build(deps): bump k8s.io/klog/v2 from v2.130.1 to v2.140.0

[pierluigilenoci]

What changed

Bumps k8s.io/klog/v2 from v2.130.1 to v2.140.0, which brings:

• Severity-based stderr filtering (legacy_stderr_threshold_behavior flag) for callers that use logtostderr=true (kubernetes/klog#432)
• Unified KV serialization with automatic deduplication (FormatKVs)
• Go toolchain requirement updated from 1.18 to 1.21

silenceKlog() — kept minimal

silenceKlog() disables klog output by routing file logs to io.Discard and setting logtostderr=false. The previous revision added stderrthreshold=INFO and legacy_stderr_threshold_behavior=false, but as @coderabbitai correctly identified:

1. legacy_stderr_threshold_behavior=false is dead code when logtostderr=false — it only affects the if l.toStderr branch.
2. stderrthreshold=INFO actively broke silencing — with logtostderr=false, klog copies messages at or above stderrThreshold to stderr, so INFO makes all messages leak.

Both lines have been removed. The function now only sets the two flags that matter (logtostderr=false, alsologtostderr=false) with consistent _ = error-discard style.

References

• Upstream issue: stderrthreshold not honored when logtostderr is set kubernetes/klog#212
• Upstream fix: feat: fix stderrthreshold not honored when logtostderr is set (#212) + two new flags kubernetes/klog#432

Summary by CodeRabbit

• Dependencies

  • Updated Kubernetes logging library to v2.140.0.

• Bug Fixes

  • Enhanced stderr severity-level filtering and threshold behavior.
  • Improved structured logging to better handle duplicate keys (last-write wins).
  • More consistent message quoting and multi-line value formatting.

• Documentation

  • Removed an outdated note about minimum Go version in the logging docs.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e6cbf23a-7116-4aae-9309-a635a4a90764

📥 Commits

Reviewing files that changed from the base of the PR and between 9571e02 and 1e31871.

📒 Files selected for processing (1)

• cmd/log.go

✅ Files skipped from review due to trivial changes (1)

• cmd/log.go

---

📝 Walkthrough

Walkthrough

Upgrades k8s.io/klog/v2 to v2.140.0; refactors key/value serialization to a multi-slice FormatKVs with deduplication; adjusts klog flag/threshold and stderr-routing behavior; minor change in cmd/log.go to explicitly ignore flag.Set errors.

Changes

Cohort / File(s)	Summary
Klog Dependency & Vendor Metadata go.mod, vendor/modules.txt	Bumps k8s.io/klog/v2 from v2.130.1 → v2.140.0 and updates vendored module metadata (Go toolchain note to 1.21).
Command log shim cmd/log.go	silenceKlog now explicitly discards flag.FlagSet.Set error returns when toggling logtostderr/alsologtostderr; klog.SetOutput(io.Discard) usage unchanged.
Key/value serialization (major refactor) vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go, .../keyvalues_no_slog.go, .../keyvalues_slog.go	Replaces MergeKVs/MergeAndFormatKVs/KVListFormat with unified FormatKVs that accepts multiple KV slices, formats into one buffer, and implements "last one wins" deduplication. KVFormat now returns the formatted key string. Multi-line value formatting handling improved.
Klog logging and routing changes vendor/k8s.io/klog/v2/klog.go, vendor/k8s.io/klog/v2/klogr.go, vendor/k8s.io/klog/v2/klogr_slog.go	Updates message quoting to strconv.AppendQuote, routes KV serialization through serialize.FormatKVs, replaces MergeKVs usage with serialize.WithValues, and changes stderr routing logic to consider legacy behavior and new alsologtostderrthreshold semantics.
Documentation vendor/k8s.io/klog/v2/README.md	Removes a note recommending minimum Go version 1.11.4+ for semantic import versioning.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 I hopped through vendor lines so neat,

KVs now merge with a tricky beat,
Threshold flags arranged just so,
Logs dressed up in tidy flow,
A joyful hop — v2.140! 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: upgrading the k8s.io/klog/v2 dependency from v2.130.1 to v2.140.0, which is the primary file-level change across the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

cmd/log.go (1)

43-54: ⚠️ Potential issue | 🟠 Major

silenceKlog() behavior regressed—now allows INFO+ messages on stderr instead of silencing them

Two critical issues:

1. legacy_stderr_threshold_behavior=false is dead code here. This flag only affects behavior when logtostderr=true (in the if l.toStderr branch per klog source code). Since the function immediately sets logtostderr=false, that branch is never taken. The referenced PR #432 fixes filtering for logtostderr=true cases, but this codebase uses logtostderr=false.

2. stderrthreshold=INFO breaks silencing semantics. Before this change, the default stderrThreshold of ERROR filtered INFO/WARNING messages to stderr. This change explicitly sets it to INFO, causing all INFO+ messages from dependencies (cri-api, cri-client, etc.) to reach stderr when running at --log-level=debug or --log-level=info. This contradicts the function's name and the PR description's claim to "preserve the current default behavior."

Fix: Revert stderrthreshold from INFO to ERROR (or remove the line to rely on the default). If surfacing INFO+ messages on stderr is intentional, update the PR description, rename the function, and document this behavior change clearly.

Minor: Standardize error handling—either all flags.Set() calls should use _ = to discard errors, or none should, for consistency and visibility of any future flag misconfigurations.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cmd/log.go` around lines 43 - 54, silenceKlog currently enables stderr for
INFO+ and sets a dead flag; change it to restore previous silencing by reverting
stderrthreshold to "ERROR" (or remove the flags.Set("stderrthreshold", ...) call
so the default ERROR is used) and remove the pointless
legacy_stderr_threshold_behavior flag setting since it only affects the
logtostderr=true branch (we set logtostderr=false); also make the flags.Set()
error handling consistent (either prefix all with `_ = ` or none) so flag errors
are treated uniformly; update references to klog and the silenceKlog function
accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@cmd/log.go`:
- Around line 43-54: silenceKlog currently enables stderr for INFO+ and sets a
dead flag; change it to restore previous silencing by reverting stderrthreshold
to "ERROR" (or remove the flags.Set("stderrthreshold", ...) call so the default
ERROR is used) and remove the pointless legacy_stderr_threshold_behavior flag
setting since it only affects the logtostderr=true branch (we set
logtostderr=false); also make the flags.Set() error handling consistent (either
prefix all with `_ = ` or none) so flag errors are treated uniformly; update
references to klog and the silenceKlog function accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: aff1e8c8-3702-4dba-bb05-28eab475ce58

📥 Commits

Reviewing files that changed from the base of the PR and between bf2a069 and 9571e02.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (10)

• cmd/log.go
• go.mod
• vendor/k8s.io/klog/v2/README.md
• vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go
• vendor/k8s.io/klog/v2/internal/serialize/keyvalues_no_slog.go
• vendor/k8s.io/klog/v2/internal/serialize/keyvalues_slog.go
• vendor/k8s.io/klog/v2/klog.go
• vendor/k8s.io/klog/v2/klogr.go
• vendor/k8s.io/klog/v2/klogr_slog.go
• vendor/modules.txt

💤 Files with no reviewable changes (1)

• vendor/k8s.io/klog/v2/README.md

[pierluigilenoci]

@coderabbitai Good catch on both points. Fixed in 1e31871:

1. legacy_stderr_threshold_behavior=false removed — confirmed dead code. This flag only affects the if l.toStderr branch (klog.go:916-927), which is never reached because silenceKlog() sets logtostderr=false.

2. stderrthreshold=INFO removed — this was actively breaking silencing. With logtostderr=false, klog enters the else path (klog.go:928-937) where it copies messages to stderr when severity >= stderrThreshold. The default threshold is ERROR, so only errors would leak. Setting it to INFO caused all log messages to appear on stderr, defeating the purpose of silenceKlog().

3. _ = added to remaining flags.Set() calls for consistent error-discard style.

The function is now a clean klog silencer again: route file output to io.Discard, disable logtostderr, disable alsologtostderr. The klog v2.140.0 upgrade is preserved for its other improvements (KV dedup, Go 1.21 toolchain).

[coderabbitai]

Only users with a collaborator, contributor, member, or owner role can interact with CodeRabbit.