chore(deps): Bump the production-dependencies group across 1 directory with 37 updates

[dependabot]

Bumps the production-dependencies group with 19 updates in the / directory:

Package	From	To
github.com/tektoncd/pipeline	0.65.2	0.66.0
k8s.io/apimachinery	0.31.2	0.32.0
cloud.google.com/go/iam	1.1.11	1.3.1
github.com/containerd/stargz-snapshotter/estargz	0.15.1	0.16.3
github.com/docker/cli	27.3.1+incompatible	27.4.1+incompatible
github.com/go-jose/go-jose/v4	4.0.3	4.0.4
github.com/golang/glog	1.2.2	1.2.3
github.com/google/cel-go	0.20.1	0.22.1
github.com/google/gnostic-models	0.6.9-0.20230804172637-c7be7c783f49	0.6.9
github.com/grpc-ecosystem/grpc-gateway/v2	2.20.0	2.25.1
github.com/k8snetworkplumbingwg/network-attachment-definition-client	1.7.4	1.7.5
github.com/mailru/easyjson	0.7.7	0.9.0
github.com/prometheus/client_golang	1.19.1	1.20.5
github.com/prometheus/common	0.55.0	0.61.0
github.com/prometheus/statsd_exporter	0.26.1	0.28.0
github.com/secure-systems-lab/go-securesystemslib	0.8.0	0.9.0
github.com/sigstore/sigstore	1.8.7	1.8.12
golang.org/x/net	0.33.0	0.34.0
sigs.k8s.io/kustomize/api	0.17.3	0.18.0

Updates github.com/tektoncd/pipeline from 0.65.2 to 0.66.0

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v0.66.0 "American Curl AL-76"

-Docs @ v0.66.0 -Examples @ v0.66.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.66.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.66.0/release.yaml
REKOR_UUID=108e9186e8c5677aaef800dc5c82c7e8a7dc72d7ed947dc0e166c29c7bfd9f2b6edca989022cb90c
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.66.0@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Fix StepAction support in Cluster resolver (#8382)

... (truncated)

Changelog

Sourced from github.com/tektoncd/pipeline's changelog.

Tekton Pipeline Releases

Release Frequency

Tekton Pipelines follows the Tekton community [release policy][release-policy] as follows:

• Versions are numbered according to semantic versioning: vX.Y.Z
• A new release is produced on a monthly basis
• Four releases a year are chosen for long term support (LTS). All remaining releases are supported for approximately 1 month (until the next release is produced)
  • LTS releases take place in January, April, July and October every year
  • The first Tekton Pipelines LTS release will be v0.41.0 in October 2022
  • Releases happen towards the middle of the month, between the 13th and the 20th, depending on week-ends and readiness

Tekton Pipelines produces nightly builds, publicly available on gcr.io/tekton-nightly.

Transition Process

Before release v0.41 Tekton Pipelines has worked on the basis of an undocumented support period of four months, which will be maintained for the releases between v0.37 and v0.40.

Release Process

Tekton Pipeline releases are made of YAML manifests and container images. Manifests are published to cloud object-storage as well as [GitHub][tekton-pipeline-releases]. Container images are signed by [Sigstore][sigstore] via [Tekton Chains][tekton-chains]; signatures can be verified through the [public key][chains-public-key] hosted by the Tekton Chains project.

Further documentation available:

• The Tekton Pipeline [release process][tekton-releases-docs]
• [Installing Tekton][tekton-installation]
• Standard for [release notes][release-notes-standards]

Release

v0.66

• Latest Release: [v0.66.0][v0.66-0] (2024-12-04) ([docs][v0.66-0-docs], [examples][v0.66-0-examples])
• Initial Release: [v0.66.0][v0.66-0] (2024-12-04)
• Estimated End of Life: 2024-12-28
• Patch Releases: [v0.66.0][v0.66-0]

v0.65 (LTS)

... (truncated)

Commits

• 1dd488e build(deps): bump github/codeql-action from 3.27.4 to 3.27.5
• 1f50ecd build(deps): bump the all group in /tekton with 2 updates
• 0f2d9f1 Fixes git-resolver configuration for serverUrl and scmType
• cfc5c7b build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0
• 27c87f0 build(deps): bump the all group in /tekton with 2 updates
• bfe7b03 build(deps): bump github.com/golangci/golangci-lint in /tools
• 3714d4f build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2
• 85dc300 fix: add missing stepaction RBAC permission for resolver
• 0d39e02 build(deps): bump the all group in /tekton with 2 updates
• ccf8cfb build(deps): bump github/codeql-action from 3.27.1 to 3.27.4
• Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.31.2 to 0.32.0

Commits

• 59e9003 Merge remote-tracking branch 'origin/master' into release-1.32
• 639247c Drop use of winreadlinkvolume godebug option
• 220d7c3 Merge remote-tracking branch 'origin/master' into release-1.32
• c199d3b Revert to go1.22 windows filesystem stdlib behavior
• 16af2ff implement unsafe deletion, and wire it
• 6ff8305 api: run codegen
• ca9b8b2 api: add a new field to meta/v1 DeleteOptions
• d941d9f Merge pull request #128503 from benluddy/cbor-codecs-featuregate
• 3b4250f Wire serving codecs to CBOR feature gate.
• daaad09 Merge pull request #128501 from benluddy/watch-cbor-seq
• Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20240711033017-18e509b52bc8 to 0.0.0-20241104100929-3ea5e8cea738

Commits

• See full diff in compare view

Updates cloud.google.com/go/iam from 1.1.11 to 1.3.1

Release notes

Sourced from cloud.google.com/go/iam's releases.

securesourcemanager: v1.3.1

1.3.1 (2025-01-02)

Bug Fixes

• securesourcemanager: Update golang.org/x/net to v0.33.0 (e9b0b69)

Changelog

Sourced from cloud.google.com/go/iam's changelog.

Changes

0.118.0 (2025-01-02)

Features

• civil: Add AddMonths, AddYears and Weekday methods to Date (#11340) (d45f1a0)

0.117.0 (2024-12-16)

Features

• internal/trace: Remove previously deprecated OpenCensus support (#11230) (40cf125), refs #10287
• transport: Remove deprecated EXPERIMENTAL OpenCensus trace context propagation (#11239) (0d1ac87), refs #10287 #11230

0.116.0 (2024-10-09)

Features

• genai: Add tokenizer package (#10699) (214af16)

0.115.1 (2024-08-13)

Bug Fixes

• cloud.google.com/go: Bump google.golang.org/[email protected] (8ecc4e9)

0.115.0 (2024-06-12)

Features

• internal/trace: Deprecate OpenCensus support (#10287) (430ce8a), refs #2205 #8655

Bug Fixes

• internal/postprocessor: Use approved image tag (#10341) (a388fe5)

0.114.0 (2024-05-23)

Features

• civil: Add Compare method to Date, Time, and DateTime (#10193) (c2920d7)

... (truncated)

Commits

• 559b86a chore: release main (#8706)
• 174da47 fix(all): update golang.org/x/net to v0.17.0 (#8705)
• 89eeeff chore: release main (#8664)
• 0e43b40 feat(shopping): new clients (#8699)
• 9c502c2 fix: Update go_package and Go importpath (#8667)
• 4284639 chore(ci): update Go version to 1.21 (#8695)
• c73963f fix(bigquery): handle storage read api Recv call errors (#8666)
• 65cb8bd chore(all): update module golang.org/x/net to v0.17.0 [SECURITY] (#8691)
• 7b19ae2 chore(internal/postprocessor): add config for shopping/type (#8690)
• 45d4f21 chore(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 in /internal/example...
• Additional commits viewable in compare view

Updates cloud.google.com/go/kms from 1.18.3 to 1.20.1

Commits

• b7a7787 chore: release main (#11321)
• 00c6c0b chore(main): release 0.118.0 (#11360)
• d45f1a0 feat(civil): add AddMonths, AddYears and Weekday methods to Date (#11340)
• e2796a8 chore(parallelstore): fix links in documentation (#11358)
• e904ee6 chore(main): release logging 1.13.0 (#11026)
• 7f81daf chore(spanner): support mutation only operation for read-write mux (#11342)
• e41a153 fix: Make uid.Timestamp work on 32bit architectures (#11353)
• 8ebcc6d docs(batch): fix broken references in comments (#11316)
• 6aa27dc fix(bigtable): Correct the 'method' label value (#11350)
• 1513106 test(spanner): skip failing tests on cloud-devel and staging (#11347)
• Additional commits viewable in compare view

Updates github.com/containerd/stargz-snapshotter/estargz from 0.15.1 to 0.16.3

Release notes

Sourced from github.com/containerd/stargz-snapshotter/estargz's releases.

v0.16.3

Notable Changes

• Fix zstd:chunked converter error on duplicated blobs (#1894)

v0.16.2

Notable Changes

• go.mod: Use 1.22.0 by specifying to google.golang.org/grpc v1.67.1 (#1877)

v0.16.1

Notable Changes

• prevernt go version upgraded to 1.23 in go.mod (#1863)

v0.16.0

Notable Changes

• Support for the latest CRI-O(>=v1.31.0) and Podman (>=v5.1.0) Additional Layer Store (#1673, #1674)
• Fix log message in refnode.Lookup (#1595), thanks to @​iain-macdonald
• store: use OnForget API for checking if a node is reusable (#1808)
• Support for containerd v2 (#1722), thanks to @​apostasie
• fs: Check connection only when image isn't fully cached (#1584)

Commits

• c0389e0 Merge pull request #1898 from ktock/prepare-v0.16.3
• c6a444e [v0.16] Prepare for v0.16.3
• 86bbdeb Merge pull request #1894 from ktock/bp-1885
• 9b706a2 Rely on OpenWriter for retrying opening writer
• 570ba70 Rely on contaienrd's GC for cleanup of temporary content
• 1d34a1b Merge pull request #1878 from ktock/prepare-v0.16.2
• 3971b26 Merge pull request #1877 from ktock/v0.16dev
• 1e4fad0 Preapre for v0.16.2
• 4edcebd go.mod: Use 1.22.0 by specifying to google.golang.org/grpc v1.67.1
• 7d3230e Merge pull request #1864 from ktock/prepare-v0.16.1
• Additional commits viewable in compare view

Updates github.com/docker/cli from 27.3.1+incompatible to 27.4.1+incompatible

Commits

• b9d17ea Merge pull request #5700 from thaJeztah/27.x_backport_remove_use_of_netfilter...
• a08a120 cli/command/system: remove BridgeNfIptables, BridgeNfIp6tables in tests
• 4870b3d Merge pull request #5699 from thaJeztah/27.x_backport_remove_system_isabs
• d3b59fb cli/command/container: use local copy of pkg/system.IsAbs
• ac40240 Merge pull request #5685 from thaJeztah/27.x_backport_bump_xx
• 3fa9480 Merge pull request #5690 from thaJeztah/27.x_backport_bump_gomd2man
• fce7c04 Merge pull request #5692 from thaJeztah/27.x_backport_remove_netfilter_warnings
• 70815c1 cli/command/system: remove netfilter warnings from tests
• 12d98b0 update go-md2man to v2.0.5
• f9783ec update xx to v1.6.1 for compatibility with alpine 3.21
• Additional commits viewable in compare view

Updates github.com/go-jose/go-jose/v4 from 4.0.3 to 4.0.4

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

Version 4.0.4

Fixed

• Reverted "Allow unmarshalling JSONWebKeySets with unsupported key types" as a breaking change. See #136 / #137.

Changelog

Sourced from github.com/go-jose/go-jose/v4's changelog.

v4.0.4

Fixed

• Reverted "Allow unmarshalling JSONWebKeySets with unsupported key types" as a breaking change. See #136 / #137.

Commits

• 15bc4c2 Update CHANGELOG for 4.0.4 (#138)
• f3534ca Revert #130: JSONWebKeySet: ignore unsupported key types (#137)
• ebaac64 Remove unused JWK error type (#135)
• See full diff in compare view

Updates github.com/golang/glog from 1.2.2 to 1.2.3

Release notes

Sourced from github.com/golang/glog's releases.

v1.2.3

What's Changed

• glog: check that stderr is valid before using it by default by @​chressie in golang/glog#72
• glog: fix typo by @​chressie in golang/glog#73

Full Changelog: golang/glog@v1.2.2...v1.2.3

Commits

• 04dbec0 glog: fix typo (#73)
• 459cf3b glog: check that stderr is valid before using it by default (#72)
• See full diff in compare view

Updates github.com/google/cel-go from 0.20.1 to 0.22.1

Release notes

Sourced from github.com/google/cel-go's releases.

Release v0.22.1

Fixes

• Additional hardening on legacy macros [https://redirect.github.com/Additional hardening on legacy macros google/cel-go#1064]
• Additional nil-safety checks with corresponding test updates [https://redirect.github.com/Additional nil-safety checks with corresponding test updates google/cel-go#1073]
• Add two-variable comprehension support to cel-policy [https://redirect.github.com/Add two-variable comprehension support to cel-policy google/cel-go#1074]
• Fix optional test to short-circuit [https://redirect.github.com/Fix optional test to short-circuit google/cel-go#1076]
• Fix nil-type when two-var comprehension has a dyn range [https://redirect.github.com/Fix nil-type when two-var comprehension has a dyn range google/cel-go#1077]

New Contributors

• @​aakash070 made their first contribution in google/cel-go#1069

Full Changelog: google/cel-go@v0.22.0...v0.22.1

Release v0.22.0

What's Changed

Core CEL

• Add list flatten() by @​fabriziosestito in google/cel-go#980
• Add sets and lists extensions to REPL by @​l46kok in google/cel-go#1005
• CEL Spec and Proto Updates by @​TristonianJones in google/cel-go#1011
• Implement native conformance test runner by @​jcking in google/cel-go#1001
• Add support for no padding in base64 decode by @​TristonianJones in google/cel-go#1017
• Allow configurable tag name overrides in native types by @​matthchr in google/cel-go#1009
• Introduce helper trait types for lists and maps by @​TristonianJones in google/cel-go#1026
• ext: add list.sort() by @​cezar-guimaraes in google/cel-go#1021
• Foldable Maps and Lists by @​TristonianJones in google/cel-go#995
• Update REPL examples by @​jnthntatum in google/cel-go#1028
• Interop foldable maps and lists with map mutation helper by @​TristonianJones in google/cel-go#1029
• Update the Go AST representation to handle a second iteration variable by @​TristonianJones in google/cel-go#1031
• Runtime support for two-variable comprehensions by @​TristonianJones in google/cel-go#1032
• Two-variable comprehension support by @​TristonianJones in google/cel-go#1034
• Update tag-based parsing to use lambda for additional customization by @​matthchr in google/cel-go#1039
• Fix string reverse member overload name by @​TristonianJones in google/cel-go#1045
• Remove unused server directory by @​TristonianJones in google/cel-go#1041
• Add functions to the lists extension. by @​seirl in google/cel-go#1037
• Rename strings version test by @​TristonianJones in google/cel-go#1047
• Fix doc strings and version support on math extensions by @​TristonianJones in google/cel-go#1046
• Upgrade cel-go to support bazel-mod by @​TristonianJones in google/cel-go#1049
• Fix out of range error for non-negative string indexing offsets by @​TristonianJones in google/cel-go#1052
• Expand visibility of parser/gen package by @​TristonianJones in google/cel-go#1057
• Ensure variables in comprehensions don't collide by @​TristonianJones in google/cel-go#1062

Policy

• Support for typename import aliases by @​TristonianJones in google/cel-go#993
• Error on condition-only match blocks by @​TristonianJones in google/cel-go#1003
• Update context proto resolution to use type provider by @​TristonianJones in google/cel-go#1013
• Support for context proto declarations by @​TristonianJones in google/cel-go#1006

... (truncated)

Commits

• 933f926 Fix nil-type when two-var comprehension has a dyn range (#1077)
• ff1302f Fix optional test to be functional (#1076)
• 4b73ba3 Add two-variable comprehension support to cel-policy (#1074)
• ba74bf6 Additional nil-safety checks with corresponding test updates (#1073)
• 72e0977 Rename conformance proto import for ease of syncing (#1071)
• 24ec244 Fix format string issue (#1072)
• 7184cb0 Update docs on IO methods (#1070)
• da44524 Expose public methods to convert function and variable decl to v1 Decl (#1069)
• f8ecaa2 Harden legacy macros, add support for existsOne macro (#1064)
• 8ad600b Ensure variables in comprehensions don't collide (#1062)
• Additional commits viewable in compare view

Updates github.com/google/gnostic-models from 0.6.9-0.20230804172637-c7be7c783f49 to 0.6.9

Commits

• See full diff in compare view

Updates github.com/google/pprof from 0.0.0-20240827171923-fa2c70bbbfe5 to 0.0.0-20241029153458-d1b30febd7db

Commits

• See full diff in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.20.0 to 2.25.1

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.25.1

Support the new Opaque API in openapiv2 generated files

This release contains breaking changes from v2.25.0, in that the previously deprecated EnumDescriptor and Descriptor methods on the struct types in the openapiv2 options package have been removed. This seems to be a requirement to generate the new Hybrid API. Please open an issue if you were depending on these functions and we'll see what we can do about it.

What's Changed

• protoc-gen-openapiv2: generate hybrid files by @​johanbrandhorst in grpc-ecosystem/grpc-gateway#5088

Full Changelog: grpc-ecosystem/grpc-gateway@v2.25.0...v2.25.1

v2.25.0

What's Changed

• Extend google.protobuf.EnumOptions for Schema by @​hown3d in grpc-ecosystem/grpc-gateway#4931
• fix(deps): Relax the minimum required go version by @​nhhagen in grpc-ecosystem/grpc-gateway#5022
• Correctly expand path variables for Update Methods. by @​nullaus in grpc-ecosystem/grpc-gateway#5041
• Use org_golang_x_tools as module extension by @​mering in grpc-ecosystem/grpc-gateway#5043
• fix: update to protobuf 1.36.0 and exclude synthetic oneofs during populateFieldValueFromPath by @​aerialls in grpc-ecosystem/grpc-gateway#5072

New Contributors

• @​hown3d made their first contribution in grpc-ecosystem/grpc-gateway#4931
• @​nhhagen made their first contribution in grpc-ecosystem/grpc-gateway#5022
• @​nullaus made their first contribution in grpc-ecosystem/grpc-gateway#5041
• @​mering made their first contribution in grpc-ecosystem/grpc-gateway#5043
• @​aerialls made their first contribution in grpc-ecosystem/grpc-gateway#5072

Full Changelog: grpc-ecosystem/grpc-gateway@v2.24.0...v2.25.0

v2.24.0

What's Changed

• feat: skip calling http Write method when response is of empty type by @​reversearrow in grpc-ecosystem/grpc-gateway#4902
• docs: update customizing_your_gateway.md reference by @​emmanuel-ferdman in grpc-ecosystem/grpc-gateway#4940
• Optional specification of stream content type by @​huin in grpc-ecosystem/grpc-gateway#4926
• Add bzlmod support by @​AlejoAsd in grpc-ecosystem/grpc-gateway#4937
• chore: reduce number of empty lines in generated code by @​mmorel-35 in grpc-ecosystem/grpc-gateway#4965
• Fix Bazel module dependencies by @​AlejoAsd in grpc-ecosystem/grpc-gateway#4974
• chore: use standard httpMethod in generated code by @​mmorel-35 in grpc-ecosystem/grpc-gateway#4970
• chore: use errors.Is to compare errors in generated code by @​mmorel-35 in grpc-ecosystem/grpc-gateway#4971
• Fix marshaler interface function name in examples in docs by @​o-nix in grpc-ecosystem/grpc-gateway#4978
• Errors on valid timestamps by @​jakec-github in grpc-ecosystem/grpc-gateway#4973
• Fix Bazel buildtools dependency by @​AlejoAsd in grpc-ecosystem/grpc-gateway#4980

New Contributors

• @​reversearrow made their first contribution in grpc-ecosystem/grpc-gateway#4902
• @​emmanuel-ferdman made their first contribution in grpc-ecosystem/grpc-gateway#4940
• @​huin made their first contribution in grpc-ecosystem/grpc-gateway#4926
• @​AlejoAsd made their first contribution in grpc-ecosystem/grpc-gateway#4937
• @​mmorel-35 made their first contribution in grpc-ecosystem/grpc-gateway#4965
• @​o-nix made their first contribution in grpc-ecosystem/grpc-gateway#4978
• @​jakec-github made their first contribution in grpc-ecosystem/grpc-gateway#4973

... (truncated)

Commits

• c89fdf7 protoc-gen-openapiv2: generate hybrid files (#5088)
• bb4c906 Update gorelease base
• a74e741 fix(deps): update google.golang.org/genproto/googleapis/rpc digest to 6b3ec00...
• e9a2074 chore(deps): update googleapis digest to 5e258e3 (#5087)
• bdc7a7a fix(deps): update google.golang.org/genproto/googleapis/api digest to 6b3ec00...
• 937be39 fix(deps): update google.golang.org/genproto/googleapis/rpc digest to 9240e9c...
• df4d666 chore(deps): update googleapis digest to d55dd1d (#5084)
• e6af5c6 chore(deps): update dependency rules_proto to v7.1.0 (#5079)
• e062b12 fix: update to protobuf 1.36.0 and exclude synthetic oneofs during populateFi...
• 50d84d5 chore(deps): update googleapis digest to 09d4103 (#5083)
• Additional commits viewable in compare view

Updates github.com/k8snetworkplumbingwg/network-attachment-definition-client from 1.7.4 to 1.7.5

Release notes

Sourced from github.com/k8snetworkplumbingwg/network-attachment-definition-client's releases.

v1.7.5

This release contains a fix related to the determination of the default interface, e.g. setting the default parameter to true in the network-status annotation based on the presence of a gateway in the CNI ADD success result ips.gateway and makes the determination of the default based on the first interface that has an associated value of gateway (using the interface index in the ips element in the CNI ADD success result).

This provides flexibility especially in CRI-O which uses the first interface and IP addresses for the pod.IP in Kubernetes, therefore. Containerd functionality is unchanged in that it uses the value for the IP addresses specifically

It's worth noting that CNI ADD success results which do not contain any interfaces will be discarded in this determination of the default, therefore it's recommended to set one with an associated gateway if aiming to have it be noted as the default.

Commits

• 7d2def1 Merge pull request #73 from dougbtv/gw-for-default
• 55f81d3 Assigns default=true on a multiple interface return for first interface with ...
• See full diff in compare view

Updates github.com/klauspost/compress from 1.17.10 to 1.17.11

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.11

What's Changed

• zstd: Fix extra CRC written with multiple Close calls by @​klauspost in klauspost/compress#1017
• s2: Don't use stack for index tables by @​klauspost in klauspost/compress#1014
• gzhttp: No content-type on no body response code by @​juliens in klauspost/compress#1011
• gzhttp: Do not set the content-type when response has no body by @​kevinpollet in klauspost/compress#1013

New Contributors

• @​juliens made their first contribution in klauspost/compress#1011
• @​kevinpollet made their first contribution in klauspost/compress#1013

Full Changelog: klauspost/compress@v1.17.10...v1.17.11

Commits

• 72cd4a9 zstd: Fix extra CRC written with multiple Close calls (#1017)
• dbd6c38 s2: Don't use stack for index tables (#1014)
• f73ab1e Do not set the content-type when response has no body (#1013)
• f2a4f25 build(deps): bump github/codeql-action in the github-actions group (#1012)
• 8e14b1b No content-type on no body response code (#1011)
• 13a1ce6 ci: Match goreleaser version (#1009)
• 6c5a195 Update README.md
• See full diff in compare view

Updates github.com/mailru/easyjson from 0.7.7 to 0.9.0

Release notes

Sourced from github.com/mailru/easyjson's releases.

v0.9.0

up go version and bugfixes

v0.8.0

stable version before go version bump

Commits

• 5e854fb Merge pull request #388 from testwill/string
• 78171e8 Merge pull request #396 from SolidShake/fix-null-map-key
• 907f46a up go version to 1.20
• 0e683d5 only default tests
• 8ef38d7 upd test version
• c2f6bad Merge pull request #405 from IakovLeven/patch-1
• d48874a Merge pull request #381 from niallnsec/master
• 46715aa Fix Unmarshaler interface description
• 3229627 Fix null key in map
• 34d2f3a Only add tags to run command if set
• Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.19.1 to 1.20.5

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.20.5 / 2024-10-15

We decided to revert the testutil change that made our util functions less error-prone, but created a lot of work for our downstream users. Apologies for the pain! This revert should not cause any major breaking change, even if you already did the work--unless you depend on the exact error message.

Going forward, we plan to reinforce our release testing strategy [1],[2] and deliver an enhanced testutil package/module with more flexible and safer APIs.

Thanks to @​dashpole @​dgrisonnet @​kakkoyun @​ArthurSens @​vesari @​logicalhan @​krajorama @​bwplotka who helped in this patch release! 🤗

Changelog

[BUGFIX] testutil: Reverted #1424; functions using compareMetricFamilies are (again) only failing if filtered metricNames are in the expected input. #1645

v1.20.4

• [BUGFIX] histograms: Fix a possible data race when appending exemplars vs metrics gather. #1623

v1.20.3

• [BUGFIX] histograms: Fix possible data race when appending exemplars. #1608

v1.20.2

• [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed.

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ksimon1 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign ksimon1 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment