Skip to content

chore(deps): bump the gomod-dependencies group with 13 updates #776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): bump the gomod-dependencies group with 13 updates #776

wants to merge 1 commit into from
+17,084 −11,787

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 15, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the gomod-dependencies group with 13 updates:

Package From To
github.com/prometheus/client_golang 1.23.0 1.23.2
github.com/prometheus/common 0.65.0 0.66.1
github.com/stretchr/testify 1.10.0 1.11.1
go.uber.org/mock 0.5.2 0.6.0
golang.org/x/net 0.40.0 0.43.0
google.golang.org/grpc 1.72.1 1.75.1
google.golang.org/protobuf 1.36.6 1.36.8
k8s.io/api 0.34.0 0.34.1
k8s.io/apimachinery 0.34.0 0.34.1
k8s.io/client-go 0.34.0 0.34.1
k8s.io/component-base 0.34.0 0.34.1
k8s.io/component-helpers 0.34.0 0.34.1
sigs.k8s.io/controller-runtime 0.20.3 0.22.1

Updates github.com/prometheus/client_golang from 1.23.0 to 1.23.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.23.2 - 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

Full Changelog: prometheus/client_golang@v1.23.1...v1.23.2

v1.23.1 - 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

Full Changelog: prometheus/client_golang@v1.23.0...v1.23.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.23.2 / 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

1.23.1 / 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

Commits

Updates github.com/prometheus/common from 0.65.0 to 0.66.1

Release notes

Sourced from github.com/prometheus/common's releases.

v0.66.1

This release has no functional changes, it just drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement).

What's Changed

Full Changelog: prometheus/common@v1.20.99...v0.66.1

v0.66.0

⚠️ Breaking Changes ⚠️

  • A default-constructed TextParser will be invalid. It must have a valid scheme set, so users should use the NewTextParser function to create a valid TextParser. Otherwise parsing will panic with "Invalid name validation scheme requested: unset".

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from github.com/prometheus/common's changelog.

v0.66.1 / 2025-09-05

This release has no functional changes, it just drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement).

What's Changed

Full Changelog: prometheus/common@v1.20.99...v0.66.1

v0.66.0 / 2025-09-02

⚠️ Breaking Changes ⚠️

  • A default-constructed TextParser will be invalid. It must have a valid scheme set, so users should use the NewTextParser function to create a valid TextParser. Otherwise parsing will panic with "Invalid name validation scheme requested: unset".

What's Changed

New Contributors

... (truncated)

Commits
  • 8975dde Revert "Use go.uber.org/atomic instead of sync/atomic (#825)" (#838)
  • 08d7f66 Move to supported version of yaml parser (#834)
  • 80e275e Revert "Use github.com/grafana/regexp instead of regexp" (#835)
  • 4c2f9e7 Merge pull request #832 from roidelapluie/retract
  • e120453 Retract v1.20.3
  • 2b1487c Merge pull request #827 from prometheus/dependabot/go_modules/github.com/stre...
  • db38951 Merge pull request #829 from prometheus/dependabot/go_modules/golang.org/x/ne...
  • 9e19a90 build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
  • a1ba2a7 build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0
  • c7a031c Merge pull request #830 from prometheus/dependabot/go_modules/google.golang.o...
  • Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.10.0 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

Fixes

Documentation, Build & CI

... (truncated)

Commits
  • 2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
  • af8c912 Backport #1786 to release/1.11
  • b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
  • 69831f3 build(deps): bump actions/checkout from 4 to 5
  • a53be35 Improve captureTestingT helper
  • aafb604 mock: improve formatting of error message
  • 7218e03 improve error msg
  • 929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
  • bc7459e suite: faster filtering of methods (-testify.m)
  • 7d37b5c suite: refactor methodFilter
  • Additional commits viewable in compare view

Updates go.uber.org/mock from 0.5.2 to 0.6.0

Release notes

Sourced from go.uber.org/mock's releases.

v0.6.0

0.6.0 (18 Aug 2025)

Added

  • #258[]: Archive mode: a new mockgen mode that generates mocks out of archive files.

Fixed

  • #276[]: Fixed mockgen errors with go1.25 due to outdated golang.org/x/tools dependency.

#258: uber-go/mock#258 #276: uber-go/mock#276

Changelog

Sourced from go.uber.org/mock's changelog.

0.6.0 (18 Aug 2025)

Added

  • #258[]: Archive mode: a new mockgen mode that generates mocks out of archive files.
  • #262[]: Support for specifying mock names when using the _gomock_archive bazel rule.

Fixed

  • #276[]: Fixed mockgen errors with go1.25 due to outdated golang.org/x/tools dependency.

#258: uber-go/mock#258 #262: uber-go/mock#262 #276: uber-go/mock#276

Commits

Updates golang.org/x/net from 0.40.0 to 0.43.0

Commits
  • e74bc31 go.mod: update golang.org/x dependencies
  • af6926e http2: remove references to defunct http2.golang.org test server
  • 76358aa go.mod: update golang.org/x dependencies
  • 6e41cae go.mod: update golang.org/x dependencies
  • 15f7d40 http2: correctly wrap ErrFrameTooLarge in Framer.ReadFrame
  • ef33bc0 internal/http3: use bubbled context in synctest tests
  • 919c6bc http2: use an array instead of a map in typeFrameParser
  • bae01a7 trace: add missing td tag
  • See full diff in compare view

Updates google.golang.org/grpc from 1.72.1 to 1.75.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.75.1

Bug Fixes

  • transport: Fix a data race while copying headers for stats handlers in the std lib http2 server transport. (#8519)
  • xdsclient:
    • Fix a data race caused while reporting load to LRS. (#8483)
    • Fix regression preventing empty node IDs when creating an LRS client. (#8483)
  • server: Fix a regression preventing streams from being cancelled or timed out when blocked on flow control. (#8528)

Release 1.75.0

Behavior Changes

  • xds: Remove support for GRPC_EXPERIMENTAL_XDS_FALLBACK environment variable. Fallback support can no longer be disabled. (#8482)
  • stats: Introduce DelayedPickComplete event, a type alias of PickerUpdated. (#8465)
    • This (combined) event will now be emitted only once per call, when a transport is successfully selected for the attempt.
    • OpenTelemetry metrics will no longer have multiple "Delayed LB pick complete" events in Go, matching other gRPC languages.
    • A future release will delete the PickerUpdated symbol.
  • credentials: Properly apply grpc.WithAuthority as the highest-priority option for setting authority, above the setting in the credentials themselves. (#8488)
    • Now that this WithAuthority is available, the credentials should not be used to override the authority.
  • round_robin: Randomize the order in which addresses are connected to in order to spread out initial RPC load between clients. (#8438)
  • server: Return status code INTERNAL when a client sends more than one request in unary and server streaming RPC. (#8385)
    • This is a behavior change but also a bug fix to bring gRPC-Go in line with the gRPC spec.

New Features

  • dns: Add an environment variable (GRPC_ENABLE_TXT_SERVICE_CONFIG) to provide a way to disable TXT lookups in the DNS resolver (by setting it to false). By default, TXT lookups are enabled, as they were previously. (#8377)

Bug Fixes

  • xds: Fix regression preventing empty node IDs in xDS bootstrap configuration. (#8476)
  • xds: Fix possible panic when certain invalid resources are encountered. (#8412)
  • xdsclient: Fix a rare panic caused by processing a response from a closed server. (#8389)
  • stats: Fix metric unit formatting by enclosing non-standard units like call and endpoint in curly braces to comply with UCUM and gRPC OpenTelemetry guidelines. (#8481)
  • xds: Fix possible panic when clusters are removed from the xds configuration. (#8428)
  • xdsclient: Fix a race causing "resource doesn not exist" when rapidly subscribing and unsubscribing to the same resource. (#8369)
  • client: When determining the authority, properly percent-encode (if needed, which is unlikely) when the target string omits the hostname and only specifies a port (grpc.NewClient(":<port-number-or-name>")). (#8488)

Release 1.74.3

Bug Fixes

  • xds: Fix a regression preventing empty node IDs in the bootstrap configuration. (#8476 , #8483)
  • xdsclient: Fix a data race caused while reporting load to LRS. (#8483)
  • server: Fix a regression preventing streams from being cancelled or timed out when blocked on flow control. (#8528)

Release 1.74.2

New Features

  • grpc: introduce new DialOptions and ServerOptions (WithStaticStreamWindowSize, WithStaticConnWindowSize, StaticStreamWindowSize, StaticConnWindowSize) that force fixed window sizes for all HTTP/2 connections. By default, gRPC uses dynamic sizing of these windows based upon a BDP estimation algorithm. The existing options (WithInitialWindowSize, etc) also disable BDP estimation, but this behavior will be changed in a following release. (#8283)

... (truncated)

Commits

Updates google.golang.org/protobuf from 1.36.6 to 1.36.8

Updates k8s.io/api from 0.34.0 to 0.34.1

Commits

Updates k8s.io/apimachinery from 0.34.0 to 0.34.1

Commits

Updates k8s.io/client-go from 0.34.0 to 0.34.1

Commits

Updates k8s.io/component-base from 0.34.0 to 0.34.1

Commits

Updates k8s.io/component-helpers from 0.34.0 to 0.34.1

Commits

Updates sigs.k8s.io/controller-runtime from 0.20.3 to 0.22.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.22.1

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.22.0...v0.22.1

v0.22.0

🔆 Highlights

⚠️ Breaking changes

✨ Features

🐛 Bugfixes

🌱 Other

... (truncated)

Commits
  • 6422ed0 Merge pull request #3308 from k8s-infra-cherrypick-robot/cherry-pick-3307-to-...
  • 09a2e89 Revert deprecation of client.Apply
  • fc84a60 Merge pull request #3300 from troy0820/troy0820/k8s-deps-1.34
  • c430462 update k8s.io dependencies to v0.34.0
  • 7085be7 Merge pull request #3299 from sbueringer/pr-clarify-state-of-warmup
  • 5fd7ff6 Clarify state of Warmup feature
  • e922805 Merge pull request #3293 from s-z-z/certwatcher-patch
  • 41feb4f feat(certwatcher): add instance-specific logger with cert/key context
  • 0f4e99e Merge pull request #3296 from alvaroaleman/reconciliationtimeout
  • f8db32f ✨ Add a ReconciliationTimeout option
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long...

Description has been truncated

@dependabot
chore(deps): bump the gomod-dependencies group with 13 updates
ab92336 
Bumps the gomod-dependencies group with 13 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.23.0` | `1.23.2` |
| [github.com/prometheus/common](https://github.com/prometheus/common) | `0.65.0` | `0.66.1` |
| [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.10.0` | `1.11.1` |
| [go.uber.org/mock](https://github.com/uber/mock) | `0.5.2` | `0.6.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.40.0` | `0.43.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.72.1` | `1.75.1` |
| google.golang.org/protobuf | `1.36.6` | `1.36.8` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.34.0` | `0.34.1` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.34.0` | `0.34.1` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.34.0` | `0.34.1` |
| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.34.0` | `0.34.1` |
| [k8s.io/component-helpers](https://github.com/kubernetes/component-helpers) | `0.34.0` | `0.34.1` |
| [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.20.3` | `0.22.1` |


Updates `github.com/prometheus/client_golang` from 1.23.0 to 1.23.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.23.0...v1.23.2)

Updates `github.com/prometheus/common` from 0.65.0 to 0.66.1
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md)
- [Commits](prometheus/common@v0.65.0...v0.66.1)

Updates `github.com/stretchr/testify` from 1.10.0 to 1.11.1
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.10.0...v1.11.1)

Updates `go.uber.org/mock` from 0.5.2 to 0.6.0
- [Release notes](https://github.com/uber/mock/releases)
- [Changelog](https://github.com/uber-go/mock/blob/main/CHANGELOG.md)
- [Commits](uber-go/mock@v0.5.2...v0.6.0)

Updates `golang.org/x/net` from 0.40.0 to 0.43.0
- [Commits](golang/net@v0.40.0...v0.43.0)

Updates `google.golang.org/grpc` from 1.72.1 to 1.75.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.72.1...v1.75.1)

Updates `google.golang.org/protobuf` from 1.36.6 to 1.36.8

Updates `k8s.io/api` from 0.34.0 to 0.34.1
- [Commits](kubernetes/api@v0.34.0...v0.34.1)

Updates `k8s.io/apimachinery` from 0.34.0 to 0.34.1
- [Commits](kubernetes/apimachinery@v0.34.0...v0.34.1)

Updates `k8s.io/client-go` from 0.34.0 to 0.34.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.34.0...v0.34.1)

Updates `k8s.io/component-base` from 0.34.0 to 0.34.1
- [Commits](kubernetes/component-base@v0.34.0...v0.34.1)

Updates `k8s.io/component-helpers` from 0.34.0 to 0.34.1
- [Commits](kubernetes/component-helpers@v0.34.0...v0.34.1)

Updates `sigs.k8s.io/controller-runtime` from 0.20.3 to 0.22.1
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.20.3...v0.22.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.23.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-dependencies
- dependency-name: github.com/prometheus/common
  dependency-version: 0.66.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: github.com/stretchr/testify
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: go.uber.org/mock
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: golang.org/x/net
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: google.golang.org/grpc
  dependency-version: 1.75.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/api
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/client-go
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/component-base
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-dependencies
- dependency-name: k8s.io/component-helpers
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-dependencies
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Sep 15, 2025
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Sep 15, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign cheftako for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Sep 15, 2025
@k8s-ci-robot
Copy link
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Sep 15, 2025
@cheftako
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elmiko elmiko Awaiting requested review from elmiko

@ipochi ipochi Awaiting requested review from ipochi

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. dependencies Pull requests that update a dependency file go Pull requests that update Go code ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@k8s-ci-robot @cheftako