chore(deps): bump the security group across 1 directory with 22 updates #1764

dependabot · 2025-03-25T01:14:55Z

Bumps the security group with 17 updates in the / directory:

Package	From	To
github.com/containers/image/v5	`5.34.1`	`5.34.2`
github.com/go-sql-driver/mysql	`1.9.0`	`1.9.1`
github.com/jackc/pgx/v5	`5.7.2`	`5.7.3`
github.com/miekg/dns	`1.1.63`	`1.1.64`
github.com/spf13/viper	`1.19.0`	`1.20.0`
go.opentelemetry.io/otel	`1.34.0`	`1.35.0`
go.opentelemetry.io/otel/sdk	`1.34.0`	`1.35.0`
golang.org/x/mod	`0.23.0`	`0.24.0`
golang.org/x/sync	`0.11.0`	`0.12.0`
k8s.io/api	`0.32.2`	`0.32.3`
k8s.io/apiextensions-apiserver	`0.32.2`	`0.32.3`
k8s.io/cli-runtime	`0.32.2`	`0.32.3`
sigs.k8s.io/controller-runtime	`0.20.2`	`0.20.4`
golang.org/x/net	`0.35.0`	`0.37.0`
helm.sh/helm/v3	`3.17.1`	`3.17.2`
k8s.io/kubelet	`0.32.2`	`0.32.3`
k8s.io/metrics	`0.32.2`	`0.32.3`

Updates github.com/containers/image/v5 from 5.34.1 to 5.34.2

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.34.2

What's Changed

[release-5.34] Bump c/storage to v1.57.2, c/image to v5.34.2 by @TomSweeneyRedHat in containers/image#2765

[release-5.34] Bump to v5.34.1 by @TomSweeneyRedHat in containers/image#2743

Full Changelog: containers/image@v5.34.1...v5.34.2

Commits

558f1f8 [release-5.34] Bump to c/image v5.34.2
71bd224 [release-5.34] Bump c/storage to v1.57.2
79a867d Merge pull request #2743 from TomSweeneyRedHat/dev/tsweeney/v5.34.1
See full diff in compare view

Updates github.com/go-sql-driver/mysql from 1.9.0 to 1.9.1

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.9.1

What's Changed

add Charset() option by @methane in go-sql-driver/mysql#1679

Fix FormatDSN missing ConnectionAttributes by @bogcon in go-sql-driver/mysql#1619

go.mod: fix go version format by @methane in go-sql-driver/mysql#1682

release v1.9.1 by @methane in go-sql-driver/mysql#1683

New Contributors

@bogcon made their first contribution in go-sql-driver/mysql#1619

Full Changelog: go-sql-driver/mysql@v1.9.0...v1.9.1

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

v1.9.1 (2025-03-21)

Major Changes

Add Charset() option. (#1679)

Bugfixes

go.mod: fix go version format (#1682)

Fix FormatDSN missing ConnectionAttributes (#1619)

Commits

1fbafa8 release v1.9.1 (#1683)
b84ac5a go.mod: fix go version format (#1682)
88ff88b Fix FormatDSN missing ConnectionAttributes (#1619)
c879816 add Charset() option (#1679)
See full diff in compare view

Updates github.com/jackc/pgx/v5 from 5.7.2 to 5.7.3

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.7.3 (March 21, 2025)

Expose EmptyAcquireWaitTime in pgxpool.Stat (vamshiaruru32)

Improve SQL sanitizer performance (ninedraft)

Fix Scan confusion with json(b), sql.Scanner, and automatic dereferencing (moukoublen, felix-roehrich)

Fix Values() for xml type always returning nil instead of []byte

Add ability to send Flush message in pipeline mode (zenkovev)

Fix pgtype.Timestamp's JSON behavior to match PostgreSQL (pconstantinou)

Better error messages when scanning structs (logicbomb)

Fix handling of error on batch write (bonnefoa)

Match libpq's connection fallback behavior more closely (felix-roehrich)

Add MinIdleConns to pgxpool (djahandarie)

Commits

5c1fbf4 Update changelog for v5.7.3
05fe5f8 Explain seemingly redundant rows.Close() in CollectOneRow
70c9a14 Merge pull request #2279 from djahandarie/min-idle-conns
6603ddf add MinIdleConns
70f7cad Add link to https://github.com/Arlandaren/pgxWrappy
6bf1b0b Add database/sql to overview of scanning
14bda65 Correct pgtype docs
9e3c4fb Merge pull request #2257 from felix-roehrich/fr/change-connect-logic
05e72a5 make connection logic more forgiving
47d631e Added missed change to v5.7.2 changelog
Additional commits viewable in compare view

Updates github.com/miekg/dns from 1.1.63 to 1.1.64

Commits

f83d075 Release 1.1.64
d912518 Add RESINFO rr (#1641)
8d0c412 Add support for Compact Answers OK flag in EDNS (#1639)
6425a08 Add the check-soa program, which uses the library (#1638)
1c19e49 Manually run a go get -u
494e4d2 Merge branch 'master' of github.com:miekg/dns
37f4827 Try to group the dependabot prs
75e8f27 Bump golang.org/x/sync from 0.7.0 to 0.11.0 (#1635)
72fe95a SVCB is no RFC 9460. (#1636)
b911878 Bump golang.org/x/net from 0.31.0 to 0.34.0 (#1631)
Additional commits viewable in compare view

Updates github.com/spf13/viper from 1.19.0 to 1.20.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.20.0

[!WARNING] This release includes a few minor breaking changes. Read the upgrade guide for details.

What's Changed

Exciting New Features 🎉

New encoding layer by @sagikazarmark in spf13/viper#1869

Enhancements 🚀

Drop Go 1.20 support by @sagikazarmark in spf13/viper#1846

Drop slog shim by @sagikazarmark in spf13/viper#1848

Replace file searching API with a finder by @sagikazarmark in spf13/viper#1849

Finder feature flag by @sagikazarmark in spf13/viper#1852

Allow setting options on the global Viper instance by @sagikazarmark in spf13/viper#1856

Add experimental flag for bind struct by @sagikazarmark in spf13/viper#1854

Make the remote package a separate module by @sagikazarmark in spf13/viper#1860

Add decoder hook option by @sagikazarmark in spf13/viper#1872

Encoder improvements by @sagikazarmark in spf13/viper#1885

Get uint8 by @martinconic in spf13/viper#1894

Bug Fixes 🐛

Fix missing config type when reading from a buffer by @sagikazarmark in spf13/viper#1857

fix: do not allow setting dependencies to nil values by @sagikazarmark in spf13/viper#1871

feat: copy keydelim from parent chart in viper.Sub() by @obs-gh-alexlew in spf13/viper#1887

Breaking Changes 🛠

Drop encoding formats: HCL, Java properties, INI by @sagikazarmark in spf13/viper#1870

Dependency Updates ⬆️

chore: update mapstructure by @sagikazarmark in spf13/viper#1723

chore: update crypt by @sagikazarmark in spf13/viper#1834

build(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in spf13/viper#1853

Revert to go-difflib and go-spew releases by @skitt in spf13/viper#1861

build(deps): bump actions/dependency-review-action from 4.3.2 to 4.3.3 by @dependabot in spf13/viper#1862

build(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in spf13/viper#1865

build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in spf13/viper#1864

chore: update crypt by @sagikazarmark in spf13/viper#1866

build(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in spf13/viper#1876

build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 in /remote by @dependabot in spf13/viper#1878

build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in spf13/viper#1879

build(deps): bump actions/dependency-review-action from 4.3.3 to 4.3.4 by @dependabot in spf13/viper#1881

build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in spf13/viper#1880

build(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in spf13/viper#1883

chore(deps): update crypt by @sagikazarmark in spf13/viper#1884

chore: update dependencies by @sagikazarmark in spf13/viper#1888

build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0 to 2.1.0 by @dependabot in spf13/viper#1901

build(deps): bump github.com/spf13/cast from 1.6.0 to 1.7.0 by @dependabot in spf13/viper#1899

build(deps): bump github/codeql-action from 3.25.13 to 3.26.0 by @dependabot in spf13/viper#1897

build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by @dependabot in spf13/viper#1893

build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by @dependabot in spf13/viper#1903

build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by @dependabot in spf13/viper#1905

... (truncated)

Commits

c038295 docs: add update instructions for 1.20
9c07e0f build: disable unused linters
48112d6 ci: add Go 1.24 to the test matrix
66e3e28 build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6
17b96ac New Logo
8b223a4 build(deps): bump github.com/spf13/cast from 1.7.0 to 1.7.1
91fd363 chore: update afero
e75c48f Fix issues reported by testifylint
a5ea569 build(deps): bump github/codeql-action from 3.27.7 to 3.27.9
54f2089 build(deps): bump golang.org/x/crypto from 0.27.0 to 0.31.0 in /remote
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.34.0 to 1.35.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.35.0/0.57.0/0.11.0] 2025-03-05

This release is the last to support [Go 1.22]. The next release will require at least [Go 1.23].

Added

Add ValueFromAttribute and KeyValueFromAttribute in go.opentelemetry.io/otel/log. (#6180)

Add EventName and SetEventName to Record in go.opentelemetry.io/otel/log. (#6187)

Add EventName to RecordFactory in go.opentelemetry.io/otel/log/logtest. (#6187)

AssertRecordEqual in go.opentelemetry.io/otel/log/logtest checks Record.EventName. (#6187)

Add EventName and SetEventName to Record in go.opentelemetry.io/otel/sdk/log. (#6193)

Add EventName to RecordFactory in go.opentelemetry.io/otel/sdk/log/logtest. (#6193)

Emit Record.EventName field in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#6211)

Emit Record.EventName field in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#6211)

Emit Record.EventName field in go.opentelemetry.io/otel/exporters/stdout/stdoutlog (#6210)

The go.opentelemetry.io/otel/semconv/v1.28.0 package. The package contains semantic conventions from the v1.28.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.27.0(#6236)

The go.opentelemetry.io/otel/semconv/v1.30.0 package. The package contains semantic conventions from the v1.30.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.28.0(#6240)

Document the pitfalls of using Resource as a comparable type. Resource.Equal and Resource.Equivalent should be used instead. (#6272)

Support [Go 1.24]. (#6304)

Add FilterProcessor and EnabledParameters in go.opentelemetry.io/otel/sdk/log. It replaces go.opentelemetry.io/otel/sdk/log/internal/x.FilterProcessor. Compared to previous version it additionally gives the possibility to filter by resource and instrumentation scope. (#6317)

Changed

Update github.com/prometheus/common to v0.62.0, which changes the NameValidationScheme to NoEscaping. This allows metrics names to keep original delimiters (e.g. .), rather than replacing with underscores. This is controlled by the Content-Type header, or can be reverted by setting NameValidationScheme to LegacyValidation in github.com/prometheus/common/model. (#6198)

Fixes

Eliminate goroutine leak for the processor returned by NewSimpleSpanProcessor in go.opentelemetry.io/otel/sdk/trace when Shutdown is called and the passed ctx is canceled and SpanExporter.Shutdown has not returned. (#6368)

Eliminate goroutine leak for the processor returned by NewBatchSpanProcessor in go.opentelemetry.io/otel/sdk/trace when ForceFlush is called and the passed ctx is canceled and SpanExporter.Export has not returned. (#6369)

Commits

5ba5e7a Release v1.35.0/v0.57.0/v0.11.0 (#6407)
3908b67 chore(deps): update module github.com/securego/gosec/v2 to v2.22.2 (#6412)
50172b1 chore(deps): update module github.com/ryancurrah/gomodguard to v1.4.1 (#6411)
cea6d2b fix(deps): update module google.golang.org/grpc to v1.71.0 (#6409)
e2aee3a Move trace sdk tests from trace_test into trace package (#6400)
38f4f39 fix(deps): update build-tools to v0.20.0 (#6403)
2911449 Look at stale issues in ascending order (#6396)
7cb322a chore(deps): update github.com/golangci/dupl digest to 44c6a0b (#6398)
0c3651e fix(deps): update module github.com/golangci/golangci-lint to v1.64.6 (#6394)
f04e951 chore(deps): update mvdan.cc/unparam digest to 0df0534 (#6391)
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.34.0 to 1.35.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.35.0/0.57.0/0.11.0] 2025-03-05

This release is the last to support [Go 1.22]. The next release will require at least [Go 1.23].

Added

Add ValueFromAttribute and KeyValueFromAttribute in go.opentelemetry.io/otel/log. (#6180)

Add EventName and SetEventName to Record in go.opentelemetry.io/otel/log. (#6187)

Add EventName to RecordFactory in go.opentelemetry.io/otel/log/logtest. (#6187)

AssertRecordEqual in go.opentelemetry.io/otel/log/logtest checks Record.EventName. (#6187)

Add EventName and SetEventName to Record in go.opentelemetry.io/otel/sdk/log. (#6193)

Add EventName to RecordFactory in go.opentelemetry.io/otel/sdk/log/logtest. (#6193)

Emit Record.EventName field in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#6211)

Emit Record.EventName field in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#6211)

Emit Record.EventName field in go.opentelemetry.io/otel/exporters/stdout/stdoutlog (#6210)

The go.opentelemetry.io/otel/semconv/v1.28.0 package. The package contains semantic conventions from the v1.28.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.27.0(#6236)

The go.opentelemetry.io/otel/semconv/v1.30.0 package. The package contains semantic conventions from the v1.30.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.28.0(#6240)

Document the pitfalls of using Resource as a comparable type. Resource.Equal and Resource.Equivalent should be used instead. (#6272)

Support [Go 1.24]. (#6304)

Add FilterProcessor and EnabledParameters in go.opentelemetry.io/otel/sdk/log. It replaces go.opentelemetry.io/otel/sdk/log/internal/x.FilterProcessor. Compared to previous version it additionally gives the possibility to filter by resource and instrumentation scope. (#6317)

Changed

Update github.com/prometheus/common to v0.62.0, which changes the NameValidationScheme to NoEscaping. This allows metrics names to keep original delimiters (e.g. .), rather than replacing with underscores. This is controlled by the Content-Type header, or can be reverted by setting NameValidationScheme to LegacyValidation in github.com/prometheus/common/model. (#6198)

Fixes

Eliminate goroutine leak for the processor returned by NewSimpleSpanProcessor in go.opentelemetry.io/otel/sdk/trace when Shutdown is called and the passed ctx is canceled and SpanExporter.Shutdown has not returned. (#6368)

Eliminate goroutine leak for the processor returned by NewBatchSpanProcessor in go.opentelemetry.io/otel/sdk/trace when ForceFlush is called and the passed ctx is canceled and SpanExporter.Export has not returned. (#6369)

Commits

5ba5e7a Release v1.35.0/v0.57.0/v0.11.0 (#6407)
3908b67 chore(deps): update module github.com/securego/gosec/v2 to v2.22.2 (#6412)
50172b1 chore(deps): update module github.com/ryancurrah/gomodguard to v1.4.1 (#6411)
cea6d2b fix(deps): update module google.golang.org/grpc to v1.71.0 (#6409)
e2aee3a Move trace sdk tests from trace_test into trace package (#6400)
38f4f39 fix(deps): update build-tools to v0.20.0 (#6403)
2911449 Look at stale issues in ascending order (#6396)
7cb322a chore(deps): update github.com/golangci/dupl digest to 44c6a0b (#6398)
0c3651e fix(deps): update module github.com/golangci/golangci-lint to v1.64.6 (#6394)
f04e951 chore(deps): update mvdan.cc/unparam digest to 0df0534 (#6391)
Additional commits viewable in compare view

Updates golang.org/x/mod from 0.23.0 to 0.24.0

Commits

dc121ce all: upgrade go directive to at least 1.23.0 [generated]
See full diff in compare view

Updates golang.org/x/sync from 0.11.0 to 0.12.0

Commits

b637f27 errgroup: drop support for Go versions before 1.20
960bf1f all: upgrade go directive to at least 1.23.0 [generated]
See full diff in compare view

Updates k8s.io/api from 0.32.2 to 0.32.3

Commits

22c1e39 Update dependencies to v0.32.3 tag
40f4980 Merge pull request #129690pohly/automated-cherry-pick-of-#129661
a5598f8 DRA CEL: add missing size estimator
See full diff in compare view

Updates k8s.io/apiextensions-apiserver from 0.32.2 to 0.32.3

Commits

0350e46 Update dependencies to v0.32.3 tag
See full diff in compare view

Updates k8s.io/apimachinery from 0.32.2 to 0.32.3

Commits

See full diff in compare view

Updates k8s.io/apiserver from 0.32.2 to 0.32.3

Commits

d5dc369 Update dependencies to v0.32.3 tag
4f51d06 Merge pull request #130136 from AwesomePatrol/automated-cherry-pick-of-#13011...
a85a34b Merge pull request #130253 from fuweid/1.32-backport-130126
fc2ddd4 proxy: should add PingPeriod for websocket translator
f279152 Limit ResourceQuota LIST requests to times when informer is not synced
See full diff in compare view

Updates k8s.io/cli-runtime from 0.32.2 to 0.32.3

Commits

2287a4d Update dependencies to v0.32.3 tag
See full diff in compare view

Updates k8s.io/client-go from 0.32.2 to 0.32.3

Commits

c106b23 Update dependencies to v0.32.3 tag
See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.20.2 to 0.20.4

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.20.4

What's Changed

🐛 Restmapper: Respect preferred version by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3159

🌱 Mention the SkipNameValidation option in the name validation error by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3172

✨ Controller: Retain the priority by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3173

✨Add RELEASE_TAG to tools/setup-envtest to show binary version with setup-envtest version by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3175

🌱 Handlers: Default to LowPriorityWhenUnchanged without a wrapper by @alvaroaleman in kubernetes-sigs/controller-runtime#3179

Full Changelog: kubernetes-sigs/controller-runtime@v0.20.3...v0.20.4

v0.20.3

What's Changed

🐛 fix: cache should list out of global cache when present and necessary by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3127

🌱 Export envtest.ReadCRDFiles by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3131

🐛 Fakeclient: Fix dataraces when writing to the scheme by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3145

Revert "✨ Expose all Go runtime metrics" by @alvaroaleman in kubernetes-sigs/controller-runtime#3147

Full Changelog: kubernetes-sigs/controller-runtime@v0.20.2...v0.20.3

Commits

0f7927c Merge pull request #3179 from alvaroaleman/lowpdefault
9951869 🌱 TypedRequestForOwner: Decrease priority when unchanged
c7d5d83 Fix godoc of TypedEventHandler
2062f3a 🌱 Remove redundant WithLowPriorityWhenUnchanged in builder
2af3164 🌱 Followups to default low priority in mappers
29debb1 🌱 Handlers: Use low priority when object is unchanged and priority q
5355658 🐛Implement priorityqueue as default on handlers if using priorityqueue interf...
3156ace Merge pull request #3175 from k8s-infra-cherrypick-robot/cherry-pick-3166-to-...
4ae5f39 add version.version to tools/setup-envtest to show installed version
833f208 Merge pull request #3173 from k8s-infra-cherrypick-robot/cherry-pick-3167-to-...
Additional commits viewable in compare view

Updates golang.org/x/net from 0.35.0 to 0.37.0

Commits

99b3ae0 go.mod: update golang.org/x dependencies
85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.30.0 to 0.31.0

Commits

74cfc93 all: upgrade go directive to at least 1.23.0 [generated]
See full diff in compare view

Updates golang.org/x/text from 0.22.0 to 0.23.0

Commits

566b44f go.mod: update golang.org/x dependencies
d5156da collate/build: do not use println in tests
221d88c x/text: fix scientific notation by removing extraneous spaces
b18c107 internal/export/unicode: change C comment to mention unassigned code points
835f8ac language: use a more straightforward return value
ae68efb internal/export/unicode: add CategoryAliases, Cn, and LC
518d9c0 all: upgrade go directive to at least 1.23.0 [generated]
See full diff in compare view

Updates helm.sh/helm/v3 from 3.17.1 to 3.17.2

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.17.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

Join the discussion in Kubernetes Slack:

for questions and just to hang out

for discussing PRs, code, and bugs

Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom

Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.17.2. The common platform binaries are here:

MacOS amd64 (checksum / 3e240238c7a3a10efd37b8e16615b28e94ba5db5957247bb42009ba6d52f76e9)

MacOS arm64 (checksum / b843cebcbebc9eccb1e43aba9cca7693d32e9f2c4a35344990e3b7b381933948)

Linux amd64 (checksum / 90c28792a1eb5fb0b50028e39ebf826531ebfcf73f599050dbd79bab2f277241)

Linux arm (checksum / 0b13ec8580dd5498b5a2d7cb34146e098049f59500a266db1bb98f59649eb90a)

Linux arm64 (checksum / d78d76ec7625a94991e887ac049d93f44bd70e4876200b945f813c9e1ed1df7c)

Linux i386 (checksum / 1c599c4559b97d8cf2100704f5cdc3269dcb369b553711b09a564e1d89c725dc)

Linux ppc64le (checksum / 6bb1c83078bdd5e9acad5793dfc9ab3b5b56d410723a660ff1da61dbdff3207b)

Linux s390x (checksum / 55ce412c48a79020a435eed2d7895e3cf74293d939da60a287c7c5fc15480f58)

Linux riscv64 (checksum / 70e27a5b73fe848233f3e43bbe393a84d5ccfea2db666906ed37ef9b54468876)

Windows amd64 (checksum / f76fe76fa116d2bae948aee9bb54ba11bf5b726a09f732ce6a74eb65af2886b1)

Windows arm64 (checksum / a47a0059285347d44c2ac81aa09398cfa527eb60bcddd7e1836f9459e503697d)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

3.17.3 is the next patch release and will be on April 09, 2025

3.18.0 is the next minor release and will be on May 14, 2025

Changelog

Updating to 0.37.0 for x/net cc0bbbd6d6276b83880042c1ecb34087e84d41eb (Matt Farina)

build(deps): bump the k8s-io group with 7 updates ecb7a74f19c23f76e7c18d1ce99f88bf1926a9ae (dependabot[bot])

Commits

cc0bbbd Updating to 0.37.0 for x/net
ecb7a74 build(deps): bump the k8s-io group with 7 updates
See full diff in compare view

Updates k8s.io/kubelet from 0.32.2 to 0.32.3

Commits

27d733c Update dependencies to v0.32.3 tag
See full diff in compare view

Updates k8s.io/metrics from 0.32.2 to 0.32.3

Commits

0144e04 Update dependencies to v0.32.3 tag
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the security group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/containers/image/v5](https://github.com/containers/image) | `5.34.1` | `5.34.2` | | [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) | `1.9.0` | `1.9.1` | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.2` | `5.7.3` | | [github.com/miekg/dns](https://github.com/miekg/dns) | `1.1.63` | `1.1.64` | | [github.com/spf13/viper](https://github.com/spf13/viper) | `1.19.0` | `1.20.0` | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` | | [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.23.0` | `0.24.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.11.0` | `0.12.0` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.32.2` | `0.32.3` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.32.2` | `0.32.3` | | [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.32.2` | `0.32.3` | | [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.20.2` | `0.20.4` | | [golang.org/x/net](https://github.com/golang/net) | `0.35.0` | `0.37.0` | | [helm.sh/helm/v3](https://github.com/helm/helm) | `3.17.1` | `3.17.2` | | [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.32.2` | `0.32.3` | | [k8s.io/metrics](https://github.com/kubernetes/metrics) | `0.32.2` | `0.32.3` | Updates `github.com/containers/image/v5` from 5.34.1 to 5.34.2 - [Release notes](https://github.com/containers/image/releases) - [Commits](containers/image@v5.34.1...v5.34.2) Updates `github.com/go-sql-driver/mysql` from 1.9.0 to 1.9.1 - [Release notes](https://github.com/go-sql-driver/mysql/releases) - [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md) - [Commits](go-sql-driver/mysql@v1.9.0...v1.9.1) Updates `github.com/jackc/pgx/v5` from 5.7.2 to 5.7.3 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.7.2...v5.7.3) Updates `github.com/miekg/dns` from 1.1.63 to 1.1.64 - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](miekg/dns@v1.1.63...v1.1.64) Updates `github.com/spf13/viper` from 1.19.0 to 1.20.0 - [Release notes](https://github.com/spf13/viper/releases) - [Commits](spf13/viper@v1.19.0...v1.20.0) Updates `go.opentelemetry.io/otel` from 1.34.0 to 1.35.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.34.0...v1.35.0) Updates `go.opentelemetry.io/otel/sdk` from 1.34.0 to 1.35.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.34.0...v1.35.0) Updates `golang.org/x/mod` from 0.23.0 to 0.24.0 - [Commits](golang/mod@v0.23.0...v0.24.0) Updates `golang.org/x/sync` from 0.11.0 to 0.12.0 - [Commits](golang/sync@v0.11.0...v0.12.0) Updates `k8s.io/api` from 0.32.2 to 0.32.3 - [Commits](kubernetes/api@v0.32.2...v0.32.3) Updates `k8s.io/apiextensions-apiserver` from 0.32.2 to 0.32.3 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.32.2...v0.32.3) Updates `k8s.io/apimachinery` from 0.32.2 to 0.32.3 - [Commits](kubernetes/apimachinery@v0.32.2...v0.32.3) Updates `k8s.io/apiserver` from 0.32.2 to 0.32.3 - [Commits](kubernetes/apiserver@v0.32.2...v0.32.3) Updates `k8s.io/cli-runtime` from 0.32.2 to 0.32.3 - [Commits](kubernetes/cli-runtime@v0.32.2...v0.32.3) Updates `k8s.io/client-go` from 0.32.2 to 0.32.3 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.32.2...v0.32.3) Updates `sigs.k8s.io/controller-runtime` from 0.20.2 to 0.20.4 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.20.2...v0.20.4) Updates `golang.org/x/net` from 0.35.0 to 0.37.0 - [Commits](golang/net@v0.35.0...v0.37.0) Updates `golang.org/x/sys` from 0.30.0 to 0.31.0 - [Commits](golang/sys@v0.30.0...v0.31.0) Updates `golang.org/x/text` from 0.22.0 to 0.23.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.22.0...v0.23.0) Updates `helm.sh/helm/v3` from 3.17.1 to 3.17.2 - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.17.1...v3.17.2) Updates `k8s.io/kubelet` from 0.32.2 to 0.32.3 - [Commits](kubernetes/kubelet@v0.32.2...v0.32.3) Updates `k8s.io/metrics` from 0.32.2 to 0.32.3 - [Commits](kubernetes/metrics@v0.32.2...v0.32.3) --- updated-dependencies: - dependency-name: github.com/containers/image/v5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/go-sql-driver/mysql dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/jackc/pgx/v5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/apiserver dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/kubelet dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/metrics dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security ... Signed-off-by: dependabot[bot] <[email protected]>

replicated-ci

LGTM 👍

This PR was automatically approved and merged by the automated-prs-manager GitHub action

dependabot bot added dependencies go type::security labels Mar 25, 2025

replicated-ci approved these changes Mar 25, 2025

View reviewed changes

replicated-ci merged commit 2b1b942 into main Mar 25, 2025
22 checks passed

replicated-ci deleted the dependabot/go_modules/security-aeb8dd2de5 branch March 25, 2025 06:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the security group across 1 directory with 22 updates #1764

chore(deps): bump the security group across 1 directory with 22 updates #1764

dependabot bot commented on behalf of github Mar 25, 2025

replicated-ci left a comment

chore(deps): bump the security group across 1 directory with 22 updates #1764

chore(deps): bump the security group across 1 directory with 22 updates #1764

Conversation

dependabot bot commented on behalf of github Mar 25, 2025

v5.34.2

What's Changed

v1.9.1

What's Changed

New Contributors

v1.9.1 (2025-03-21)

Major Changes

Bugfixes

5.7.3 (March 21, 2025)

v1.20.0

What's Changed

Exciting New Features 🎉

Enhancements 🚀

Bug Fixes 🐛

Breaking Changes 🛠

Dependency Updates ⬆️

[1.35.0/0.57.0/0.11.0] 2025-03-05

Added

Changed

Fixes

[1.35.0/0.57.0/0.11.0] 2025-03-05

Added

Changed

Fixes

v0.20.4

What's Changed

v0.20.3

What's Changed

Installation and Upgrading

What's Next

Changelog

replicated-ci left a comment

Choose a reason for hiding this comment