
github.com/prometheus/common	0.61.0	0.62.0
github.com/spf13/pflag	1.0.5	1.0.6
golang.org/x/oauth2	0.24.0	0.26.0
golang.org/x/sys	0.29.0	0.30.0
golang.org/x/term	0.28.0	0.29.0
golang.org/x/text	0.21.0	0.22.0

Updates github.com/cert-manager/cert-manager from 1.16.2 to 1.17.0

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.17.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.17.0 is a feature release with several improvements, including:

• A helpful compliance change to RSA signatures on certificates
• An easier way to specify passwords for PKCS#12 and JKS keystores
• A few feature flag promotions (and a deprecation)
• Dependency bumps and other smaller improvements

Major Themes

RSA Certificate Compliance

The United States Department of Defense published a memo in 2022 which introduced some requirements on the kinds of cryptography they require to be supported in software they use.

In effect, the memo requires that software be able to support larger RSA keys (3072-bit and 4096-bit) and hashing algorithms (SHA-384 at a minimum).

cert-manager supported large RSA keys long before the memo was published, but a quirk in implementation meant that cert-manager always used SHA-256 when signing with RSA.

In v1.17.0, cert-manager will choose a hash algorithm based on the RSA key length: 3072-bit keys will use SHA-384, and 4096-bit keys will use SHA-512. This matches similar behavior already present for ECDSA signatures.

Our expectation is that this change will have minimal impact beyond a slight increase to security and better compliance; we're not aware of Kubernetes based environments which support RSA 2048 with SHA-256 but fail with RSA 4096 and SHA-512. However, if you're using larger RSA keys, you should be aware of the change.

Easier Keystore Passwords for PKCS#12 and JKS

Specifying passwords on PKCS#12 and JKS keystores is supported in cert-manager for compatibility reasons with software which expects or requires passwords to be set; however, these passwords are not relevant to security and never have been in cert-manager.

The initial implementation of the keystores feature required these "passwords" to be stored in a Kubernetes secret, which would then be read by cert-manager when creating the keystore after a certificate was issued. This is cumbersome, especially when many passwords are set to default values such as changeit or password.

In cert-manager v1.17, it's now possible to set a keystore password using a literal string value inside the Certificate resource itself, making this process much easier with no change to security.

For example:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: my-cert-password
spec:
  secretName: my-cert-password
  issuerRef:
    name: my-issuer
    kind: ClusterIssuer
  keystores:
    jks:
      create: true
      password: "abc123"
    pkcs12:
</tr></table> 

... (truncated)

Commits

• 4562b9a Merge pull request #6657 from rquinio1A/feature/keystore-password-litteral
• c6f3f0c Merge pull request #7527 from SgtCoDFish/upgrade-test-tweaks
• 40cd2a0 Add support for setting literal keystore passwords in Certificates
• 1747743 Merge pull request #7530 from SgtCoDFish/dns-test-integration
• 8233733 split tests using 'live' DNS into separate package
• 5e5ad2f Merge pull request #7529 from SgtCoDFish/bump-base
• a522470 Merge pull request #7428 from jsoref/shorten-skipping-controller-messages
• 2154402 bump base images to latest
• 637eab3 Simplify skipping controller messages
• c003da2 Merge pull request #7428 from jsoref/shorten-skipping-controller-messages
• Additional commits viewable in compare view

Updates github.com/vmware-tanzu/velero from 1.15.1 to 1.15.2

Release notes

Sourced from github.com/vmware-tanzu/velero's releases.

v1.15.2

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.15.2

Container Image

velero/velero:v1.15.2

Documentation

https://velero.io/docs/v1.15/

Upgrading

https://velero.io/docs/v1.15/upgrade-to-1.15/

All Changes

• fix(pkg/repository/maintenance): don't panic when there's no container statuses (#8568, @​mcluseau)
• Don't include excluded items in ItemBlocks (#8585, @​kaovilai)
• Check the PVB status via podvolume Backupper rather than calling API server to avoid API server issue (#8596, @​ywk253100)

v1.15.2-rc.1

v1.15.2

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.15.2-rc.1

Container Image

velero/velero:v1.15.2-rc.1

Documentation

https://velero.io/docs/v1.15/

Upgrading

https://velero.io/docs/v1.15/upgrade-to-1.15/

All Changes

• fix(pkg/repository/maintenance): don't panic when there's no container statuses (#8568, @​mcluseau)
• Don't include excluded items in ItemBlocks (#8585, @​kaovilai)
• Check the PVB status via podvolume Backupper rather than calling API server to avoid API server issue (#8596, @​ywk253100)

Commits

• 804d73c Merge pull request #8601 from Lyndon-Li/release-1.15
• 3d3de7f 1.15.2 change-log
• d2f6c18 Merge pull request #8596 from ywk253100/20250109_pvb
• 25b5c44 Check the PVB status via podvolume Backupper rather than calling API server t...
• 7db8761 Merge pull request #8586 from Lyndon-Li/release-1.15
• b88b543 1.15.2 change-log
• 9068c90 Merge pull request #8585 from kaovilai/expvsFromBackupr1.15
• d5ef00a Don't include excluded items in ItemBlocks
• 674e397 Merge pull request #8570 from Lyndon-Li/release-1.15
• 1a36d22 1.15.2 changelog
• Additional commits viewable in compare view

Updates golang.org/x/mod from 0.22.0 to 0.23.0

Commits

• 52289f1 modfile: fix trailing empty lines in require blocks
• See full diff in compare view

Updates k8s.io/api from 0.32.0 to 0.32.1

Commits

• bc0564c Update dependencies to v0.32.1 tag
• 25d8df3 Merge pull request #129544pohly/automated-cherry-pick-of-#129543
• 5b9e013 DRA API: bump maximum size of ReservedFor to 256
• See full diff in compare view

Updates k8s.io/apiextensions-apiserver from 0.32.0 to 0.32.1

Commits

• ab6ba90 Update dependencies to v0.32.1 tag
• See full diff in compare view

Updates k8s.io/apimachinery from 0.32.0 to 0.32.1

Commits

• See full diff in compare view

Updates k8s.io/client-go from 0.32.0 to 0.32.1

Commits

• 9d43434 Update dependencies to v0.32.1 tag
• See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.20.1

What's Changed

• 🐛 Check to see if custom source implements fmt.Stringer when logging by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3077
• 🐛 cache: clone maps to prevent data race when concurrently creating caches using the same options by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3079
• 🐛 support WaitForSync in custom TypedSyncingSource by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3086
• 🌱 Add debug logging for the state of the priority queue by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3088
• 🐛 Priorityqueue: Yet another queue_depth metric fix by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3089

Full Changelog: kubernetes-sigs/controller-runtime@v0.20.0...v0.20.1

v0.20.0

Highlights

• Based on k8s.io/* v1.32 libraries and minimum Go version is now v1.23
• New experimental priority queue feature
  • More details in #3013 and #2374
  • Can be enabled via manager.Options.Controller.UsePriorityQueue
  • Please give it a try and provide feedback in #2374
• AggregatedDiscovery is automatically used when available (#2901)
• As usual, many improvements to the fake client

Changes since v0.19.0

⚠️ Breaking Changes

• Bump to k8s.io/* v1.32 libraries (#2971 #2990 #3001 #3007 #3029 #3043)
• logging: Stop deduplicating API warnings by default (#2953)
• webhook: Stop deleting unknown fields in CustomDefaulter (#2982 #3056)
• webhook: Remove deprecated Defaulter and Validator (#2877 #2945)
• cluster: Remove deprecated SyncPeriod option (#2970)

✨ New Features

• cache: Add EnableWatchBookmarks option (defaults to true) (#3017)
• cache: Export NewInformer option (#3061)
• cert-watcher: Add polling (#3020 #3050)
• controller: Add experimental priority queue (off per default) (#3013 #3014 #3060 #3066)
• fake client: Allow adding indexes at runtime (#3021)
• fake client: Add support for ServiceAccountToken subresource (#2969)
• restmapper: Use AggregatedDiscovery if available (#2901)
• util: Add HasOwnerReference func (#2882)
• webhook: Add custom path option (#2998)

🐛 Bug Fixes

• controller: Error when source.Start() never returns (#2997 #3006 #3008)
• fake client: Don't return items on invalid selector (#3022)
• fake client: Fix TOCTOU races (#2980)
• fake client: Preserve TypeMeta during Get call with PartialObjectMeta (#2949)

... (truncated)

Commits

• 626b2f3 Merge pull request #3089 from k8s-infra-cherrypick-robot/cherry-pick-3085-to-...
• 64cb665 bug: Priorityqueue: Yet another queue_depth metric fix
• 791b6c9 Merge pull request #3088 from k8s-infra-cherrypick-robot/cherry-pick-3075-to-...
• 99a4044 🌱 Add debug logging for the state of the priority queue
• f33705e [release-0.20] 🐛fix(controller): support WaitForSync in custom TypedSyncingSo...
• 571c31a Merge pull request #3079 from k8s-infra-cherrypick-robot/cherry-pick-3078-to-...
• 8d66e89 cache: clone maps to prevent data race when concurrently creating caches usin...
• aa3f342 [release-0.20] 🐛 Check to see if custom source implements fmt.Stringer when l...
• 8f7e114 Merge pull request #3074 from sbueringer/pr-fix-fake-list
• 3b23354 fake client: preserve TypeMeta during List call with UnstructuredList
• Additional commits viewable in compare view

Updates github.com/evanphx/json-patch/v5 from 5.9.0 to 5.9.11

Release notes

Sourced from github.com/evanphx/json-patch/v5's releases.

v5.9.11

What's Changed

• Export errBadJSONDoc and errBadJSONPatch errors by @​skitt in evanphx/json-patch#209

Full Changelog: evanphx/json-patch@v5.9.10...v5.9.11

v5.9.10

What's Changed

• Drop the reference to gopkg.in for v5 by @​skitt in evanphx/json-patch#203
• remove unmaintained errors pkg(github.com/pkg/errors) by @​koba1t in evanphx/json-patch#206

New Contributors

• @​skitt made their first contribution in evanphx/json-patch#203
• @​koba1t made their first contribution in evanphx/json-patch#206

Full Changelog: evanphx/json-patch@v5.9.0...v5.9.10

Commits

• 84a4bb1 Merge pull request #209 from skitt/export-errs-v5
• 7a7a88a Export errBadJSONDoc and errBadJSONPatch errors
• bd18525 Upgrade go-flags
• 42f26cb Fix spacing
• 0a3482b Merge pull request #206 from koba1t/remove_unmaintained_error_pkg
• 106306d remove unmaintained errors pkg
• e7cfbbb Merge pull request #203 from skitt/drop-gopkgin-v5
• 61e1ad7 Drop the reference to gopkg.in for v5
• See full diff in compare view

Updates github.com/klauspost/compress from 1.17.9 to 1.17.11

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.11

What's Changed

• zstd: Fix extra CRC written with multiple Close calls by @​klauspost in klauspost/compress#1017
• s2: Don't use stack for index tables by @​klauspost in klauspost/compress#1014
• gzhttp: No content-type on no body response code by @​juliens in klauspost/compress#1011
• gzhttp: Do not set the content-type when response has no body by @​kevinpollet in klauspost/compress#1013

New Contributors

• @​juliens made their first contribution in klauspost/compress#1011
• @​kevinpollet made their first contribution in klauspost/compress#1013

Full Changelog: klauspost/compress@v1.17.10...v1.17.11

v1.17.10

What's Changed

• gzhttp: Add TransportAlwaysDecompress option. by @​klauspost in klauspost/compress#978
• s2: Add EncodeBuffer buffer recycling callback by @​klauspost in klauspost/compress#982
• zstd: Improve memory usage on small streaming encodes by @​klauspost in klauspost/compress#1007
• gzhttp: Add supported decompress request body by @​mirecl in klauspost/compress#1002
• flate: read data written with partial flush by @​vajexal in klauspost/compress#996
• ci: Upgrade Go & other by @​klauspost in klauspost/compress#1008
• docs: Small typofix in comment by @​Jille in klauspost/compress#976
• build(deps): bump the github-actions group with 2 updates by @​dependabot in klauspost/compress#979
• docs: Fix URL typo when installing builddict by @​Wikidepia in klauspost/compress#980
• build(deps): bump the github-actions group with 2 updates by @​dependabot in klauspost/compress#985
• Fix typos by @​deining in klauspost/compress#986
• build(deps): bump github/codeql-action from 3.25.15 to 3.26.6 in the github-actions group by @​dependabot in klauspost/compress#997

New Contributors

• @​Wikidepia made their first contribution in klauspost/compress#980
• @​deining made their first contribution in klauspost/compress#986
• @​vajexal made their first contribution in klauspost/compress#996
• @​mirecl made their first contribution in klauspost/compress#1002

Full Changelog: klauspost/compress@v1.17.9...v1.17.10

Commits

• 72cd4a9 zstd: Fix extra CRC written with multiple Close calls (#1017)
• dbd6c38 s2: Don't use stack for index tables (#1014)
• f73ab1e Do not set the content-type when response has no body (#1013)
• f2a4f25 build(deps): bump github/codeql-action in the github-actions group (#1012)
• 8e14b1b No content-type on no body response code (#1011)
• 13a1ce6 ci: Match goreleaser version (#1009)
• 6c5a195 Update README.md
• 2a46d6b Update README.md
• 4dafca9 ci: Upgrade Go & other (#1008)
• 26519f8 zstd: Improve memory usage on small streaming encodes (#1007)
• Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.20.4 to 1.20.5

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.20.5 / 2024-10-15

We decided to revert the testutil change that made our util functions less error-prone, but created a lot of work for our downstream users. Apologies for the pain! This revert should not cause any major breaking change, even if you already did the work--unless you depend on the exact error message.

Going forward, we plan to reinforce our release testing strategy [1],[2] and deliver an enhanced testutil package/module with more flexible and safer APIs.

Thanks to @​dashpole @​dgrisonnet @​kakkoyun @​ArthurSens @​vesari @​logicalhan @​krajorama @​bwplotka who helped in this patch release! 🤗

Changelog

[BUGFIX] testutil: Reverted #1424; functions using compareMetricFamilies are (again) only failing if filtered metricNames are in the expected input. #1645

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.20.5 / 2024-10-15

• [BUGFIX] testutil: Reverted #1424; functions using compareMetricFamilies are (again) only failing if filtered metricNames are in the expected input.

Commits

• 48e12a1 Merge pull request #1645 from prometheus/cut-1204-pr1424
• 504ad9b Cut 1.20.5; update comments.
• 584a7ce Revert "testutil compareMetricFamilies: make less error-prone (#1424)"
• See full diff in compare view

Updates github.com/prometheus/common from 0.61.0 to 0.62.0

Release notes

Sourced from github.com/prometheus/common's releases.

v0.62.0

⚠️ This releases switches internal global to UTF8Validation from LegacyValidation. This is a breaking change, relaxing the validation. We don't intend to add more schemas and we have to have a global for unmarshalling interfaces, thus the change was made ⚠️

What's Changed

• Change default validation scheme to UTF8Validation by @​ywwg in prometheus/common#724
• Remove deprecated promlog package by @​SuperQ in prometheus/common#738
• Remove deprecated sigv4 module by @​SuperQ in prometheus/common#737
• update links to openmetrics to reference the v1.0.0 release by @​dashpole in prometheus/common#740
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#742
• Bump google.golang.org/protobuf from 1.35.2 to 1.36.1 by @​dependabot in prometheus/common#744
• Bump golang.org/x/net from 0.32.0 to 0.33.0 by @​dependabot in prometheus/common#743
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#747
• http_config: Allow customizing TLS config and settings. by @​bwplotka in prometheus/common#748

New Contributors

• @​dashpole made their first contribution in prometheus/common#740

Full Changelog: prometheus/common@v0.61.0...v0.62.0

Commits

• 280b0e7 http_config: Allow customizing TLS config and settings. (#748)
• aea8919 Update common Prometheus files (#747)
• 8d916fa Bump golang.org/x/net from 0.32.0 to 0.33.0 (#743)
• fe88605 Bump google.golang.org/protobuf from 1.35.2 to 1.36.1 (#744)
• 5d9961d Update common Prometheus files (#742)
• 0a89b98 Merge pull request #740 from dashpole/update_om_links
• e3926e2 update links to openmetrics to reference the v1.0.0 release
• d88ee1f Remove deprecated sigv4 module (#737)
• c3fdb17 Remove deprecated promlog package (#738)
• cf5f48f Change default validation scheme to UTF8Validation (#724)
• See full diff in compare view

Updates github.com/spf13/pflag from 1.0.5 to 1.0.6

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.6

What's Changed

• Add exported functions to preserve pkg/flag compatibility by @​mckern in spf13/pflag#220
• remove dead code for checking error nil by @​yashbhutwala in spf13/pflag#282
• Add IPNetSlice and unit tests by @​rpothier in spf13/pflag#170
• allow for blank ip addresses by @​duhruh in spf13/pflag#316
• add github actions by @​sagikazarmark in spf13/pflag#419

New Contributors

• @​mckern made their first contribution in spf13/pflag#220
• @​yashbhutwala made their first contribution in spf13/pflag#282
• @​rpothier made their first contribution in spf13/pflag#170
• @​duhruh made their first contribution in spf13/pflag#316
• @​sagikazarmark made their first contribution in spf13/pflag#419

Full Changelog: spf13/pflag@v1.0.5...v1.0.6

Commits

• 5ca8134 Merge pull request #419 from spf13/ci
• 100ab0e disable unsupported dependency graph for now
• a0f4ddd fix govet
• f48cbd1 add github actions
• d5e0c06 allow for blank ip addresses (#316)
• 85dd5c8 Add IPNetSlice and unit tests (#170)
• 6971c29 remove dead code for checking error nil (#282)
• 81378bb Add exported functions to preserve pkg/flag compatibility (#220)
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.24.0 to 0.26.0

Commits

• b9c813b google: add warning about externally-provided credentials
• 49a531d all: make method and struct comments match the names
• See full diff in compare view

Updates golang.org/x/sys from 0.29.0 to 0.30.0

Commits

• 863b3c4 unix: update glibc to 2.41
• 4d4692e unix: add Auxv
• b215a1c unix: update to Linux kernel 6.13
• c756214 cpu: add support for AVX-VNNI and IFMA detection
• 1c14dca unix: add GetPeerUcred and UcredGet for solaris
• See full diff in compare view

Updates golang.org/x/term from 0.28.0 to 0.29.0

Commits

• 743b270 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates golang.org/x/text from 0.21.0 to 0.22.0

Commits

• 3b64043 go.mod: update golang.org/x dependencies
• 1e59086 message/pipeline: add two Unalias calls
• See full diff in compare view

Updates golang.org/x/time from 0.7.0 to 0.8.0

Commits

• 3846194 README: don't recommend go get
• See full diff in compare view

Updates google.golang.org/protobuf from 1.35.2 to 1.36.1

Updates k8s.io/kube-openapi from 0.0.0-20241105132330-32ad38e42d3f to 0.0.0-20241212222426-2c72e554b1e7

Commits

• See full diff in compare view

Updates k8s.io/utils from 0.0.0-20241104100929-3ea5e8cea738 to 0.0.0-20241210054802-24370beab758

Commits

• See full diff in compare view

Updates sigs.k8s.io/json from 0.0.0-20241010143419-9aa6b5e7a4b3 to 0.0.0-20241014173422-cfa47c3a1cc8

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions