Skip to content

chore(deps): bump the go-dependencies group in /tests with 7 updates #636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the go-dependencies group in /tests with 7 updates #636

wants to merge 1 commit into from
+119 −107

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 21, 2025
edited
Loading

Bumps the go-dependencies group in /tests with 7 updates:

Package From To
github.com/cert-manager/cert-manager 1.16.4 1.19.1
github.com/stretchr/testify 1.10.0 1.11.1
golang.org/x/exp 0.0.0-20241217172543-b2144cdd0a67 0.0.0-20250718183923-645b1fa84792
k8s.io/api 0.32.0 0.34.1
k8s.io/apimachinery 0.32.0 0.34.1
k8s.io/utils 0.0.0-20241210054802-24370beab758 0.0.0-20250820121507-0af2bda4dd1d
sigs.k8s.io/controller-runtime 0.19.0 0.22.3

Updates github.com/cert-manager/cert-manager from 1.16.4 to 1.19.1

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.19.1

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We reverted the CRD-based API defaults for Certificate.Spec.IssuerRef and CertificateRequest.Spec.IssuerRef after they were found to cause unexpected certificate renewals after upgrading to 1.19.0. We will try re-introducing these API defaults in cert-manager 1.20. We fixed a bug that caused certificates to be re-issued unexpectedly if the issuerRef kind or group was changed to one of the "runtime" default values. We upgraded Go to 1.25.3 to address the following security vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, and CVE-2025-61725.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since v1.19.0:

Bug or Regression

  • BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8175, @​cert-manager-bot)
  • Bump Go to 1.25.3 to fix a backwards incompatible change to the validation of DNS names in X.509 SAN fields which prevented the use of DNS names with a trailing dot (#8177, @​wallrj-cyberark)
  • Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8178, @​cert-manager-bot)

v1.19.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ Known issues: The following known issues are fixed in v1.19.1:

This release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues.

📖 Read the full release notes at cert-manager.io: https://cert-manager.io/docs/releases/release-notes/release-notes-1.19

Changes since v1.18.0:

Feature

  • Add IPv6 rules to the default network policy (#7726, @​jcpunk)
  • Add global.nodeSelector to helm chart to allow for a single nodeSelector to be set across all services. (#7818, @​StingRayZA)
  • Add a feature gate to default to Ingress pathType Exact in ACME HTTP01 Ingress challenge solvers. (#7795, @​sspreitzer)
  • Add generated applyconfigurations allowing clients to make type-safe server-side apply requests for cert-manager resources. (#7866, @​erikgb)
  • Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). (#7414, @​erikgb)
  • Added certmanager_certificate_challenge_status Prometheus metric. (#7736, @​hjoshi123)
  • Added protocol field for rfc2136 DNS01 provider (#7881, @​hjoshi123)
  • Added experimental field hostUsers flag to all pods. Not set by default. (#7973, @​hjoshi123)
  • Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global --acme-http01-solver-resource-* settings. (#7972, @​lunarwhite)
  • The CAInjectorMerging feature has been promoted to BETA and is now enabled by default (#8017, @​ThatsMrTalbot)
  • The controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. (#8072, @​prasad89)
  • Updated certificate metrics to the collector approach. (#7856, @​hjoshi123)

Bug or Regression

  • ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization (#7796, @​hjoshi123)
  • BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#7816, @​kinolaev)
  • Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (class, ingressClassName, name) are specified simultaneously (#8021, @​lunarwhite)
  • Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#7961, @​SgtCoDFish)

... (truncated)

Commits
  • a22e21e Merge pull request #8180 from cert-manager-bot/cherry-pick-8168-to-release-1.19
  • e1390a4 fix(deps): update module github.com/venafi/vcert/v5 to v5.12.2
  • 36e4265 Merge pull request #8179 from cert-manager-bot/cherry-pick-8164-to-release-1.19
  • 3416dd0 fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.3
  • 4a63715 Merge pull request #8178 from cert-manager-bot/cherry-pick-8173-to-release-1.19
  • a48b6fc REVERT: API defaults for issuer reference kind and group
  • 4706a48 Merge pull request #8177 from wallrj-cyberark/release-1.19-upgrade-go
  • bdfb708 [release-1.19] Disable generate-klone so we can manually update Go versions
  • 43825b6 [release-1.19] bump Go to 1.25.3
  • de44c90 Merge pull request #8175 from cert-manager-bot/cherry-pick-8160-to-release-1.19
  • Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.10.0 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

Fixes

Documentation, Build & CI

... (truncated)

Commits
  • 2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
  • af8c912 Backport #1786 to release/1.11
  • b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
  • 69831f3 build(deps): bump actions/checkout from 4 to 5
  • a53be35 Improve captureTestingT helper
  • aafb604 mock: improve formatting of error message
  • 7218e03 improve error msg
  • 929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
  • bc7459e suite: faster filtering of methods (-testify.m)
  • 7d37b5c suite: refactor methodFilter
  • Additional commits viewable in compare view

Updates golang.org/x/exp from 0.0.0-20241217172543-b2144cdd0a67 to 0.0.0-20250718183923-645b1fa84792

Commits

Updates k8s.io/api from 0.32.0 to 0.34.1

Commits
  • 77c9e29 Update dependencies to v0.34.1 tag
  • 133a39c Merge remote-tracking branch 'origin/master' into release-1.34
  • fd087be clarify that staging repos are automatically published
  • ff163ef add pointer to CONTRIBUTING.md for more details on contributing, clarify read...
  • 5ec86fc link to what a staging repository is
  • 08c5dee docs: clarify that this is a staging repository and not for direct contributions
  • ba64d0b Update prerelease lifecycle to v1.34
  • 25f849c Merge pull request #132522 from sunya-ch/KEP-5075-PR
  • baa1eb1 KEP-5075: generated codes from make update
  • 740b2c9 KEP-5075: API updates
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.32.0 to 0.34.1

Commits
  • b72d93d Merge remote-tracking branch 'origin/master' into release-1.34
  • cd8b91c clarify that staging repos are automatically published
  • 8c59599 add pointer to CONTRIBUTING.md for more details on contributing, clarify read...
  • ec3cea5 link to what a staging repository is
  • e4db694 docs: clarify that this is a staging repository and not for direct contributions
  • 04507a3 Merge pull request #132942 from thockin/kyaml
  • 50e39b1 Merge pull request #132935 from benluddy/cbor-bump-custom-marshalers
  • 7d108e8 Re-vendor sigs.k8s.io/yaml @ v1.6.0
  • 58c4eb0 Merge pull request #133130 from ylink-lfs/chore/residual_boolptr_removal
  • 38a24e6 chore: residual boolptr and intptr removal
  • Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20241210054802-24370beab758 to 0.0.0-20250820121507-0af2bda4dd1d

Commits

Updates sigs.k8s.io/controller-runtime from 0.19.0 to 0.22.3

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.22.3

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.22.2...v0.22.3

v0.22.2

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.22.1...v0.22.2

v0.22.1

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.22.0...v0.22.1

v0.22.0

🔆 Highlights

⚠️ Breaking changes

✨ Features

... (truncated)

Commits
  • 3e8b259 [release-0.22] 🐛 Allow SSA after normal resource creation (#3348)
  • 7fb34b5 [release-0.22] 🐛 Fix a bug where the priorityqueue would sometimes not return...
  • 27d4b5e Merge pull request #3338 from k8s-infra-cherrypick-robot/cherry-pick-3337-to-...
  • 6d368ce Rebase priorityqueue shutdown fix for release-0.22
  • d04f428 Don't block on Get when queue is shutdown (2nd try)
  • 7f146f7 Merge pull request #3317 from k8s-infra-cherrypick-robot/cherry-pick-3316-to-...
  • f3b9e4f Bump to k8s.io/* v0.34.1
  • 04c6a08 [release-0.22] 🐛Panic when trying to build more than one instance of fake.Cli...
  • 6422ed0 Merge pull request #3308 from k8s-infra-cherrypick-robot/cherry-pick-3307-to-...
  • 09a2e89 Revert deprecation of client.Apply
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 21, 2025

Labels

The following labels could not be found: tests. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Oct 21, 2025
@github-actions github-actions bot added the chore Routine tasks or maintenance label Oct 21, 2025
@vprashar2929
Copy link
Collaborator

vprashar2929 commented Oct 24, 2025

@dependabot rebase

@dependabot
chore(deps): bump the go-dependencies group in /tests with 7 updates
e476383 
Bumps the go-dependencies group in /tests with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | `1.16.4` | `1.19.1` |
| [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.10.0` | `1.11.1` |
| [golang.org/x/exp](https://github.com/golang/exp) | `0.0.0-20241217172543-b2144cdd0a67` | `0.0.0-20250718183923-645b1fa84792` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.32.0` | `0.34.1` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.32.0` | `0.34.1` |
| [k8s.io/utils](https://github.com/kubernetes/utils) | `0.0.0-20241210054802-24370beab758` | `0.0.0-20250820121507-0af2bda4dd1d` |
| [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.19.0` | `0.22.3` |


Updates `github.com/cert-manager/cert-manager` from 1.16.4 to 1.19.1
- [Release notes](https://github.com/cert-manager/cert-manager/releases)
- [Changelog](https://github.com/cert-manager/cert-manager/blob/master/RELEASE.md)
- [Commits](cert-manager/cert-manager@v1.16.4...v1.19.1)

Updates `github.com/stretchr/testify` from 1.10.0 to 1.11.1
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.10.0...v1.11.1)

Updates `golang.org/x/exp` from 0.0.0-20241217172543-b2144cdd0a67 to 0.0.0-20250718183923-645b1fa84792
- [Commits](https://github.com/golang/exp/commits)

Updates `k8s.io/api` from 0.32.0 to 0.34.1
- [Commits](kubernetes/api@v0.32.0...v0.34.1)

Updates `k8s.io/apimachinery` from 0.32.0 to 0.34.1
- [Commits](kubernetes/apimachinery@v0.32.0...v0.34.1)

Updates `k8s.io/utils` from 0.0.0-20241210054802-24370beab758 to 0.0.0-20250820121507-0af2bda4dd1d
- [Commits](https://github.com/kubernetes/utils/commits)

Updates `sigs.k8s.io/controller-runtime` from 0.19.0 to 0.22.3
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.19.0...v0.22.3)

---
updated-dependencies:
- dependency-name: github.com/cert-manager/cert-manager
  dependency-version: 1.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/stretchr/testify
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/exp
  dependency-version: 0.0.0-20250718183923-645b1fa84792
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: k8s.io/api
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: k8s.io/utils
  dependency-version: 0.0.0-20250820121507-0af2bda4dd1d
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.22.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/tests/go-dependencies-4e59233a87 branch from 095a8fe to e476383 Compare October 24, 2025 04:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

chore Routine tasks or maintenance dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vprashar2929