Bump go-openapi dependencies to latest versions:
- github.com/go-openapi/jsonpointer v0.21.0 → v0.22.4
- github.com/go-openapi/jsonreference v0.20.2 → v0.21.4
- github.com/go-openapi/swag v0.23.0 → v0.25.4
The new swag version has been restructured into a multi-module monorepo
with submodules (cmdutils, conv, fileutils, jsonname, jsonutils, loading,
mangling, netutils, stringutils, typeutils, yamlutils). As a result:
- mailru/easyjson and josharian/intern are no longer transitive deps
and have been removed from vendor
- go-openapi/jsonpointer and go-openapi/swag no longer reference
unwanted deps davecgh/go-spew, mailru/easyjson, or gopkg.in/yaml.v3
- Updated hack/unwanted-dependencies.json accordingly
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 693dc57f5753ce69f7d3f49f26bfefc9554e47e6
Fixes CVE-2026-33814 (golang/go#78476): HTTP/2 Transport hangs
indefinitely when a peer sends a SETTINGS frame with MaxFrameSize=0.
This is reachable from kube-apiserver's OIDC, admission webhook,
and aggregated API client paths.
Kubernetes-commit: 12a2470693d86f63f4614048ffdd43dc393dd7e0
* kubectl: use %w for error wrapping and remove redundant .Error() calls
Replace fmt.Errorf with %s and err.Error() with idiomatic %w wrapping
in kubectl's polymorphichelpers, wait, and drain packages. This enables
proper error chain inspection via errors.Is/As and follows Go best
practices.
Also fixes a typo: "Statefulset" -> "StatefulSet" in history.go.
* Address review: use %w for error wrapping in extendErrWaitTimeout
Use fmt.Errorf with %w instead of %v to preserve the error chain,
allowing wait.Interrupted() to correctly detect timeout errors.
Signed-off-by: supermario_leo <leo.stack@outlook.com>
* Fix lint: wrap both errors with %w in cordon error path
The linter flags err used with %v when it is an error type. Since
Go 1.20+ supports multiple %w verbs in a single fmt.Errorf call,
wrap both err and patchErr to preserve both error chains.
Signed-off-by: supermario_leo <leo.stack@outlook.com>
---------
Signed-off-by: supermario_leo <leo.stack@outlook.com>
Kubernetes-commit: d916c320deb859cd264354c48f3bd5419f7a2950
* kubectl: strict check for exec command
Fix https://github.com/kubernetes/kubectl/issues/1745
The current implementation doesn't properly check for arguments between
the resource name and the dash separator. This can lead to unexpected
behavior when using commands like 'kubectl exec -it pod-0 bash -- run.sh',
which should raise an error but doesn't.
This fix ensures that when a dash separator (--) is used, there are no
extra arguments between the resource name and the dash.
- Only allow argsLenAtDash == 0 or == 1 (exactly one arg before --)
- Add test for extra args between pod and --
- Add test for flag-like args without dash separator
* test: add kubectl exec container flag coverage
* Apply suggestion from @soltysh
Co-authored-by: Maciej Szulik <soltysh@gmail.com>
---------
Co-authored-by: Maciej Szulik <soltysh@gmail.com>
Kubernetes-commit: b528be0a5658083db98e4a757483a36e1a83e27c
* Honor --label-columns for custom-columns output
* Validate --label-columns with custom-columns
* Remove label-columns support from custom-columns
Kubernetes-commit: 1168c4e832f0ad12b0c11b96d15e93eb3c6a8907
* Update Japanese translation for kubectl
* Update test for kubectl help
* apply kubernetes translations rules https://kubernetes.io/ja/docs/contribute/localization/#basic-policy
* Update kubectl help test string
* rebuild kubectl mo file
* fix k8s specific terms to original one
Kubernetes-commit: 37be90f2959691c6d527ebb545675e66c1aac4c7
Verify that editOptions is populated when EditBeforeCreate is true
and remains nil otherwise. Also verify that RunCreate returns a
clear error when called without Complete().
Kubernetes-commit: f3318c86571530c1e31013162ea6561371134a4f
Move EditOptions construction into Complete() where cmd is naturally
available, so RunCreate no longer needs a cobra.Command parameter.
Third-party callers can now invoke RunCreate(f) without constructing
a command. EditBeforeCreate is handled via pre-built editOptions.
Also extract CreateAnnotation from cmd flags in Complete() to remove
the remaining cmd dependency from RunCreate.
Kubernetes-commit: 40843a4d0a1b992154571c3308c43d4d87186239
The latest pause version is 3.10.2 but due to the introduction
of the PATCH level version to the pause image (previously was
only MAJOR.MINOR), various files have remained on an older
version. Either 3.10 or 3.10.1. Our validation with
build/dependencies.yaml ./hack/verify-external-dependencies.sh
did not account for that.
Kubernetes-commit: bc2179d8824f41bce3e25bf563e7164989d094ea
Bump k8s.io/kube-openapi to pick up kubernetes/kube-openapi#579 which
moved the last ginkgo/gomega tests to stdlib testing and ran go mod
tidy, removing ginkgo/gomega from kube-openapi's go.mod.
This drops ginkgo/gomega as indirect deps from apimachinery. It also
prunes Masterminds/semver, google/pprof, and golang.org/x/tools from
client-go and other staging modules where they were only needed
through kube-openapi's ginkgo/gomega chain.
Contributes to kubernetes/kubernetes#127888
Kubernetes-commit: 56cd74d879f1ba11aadcff95326f17a1cc2c82ef
TestEvictDuringNamespaceTerminating intentionally exercises the retry path
but only allows 10ms of total time. The production loop sleeps, refreshes
state, and retries under that same deadline, so a single retry plus
scheduler jitter is enough to exhaust the budget under -race or on busy
CI workers.
Keep the retry interval small so the test still covers the retry behavior,
but widen the overall timeout so the assertion measures semantics instead
of machine speed.
Tested:
go test -race ./staging/src/k8s.io/kubectl/pkg/drain -run TestEvictDuringNamespaceTerminating -count=100
Kubernetes-commit: 77f8d7c2a9571dd9a76ee1be8b234a4dddd2ad35
cri streaming option a hardcut - add new staging repositories `streaming` and `cri-streaming`
Kubernetes-commit: 2bd6c7fe3cb8663804dc6e7672ff01aeebc97274
