Skip to content

chore: bump the kubernetes group across 1 directory with 13 updates#1286

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/kubernetes-1424054e09
Open

chore: bump the kubernetes group across 1 directory with 13 updates#1286
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/kubernetes-1424054e09

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps the kubernetes group with 7 updates in the / directory:

Package From To
k8s.io/api 0.34.1 0.35.3
k8s.io/apiextensions-apiserver 0.34.1 0.35.3
k8s.io/component-helpers 0.32.3 0.35.3
k8s.io/klog/v2 2.130.1 2.140.0
k8s.io/kubectl 0.32.3 0.35.3
sigs.k8s.io/cloud-provider-azure 1.32.4 1.35.3
sigs.k8s.io/cluster-inventory-api 0.0.0-20251028164203-2e3fabb46733 0.1.0

Updates k8s.io/api from 0.34.1 to 0.35.3

Commits
  • 3897036 Update dependencies to v0.35.3 tag
  • bbcbaa8 Merge remote-tracking branch 'origin/master' into release-1.35
  • 5bced61 Bump golang.org/x/crypto to v0.45.0
  • 39e2e26 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • c22b4a1 vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • e3b1f3d Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 3da327c Update vendored dependencies
  • c764b44 Merge pull request #132919 from ndixita/pod-level-in-place-pod-resize
  • aced136 Generated files from API changes
  • 02d790d Adding Resources and AllocatedResoures fields to the list of expected fields ...
  • Additional commits viewable in compare view

Updates k8s.io/apiextensions-apiserver from 0.34.1 to 0.35.3

Commits

Updates k8s.io/apimachinery from 0.34.1 to 0.35.3

Commits
  • 72d71ea Merge remote-tracking branch 'origin/master' into release-1.35
  • e2a2dbc Bump golang.org/x/crypto to v0.45.0
  • 2e9c228 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • f274aac vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • 9445443 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 52154f7 Update vendored dependencies
  • 5a348c5 KEP-5471: Extend tolerations operators (#134665)
  • 6f89492 Merge pull request #133648 from richabanker/merged-discovery
  • c77dde2 util/sort: Add MergePreservingRelativeOrder for topological sorting
  • 729c13d Merge pull request #134624 from yt2985/podcertificates-beta
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.34.1 to 0.35.3

Commits
  • 4f1f0a2 Update dependencies to v0.35.3 tag
  • f80003c Merge pull request #136903pohly/automated-cherry-pick-of-#136455
  • 8b41556 fake client-go: un-deprecate NewSimpleClientset
  • 2d83546 Merge remote-tracking branch 'origin/master' into release-1.35
  • 56b4af2 Merge pull request #135591 from p0lyn0mial/upstream-watchlist-reflector-log-f...
  • 891f94c Merge remote-tracking branch 'origin/master' into release-1.35
  • 65ffe04 Merge pull request #135580 from serathius/client-go-transformer
  • 2fe4ac2 downgrade reflector watchlist fallback log to V(4)
  • 97256a6 Bump golang.org/x/crypto to v0.45.0
  • 46360b5 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • Additional commits viewable in compare view

Updates k8s.io/component-helpers from 0.32.3 to 0.35.3

Commits
  • 2ef9e28 Update dependencies to v0.35.3 tag
  • 8313d23 Merge remote-tracking branch 'origin/master' into release-1.35
  • 8aa03b8 Bump golang.org/x/crypto to v0.45.0
  • 165c29d Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • b6e62f7 vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • be0fff2 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 0907aec Merge pull request #132919 from ndixita/pod-level-in-place-pod-resize
  • d433219 Update vendored dependencies
  • 723ce89 Add InPlacePodLevelResourcesVerticalScaling declared feature.
  • 8ee2417 Scheduler changes to support pod level resources in place resize
  • Additional commits viewable in compare view

Updates k8s.io/klog/v2 from 2.130.1 to 2.140.0

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.36

What's Changed

New Contributors

Full Changelog: kubernetes/klog@v2.130.1...v2.140.0

Commits
  • ef4b370 Merge pull request #432 from pierluigilenoci/fix/stderr-threshold-issue-212
  • 39c4c76 refactor: address code review feedback from @​pohly
  • 764a9a3 Merge pull request #430 from pohly/textlogger-optional-header
  • 015c613 Update stderr_threshold_test.go
  • 2f517bd Update klog.go
  • 36bc4ff textlogger: optionally turn off header
  • 5f1f303 Merge pull request #433 from pohly/textlogger-hook-result
  • c469d41 Merge pull request #431 from pohly/ktesting-vmodule-fix
  • 8509d6a ktesting: support multi-line result from AnyToStringHook
  • 08e6e8b Fix stderrthreshold not honored when logtostderr is set
  • Additional commits viewable in compare view

Updates k8s.io/kubectl from 0.32.3 to 0.35.3

Commits

Updates k8s.io/metrics from 0.32.3 to 0.35.3

Commits
  • c829c22 Update dependencies to v0.35.3 tag
  • e8c30d2 Merge pull request #136903pohly/automated-cherry-pick-of-#136455
  • 27871bd fake client-go: un-deprecate NewSimpleClientset
  • 9ff3c80 Merge remote-tracking branch 'origin/master' into release-1.35
  • 711cdf8 Bump golang.org/x/crypto to v0.45.0
  • 62f5f19 vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • 1eaa782 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • de20cf4 Update vendored dependencies
  • c68b494 Merge pull request #134881 from pohly/e2e-slow-priority
  • d228023 dependencies: ginkgo v2.27.2, gomega v1.38.2
  • Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20251002143259-bc988d571ff4

Commits

Updates sigs.k8s.io/cloud-provider-azure from 1.32.4 to 1.35.3

Release notes

Sourced from sigs.k8s.io/cloud-provider-azure's releases.

v1.35.3

Full Changelog: v1.35.2..v1.35.3

Changes by Kind

Feature

  • The build system now auto-detects and supports podman as the container CLI. When podman is available it is used for image build, push, and manifest operations. Set CONTAINER_CLI=docker to force docker usage. (#10108, @​nilo19)
  • The build system now auto-detects and supports podman as the container CLI. When podman is available it is used for image build, push, and manifest operations. Set CONTAINER_CLI=docker to force docker usage. (#10112, @​nilo19)

Dependencies

Added

Nothing has changed.

Changed

  • cel.dev/expr: v0.24.0 → v0.25.1
  • cloud.google.com/go/compute/metadata: v0.7.0 → v0.9.0
  • github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.29.0 → v1.30.0
  • github.com/cncf/xds/go: 2ac532f → ee656c7
  • github.com/envoyproxy/go-control-plane/envoy: v1.32.4 → v1.36.0
  • github.com/envoyproxy/go-control-plane: v0.13.4 → v0.14.0
  • github.com/envoyproxy/protoc-gen-validate: v1.2.1 → v1.3.0
  • github.com/go-jose/go-jose/v4: v4.1.1 → v4.1.3
  • github.com/spiffe/go-spiffe/v2: v2.5.0 → v2.6.0
  • go.opentelemetry.io/contrib/detectors/gcp: v1.36.0 → v1.39.0
  • go.opentelemetry.io/otel/metric: v1.39.0 → v1.40.0
  • go.opentelemetry.io/otel/sdk/metric: v1.39.0 → v1.40.0
  • go.opentelemetry.io/otel/sdk: v1.39.0 → v1.40.0
  • go.opentelemetry.io/otel/trace: v1.39.0 → v1.40.0
  • go.opentelemetry.io/otel: v1.39.0 → v1.40.0
  • golang.org/x/oauth2: v0.32.0 → v0.34.0
  • golang.org/x/sys: v0.39.0 → v0.40.0
  • google.golang.org/genproto/googleapis/api: ef028d9 → ff82c1b
  • google.golang.org/genproto/googleapis/rpc: ef028d9 → ff82c1b
  • google.golang.org/grpc: v1.75.0 → v1.79.3

Removed

  • github.com/zeebo/errs: v1.4.0

v1.35.2

Full Changelog: v1.35.1..v1.35.2

Changes by Kind

Feature

  • ACR credential provider now supports KSA-based authentication with identity bindings. Configure via: --ib-sni-name, --ib-apiserver-ip, --ib-default-client-id, --ib-default-tenant-id. (#10046, @​qweeah)

Dependencies

... (truncated)

Commits
  • 35e7a85 Merge pull request #10116 from nilo19/cve-fix-release-1.35
  • 17f097d revert: remove accidentally added .go-version file
  • be6350e build(deps): bump the all group with 2 updates (#10123)
  • 1dad854 fix: bump grpc to v1.79.3 and otel/sdk to v1.40.0 to fix CVEs
  • 9cde86a Merge pull request #10112 from nilo19/cherry-pick-10108-to-release-1.35
  • bf9dd0d Merge pull request #10108 from nilo19/feat/podman-support
  • 0be8f9a Merge pull request #10106 from nilo19/cherry-pick-10102-to-release-1.35
  • cbc18f3 Merge pull request #10102 from nilo19/refactor/release-skill-local-draft
  • dbfd018 Merge pull request #10097 from nilo19/cherry-pick-10089-to-release-1.35
  • 031c75a Merge pull request #10089 from nilo19/cherry-pick-skill
  • Additional commits viewable in compare view

Updates sigs.k8s.io/cloud-provider-azure/pkg/azclient from 0.5.20 to 0.13.0

Commits
  • bf70d43 build(deps): bump the all group in /pkg/azclient with 7 updates (#9756)
  • f84edf1 build(deps): bump the all group (#9755)
  • 06b12e3 build(deps): bump the all group in /pkg/azclient/trace with 2 updates (#9754)
  • 91417ab build(deps): bump the all group in /pkg/azclient/cache with 2 updates (#9759)
  • aafaa84 build(deps): bump k8s.io/apimachinery in /kubetest2-aks in the all group (#9753)
  • e7d42b4 Merge pull request #9750 from kubernetes-sigs/revert-9748-feat/auto-bump-module
  • 42258cf Revert "feat: auto update go module drifts"
  • 114a3c6 Merge pull request #9748 from nilo19/feat/auto-bump-module
  • b421a08 feat: auto update go module drifts
  • 765f435 build(deps): bump oss/go/microsoft/golang in the all group (#9716)
  • Additional commits viewable in compare view

Updates sigs.k8s.io/cluster-inventory-api from 0.0.0-20251028164203-2e3fabb46733 to 0.1.0

Release notes

Sourced from sigs.k8s.io/cluster-inventory-api's releases.

v0.1.0

Changelog

Deprecation / Removal

  • The credentialProviders field has been renamed to accessProviders, and the credentials package has been renamed to access. credentialProviders is deprecated and will be removed in a future release. Users should migrate to accessProviders. (#23, @​ryanzhang-oss; #29, @​kahirokunn; #52, @​kahirokunn)

Feature / Major Changes

  • An initial ClusterProfile CRD implementation of KEP-4322: Cluster Profile API (#6, @​mikeshng)
  • Define plugin interface and consumer library (#17, @​qiujian16)
  • Add Secret Reader plugin with controller example (#21, @​kahirokunn)
  • Add PlacementDecision API and CI workflow (#33, @​mikeshng)
  • Add kubeconfig secretreader plugin (#37, @​kahirokunn)
  • Add plugin OCI image release workflow and adopt lazy consensus model for project releases (#40, @​kahirokunn)
  • Add support for additional CLI arg/env var extensions and add azure/kubelogin based example (#27, @​michaelawyu)

API Change

Bug or Regression

Documentation

CI/Infra

Dependencies

... (truncated)

Changelog

Sourced from sigs.k8s.io/cluster-inventory-api's changelog.

Release Process

Plugin OCI images

Plugin binaries are released as OCI images built with Docker Buildx. The plugin binary is placed under /bin/<plugin_name>-plugin (e.g. /bin/secretreader-plugin); when the image is mounted at /plugin, the executable path is /plugin/bin/<plugin_name>-plugin.

Versioning

Plugin OCI images are tagged with the same version as the repository release tag. For example, pushing v0.2.0 publishes all plugin images with tag 0.2.0.

How to release

  1. Push a repository tag v* (e.g. v1.0.0). This triggers the Release workflow.
  2. The workflow scans plugins/*/ and checks whether the image already exists in the container registry for that version. Only plugins that haven't been published yet are built and pushed.
  3. Container images are published to:
    • ghcr.io/kubernetes-sigs/cluster-inventory-api/<plugin_name>:<version>
    • Example: ghcr.io/kubernetes-sigs/cluster-inventory-api/secretreader:1.0.0

Image signing

Each released image is signed using Cosign keyless signing with GitHub Actions OIDC. No long-lived signing keys are used; an ephemeral key pair is generated for each signing event and the public key is recorded in the Sigstore transparency log.

Verifying image signatures

Install Cosign and run:

cosign verify \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  --certificate-identity-regexp="^https://github\.com/kubernetes-sigs/cluster-inventory-api/\.github/workflows/release\.yml@refs/tags/v.*$" \
  ghcr.io/kubernetes-sigs/cluster-inventory-api/<plugin>:<version>

Example:

cosign verify \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  --certificate-identity-regexp="^https://github\.com/kubernetes-sigs/cluster-inventory-api/\.github/workflows/release\.yml@refs/tags/v.*$" \
  ghcr.io/kubernetes-sigs/cluster-inventory-api/secretreader:0.1.0

SBOM and provenance

Each released image includes attestations as OCI referrers:

  • SBOM (SPDX): cosign download sbom ghcr.io/kubernetes-sigs/cluster-inventory-api/<plugin>:<version>
  • Provenance (SLSA-style): attached by Buildx; verify with cosign verify attestation or your preferred policy engine.

Local build (no push)

... (truncated)

Commits

Updates sigs.k8s.io/controller-runtime from 0.22.4 to 0.23.3

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.23.3

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.23.2...v0.23.3

v0.23.2

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.23.1...v0.23.2

v0.23.1

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.23.0...v0.23.1

v0.23.0

🔆 Highlights

⚠️ Breaking changes

✨ Features

... (truncated)

Commits
  • f9589b9 Merge pull request #3469 from k8s-infra-cherrypick-robot/cherry-pick-3468-to-...
  • 25615ad Ensure DefaulterRemoveUnknownOrOmitableFields is still working even if object...
  • 8122a62 Merge pull request #3467 from k8s-infra-cherrypick-robot/cherry-pick-3463-to-...
  • 35093c6 Reduce memory usage of default webhooks
  • 4dbfa5c [release-0.23] 🐛 Fix fake client's SSA status patch resource version check (#...
  • f52bbb8 Merge pull request #3437 from k8s-infra-cherrypick-robot/cherry-pick-3430-to-...
  • 4f41337 Merge pull request #3438 from k8s-infra-cherrypick-robot/cherry-pick-3434-to-...
  • e29a1b9 seedling: Test cache reader waits for cache sync
  • 83c8dc3 bug: Fakeclient: Fix status apply if existing object has managedFields set
  • bf6bcd5 Merge pull request #3436 from k8s-infra-cherrypick-robot/cherry-pick-3431-to-...
  • Additional commits viewable in compare view

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 8, 2026
@dependabot
chore: bump the kubernetes group across 1 directory with 13 updates
a144153 
Bumps the kubernetes group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.34.1` | `0.35.3` |
| [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.34.1` | `0.35.3` |
| [k8s.io/component-helpers](https://github.com/kubernetes/component-helpers) | `0.32.3` | `0.35.3` |
| [k8s.io/klog/v2](https://github.com/kubernetes/klog) | `2.130.1` | `2.140.0` |
| [k8s.io/kubectl](https://github.com/kubernetes/kubectl) | `0.32.3` | `0.35.3` |
| [sigs.k8s.io/cloud-provider-azure](https://github.com/kubernetes-sigs/cloud-provider-azure) | `1.32.4` | `1.35.3` |
| [sigs.k8s.io/cluster-inventory-api](https://github.com/kubernetes-sigs/cluster-inventory-api) | `0.0.0-20251028164203-2e3fabb46733` | `0.1.0` |



Updates `k8s.io/api` from 0.34.1 to 0.35.3
- [Commits](kubernetes/api@v0.34.1...v0.35.3)

Updates `k8s.io/apiextensions-apiserver` from 0.34.1 to 0.35.3
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.34.1...v0.35.3)

Updates `k8s.io/apimachinery` from 0.34.1 to 0.35.3
- [Commits](kubernetes/apimachinery@v0.34.1...v0.35.3)

Updates `k8s.io/client-go` from 0.34.1 to 0.35.3
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.34.1...v0.35.3)

Updates `k8s.io/component-helpers` from 0.32.3 to 0.35.3
- [Commits](kubernetes/component-helpers@v0.32.3...v0.35.3)

Updates `k8s.io/klog/v2` from 2.130.1 to 2.140.0
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](kubernetes/klog@v2.130.1...2.140.0)

Updates `k8s.io/kubectl` from 0.32.3 to 0.35.3
- [Commits](kubernetes/kubectl@v0.32.3...v0.35.3)

Updates `k8s.io/metrics` from 0.32.3 to 0.35.3
- [Commits](kubernetes/metrics@v0.32.3...v0.35.3)

Updates `k8s.io/utils` from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20251002143259-bc988d571ff4
- [Commits](https://github.com/kubernetes/utils/commits)

Updates `sigs.k8s.io/cloud-provider-azure` from 1.32.4 to 1.35.3
- [Release notes](https://github.com/kubernetes-sigs/cloud-provider-azure/releases)
- [Changelog](https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/docs/release-versioning.md)
- [Commits](kubernetes-sigs/cloud-provider-azure@v1.32.4...v1.35.3)

Updates `sigs.k8s.io/cloud-provider-azure/pkg/azclient` from 0.5.20 to 0.13.0
- [Release notes](https://github.com/kubernetes-sigs/cloud-provider-azure/releases)
- [Changelog](https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/docs/release-versioning.md)
- [Commits](kubernetes-sigs/cloud-provider-azure@pkg/azclient/v0.5.20...pkg/azclient/v0.13.0)

Updates `sigs.k8s.io/cluster-inventory-api` from 0.0.0-20251028164203-2e3fabb46733 to 0.1.0
- [Release notes](https://github.com/kubernetes-sigs/cluster-inventory-api/releases)
- [Changelog](https://github.com/kubernetes-sigs/cluster-inventory-api/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/cluster-inventory-api/commits/v0.1.0)

Updates `sigs.k8s.io/controller-runtime` from 0.22.4 to 0.23.3
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.22.4...v0.23.3)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: k8s.io/client-go
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: k8s.io/component-helpers
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: k8s.io/klog/v2
  dependency-version: 2.140.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: k8s.io/kubectl
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: k8s.io/metrics
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: k8s.io/utils
  dependency-version: 0.0.0-20251002143259-bc988d571ff4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: kubernetes
- dependency-name: sigs.k8s.io/cloud-provider-azure
  dependency-version: 1.35.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: sigs.k8s.io/cloud-provider-azure/pkg/azclient
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: sigs.k8s.io/cluster-inventory-api
  dependency-version: 0.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.23.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: kubernetes
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/kubernetes-1424054e09 branch from 915fd86 to a144153 Compare April 10, 2026 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants