Skip to content

Bump the k8s-go-deps group across 1 directory with 10 updates#565

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/k8s-go-deps-d2e1e5f80b
Open

Bump the k8s-go-deps group across 1 directory with 10 updates#565
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/k8s-go-deps-d2e1e5f80b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the k8s-go-deps group with 4 updates in the / directory: github.com/open-policy-agent/gatekeeper/v3, k8s.io/klog/v2, sigs.k8s.io/gateway-api and sigs.k8s.io/secrets-store-csi-driver.

Updates github.com/open-policy-agent/gatekeeper/v3 from 3.20.1 to 3.22.2

Release notes

Sourced from github.com/open-policy-agent/gatekeeper/v3's releases.

v3.22.2

Bug Fixes

v3.22.1

⚠️ v3.22.1 had a failure while publishing release artifacts. Please make sure to use v3.22.2 release instead.

Bug Fixes

Chores

v3.22.0

🚀 Notable Changes

  • sync-vap-enforcement-scope now enabled by default: The flag for syncing ValidatingAdmissionPolicy enforcement scope is now true by default, ensuring VAP resources reflect constraint enforcement actions out of the box (#4332).
  • 🏷️ Namespace support for CEL and Rego engines: CEL expressions can now access namespaceObject and Rego policies can access input.namespace for namespace-scoped policy decisions during both admission and audit (#4285)
  • gator bench — policy performance benchmarking: New CLI command to benchmark Rego and CEL engines with latency percentiles, throughput metrics, memory profiling, concurrent load testing, and baseline comparison for CI/CD regression detection (#4287)
  • 📋 gator policy — brew-inspired policy management: New CLI for discovering, installing, upgrading, and uninstalling policies from the gatekeeper-library with support for bundles (e.g., pod-security-baseline), enforcement overrides, and dry-run previews (#4331)
  • 🔇 Disable audit sidecar support: Users who have their own log monitoring (e.g., OTel collector) can now disable the forced fake-reader sidecar when audit file-based logging is enabled (#4280)
  • 🌐 Out-of-cluster / remote cluster support: New --enable-remote-cluster flag allows Gatekeeper to run outside the target cluster (e.g., nested/hosted control planes), fixing a crash when the Gatekeeper pod doesn't exist in the managed cluster (#4368)
  • ⏱️ External data provider timeout enforcement: Mutation-path requests to external data providers now enforce the provider's configured timeout (default 5s), preventing unbounded requests that could outlive the webhook timeout and cause resource exhaustion (#4351)

Features

Bug Fixes

... (truncated)

Commits
  • eda110b chore: Prepare v3.22.2 release (#4542)
  • a6d8790 fix: gh cli to support immutable releases (CP #4522) (#4541)
  • f5be0db chore: Prepare v3.22.1 release (#4517)
  • a97a05c chore: bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp...
  • 5f51c93 fix: clean up stale VAPB when vap.k8s.io removed from constraint (CP #4446) (...
  • ba2c5fe chore: bump kubectl from v1.35.2 to v1.35.3 (CP #4458) (#4497)
  • e7a7177 fix: restore mutator conflict propagation via events channel (CP #4478) (#4496)
  • f3069d0 fix: share StatsReporter across mutator controllers CP (#4465) (#4487)
  • b33db56 fix: retry VAP API discovery on transient failures CP(#4455) (#4485)
  • c874d39 chore: bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#4488)
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.33.3 to 0.35.3

Commits
  • 3897036 Update dependencies to v0.35.3 tag
  • bbcbaa8 Merge remote-tracking branch 'origin/master' into release-1.35
  • 5bced61 Bump golang.org/x/crypto to v0.45.0
  • 39e2e26 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • c22b4a1 vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • e3b1f3d Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 3da327c Update vendored dependencies
  • c764b44 Merge pull request #132919 from ndixita/pod-level-in-place-pod-resize
  • aced136 Generated files from API changes
  • 02d790d Adding Resources and AllocatedResoures fields to the list of expected fields ...
  • Additional commits viewable in compare view

Updates k8s.io/apiextensions-apiserver from 0.33.3 to 0.35.1

Commits

Updates k8s.io/apimachinery from 0.33.3 to 0.35.3

Commits
  • 72d71ea Merge remote-tracking branch 'origin/master' into release-1.35
  • e2a2dbc Bump golang.org/x/crypto to v0.45.0
  • 2e9c228 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • f274aac vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • 9445443 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 52154f7 Update vendored dependencies
  • 5a348c5 KEP-5471: Extend tolerations operators (#134665)
  • 6f89492 Merge pull request #133648 from richabanker/merged-discovery
  • c77dde2 util/sort: Add MergePreservingRelativeOrder for topological sorting
  • 729c13d Merge pull request #134624 from yt2985/podcertificates-beta
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.33.3 to 0.35.3

Commits
  • 4f1f0a2 Update dependencies to v0.35.3 tag
  • f80003c Merge pull request #136903pohly/automated-cherry-pick-of-#136455
  • 8b41556 fake client-go: un-deprecate NewSimpleClientset
  • 2d83546 Merge remote-tracking branch 'origin/master' into release-1.35
  • 56b4af2 Merge pull request #135591 from p0lyn0mial/upstream-watchlist-reflector-log-f...
  • 891f94c Merge remote-tracking branch 'origin/master' into release-1.35
  • 65ffe04 Merge pull request #135580 from serathius/client-go-transformer
  • 2fe4ac2 downgrade reflector watchlist fallback log to V(4)
  • 97256a6 Bump golang.org/x/crypto to v0.45.0
  • 46360b5 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • Additional commits viewable in compare view

Updates k8s.io/klog/v2 from 2.130.1 to 2.140.0

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.36

What's Changed

New Contributors

Full Changelog: kubernetes/klog@v2.130.1...v2.140.0

Commits
  • ef4b370 Merge pull request #432 from pierluigilenoci/fix/stderr-threshold-issue-212
  • 39c4c76 refactor: address code review feedback from @​pohly
  • 764a9a3 Merge pull request #430 from pohly/textlogger-optional-header
  • 015c613 Update stderr_threshold_test.go
  • 2f517bd Update klog.go
  • 36bc4ff textlogger: optionally turn off header
  • 5f1f303 Merge pull request #433 from pohly/textlogger-hook-result
  • c469d41 Merge pull request #431 from pohly/ktesting-vmodule-fix
  • 8509d6a ktesting: support multi-line result from AnyToStringHook
  • 08e6e8b Fix stderrthreshold not honored when logtostderr is set
  • Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20241104100929-3ea5e8cea738 to 0.0.0-20251002143259-bc988d571ff4

Commits

Updates sigs.k8s.io/controller-runtime from 0.21.0 to 0.23.3

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.23.3

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.23.2...v0.23.3

v0.23.2

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.23.1...v0.23.2

v0.23.1

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.23.0...v0.23.1

v0.23.0

🔆 Highlights

⚠️ Breaking changes

✨ Features

... (truncated)

Commits
  • f9589b9 Merge pull request #3469 from k8s-infra-cherrypick-robot/cherry-pick-3468-to-...
  • 25615ad Ensure DefaulterRemoveUnknownOrOmitableFields is still working even if object...
  • 8122a62 Merge pull request #3467 from k8s-infra-cherrypick-robot/cherry-pick-3463-to-...
  • 35093c6 Reduce memory usage of default webhooks
  • 4dbfa5c [release-0.23] 🐛 Fix fake client's SSA status patch resource version check (#...
  • f52bbb8 Merge pull request #3437 from k8s-infra-cherrypick-robot/cherry-pick-3430-to-...
  • 4f41337 Merge pull request #3438 from k8s-infra-cherrypick-robot/cherry-pick-3434-to-...
  • e29a1b9 seedling: Test cache reader waits for cache sync
  • 83c8dc3 bug: Fakeclient: Fix status apply if existing object has managedFields set
  • bf6bcd5 Merge pull request #3436 from k8s-infra-cherrypick-robot/cherry-pick-3431-to-...
  • Additional commits viewable in compare view

Updates sigs.k8s.io/gateway-api from 1.2.0 to 1.5.1

Release notes

Sourced from sigs.k8s.io/gateway-api's releases.

v1.5.1

Warning: The Experimental channel CRDs are too large for a standard kubectl apply. To work around this please use kubectl apply --server-side=true instead -- or, even better, use kuberc to make server-side apply the default.

Gateway API v1.5.1

Major Changes Since v1.5.0

GEP

  • Updates the documentation around the ListenerConditionConflicted condition (#4669, @​davidjumani)

Conformance

  • Limit HTTPRouteHTTPSListenerDetectMisdirectedRequests to h2 only (#4665, @​zirain)
  • Fix conformance test not working on IPv6 (#4646, @​zirain)
  • The conflicted=false condition is not required anymore in the listener status for non-conflicted listeners. (#4664, @​zhaohuabing)
  • Updated the TLSRoute conformance tests to allow FINs where previously RST was asserted (#4624, @​howardjohn)

What's Changed

Full Changelog: kubernetes-sigs/gateway-api@v1.5.0...v1.5.1

v1.5.0

Warning: The Experimental channel CRDs are too large for a standard kubectl apply. To work around this please use kubectl apply --server-side=true instead -- or, even better, use kuberc to make server-side apply the default.

Gateway API v1.5.0

Major Changes Since v1.4.1

Breaking Changes

TLSRoute v1alpha2 and XListenerSet

TLSRoute and ListenerSet have graduated to the Standard channel as v1. In 1.5.0, TLSRoute v1alpha2 is present only in the Experimental channel; in 1.6, it will be removed from the Experimental channel too.

Additionally, note that TLSRoute's CEL validation requires Kubernetes 1.31 or higher.

... (truncated)

Changelog

Sourced from sigs.k8s.io/gateway-api's changelog.

Release Process

This details how releases of Gateway API are delivered. This process is exercised by a Release Manager.

Overview

The Gateway API project is an API project that has the following two components:

  • Kubernetes Custom Resource Definitions (CRDs)
  • Corresponding Go API in the form of sigs.k8s.io/gateway-api Go package

This repository is the home for both of the above components.

Versioning strategy

The versioning strategy for this project is covered in detail in the release documentation.

Releasing a monthly version

Starting point

Make sure all the changes that should be part of the monthly release are merged into main.

Tagging the monthly release

Start by tagging the main branch with a tag of the form monthly-YYYY.MM (for example, monthly-2025.11). Push this to GitHub.

Start the CI workflow

Trigger the monthly-release GitHub workflow, passing it the monthly-YYYY.MM tag just created.

CI handles the rest of the release process, including creating a draft GitHub release which includes an automatically-generated changelog and the various release artifacts. You will need to publish this release after making sure that the correct artifacts are attached to it and that the CHANGELOG is what you want.

Writing the Release Changelog

In many cases, the changelog that GitHub generates is going to be OK. However, if there are significant changes in a given monthly, it can be helpful to write a changelog that's more human-readable. Given the $TAG used for this monthly release as well as the $PREV_TAG used for the

... (truncated)

Commits
  • e7677b7 Patch 1.5.1 release. (#4685)
  • 8eba7b6 limit HTTPRouteHTTPSListenerDetectMisdirectedRequests to h2 only (#4665) (#4667)
  • a43b54f update ListenerConditionConflicted condition docs (#4669)
  • 9edc349 allow absent conflict condition for non-conflicted listeners (#4664)
  • 130e6c1 [release-1.5] fix: improve GatewayMustHaveAttachedListeners log (#4632)
  • e922d8e add 204 as a possible cors preflight response code (#4637)
  • 582fdbb Disallow repeaded CORS filters by CEL (#4645)
  • f4fad32 fix: propagate context and fix defer leak in DumpEchoLogs (#4625)
  • f0cba2a Omit "simple" and replace Authorization by Cookie (#4652)
  • 61f714c [release-1.5] fix: use JoinHostPort (#4646)
  • Additional commits viewable in compare view

Updates sigs.k8s.io/secrets-store-csi-driver from 1.3.4 to 1.6.0

Release notes

Sourced from sigs.k8s.io/secrets-store-csi-driver's releases.

v1.6.0 - 2026-04-29

Secret Rotation via RequiresRepublish

The dedicated secret rotation controller has been replaced with the CSI RequiresRepublish mechanism. The CSIDriver now sets requiresRepublish: true, causing kubelet to periodically call NodePublishVolume, which re-fetches secrets from the provider when --enable-secret-rotation=true. The --rotation-poll-interval now acts as a minimum cache duration between rotations. This change removes the need for privileged RBAC permissions (listing pods, secrets, and creating service account tokens) that were previously required by the rotation controller. Rotation-specific RBAC resources (rbac-secretproviderrotation.yaml, rbac-secretprovidertokenrequest.yaml) have been removed and can be cleaned up from manual deployments.

Note: Please review the upgrade notes before upgrading.

Changelog

Bug Fixes 🐞

Build 🏭

Continuous Integration 💜

Documentation 📘

Features 🌈

Maintenance 🔧

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/k8s-go-deps-d2e1e5f80b branch from dd95646 to 694b6f3 Compare March 16, 2026 06:24
@dependabot dependabot Bot force-pushed the dependabot/go_modules/k8s-go-deps-d2e1e5f80b branch 2 times, most recently from ca73a6e to cb846f9 Compare March 24, 2026 18:51
@dependabot dependabot Bot force-pushed the dependabot/go_modules/k8s-go-deps-d2e1e5f80b branch from cb846f9 to 8576d74 Compare March 30, 2026 06:31
@dependabot dependabot Bot force-pushed the dependabot/go_modules/k8s-go-deps-d2e1e5f80b branch from 8576d74 to cf3fdc0 Compare April 20, 2026 06:44
@dependabot dependabot Bot force-pushed the dependabot/go_modules/k8s-go-deps-d2e1e5f80b branch from cf3fdc0 to 7ae2d8d Compare April 27, 2026 06:52
@dependabot dependabot Bot force-pushed the dependabot/go_modules/k8s-go-deps-d2e1e5f80b branch from 7ae2d8d to a6812aa Compare May 4, 2026 07:05
@dependabot dependabot Bot force-pushed the dependabot/go_modules/k8s-go-deps-d2e1e5f80b branch from a6812aa to 1c666fa Compare May 11, 2026 07:47
@dependabot dependabot Bot force-pushed the dependabot/go_modules/k8s-go-deps-d2e1e5f80b branch from 1c666fa to 8289a83 Compare May 18, 2026 09:49
Bumps the k8s-go-deps group with 4 updates in the / directory: [github.com/open-policy-agent/gatekeeper/v3](https://github.com/open-policy-agent/gatekeeper), [k8s.io/klog/v2](https://github.com/kubernetes/klog), [sigs.k8s.io/gateway-api](https://github.com/kubernetes-sigs/gateway-api) and [sigs.k8s.io/secrets-store-csi-driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver).


Updates `github.com/open-policy-agent/gatekeeper/v3` from 3.20.1 to 3.22.2
- [Release notes](https://github.com/open-policy-agent/gatekeeper/releases)
- [Changelog](https://github.com/open-policy-agent/gatekeeper/blob/master/docs/RELEASE.md)
- [Commits](open-policy-agent/gatekeeper@v3.20.1...v3.22.2)

Updates `k8s.io/api` from 0.33.3 to 0.35.3
- [Commits](kubernetes/api@v0.33.3...v0.35.3)

Updates `k8s.io/apiextensions-apiserver` from 0.33.3 to 0.35.1
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.33.3...v0.35.1)

Updates `k8s.io/apimachinery` from 0.33.3 to 0.35.3
- [Commits](kubernetes/apimachinery@v0.33.3...v0.35.3)

Updates `k8s.io/client-go` from 0.33.3 to 0.35.3
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.33.3...v0.35.3)

Updates `k8s.io/klog/v2` from 2.130.1 to 2.140.0
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](kubernetes/klog@v2.130.1...2.140.0)

Updates `k8s.io/utils` from 0.0.0-20241104100929-3ea5e8cea738 to 0.0.0-20251002143259-bc988d571ff4
- [Commits](https://github.com/kubernetes/utils/commits)

Updates `sigs.k8s.io/controller-runtime` from 0.21.0 to 0.23.3
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.21.0...v0.23.3)

Updates `sigs.k8s.io/gateway-api` from 1.2.0 to 1.5.1
- [Release notes](https://github.com/kubernetes-sigs/gateway-api/releases)
- [Changelog](https://github.com/kubernetes-sigs/gateway-api/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/gateway-api@v1.2.0...v1.5.1)

Updates `sigs.k8s.io/secrets-store-csi-driver` from 1.3.4 to 1.6.0
- [Release notes](https://github.com/kubernetes-sigs/secrets-store-csi-driver/releases)
- [Changelog](https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/main/docs/RELEASE.md)
- [Commits](kubernetes-sigs/secrets-store-csi-driver@v1.3.4...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/gatekeeper/v3
  dependency-version: 3.21.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-go-deps
- dependency-name: k8s.io/api
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-go-deps
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-go-deps
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-go-deps
- dependency-name: k8s.io/client-go
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-go-deps
- dependency-name: k8s.io/klog/v2
  dependency-version: 2.140.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-go-deps
- dependency-name: k8s.io/utils
  dependency-version: 0.0.0-20250604170112-4c0f3b243397
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-go-deps
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.22.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-go-deps
- dependency-name: sigs.k8s.io/gateway-api
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-go-deps
- dependency-name: sigs.k8s.io/secrets-store-csi-driver
  dependency-version: 1.5.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-go-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/k8s-go-deps-d2e1e5f80b branch from 8289a83 to df506c4 Compare May 25, 2026 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants