kubernetes

mirror of https://github.com/kubernetes/kubernetes.git synced 2026-02-14 16:25:09 -05:00

Author	SHA1	Message	Date
Davanum Srinivas	5b478645cd	Update security and stability dependencies This PR updates several dependencies addressing security vulnerabilities, stability fixes, and authentication improvements. - golang.org/x/crypto: v0.46.0 -> v0.47.0 - Includes latest X509 root certificate bundle updates - Security hardening for cryptographic operations - Foundation dependency for TLS and authentication - github.com/golang-jwt/jwt/v5: v5.2.2 -> v5.3.0 - IMPORTANT: v5.2.2 patched vulnerability GHSA-mh63-6h87-95cp (token validation security issue) - this update ensures we have the fix - Adds multiple audience validation support for JWT tokens - Go 1.21 minimum requirement (code modernization) - Replaced legacy interface{} with modern any keyword - golang.org/x/net: v0.48.0 -> v0.49.0 - HTTP/2 priority scheduler improvements (RFC 9218) - WebSocket security enhancements - Network layer stability fixes - go.uber.org/zap: v1.27.0 -> v1.27.1 - Fix: Prevent Object from panicking on nils (PR #1501) - Fix: Race condition in WithLazy (PR #1511) - Both fixes improve logging stability in concurrent scenarios - github.com/godbus/dbus/v5: v5.2.0 -> v5.2.2 - Security: Disabled SHA1 authentication by default on non-Windows platforms (v5.2.0 change now inherited) - Performance: Multiple optimizations reducing memory allocations - Fix: Alignment issues in decoder operations - Fix: Allow more than 32 containers/struct fields in a signature Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2026-01-15 19:57:11 -05:00
Davanum Srinivas	050c786014	Update vendored dependencies: cadvisor, containerd, runtime-spec, selinux Update the following vendored dependencies: - github.com/google/cadvisor: v0.55.1 -> v0.56.0 - github.com/containerd/containerd/api: v1.9.0 -> v1.10.0 - github.com/opencontainers/runtime-spec: v1.2.1 -> v1.3.0 - github.com/opencontainers/selinux: v1.13.0 -> v1.13.1 cadvisor v0.56.0 changes: - Add s390x (IBM Z/mainframe) CPU topology support with NumBooks and NumDrawers fields in MachineInfo - Add new Prometheus metrics: machine_cpu_books and machine_cpu_drawers - Add standard deviation (Std) field to Percentiles for resource statistics - Add sysfs constants CPUBookID and CPUDrawerID for s390x topology detection containerd/api v1.10.0 changes: - Add ActiveMount message type for tracking mounts with timestamps - Add ActivationInfo message for mount management and lifecycle tracking runtime-spec v1.3.0 changes (from ChangeLog): - Add FreeBSD platform support with new Spec.FreeBSD field - Add netDevices object for moving network devices to container namespaces - Add memoryPolicy object for NUMA memory policy configuration - Add hwConfig object for VM-based containers (vcpus, memory, device-tree) - Add iomems for hardware I/O memory page access in VMs - Add intelRdt.schemata and intelRdt.enableMonitoring fields - Change LinuxPids.Limit to pointer type for optional handling - Clarify intelRdt configuration and pids cgroup settings Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2026-01-15 10:26:13 -05:00
Davanum Srinivas	c825d80bbf	Update security-critical authentication and protobuf dependencies This PR updates security-critical dependencies addressing authentication and data parsing vulnerabilities. Authentication Security: - github.com/coreos/go-oidc: v2.3.0 -> v2.5.0 - Security fix: Now verifies token signature BEFORE validating payload - Prevents potential processing of tampered tokens before cryptographic verification - github.com/cyphar/filepath-securejoin: v0.6.0 -> v0.6.1 - Security fix: Fixed seccomp fallback logic - library now properly falls back to safer O_PATH resolver when openat2(2) is denied by seccomp-bpf - Fixed file descriptor leak in openat2 wrapper during RESOLVE_IN_ROOT - cyphar.com/go-pathrs: v0.2.1 -> v0.2.2 - Companion update to filepath-securejoin Protobuf Security: - google.golang.org/protobuf: v1.36.8 -> v1.36.11 - Security fix: Added recursion limit check in lazy decoding validation - Prevents potential stack exhaustion attacks via maliciously crafted protobuf messages - Also adds support for URL chars in type URLs in text-format These updates are critical for: - OIDC authentication in kube-apiserver - Container filesystem path resolution (used by container runtimes) - Protobuf message parsing throughout the codebase Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2026-01-13 16:56:16 -05:00
Patrick Ohly	f8a0c80ed8	dependencies: ginkgo v2.27.4, gomega v1.39.0 Latest release of both. The CurrentTreeConstructionNodeReport fix is needed before being able to use it in the E2E framework.	2026-01-08 17:16:05 +01:00
Davanum Srinivas	95cf1f264d	Update to github.com/google/cadvisor v0.55.1 Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2025-12-21 08:13:06 -05:00
Davanum Srinivas	60cce0abd0	updated to last known good dependencies for otelgrpc and dbus Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2025-12-20 15:32:11 -05:00
Kubernetes Prow Robot	268bdbe214	Merge pull request #135836 from pohly/ginkgo-gomega-update dependencies: ginkgo v2.27.3 + gomega v1.38.3	2025-12-19 08:36:39 -08:00
Kubernetes Prow Robot	0ea3824860	Merge pull request #135845 from skitt/drop-armon-circbuf Replace armon/circbuf with k8s.io/utils/buffer	2025-12-19 07:40:37 -08:00
Patrick Ohly	db841afdbb	dependencies: ginkgo v2.27.3 + gomega v1.38.3 This fixes some issues found in Kubernetes (data race in ginkgo CLI, gomega formatting) and helps with diagnosing OOM killing in CI jobs (exit status of processes). The modified gomega formatting shows up in some of the output tests for the E2E framework. They get updated accordingly.	2025-12-19 10:37:54 +01:00
Stephen Kitt	3653ae2b9a	Replace armon/circbuf with k8s.io/utils/buffer This uses the new generic fixed ring implementation in k8s.io/utils. Signed-off-by: Stephen Kitt <skitt@redhat.com>	2025-12-19 09:59:41 +01:00
Ciprian Hacman	aa5b4e0f78	hack/update-vendor.sh	2025-12-18 18:15:15 +02:00
Davanum Srinivas	ab1ffaf12e	move httpcache to third_party/forked Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2025-12-18 08:18:57 -05:00
Kubernetes Prow Robot	5eecce635d	Merge pull request #135748 from princepereira/ppereira-vendoring-hnslib-v012 Update vendored hnslib to v0.1.2	2025-12-18 02:10:30 -08:00
Kubernetes Prow Robot	df610f8cee	Merge pull request #135538 from dims/drop-usates-of-archived-dependency-grpc-ecosystem/go-grpc-prometheus Drop usages of archived dependency - github.com/grpc-ecosystem/go-grpc-prometheus	2025-12-17 23:27:30 -08:00
Prince Pereira	832e342c01	Update vendored hnslib to v0.1.2	2025-12-16 12:50:35 +00:00
Davanum Srinivas	1240604ebf	Drop usages of archived dependency - github.com/grpc-ecosystem/go-grpc-prometheus Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2025-12-01 20:53:55 -05:00
Davanum Srinivas	1569ebc5a6	Bump github.com/opencontainers/cgroups to v0.0.6 Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2025-11-28 16:22:46 -05:00
Benjamin Elder	1ce140d105	update github.com/opencontainers/selinux to v1.13.0	2025-11-12 14:46:31 +00:00
Kubernetes Prow Robot	f38a61181c	Merge pull request #133968 from yashsingh74/bump-coredns-1.12.4 Update coredns to v1.13.1	2025-11-06 20:38:54 -08:00
Patrick Ohly	6034321603	dependencies: ginkgo v2.27.2, gomega v1.38.2 Specifically the new AddTreeConstructionNodeArgsTransformer and SpecPriority in Ginkgo will be useful. Gomega gets updated to keep up-to-date.	2025-11-01 09:52:09 +01:00
Yash	fface8ebfc	Bump coredns version 1.13.1 Signed-off-by: Yash <yashsingh1774@gmail.com>	2025-10-16 16:58:52 +05:30
yashsingh74	4347d4be81	Update coredns to v1.12.4 Signed-off-by: yashsingh74 <yashsingh1774@gmail.com>	2025-09-26 08:51:35 +05:30
Kubernetes Prow Robot	1d80f35350	Merge pull request #132791 from bitoku/cpu-weight Update pod resize test to accept new cpu.weight conversion.	2025-09-11 16:20:08 -07:00
Davanum Srinivas	bdfca587f4	update prometheus' client_golang and common packages	2025-09-09 15:43:08 -04:00
Davanum Srinivas	a41de8771a	Bump github.com/spf13/cobra v1.10.0	2025-09-01 11:21:11 -04:00
Davanum Srinivas	6ddf6261d4	Update to spf13/pflag to prevent CI break	2025-09-01 08:21:12 -04:00
Ayato Tokubi	799312a402	Update pod resize test to accept new cpu.weight conversion. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>	2025-08-29 16:39:18 +00:00
Kubernetes Prow Robot	546519987d	Merge pull request #132288 from thevilledev/chore/coredns-v1.12.2 chore: update CoreDNS to v1.12.3	2025-08-28 06:55:10 -07:00
Stephen Kitt	684473af62	Bump cadvisor to 0.53 This brings a few fixes, drops github.com/pkg/errors (as a direct dependency), and bumps many transitive dependencies. The go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp bump to v0.61.0 breaks "k8s.io/kubernetes/test/integration/apiserver: tracing" consistently, so it's held back for now. github.com/containerd/containerd/api pulls in gopkg.in/yaml.v3 so that needs to be added to the exceptions in unwanted-dependencies.json. Signed-off-by: Stephen Kitt <skitt@redhat.com>	2025-08-28 09:20:21 +02:00
Ville Vesilehto	aa819af85a	chore: update CoreDNS to v1.12.3 Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>	2025-08-13 08:52:10 +03:00
Kubernetes Prow Robot	dfc0998baa	Merge pull request #132935 from benluddy/cbor-bump-custom-marshalers KEP-4222: Adopt text and JSON transcoding support for CBOR.	2025-07-24 13:04:49 -07:00
koba1t	ee8ef383be	Update kubectl kustomize to kyaml/v0.20.1, cmd/config/v0.20.1, api/v0.20.1, kustomize/v5.7.1	2025-07-23 22:37:19 +09:00
Ben Luddy	917659269a	Bump to github.com/fxamacker/cbor/v2 v2.9.0.	2025-07-22 15:15:17 -04:00
Cici Huang	cedcbfb94c	Update cel-go to v0.26.0	2025-07-17 20:09:03 +00:00
Davanum Srinivas	b44b0fbf12	Update github.com/emicklei/go-restful/v3 to v3.12.2 Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2025-07-02 08:00:43 -04:00
Jefftree	d04ee27c98	Update vendor	2025-07-01 15:23:58 +00:00
Davanum Srinivas	3908550c0d	Update to latest github.com/modern-go/reflect2 Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2025-06-12 11:20:39 -04:00
Davanum Srinivas	449320a54a	update github.com/spf13/cobra v1.9.1 Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2025-06-10 10:50:54 -04:00
Davanum Srinivas	1ffda045cb	update to latest ishidawataru/sctp dependency Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2025-05-23 07:44:49 -07:00
Adrian Moisey	32c45ecf10	Bump github.com/vishvananda/netlink to v1.3.1 hack/pin-dependency.sh github.com/vishvananda/netlink v1.3.1 hack/update-vendor.sh	2025-05-21 13:10:02 +02:00
Jordan Liggitt	cf0bbf1171	bump etcd client to 3.6 hack/pin-dependency.sh go.etcd.io/etcd/api/v3 v3.6.0 hack/pin-dependency.sh go.etcd.io/etcd/client/pkg/v3 v3.6.0 hack/pin-dependency.sh go.etcd.io/etcd/client/v3 v3.6.0 hack/pin-dependency.sh go.etcd.io/etcd/pkg/v3 v3.6.0 hack/pin-dependency.sh go.etcd.io/etcd/server/v3 v3.6.0 hack/pin-dependency.sh github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.0 hack/update-vendor.sh	2025-05-15 21:19:11 -04:00
Jordan Liggitt	bc60517171	bump cbor to add omitzero support	2025-05-02 15:38:38 -04:00
Kubernetes Prow Robot	090ebab0d7	Merge pull request #131506 from princepereira/ppereira-update-hnslib Update hnslib version in Windows KubeProxy.	2025-04-30 08:11:56 -07:00
Kubernetes Prow Robot	1b509a8883	Merge pull request #131434 from pacoxu/fsnotify bump fsnotify v1.9.0	2025-04-25 09:41:30 -07:00
Kubernetes Prow Robot	629537d8c6	Merge pull request #131151 from yashsingh74/bump-coredns-1.12.1 Update coredns to v1.12.1	2025-04-25 07:52:57 -07:00
Josh Gwosdz	7a24c4ce5d	chore: update github.com/google/cel-go dependency to v0.25.0 Signed-off-by: Josh Gwosdz <jgwosdz@redhat.com>	2025-04-25 10:07:12 +02:00
Paco Xu	a2281f97bb	bump fsnotify v1.9.0	2025-04-24 17:01:00 +08:00
Prince Pereira	44d7132afb	Update hnslib version in Windows KubeProxy.	2025-04-24 00:45:27 -07:00
yashsingh74	302a850583	Update coredns version to v1.12.1 Signed-off-by: yashsingh74 <yashsingh1774@gmail.com>	2025-04-09 13:08:21 +05:30
Benjamin Wang	f3b80a8582	bump etcd 3.5.21 sdk Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>	2025-03-31 18:53:27 +01:00

1 2 3 4 5 ...

1222 commits