[cherry-pick] chore(deps): bump the go group with 7 updates #7154

nginx-bot · 2025-01-17T10:40:21Z

Bumps the go group with 7 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2/config	`1.28.11`	`1.29.0`
github.com/aws/aws-sdk-go-v2/service/marketplacemetering	`1.25.9`	`1.25.10`
github.com/cert-manager/cert-manager	`1.16.2`	`1.16.3`
k8s.io/api	`0.32.0`	`0.32.1`
k8s.io/apimachinery	`0.32.0`	`0.32.1`
k8s.io/client-go	`0.32.0`	`0.32.1`
k8s.io/code-generator	`0.32.0`	`0.32.1`

Updates github.com/aws/aws-sdk-go-v2/config from 1.28.11 to 1.29.0

Commits

077df5d Release 2024-06-18
3320b13 Regenerated Clients
1315201 Update API model
8dddc9c add SDK-specific feature tracking (#2682)
54f11c0 Release 2024-06-17
d5c4ad0 Regenerated Clients
e7057a6 Update API model
374440d Merge pull request #2490 from aws/feat-aid-endpoints
3133994 fix changelog
5ceabb7 merge from main
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/marketplacemetering from 1.25.9 to 1.25.10

Commits

f3ea5b8 Release 2023-11-30
bb44374 Regenerated Clients
1fd796c Update SDK's smithy-go dependency to v1.18.1
5e061f0 Update endpoints model
e6de9ae Update API model
See full diff in compare view

Updates github.com/cert-manager/cert-manager from 1.16.2 to 1.16.3

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.16.3

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.16.3 is a patch release mainly focused around bumping dependencies to address reported CVEs: CVE-2024-45337 and CVE-2024-45338.

We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners.

It also includes a bug fix to the new renewBeforePercentage field. If you were using renewBeforePercentage, see PR #7421 for more information.

Changes

Bug

Bump golang.org/x/net and golang.org/x/crypto to address CVE-2024-45337 and CVE-2024-45338 (#7485, @erikgb)

Fix the behaviour of renewBeforePercentage to comply with its spec (#7441, @cert-manager-bot)

Other

Bump go to 1.23.4 (#7489, @erikgb)

Bump base images to latest available (#7508, @SgtCoDFish)

Commits

1694b11 Merge pull request #7508 from SgtCoDFish/release-1.16-bumpbase
6951e56 [release-1.16] bump base images
b22baa1 Merge pull request #7489 from erikgb/bump-go-images
160d604 Bump go to 1.23.4 and bump base images to latest available
e31f418 Merge pull request #7485 from erikgb/fix-CVE-2024-45337
9c7ddb7 Bump golang.org/x/net to address CVE-2024-45337 and CVE-2024-45338
c3ed813 Merge pull request #7441 from cert-manager-bot/cherry-pick-7421-to-release-1.16
2b08851 Fix renewBeforePercentage to comply with its spec
See full diff in compare view

Updates k8s.io/api from 0.32.0 to 0.32.1

Commits

bc0564c Update dependencies to v0.32.1 tag
25d8df3 Merge pull request #129544pohly/automated-cherry-pick-of-#129543
5b9e013 DRA API: bump maximum size of ReservedFor to 256
See full diff in compare view

Updates k8s.io/apimachinery from 0.32.0 to 0.32.1

Commits

See full diff in compare view

Updates k8s.io/client-go from 0.32.0 to 0.32.1

Commits

9d43434 Update dependencies to v0.32.1 tag
See full diff in compare view

Updates k8s.io/code-generator from 0.32.0 to 0.32.1

Commits

11d3b59 Update dependencies to v0.32.1 tag
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.28.11` | `1.29.0` | | [github.com/aws/aws-sdk-go-v2/service/marketplacemetering](https://github.com/aws/aws-sdk-go-v2) | `1.25.9` | `1.25.10` | | [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | `1.16.2` | `1.16.3` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.32.0` | `0.32.1` | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.32.0` | `0.32.1` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.32.0` | `0.32.1` | | [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.32.0` | `0.32.1` | Updates `github.com/aws/aws-sdk-go-v2/config` from 1.28.11 to 1.29.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@config/v1.28.11...v1.29.0) Updates `github.com/aws/aws-sdk-go-v2/service/marketplacemetering` from 1.25.9 to 1.25.10 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@config/v1.25.9...config/v1.25.10) Updates `github.com/cert-manager/cert-manager` from 1.16.2 to 1.16.3 - [Release notes](https://github.com/cert-manager/cert-manager/releases) - [Changelog](https://github.com/cert-manager/cert-manager/blob/master/RELEASE.md) - [Commits](cert-manager/cert-manager@v1.16.2...v1.16.3) Updates `k8s.io/api` from 0.32.0 to 0.32.1 - [Commits](kubernetes/api@v0.32.0...v0.32.1) Updates `k8s.io/apimachinery` from 0.32.0 to 0.32.1 - [Commits](kubernetes/apimachinery@v0.32.0...v0.32.1) Updates `k8s.io/client-go` from 0.32.0 to 0.32.1 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.32.0...v0.32.1) Updates `k8s.io/code-generator` from 0.32.0 to 0.32.1 - [Commits](kubernetes/code-generator@v0.32.0...v0.32.1) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/service/marketplacemetering dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/cert-manager/cert-manager dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: k8s.io/code-generator dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jakub Jarosz <[email protected]> Co-authored-by: Paul Abel <[email protected]>

codecov · 2025-01-17T10:59:17Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (release-4.0@623cada). Learn more about missing BASE report.

Additional details and impacted files

@@              Coverage Diff               @@
##             release-4.0    #7154   +/-   ##
==============================================
  Coverage               ?   52.71%           
==============================================
  Files                  ?       89           
  Lines                  ?    20824           
  Branches               ?        0           
==============================================
  Hits                   ?    10977           
  Misses                 ?     9391           
  Partials               ?      456

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

…ee15fb3647cf0cfa9541cecc92d

nginx-bot requested a review from a team as a code owner January 17, 2025 10:40

nginx-bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jan 17, 2025

pdabelf5 approved these changes Jan 17, 2025

View reviewed changes

run go mod tidy

396024a

AlexFenlon approved these changes Jan 17, 2025

View reviewed changes

AlexFenlon added 2 commits January 17, 2025 11:06

Merge branch 'release-4.0' into cherry-pick-release-4.0-34c56e2db8659…

024a876

…ee15fb3647cf0cfa9541cecc92d

Merge branch 'release-4.0' into cherry-pick-release-4.0-34c56e2db8659…

66171be

…ee15fb3647cf0cfa9541cecc92d

AlexFenlon merged commit 679833b into release-4.0 Jan 17, 2025
62 checks passed

AlexFenlon deleted the cherry-pick-release-4.0-34c56e2db8659ee15fb3647cf0cfa9541cecc92d branch January 17, 2025 12:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[cherry-pick] chore(deps): bump the go group with 7 updates #7154

[cherry-pick] chore(deps): bump the go group with 7 updates #7154

nginx-bot commented Jan 17, 2025

codecov bot commented Jan 17, 2025

[cherry-pick] chore(deps): bump the go group with 7 updates #7154

[cherry-pick] chore(deps): bump the go group with 7 updates #7154

Conversation

nginx-bot commented Jan 17, 2025

v1.16.3

Changes

Bug

Other

codecov bot commented Jan 17, 2025

Codecov Report