fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
alpine/curl	final	minor	8.14.1 → 8.19.0
github.com/fsnotify/fsnotify	require	minor	v1.9.0 → v1.10.1
github.com/onsi/ginkgo/v2	require	minor	v2.27.2 → v2.29.0
github.com/onsi/gomega	require	minor	v1.38.2 → v1.41.0
github.com/spf13/cobra	require	patch	v1.10.1 → v1.10.2
go (source)	toolchain	minor	1.25.4 → 1.26.4
go.uber.org/zap	require	minor	v1.27.1 → v1.28.0
golang	stage	minor	1.25-alpine → 1.26-alpine
golang		minor	1.25.4 → 1.26.4
k8s.io/api	require	minor	v0.34.2 → v0.36.1
k8s.io/apimachinery	require	minor	v0.34.2 → v0.36.1
k8s.io/client-go	require	minor	v0.34.2 → v0.36.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#​754)

• inotify, windows: don't rename sibling watches sharing a path prefix
  (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#​731)

• inotify: send Rename event if recursive watch is renamed (#​696)

• inotify: avoid copying event buffers when reading names (#​741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

• windows: fix nil pointer dereference in remWatch (#​736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

onsi/ginkgo (github.com/onsi/ginkgo/v2)

v2.29.0

Compare Source

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

v2.28.3

Compare Source

2.28.3

Maintenance

Bump all dependencies

v2.28.2

Compare Source

2.28.2

• Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
• Implement shell completion [94151c8]
• Add asan CLI option mirroring msan implementation [4d21dbb]
• Bump uri from 1.0.3 to 1.0.4 in /docs (#​1630) [c102161]
• fix aspect ratio [9619647]
• update logos [5779304]

v2.28.1

Compare Source

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

Compare Source

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

Compare Source

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

Compare Source

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

v2.27.3

Compare Source

2.27.3

Fixes

report exit result in case of failure [1c9f356]
fix data race [ece19c8]

onsi/gomega (github.com/onsi/gomega)

v1.41.0

Compare Source

v1.40.0

Compare Source

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

v1.39.1

Compare Source

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v1.39.0

Compare Source

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

v1.38.3

Compare Source

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

spf13/cobra (github.com/spf13/cobra)

v1.10.2

Compare Source

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in #​2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in #​2327
• fix: actions/setup-go v6 by @​jpmcb in #​2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in #​2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in #​2328
• refactor: change minUsagePadding from var to const by @​ssam18 in #​2325

🤗 New Contributors

• @​rvergis made their first contribution in #​2316
• @​htoyoda18 made their first contribution in #​2328
• @​ssam18 made their first contribution in #​2325
• @​dims made their first contribution in #​2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

golang/go (go)

v1.26.4

v1.26.3

v1.26.2

v1.26.1

v1.26.0

v1.25.11

v1.25.10

v1.25.9

v1.25.8

v1.25.7

v1.25.6

v1.25.5

uber-go/zap (go.uber.org/zap)

v1.28.0

Compare Source

Enhancements:

• #​1534: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

kubernetes/api (k8s.io/api)

v0.36.1

Compare Source

v0.36.0

Compare Source

v0.35.5

Compare Source

v0.35.4

Compare Source

v0.35.3

Compare Source

v0.35.2

Compare Source

v0.35.1

Compare Source

v0.35.0

Compare Source

v0.34.8

Compare Source

v0.34.7

Compare Source

v0.34.6

Compare Source

v0.34.5

Compare Source

v0.34.4

Compare Source

v0.34.3

Compare Source

kubernetes/apimachinery (k8s.io/apimachinery)

v0.36.1

Compare Source

v0.36.0

Compare Source

v0.35.5

Compare Source

v0.35.4

Compare Source

v0.35.3

Compare Source

v0.35.2

Compare Source

v0.35.1

Compare Source

v0.35.0

Compare Source

v0.34.8

Compare Source

v0.34.7

Compare Source

v0.34.6

Compare Source

v0.34.5

Compare Source

v0.34.4

Compare Source

v0.34.3

Compare Source

kubernetes/client-go (k8s.io/client-go)

v0.36.1

Compare Source

v0.36.0

Compare Source

v0.35.5

Compare Source

v0.35.4

Compare Source

v0.35.3

Compare Source

v0.35.2

Compare Source

v0.35.1

Compare Source

v0.35.0

Compare Source

v0.34.8

Compare Source

v0.34.7

Compare Source

v0.34.6

Compare Source

v0.34.5

Compare Source

v0.34.4

Compare Source

v0.34.3

Compare Source

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 19 additional dependencies were updated

Details:

Package	Change
github.com/google/pprof	v0.0.0-20250403155104-27863c87afa6 -> v0.0.0-20260402051712-545e8a4df936
go.yaml.in/yaml/v2	v2.4.2 -> v2.4.3
golang.org/x/mod	v0.27.0 -> v0.35.0
golang.org/x/sync	v0.16.0 -> v0.20.0
golang.org/x/tools	v0.36.0 -> v0.44.0
gopkg.in/evanphx/json-patch.v4	v4.12.0 -> v4.13.0
sigs.k8s.io/structured-merge-diff/v6	v6.3.0 -> v6.3.2
github.com/emicklei/go-restful/v3	v3.12.2 -> v3.13.0
golang.org/x/net	v0.43.0 -> v0.53.0
golang.org/x/oauth2	v0.30.0 -> v0.34.0
golang.org/x/sys	v0.35.0 -> v0.43.0
golang.org/x/term	v0.34.0 -> v0.42.0
golang.org/x/text	v0.28.0 -> v0.36.0
golang.org/x/time	v0.11.0 -> v0.14.0
google.golang.org/protobuf	v1.36.8 -> v1.36.12-0.20260120151049-f2248ac996af
k8s.io/klog/v2	v2.130.1 -> v2.140.0
k8s.io/kube-openapi	v0.0.0-20250710124328-f3f2b991d03b -> v0.0.0-20260317180543-43fb72c5454a
k8s.io/utils	v0.0.0-20250604170112-4c0f3b243397 -> v0.0.0-20260210185600-b8788abfbbc2
sigs.k8s.io/json	v0.0.0-20241014173422-cfa47c3a1cc8 -> v0.0.0-20250730193827-2d320260d730