upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-02-03 20:40:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
135313 commits 60 branches 1202 tags 2.7 GiB
Commit graph

2879 commits

Author SHA1 Message Date
Kubernetes Prow Robot
4caf96e199
Merge pull request #136598 from dgrisonnet/update-go-systemd 
Bump go-systemd to v22.7.0
 2026-01-30 03:07:56 +05:30
xin.li
e1cbecc9d2 update vendor 
Signed-off-by: xin.li <xin.li@daocloud.io>
 2026-01-29 14:43:06 +08:00
Damien Grisonnet
e454bf04bb Bump go-systemd to v22.7.0 
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
 2026-01-28 20:57:35 +01:00
yongruilin
65b579a036 Bump k8s.io/kube-openapi to latest 2026-01-27 21:39:39 +00:00
Ivan Valdes
63e442e167
Bump etcd 3.6.7 SDK 2026-01-22 08:51:06 -08:00
Davanum Srinivas
c40ea60b9f
Update OpenTelemetry dependencies to latest versions 
Core packages (opentelemetry-go):
- go.opentelemetry.io/otel: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/metric: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/trace: v1.38.0 → v1.39.0
- go.opentelemetry.io/otel/sdk: v1.38.0 → v1.39.0

Exporters:
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.34.0 → v1.39.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.34.0 → v1.39.0

Contrib instrumentation (opentelemetry-go-contrib):
- go.opentelemetry.io/contrib/.../otelhttp: v0.61.0 → v0.64.0
- go.opentelemetry.io/contrib/.../otelrestful: v0.44.0 → v0.64.0

Protocol definitions (opentelemetry-proto-go):
- go.opentelemetry.io/proto/otlp: v1.5.0 → v1.9.0

Notable changes:
- Go 1.24 is now the minimum required version (Go 1.23 support dropped) for OTEL components
- Performance: ~4x improvement in histogram concurrent operations; xxhash
  replaces fnv for attribute hashing
- Fixed goroutine leak in span processors when context is canceled
- otelrestful migrated semantic conventions from v1.20.0 to v1.34.0
  (e.g., http.method → http.request.method)
- Partial OTLP export errors now surfaced instead of being silently dropped
- otelrestful no longer depends on json-iterator/go, modern-go/concurrent,
  or modern-go/reflect2; unwanted-dependencies.json updated accordingly

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2026-01-20 18:24:44 -05:00
Kubernetes Prow Robot
8f76dbf79b
Merge pull request #136227 from dims/update-grpc-ecosystem-deps-jan2026 
Update gRPC ecosystem dependencies
 2026-01-20 22:41:26 +05:30
carlory
299ec97e6f run hack/update-vendor.sh 
Signed-off-by: carlory <baofa.fan@daocloud.io>
 2026-01-19 11:35:30 +08:00
Davanum Srinivas
f727e938dc
Update gRPC ecosystem dependencies 
Update the gRPC ecosystem to pick up performance improvements,
bug fixes, and maintain compatibility with the latest protobuf
and OpenTelemetry releases.

Notable changes in grpc v1.78.0:
- mem.Reader interface changed to struct
- Legacy pick_first load balancer policy removed (pickfirstleaf)
- Improved connection state management

Updated dependencies:
- grpc-gateway/v2: v2.27.4 (2025-12-26)
- go-grpc-middleware/v2: v2.3.3 (2025-11-04)
- go-grpc-middleware/providers/prometheus: v1.1.0 (2025-06-16)
- google.golang.org/grpc: v1.78.0 (2025-12-23)
- genproto/googleapis/api: v0.0.0-20260112192933-99fd39fd28a9 (2026-01-12)
- genproto/googleapis/rpc: v0.0.0-20260112192933-99fd39fd28a9 (2026-01-12)

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2026-01-16 07:20:17 -05:00
Davanum Srinivas
5b478645cd
Update security and stability dependencies 
This PR updates several dependencies addressing security vulnerabilities,
stability fixes, and authentication improvements.

- golang.org/x/crypto: v0.46.0 -> v0.47.0
  - Includes latest X509 root certificate bundle updates
  - Security hardening for cryptographic operations
  - Foundation dependency for TLS and authentication

- github.com/golang-jwt/jwt/v5: v5.2.2 -> v5.3.0
  - IMPORTANT: v5.2.2 patched vulnerability GHSA-mh63-6h87-95cp (token
    validation security issue) - this update ensures we have the fix
  - Adds multiple audience validation support for JWT tokens
  - Go 1.21 minimum requirement (code modernization)
  - Replaced legacy interface{} with modern any keyword

- golang.org/x/net: v0.48.0 -> v0.49.0
  - HTTP/2 priority scheduler improvements (RFC 9218)
  - WebSocket security enhancements
  - Network layer stability fixes

- go.uber.org/zap: v1.27.0 -> v1.27.1
  - Fix: Prevent Object from panicking on nils (PR #1501)
  - Fix: Race condition in WithLazy (PR #1511)
  - Both fixes improve logging stability in concurrent scenarios

- github.com/godbus/dbus/v5: v5.2.0 -> v5.2.2
  - Security: Disabled SHA1 authentication by default on non-Windows
    platforms (v5.2.0 change now inherited)
  - Performance: Multiple optimizations reducing memory allocations
  - Fix: Alignment issues in decoder operations
  - Fix: Allow more than 32 containers/struct fields in a signature

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2026-01-15 19:57:11 -05:00
Davanum Srinivas
050c786014
Update vendored dependencies: cadvisor, containerd, runtime-spec, selinux 
Update the following vendored dependencies:

- github.com/google/cadvisor: v0.55.1 -> v0.56.0
- github.com/containerd/containerd/api: v1.9.0 -> v1.10.0
- github.com/opencontainers/runtime-spec: v1.2.1 -> v1.3.0
- github.com/opencontainers/selinux: v1.13.0 -> v1.13.1

cadvisor v0.56.0 changes:
- Add s390x (IBM Z/mainframe) CPU topology support with NumBooks and
  NumDrawers fields in MachineInfo
- Add new Prometheus metrics: machine_cpu_books and machine_cpu_drawers
- Add standard deviation (Std) field to Percentiles for resource statistics
- Add sysfs constants CPUBookID and CPUDrawerID for s390x topology detection

containerd/api v1.10.0 changes:
- Add ActiveMount message type for tracking mounts with timestamps
- Add ActivationInfo message for mount management and lifecycle tracking

runtime-spec v1.3.0 changes (from ChangeLog):
- Add FreeBSD platform support with new Spec.FreeBSD field
- Add netDevices object for moving network devices to container namespaces
- Add memoryPolicy object for NUMA memory policy configuration
- Add hwConfig object for VM-based containers (vcpus, memory, device-tree)
- Add iomems for hardware I/O memory page access in VMs
- Add intelRdt.schemata and intelRdt.enableMonitoring fields
- Change LinuxPids.Limit to pointer type for optional handling
- Clarify intelRdt configuration and pids cgroup settings

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2026-01-15 10:26:13 -05:00
Davanum Srinivas
c825d80bbf Update security-critical authentication and protobuf dependencies 
This PR updates security-critical dependencies addressing authentication
and data parsing vulnerabilities.

**Authentication Security:**
- github.com/coreos/go-oidc: v2.3.0 -> v2.5.0
  - Security fix: Now verifies token signature BEFORE validating payload
  - Prevents potential processing of tampered tokens before cryptographic
    verification

- github.com/cyphar/filepath-securejoin: v0.6.0 -> v0.6.1
  - Security fix: Fixed seccomp fallback logic - library now properly falls
    back to safer O_PATH resolver when openat2(2) is denied by seccomp-bpf
  - Fixed file descriptor leak in openat2 wrapper during RESOLVE_IN_ROOT

- cyphar.com/go-pathrs: v0.2.1 -> v0.2.2
  - Companion update to filepath-securejoin

**Protobuf Security:**
- google.golang.org/protobuf: v1.36.8 -> v1.36.11
  - Security fix: Added recursion limit check in lazy decoding validation
  - Prevents potential stack exhaustion attacks via maliciously crafted
    protobuf messages
  - Also adds support for URL chars in type URLs in text-format

These updates are critical for:
- OIDC authentication in kube-apiserver
- Container filesystem path resolution (used by container runtimes)
- Protobuf message parsing throughout the codebase

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2026-01-13 16:56:16 -05:00
Davanum Srinivas
0e67c56a8f
Update golang.org/x dependencies to latest versions 
updates the golang.org/x package family to newer releases:

- golang.org/x/crypto: v0.45.0 -> v0.46.0
- golang.org/x/net: v0.47.0 -> v0.48.0
- golang.org/x/sys: v0.38.0 -> v0.40.0
- golang.org/x/time: v0.9.0 -> v0.14.0
- golang.org/x/oauth2: v0.30.0 -> v0.34.0
- golang.org/x/text: v0.31.0 -> v0.33.0
- golang.org/x/term: v0.37.0 -> v0.39.0
- golang.org/x/sync: v0.18.0 -> v0.19.0
- golang.org/x/mod: v0.29.0 -> v0.32.0
- golang.org/x/tools: v0.38.0 -> v0.40.0
- golang.org/x/exp: 8a7402abbf56 -> 944ab1f22d93

Security & Stability:
- x/crypto: Updated X509 root certificate bundle
- x/net: HTTP/2 PING optimization to reduce DoS detection triggers,
  data race fix in trace RenderEvents
- x/sys: Fixed out-of-bounds memory access in sockaddrIUCVToAny
- x/time: Fixed rate limiter overflow when using very low rates that
  could cause the limiter to jam open

Performance:
- x/time: ~19% improvement in Sometimes.Do when no interval configured

Maintenance:
- Various vet diagnostic fixes for Go 1.26 compatibility
- Dependency updates across the golang.org/x ecosystem

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2026-01-11 16:26:07 -05:00
Patrick Ohly
f8a0c80ed8 dependencies: ginkgo v2.27.4, gomega v1.39.0 
Latest release of both. The CurrentTreeConstructionNodeReport fix
is needed before being able to use it in the E2E framework.
 2026-01-08 17:16:05 +01:00
Kubernetes Prow Robot
6f92c01979
Merge pull request #135391 from jpbetz/smd-6_3_1 
Bump structured-merge-diff to pick up flake fix and bug fixes
 2025-12-22 16:28:32 -08:00
Walter Fender
c8f8bb83d1 Update KAS apiserver network proxy to v0.34 
Update konnectivity network proxy to v0.34.0. Includes bug fixes such as memory-leak in http-connect mode, stale count fix and updates to match/support kubernetes version 1.34
(https://github.com/kubernetes-sigs/apiserver-network-proxy/commits/v0.34.0)
 2025-12-22 17:42:53 +00:00
Davanum Srinivas
95cf1f264d
Update to github.com/google/cadvisor v0.55.1 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-12-21 08:13:06 -05:00
Davanum Srinivas
60cce0abd0
updated to last known good dependencies for otelgrpc and dbus 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-12-20 15:32:11 -05:00
Kubernetes Prow Robot
268bdbe214
Merge pull request #135836 from pohly/ginkgo-gomega-update 
dependencies: ginkgo v2.27.3 + gomega v1.38.3
 2025-12-19 08:36:39 -08:00
Kubernetes Prow Robot
0ea3824860
Merge pull request #135845 from skitt/drop-armon-circbuf 
Replace armon/circbuf with k8s.io/utils/buffer
 2025-12-19 07:40:37 -08:00
Patrick Ohly
db841afdbb dependencies: ginkgo v2.27.3 + gomega v1.38.3 
This fixes some issues found in Kubernetes (data race in ginkgo CLI, gomega
formatting) and helps with diagnosing OOM killing in CI jobs (exit status of
processes).

The modified gomega formatting shows up in some of the output tests for the E2E
framework. They get updated accordingly.
 2025-12-19 10:37:54 +01:00
Stephen Kitt
3653ae2b9a
Replace armon/circbuf with k8s.io/utils/buffer 
This uses the new generic fixed ring implementation in k8s.io/utils.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
 2025-12-19 09:59:41 +01:00
Ciprian Hacman
aa5b4e0f78 hack/update-vendor.sh 2025-12-18 18:15:15 +02:00
Davanum Srinivas
ab1ffaf12e
move httpcache to third_party/forked 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-12-18 08:18:57 -05:00
Kubernetes Prow Robot
5eecce635d
Merge pull request #135748 from princepereira/ppereira-vendoring-hnslib-v012 
Update vendored hnslib to v0.1.2
 2025-12-18 02:10:30 -08:00
Kubernetes Prow Robot
df610f8cee
Merge pull request #135538 from dims/drop-usates-of-archived-dependency-grpc-ecosystem/go-grpc-prometheus 
Drop usages of archived dependency - github.com/grpc-ecosystem/go-grpc-prometheus
 2025-12-17 23:27:30 -08:00
Kubernetes Prow Robot
321e0f69d8
Merge pull request #135504 from dims/bump=github.com/opencontainers/cgroups-to-v0.0.6 
Bump github.com/opencontainers/cgroups to v0.0.6
 2025-12-17 22:36:36 -08:00
Kubernetes Prow Robot
74143f083f
Merge pull request #135331 from yashsingh74/bump-etcd-3.6.6 
Bump etcd 3.6.6 sdk
 2025-12-17 21:41:14 -08:00
Prince Pereira
832e342c01 Update vendored hnslib to v0.1.2 2025-12-16 12:50:35 +00:00
Davanum Srinivas
1240604ebf
Drop usages of archived dependency - github.com/grpc-ecosystem/go-grpc-prometheus 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-12-01 20:53:55 -05:00
Davanum Srinivas
5302b929ae
Bump golang.org/x/crypto to v0.45.0 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-12-01 14:11:01 -05:00
Davanum Srinivas
1569ebc5a6
Bump github.com/opencontainers/cgroups to v0.0.6 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-11-28 16:22:46 -05:00
Joe Betz
5129fa152b hack/pin-dependency.sh sigs.k8s.io/structured-merge-diff/v6 v6.3.1 2025-11-21 08:53:57 -05:00
yashsingh74
ad78b40320
Bump etcd 3.6.6 sdk 
Signed-off-by: yashsingh74 <yashsingh1774@gmail.com>
 2025-11-18 11:45:22 +05:30
Benjamin Elder
1ce140d105 update github.com/opencontainers/selinux to v1.13.0 2025-11-12 14:46:31 +00:00
Kubernetes Prow Robot
f38a61181c
Merge pull request #133968 from yashsingh74/bump-coredns-1.12.4 
Update coredns to v1.13.1
 2025-11-06 20:38:54 -08:00
Patrick Ohly
6034321603 dependencies: ginkgo v2.27.2, gomega v1.38.2 
Specifically the new AddTreeConstructionNodeArgsTransformer and SpecPriority in
Ginkgo will be useful.

Gomega gets updated to keep up-to-date.
 2025-11-01 09:52:09 +01:00
Patrick Ohly
5993782d65 dependencies: various minor updates 
This is a collection of updating several unversioned modules. Those updates are
eventually going to reach Kubernetes, doing them together now makes PRs for
future major updates smaller.
 2025-10-31 11:30:26 +01:00
Kubernetes Prow Robot
ec5425a6ef
Merge pull request #134744 from neolit123/1.35-update-system-validators-to-v1.12.0 
vendor: update system-validators to v1.12.1
 2025-10-24 13:07:40 -07:00
Lubomir I. Ivanov
c764de03dc vendor: update system-validators to v1.12.1 
Includes an update to the cgroups validator to throw
an error if v1 is detected on the host.

Also includes a KubeletVersion field to determine
to show a warning or an error.
 2025-10-23 17:44:30 +02:00
joshjms
7f99d6672f etcd: bump etcd sdk to v3.6.5 
Signed-off-by: joshjms <joshjms1607@gmail.com>
 2025-10-22 21:36:06 +08:00
Yash
fface8ebfc
Bump coredns version 1.13.1 
Signed-off-by: Yash <yashsingh1774@gmail.com>
 2025-10-16 16:58:52 +05:30
Antonio Ojea
0b0a5974f8 integration test: webhook proxy behavior 
adds a new integration test to verify that the API server's egress
to admission webhooks correctly respects the standard `HTTPS_PROXY`
and `NO_PROXY` environment variables.

It adds a new test util to implement a Fake DNS server that allows
to override DNS resolution in tests, specially useful for integration
test that can only bind to localhost the servers, that is ignored
by certain functionalities.
 2025-10-02 22:31:08 +00:00
yashsingh74
4347d4be81
Update coredns to v1.12.4 
Signed-off-by: yashsingh74 <yashsingh1774@gmail.com>
 2025-09-26 08:51:35 +05:30
Jefftree
37592a026b bump gengo 2025-09-22 18:54:58 +00:00
Davanum Srinivas
736f7b9a1b update to latest sigs.k8s.io/json 2025-09-18 20:55:31 -04:00
Paco Xu
d7a2793fa6 bump system-validators to v1.11.1 2025-09-18 15:48:36 +08:00
Benjamin Elder
563d4d651c bump go language version to 1.25 2025-09-17 14:56:07 -07:00
Kubernetes Prow Robot
1d80f35350
Merge pull request #132791 from bitoku/cpu-weight 
Update pod resize test to accept new cpu.weight conversion.
 2025-09-11 16:20:08 -07:00
Joe Betz
8b63ace66c Bump kube-openapi 
Signed-off-by: Joe Betz <jpbetz@google.com>
 2025-09-10 15:52:57 -04:00