chore(deps): Bump the production-dependencies group in /api with 10 updates

[dependabot]

Bumps the production-dependencies group in /api with 10 updates:

Package	From	To
k8s.io/apimachinery	0.30.3	0.32.1
kubevirt.io/containerized-data-importer-api	1.59.0	1.61.0
sigs.k8s.io/controller-runtime	0.18.4	0.20.0
github.com/go-logr/logr	1.4.1	1.4.2
golang.org/x/net	0.33.0	0.34.0
k8s.io/api	0.30.1	0.32.0
k8s.io/klog/v2	2.120.1	2.130.1
k8s.io/utils	0.0.0-20240310230437-4693a0247e57	0.0.0-20241104100929-3ea5e8cea738
sigs.k8s.io/json	0.0.0-20221116044647-bc3834ca7abd	0.0.0-20241010143419-9aa6b5e7a4b3
sigs.k8s.io/structured-merge-diff/v4	4.4.1	4.4.2

Updates k8s.io/apimachinery from 0.30.3 to 0.32.1

Commits

• 59e9003 Merge remote-tracking branch 'origin/master' into release-1.32
• 639247c Drop use of winreadlinkvolume godebug option
• 220d7c3 Merge remote-tracking branch 'origin/master' into release-1.32
• c199d3b Revert to go1.22 windows filesystem stdlib behavior
• 16af2ff implement unsafe deletion, and wire it
• 6ff8305 api: run codegen
• ca9b8b2 api: add a new field to meta/v1 DeleteOptions
• d941d9f Merge pull request #128503 from benluddy/cbor-codecs-featuregate
• 3b4250f Wire serving codecs to CBOR feature gate.
• daaad09 Merge pull request #128501 from benluddy/watch-cbor-seq
• Additional commits viewable in compare view

Updates kubevirt.io/containerized-data-importer-api from 1.59.0 to 1.61.0

Release notes

Sourced from kubevirt.io/containerized-data-importer-api's releases.

v1.61.0

This release follows v1.60.0 and consists of 53 changes, contributed by 18 people, leading to 99 files changed, 4230 insertions(+), 1273 deletions(-).

The source code and selected binaries are available for download at: https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.61.0.

Pre-built CDI containers are published on Quay.io and can be viewed at: https://quay.io/repository/kubevirt/cdi-controller/ https://quay.io/repository/kubevirt/cdi-importer/ https://quay.io/repository/kubevirt/cdi-cloner/ https://quay.io/repository/kubevirt/cdi-uploadproxy/ https://quay.io/repository/kubevirt/cdi-apiserver/ https://quay.io/repository/kubevirt/cdi-uploadserver/ https://quay.io/repository/kubevirt/cdi-operator/

Notable changes

Enhancement: Add nbdkit command line parameters to improve reliability of multi-stage VDDK imports Enhancement: enable cross compile tools for s390x for CDI builder BugFix: Fix PVC deletion logic in CDI populators Enhancement: enable s390x native build BugFix: Bump tar rpm to fix concurrent host-assisted clone tar failure on file change during read BugFix: Increased size of scratch space to take fs overhead into account Enhancement: Handle desired storage class changes automatically in cron controller by deleting old storage class sources Cleanup: Deprecating ObjectTransfer feature Enhancement: provide s390x support for functional tests Enhancement: Add s390x nightly build automation BugFix: Handle PunchHole/AppendZeroWithTruncate failures Enhancement: Suppress alerting for static provisioning Cleanup: Document device_ownership_from_security_context=true for containerd v2 BugFix: Warm imports to filesystem volumes would fail size validation on subsequent snapshots Enhancement: Explicitly declaring containerPort in cdi-apiserver deployment BugFix: Reduce frequency of SCC management Events BugFix: Reduce frequency of Route management events BugFix: Fix uploading for block devices that exceed requested size Cleanup: Standardize go.mod to not specify patch version BugFix: nil pointer in handleSnapshot BugFix: config controller broken with ingresses Enhancement: Add RWX to AWS EBS io2 storage capabilities BugFix: VDDK Fix Incomplete transfer of change blocks leads to data corruption Cleanup: cdi-uploadserver: healthcheck and application use same port

Contributors

18 people contributed to this release:

... (truncated)

Changelog

Sourced from kubevirt.io/containerized-data-importer-api's changelog.

v1.61.0 Enhancement: Add nbdkit command line parameters to improve reliability of multi-stage VDDK imports Enhancement: enable cross compile tools for s390x for CDI builder BugFix: Fix PVC deletion logic in CDI populators Enhancement: enable s390x native build BugFix: Bump tar rpm to fix concurrent host-assisted clone tar failure on file change during read BugFix: Increased size of scratch space to take fs overhead into account Enhancement: Handle desired storage class changes automatically in cron controller by deleting old storage class sources Cleanup: Deprecating ObjectTransfer feature Enhancement: provide s390x support for functional tests Enhancement: Add s390x nightly build automation BugFix: Handle PunchHole/AppendZeroWithTruncate failures Enhancement: Suppress alerting for static provisioning Cleanup: Document device_ownership_from_security_context=true for containerd v2 BugFix: Warm imports to filesystem volumes would fail size validation on subsequent snapshots Enhancement: Explicitly declaring containerPort in cdi-apiserver deployment BugFix: Reduce frequency of SCC management Events BugFix: Reduce frequency of Route management events BugFix: Fix uploading for block devices that exceed requested size Cleanup: Standardize go.mod to not specify patch version BugFix: nil pointer in handleSnapshot BugFix: config controller broken with ingresses Enhancement: Add RWX to AWS EBS io2 storage capabilities BugFix: VDDK Fix Incomplete transfer of change blocks leads to data corruption Cleanup: cdi-uploadserver: healthcheck and application use same port

Commits

• 3cfe2b7 v1.61.0 release notes
• d57445e CNV-51521 | Fix Incomplete transfer of change blocks leads to data corruption...
• 6408daf cdi-uploadserver: healthcheck and application use same port (#3536)
• ed0b779 Run bazelisk run //robots/cmd/uploader:uploader -- -workspace /home/prow/go/s...
• 448fe9d Add RWX to AWS EBS io2 capabilities (#3528)
• d4bee3d Populators: Add to PVC' exclude velero backup label (#3522)
• a03c153 Fix the location of the nightly commit file (#3521)
• 13c2bf5 add the commit file to the nightly build, as in kv/kv (#3518)
• 44948dd Add RBAC for secrets in the CDI namespace (#3516)
• a25dd7e Add the "latest" endpoint for the nightly manifest (#3509)
• Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.18.4 to 0.20.0

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.20.0

Highlights

• Based on k8s.io/* v1.32 libraries and minimum Go version is now v1.23
• New experimental priority queue feature
  • More details in #3013 and #2374
  • Can be enabled via manager.Options.Controller.UsePriorityQueue
  • Please give it a try and provide feedback in #2374
• AggregatedDiscovery is automatically used when available (#2901)
• As usual, many improvements to the fake client

Changes since v0.19.0

⚠️ Breaking Changes

• Bump to k8s.io/* v1.32 libraries (#2971 #2990 #3001 #3007 #3029 #3043)
• logging: Stop deduplicating API warnings by default (#2953)
• webhook: Stop deleting unknown fields in CustomDefaulter (#2982 #3056)
• webhook: Remove deprecated Defaulter and Validator (#2877 #2945)
• cluster: Remove deprecated SyncPeriod option (#2970)

✨ New Features

• cache: Add EnableWatchBookmarks option (defaults to true) (#3017)
• cache: Export NewInformer option (#3061)
• cert-watcher: Add polling (#3020 #3050)
• controller: Add experimental priority queue (off per default) (#3013 #3014 #3060 #3066)
• fake client: Allow adding indexes at runtime (#3021)
• fake client: Add support for ServiceAccountToken subresource (#2969)
• restmapper: Use AggregatedDiscovery if available (#2901)
• util: Add HasOwnerReference func (#2882)
• webhook: Add custom path option (#2998)

🐛 Bug Fixes

• controller: Error when source.Start() never returns (#2997 #3006 #3008)
• fake client: Don't return items on invalid selector (#3022)
• fake client: Fix TOCTOU races (#2980)
• fake client: Preserve TypeMeta during Get call with PartialObjectMeta (#2949)
• fake client: Preserve TypeMeta during List call with UnstructuredList (#3074)
• manager: Fix RenewDeadline typo in leader election (#3032)
• manager: Use leader elector with client timeout (#3028 #3034)

🌱 Others

• cache: Switch to Go 1.23+ stdlib maps/slices packages (#3012)
• controller: Log the syncing source when WaitForSync fails (#3016)
• setup-envtest: drop support for GCS (#2915)
• Some fixes for typos (#3011 #3033 #2993)

... (truncated)

Commits

• 8f7e114 Merge pull request #3074 from sbueringer/pr-fix-fake-list
• 3b23354 fake client: preserve TypeMeta during List call with UnstructuredList
• 1ec7c1b Merge pull request #3069 from kubernetes-sigs/dependabot/github_actions/all-g...
• 189b6d8 🌱 Bump the all-github-actions group across 1 directory with 3 updates
• d19d76c Merge pull request #3066 from alvaroaleman/fix-wow
• e667a8f 🐛 Fix a bug in the priorityqueue metrics
• 1de5a3e Merge pull request #3062 from ranakan19/cache_options
• 2484715 Merge pull request #3064 from alvaroaleman/remove-gosec
• 3b0b995 🌱 Remove gosec linter
• c80ea33 Merge pull request #3060 from alvaroaleman/pq-2
• Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.1 to 1.4.2

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.2

What's Changed

• Fix lint: named but unused params by @​thockin in go-logr/logr#268
• Add a Go report card, fix lint by @​thockin in go-logr/logr#271
• funcr: Handle nested empty groups properly by @​thockin in go-logr/logr#274

Dependencies:

• build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 by @​dependabot in go-logr/logr#254
• build(deps): bump github/codeql-action from 3.22.12 to 3.23.0 by @​dependabot in go-logr/logr#256
• build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 by @​dependabot in go-logr/logr#257
• build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 by @​dependabot in go-logr/logr#259
• build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 by @​dependabot in go-logr/logr#260
• build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 by @​dependabot in go-logr/logr#263
• build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @​dependabot in go-logr/logr#262
• build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @​dependabot in go-logr/logr#264
• build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @​dependabot in go-logr/logr#266
• build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @​dependabot in go-logr/logr#267
• build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @​dependabot in go-logr/logr#270
• build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @​dependabot in go-logr/logr#272
• build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @​dependabot in go-logr/logr#275
• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @​dependabot in go-logr/logr#276
• build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @​dependabot in go-logr/logr#277
• build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @​dependabot in go-logr/logr#278
• build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @​dependabot in go-logr/logr#279
• build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @​dependabot in go-logr/logr#280
• build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @​dependabot in go-logr/logr#281
• build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @​dependabot in go-logr/logr#282
• build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by @​dependabot in go-logr/logr#283
• build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @​dependabot in go-logr/logr#284
• build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @​dependabot in go-logr/logr#285
• build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @​dependabot in go-logr/logr#286
• build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @​dependabot in go-logr/logr#288
• build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @​dependabot in go-logr/logr#289
• build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @​dependabot in go-logr/logr#293
• build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @​dependabot in go-logr/logr#292
• build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @​dependabot in go-logr/logr#291
• build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @​dependabot in go-logr/logr#290
• build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @​dependabot in go-logr/logr#294
• build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @​dependabot in go-logr/logr#295

Full Changelog: go-logr/logr@v1.4.1...v1.4.2

Commits

• 1205f42 Merge pull request #295 from go-logr/dependabot/github_actions/actions/checko...
• ccedcbd Merge pull request #294 from go-logr/dependabot/github_actions/github/codeql-...
• bead577 build(deps): bump actions/checkout from 4.1.5 to 4.1.6
• a492d95 build(deps): bump github/codeql-action from 3.25.4 to 3.25.5
• 19ad07c build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
• 1c97a21 build(deps): bump actions/checkout from 4.1.4 to 4.1.5
• f70c5b5 build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
• 4ade8d3 build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1
• 88d98bd Merge pull request #289 from go-logr/dependabot/github_actions/golangci/golan...
• 432cd86 Merge pull request #288 from go-logr/dependabot/github_actions/actions/setup-...
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.33.0 to 0.34.0

Commits

• 8da7ed1 go.mod: update golang.org/x dependencies
• 2124140 all: make function and struct comments match the names
• e9d95ba http2: do not surface errors from a conn's idle timer expiring
• c2be992 quic: remember which remote connection IDs have been retired
• See full diff in compare view

Updates k8s.io/api from 0.30.1 to 0.32.0

Commits

• e622342 Update dependencies to v0.32.0 tag
• b0543a3 Merge remote-tracking branch 'origin/master' into release-1.32
• f6bae9a Drop use of winreadlinkvolume godebug option
• ea815d5 Merge remote-tracking branch 'origin/master' into release-1.32
• c331a79 Revert to go1.22 windows filesystem stdlib behavior
• f8e5e36 Merge pull request #128407 from ndixita/pod-level-resources
• 84e0db8 Merge pull request #127857 from Jefftree/cle-v1alpha2
• cbaf5a0 Merge pull request #128686 from thockin/take_over_pr-125233
• a503a4f Merge pull request #128687 from tallclair/allocated-status
• 3f43b5a Merge pull request #128240 from LionelJouin/KEP-4817
• Additional commits viewable in compare view

Updates k8s.io/klog/v2 from 2.120.1 to 2.130.1

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.31 (Take 2)

What's Changed

• data race: avoid unprotected access to sb.file by @​pohly in kubernetes/klog#408

Full Changelog: kubernetes/klog@v2.130.0...v2.130.1

Prepare klog release for Kubernetes v1.31 (Take 1)

What's Changed

• chore(*): fix spelling of Intel Corporation by @​jsoref in kubernetes/klog#399
• build: fix some linter warnings by @​pohly in kubernetes/klog#402
• examples: fix linter warning by @​pohly in kubernetes/klog#406
• Do not acquire lock for file.Sync() fsync call by @​1978629634 in kubernetes/klog#404
• ktesting: tone down warning about leaked test goroutine by @​pohly in kubernetes/klog#401

New Contributors

• @​jsoref made their first contribution in kubernetes/klog#399
• @​1978629634 made their first contribution in kubernetes/klog#404

Full Changelog: kubernetes/klog@v2.120.1...v2.130.0

Commits

• 75663bb Merge pull request #408 from pohly/klog-flush-sync-fix
• 2327d4c data race: avoid unprotected access to sb.file
• 16c7d26 Merge pull request #401 from pohly/ktesting-warning-delay
• cd24012 ktesting: tone down warning about leaked test goroutine
• 2ee202a Merge pull request #404 from 1978629634/fsync-freelock
• 79575d8 Do not acquire lock for file.Sync() fsync call
• 7af45d6 Merge pull request #406 from pohly/linter
• d008cfe examples: fix linter warning
• ab53041 Merge pull request #402 from pohly/linter-issues
• ff7c070 build: fix some linter warnings
• Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20240310230437-4693a0247e57 to 0.0.0-20241104100929-3ea5e8cea738

Commits

• See full diff in compare view

Updates sigs.k8s.io/json from 0.0.0-20221116044647-bc3834ca7abd to 0.0.0-20241010143419-9aa6b5e7a4b3

Commits

• See full diff in compare view

Updates sigs.k8s.io/structured-merge-diff/v4 from 4.4.1 to 4.4.2

Commits

• ccf7a06 Merge pull request #265 from jpbetz/reset-filter
• b499124 Merge pull request #266 from jpbetz/add-owners
• 39c90b6 Add volunteer reviewers
• bda634e Apply feedback
• a8ac1f5 Optimize merge, make wildcards always take precedence
• f395ded Apply feedback
• 1311e4d Add support for more field path pattern types, clarify comments
• 1206de6 Clean up comments
• 083ce27 Add field path pattern matching
• c68c9ee Accept filter instead of exclude mask for ignored fields
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ksimon1 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[0xFelix]

@jcanocan Can you PTAL? CI is failing.

[akrejcir]

After updating the api module, the bot should also run go mod tidy && go mod vendor in the repo root, to update any dependencies.
I did not realize this when reviewing the PR that enabled dependabot on api.

[jcanocan]

After updating the api module, the bot should also run go mod tidy && go mod vendor in the repo root, to update any dependencies. I did not realize this when reviewing the PR that enabled dependabot on api.

I've taken a look at this. Looks like the problem is that the controller-tools is already a bit old. It works fine with CONTROLLER_TOOLS_VERSION=0.17.1. I will post a PR updating this dep.

However, that might be an issue too.

[jcanocan]

@dependabot rebase

[dependabot]

Sorry, only users with push access can use that command.

[akrejcir]

@dependabot rebase

[0xFelix]

Looks like there is still an issue with generated files.

[jcanocan]

Looks like there is still an issue with generated files.

Yes, the conflicting command is:

cd api && /home/jcanocan/Repos/ssp-operator/bin/controller-gen "crd:generateEmbeddedObjectMeta=true" rbac:roleName=operator-role webhook "paths=./..." output:crd:artifacts:config=../config/crd/bases

This command is updating some manifests, but I'm not sure how we can fix this...

[0xFelix]

You might need to do this update manually to re-run the generation of files after the dependency was updated.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.