Bump the gomod-dependencies group with 10 updates

[dependabot]

Bumps the gomod-dependencies group with 10 updates:

Package	From	To
github.com/google/go-cmp	0.5.9	0.6.0
github.com/onsi/ginkgo	1.14.0	1.16.5
github.com/onsi/gomega	1.27.6	1.30.0
github.com/prometheus/common	0.44.0	0.45.0
github.com/prometheus/prometheus	0.42.1-0.20230222223527-64ff6bece652	0.48.0-rc.2
github.com/spf13/cobra	1.7.0	1.8.0
k8s.io/api	0.28.2	0.28.3
k8s.io/apiserver	0.28.1	0.28.3
k8s.io/klog/v2	2.100.1	2.110.1
k8s.io/metrics	0.28.1	0.28.3

Updates github.com/google/go-cmp from 0.5.9 to 0.6.0

Release notes

Sourced from github.com/google/go-cmp's releases.

v0.6.0

New API:

• (#340) Add cmpopts.EquateComparable

Documentation changes:

• (#337) Use of hotlinking of Go identifiers

Build changes:

• (#325) Remove purego fallbacks

Testing changes:

• (#322) Run tests for Go 1.20 version
• (#332) Pin GitHub action versions
• (#327) set workflow permission to read-only

Commits

• c3ad843 Add cmpopts.EquateComparable (#340)
• e250a55 Use of hotlinking of Go identifiers (#337)
• 8a3e8dd set workflow permission to read-only (#327)
• 8cea5de Pin GitHub action versions (#332)
• 3bb304a Run tests for Go 1.20 version (#322)
• 571a56b Remove purego fallbacks (#325)
• See full diff in compare view

Updates github.com/onsi/ginkgo from 1.14.0 to 1.16.5

Release notes

Sourced from github.com/onsi/ginkgo's releases.

v1.16.5

1.16.5

Ginkgo 2.0 now has a Release Candidate. 1.16.5 advertises the existence of the RC. 1.16.5 deprecates GinkgoParallelNode in favor of GinkgoParallelProcess

You can silence the RC advertisement by setting an ACK_GINKG_RC=true environment variable or creating a file in your home directory called .ack-ginkgo-rc

v1.16.4

1.16.4

Fixes

1.16.4 retracts 1.16.3. There are no code changes. The 1.16.3 tag was associated with the wrong commit and an attempt to change it after-the-fact has proven problematic. 1.16.4 retracts 1.16.3 in Ginkgo's go.mod and creates a new, correctly tagged, release.

v1.16.3

1.16.3

Features

• Measure is now deprecated and emits a deprecation warning.

v1.16.2

1.16.2

Fixes

• Deprecations can be suppressed by setting an ACK_GINKGO_DEPRECATIONS=<semver> environment variable.

v1.16.1

Fixes

• Supress --stream deprecation warning on windows (#793)

1.16.0

Features

• Advertise Ginkgo 2.0. Introduce deprecations. [9ef1913]

  • Update README.md to advertise that Ginkgo 2.0 is coming.
  • Backport the 2.0 DeprecationTracker and start alerting users about upcoming deprecations.

• Add slim-sprig template functions to bootstrap/generate (#775) [9162b86]

Fixes

• Fix accidental reference to 1488 (#784) [9fb7fe4]

v1.15.2

Fixes

• ignore blank -focus and -skip flags (#780) [e90a4a0]

v1.15.1

Fixes

• reporters/junit: Use system-out element instead of passed (#769) [9eda305]

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo's changelog.

1.16.5

Ginkgo 2.0 now has a Release Candidate. 1.16.5 advertises the existence of the RC. 1.16.5 deprecates GinkgoParallelNode in favor of GinkgoParallelProcess

You can silence the RC advertisement by setting an ACK_GINKGO_RC=true environment variable or creating a file in your home directory called .ack-ginkgo-rc

1.16.4

Fixes

1.16.4 retracts 1.16.3. There are no code changes. The 1.16.3 tag was associated with the wrong commit and an attempt to change it after-the-fact has proven problematic. 1.16.4 retracts 1.16.3 in Ginkgo's go.mod and creates a new, correctly tagged, release.

1.16.3

Features

• Measure is now deprecated and emits a deprecation warning.

1.16.2

Fixes

• Deprecations can be suppressed by setting an ACK_GINKGO_DEPRECATIONS=<semver> environment variable.

1.16.1

Fixes

• Suppress --stream deprecation warning on windows (#793)

1.16.0

Features

• Advertise Ginkgo 2.0. Introduce deprecations. [9ef1913]

  • Update README.md to advertise that Ginkgo 2.0 is coming.
  • Backport the 2.0 DeprecationTracker and start alerting users about upcoming deprecations.

• Add slim-sprig template functions to bootstrap/generate (#775) [9162b86]

• Fix accidental reference to 1488 (#784) [9fb7fe4]

1.15.2

Fixes

• ignore blank -focus and -skip flags (#780) [e90a4a0]

1.15.1

Fixes

• reporters/junit: Use system-out element instead of passed (#769) [9eda305]

1.15.0

... (truncated)

Commits

• d38b9d9 v1.16.5
• b55f80d Mention release candidate and deprecate GinkgoParallelNode in favor of Ginkgo...
• d8e9d10 Move v2 to ver2 to play better with the go toolchain
• 8a172cc Advertise GInkgo 2.0 beta
• a12d699 Add no-op Setenv to GinkgoT
• 81705fc chore: Go 1.17 released
• f250977 remove travis-ci
• afce52e drop 1.15 in github test workflow
• d125cd0 v1.16.4
• 3286b30 v1.16.3
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.27.6 to 1.30.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.30.0

1.30.0

Features

• BeTrueBecause and BeFalseBecause allow for better failure messages [4da4c7f]

Maintenance

• Bump actions/checkout from 3 to 4 (#694) [6ca6e97]
• doc: fix type on gleak go doc [f1b8343]

v1.29.0

1.29.0

Features

• MatchError can now take an optional func(error) bool + description [2b39142]

v1.28.1

1.28.1

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.13.0 [635d196]
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 [14f8859]
• Bump golang.org/x/net from 0.14.0 to 0.17.0 [d8a6508]
• #703 doc(matchers): HaveEach() doc comment updated [2705bdb]
• Minor typos (#699) [375648c]

v1.28.0

1.28.0

Features

• Add VerifyHost handler to ghttp (#698) [0b03b36]

Fixes

• Read Body for Newer Responses in HaveHTTPBodyMatcher (#686) [18d6673]

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.12.0 (#693) [55a33f3]
• Typo in matchers.go (#691) [de68e8f]
• Bump commonmarker from 0.23.9 to 0.23.10 in /docs (#690) [ab17f5e]
• chore: update test matrix for Go 1.21 (#689) [5069017]
• Bump golang.org/x/net from 0.12.0 to 0.14.0 (#688) [babe25f]

v1.27.10

1.27.10

Fixes

• fix: go 1.21 adding goroutine ID to creator+location (#685) [bdc7803]

v1.27.9

1.27.9

... (truncated)

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.30.0

Features

• BeTrueBecause and BeFalseBecause allow for better failure messages [4da4c7f]

Maintenance

• Bump actions/checkout from 3 to 4 (#694) [6ca6e97]
• doc: fix type on gleak go doc [f1b8343]

1.29.0

Features

• MatchError can now take an optional func(error) bool + description [2b39142]

1.28.1

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.13.0 [635d196]
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 [14f8859]
• Bump golang.org/x/net from 0.14.0 to 0.17.0 [d8a6508]
• #703 doc(matchers): HaveEach() doc comment updated [2705bdb]
• Minor typos (#699) [375648c]

1.28.0

Features

• Add VerifyHost handler to ghttp (#698) [0b03b36]

Fixes

• Read Body for Newer Responses in HaveHTTPBodyMatcher (#686) [18d6673]

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.12.0 (#693) [55a33f3]
• Typo in matchers.go (#691) [de68e8f]
• Bump commonmarker from 0.23.9 to 0.23.10 in /docs (#690) [ab17f5e]
• chore: update test matrix for Go 1.21 (#689) [5069017]
• Bump golang.org/x/net from 0.12.0 to 0.14.0 (#688) [babe25f]

1.27.10

Fixes

• fix: go 1.21 adding goroutine ID to creator+location (#685) [bdc7803]

1.27.9

Fixes

• Prevent nil-dereference in format.Object for boxed nil error (#681) [3b31fc3]

Maintenance

• Bump golang.org/x/net from 0.11.0 to 0.12.0 (#679) [360849b]

... (truncated)

Commits

• f804ac6 v1.30.0
• 4da4c7f BeTrueBecause and BeFalseBecause allow for better failure messages
• 6ca6e97 Bump actions/checkout from 3 to 4 (#694)
• f1b8343 doc: fix type on gleak go doc
• b94b195 v1.29.0
• 2b39142 MatchError can now take an optional func(error) bool + description
• ab6045c v1.28.1
• 635d196 Bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.13.0
• 14f8859 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0
• d8a6508 Bump golang.org/x/net from 0.14.0 to 0.17.0
• Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.44.0 to 0.45.0

Release notes

Sourced from github.com/prometheus/common's releases.

v0.45.0

What's Changed

• Adding support for file based configuration of basic auth username in http client config by @​wasim-nihal in prometheus/common#511
• Bump golang.org/x/net from 0.10.0 to 0.12.0 by @​dependabot in prometheus/common#507
• Add read-only token permissions by @​pnacht in prometheus/common#490
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#495
• Update client_golang by @​SuperQ in prometheus/common#513
• Bump golang.org/x/oauth2 from 0.8.0 to 0.12.0 by @​dependabot in prometheus/common#514
• Bump github.com/aws/aws-sdk-go from 1.44.266 to 1.45.18 in /sigv4 by @​dependabot in prometheus/common#515
• Bump github.com/prometheus/client_golang from 1.15.1 to 1.17.0 in /sigv4 by @​dependabot in prometheus/common#516
• Bump github.com/stretchr/testify from 1.8.2 to 1.8.4 in /sigv4 by @​dependabot in prometheus/common#493
• Update golang_protobuf_extensions to v2 by @​Neo2308 in prometheus/common#509
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#518
• Bump github.com/aws/aws-sdk-go from 1.45.18 to 1.45.19 in /sigv4 by @​dependabot in prometheus/common#519
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#520
• Bump golang.org/x/net from 0.15.0 to 0.17.0 in /sigv4 by @​dependabot in prometheus/common#525
• Bump golang.org/x/net from 0.15.0 to 0.17.0 by @​dependabot in prometheus/common#524

New Contributors

• @​wasim-nihal made their first contribution in prometheus/common#511
• @​pnacht made their first contribution in prometheus/common#490
• @​Neo2308 made their first contribution in prometheus/common#509

Full Changelog: prometheus/common@v0.44.0...v0.45.0

Commits

• c59927e Merge pull request #524 from prometheus/dependabot/go_modules/golang.org/x/ne...
• 1f9b004 Bump golang.org/x/net from 0.15.0 to 0.17.0
• 16f9480 Merge pull request #525 from prometheus/dependabot/go_modules/sigv4/golang.or...
• ff99062 Bump golang.org/x/net from 0.15.0 to 0.17.0 in /sigv4
• 7043ea0 Merge pull request #520 from prometheus/repo_sync
• b6914dd Update common Prometheus files
• f4e05c0 Merge pull request #519 from prometheus/dependabot/go_modules/sigv4/github.co...
• eb60b9b Bump github.com/aws/aws-sdk-go from 1.45.18 to 1.45.19 in /sigv4
• ac62eb7 Merge pull request #518 from prometheus/repo_sync
• 777f9cc Update common Prometheus files
• Additional commits viewable in compare view

Updates github.com/prometheus/prometheus from 0.42.1-0.20230222223527-64ff6bece652 to 0.48.0-rc.2

Commits

• See full diff in compare view

Updates github.com/spf13/cobra from 1.7.0 to 1.8.0

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.8.0

✨ Features

• Support usage as plugin for tools like kubectl by @​nirs in spf13/cobra#2018 - this means that programs that utilize a "plugin-like" structure have much better support and usage (like for completions, command paths, etc.)
• Move documentation sources to site/content by @​umarcor in spf13/cobra#1428
• Add 'one required flag' group by @​marevers in spf13/cobra#1952 - this includes a new MarkFlagsOneRequired API for flags which can be used to mark a flag group as required and cause command failure if at least one is not used when invoked.
• Customizable error message prefix by @​5ouma in spf13/cobra#2023 - This adds the SetErrPrefix and ErrPrefix APIs on the Command struct to allow for setting a custom prefix for errors
• feat: add getters for flag completions by @​avirtopeanu-ionos in spf13/cobra#1943
• Feature: allow running persistent run hooks of all parents by @​vkhoroz in spf13/cobra#2044
• Improve API to get flag completion function by @​marckhouzam in spf13/cobra#2063

🐛 Bug fixes

• Fix typo in fish completions by @​twpayne in spf13/cobra#1945
• Fix grammar: 'allows to' by @​supertassu in spf13/cobra#1978
• powershell: escape variable with curly brackets by @​Luap99 in spf13/cobra#1960
• Don't complete --help flag when flag parsing disabled by @​marckhouzam in spf13/cobra#2061
• Replace all non-alphanumerics in active help env var program prefix by @​scop in spf13/cobra#1940

🔧 Maintenance

• build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @​dependabot in spf13/cobra#1971
• build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @​dependabot in spf13/cobra#1976
• build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @​dependabot in spf13/cobra#2021
• build(deps): bump actions/setup-go from 3 to 4 by @​dependabot in spf13/cobra#1934
• build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3 by @​dependabot in spf13/cobra#2047
• build(deps): bump actions/checkout from 3 to 4 by @​dependabot in spf13/cobra#2028
• command: temporarily disable G602 due to securego/gosec#1005 by @​umarcor in spf13/cobra#2022

🧪 Testing & CI/CD

• test: make fish_completions_test more robust by @​branchvincent in spf13/cobra#1980
• golangci: enable 'unused' and disable deprecated replaced by it by @​umarcor in spf13/cobra#1983
• cleanup: minor corrections to unit tests by @​JunNishimura in spf13/cobra#2003
• ci: test golang 1.21 by @​nunoadrego in spf13/cobra#2024
• Fix linter errors by @​marckhouzam in spf13/cobra#2052
• Add tests for flag completion registration by @​marckhouzam in spf13/cobra#2053

✏️ Documentation

• doc: fix typo, Deperecated -> Deprecated by @​callthingsoff in spf13/cobra#2000
• Add notes to doc about the execution condition of *PreRun and *PostRun functions by @​haoming29 in spf13/cobra#2041

---

Thank you everyone who contributed to this release and all your hard work! Cobra and this community would never be possible without all of you!!!! 🐍

Full Changelog: spf13/cobra@v1.7.0...v1.8.0

Commits

• a0a6ae0 Improve API to get flag completion function (#2063)
• 890302a Support usage as plugin for tools like kubectl (#2018)
• 48cea5c build(deps): bump actions/checkout from 3 to 4 (#2028)
• 22953d8 Replace all non-alphanumerics in active help env var program prefix (#1940)
• 00b68a1 Add tests for flag completion registration (#2053)
• b711e87 Don't complete --help flag when flag parsing disabled (#2061)
• 8b1eba4 Fix linter errors (#2052)
• 4cafa37 Allow running persistent run hooks of all parents (#2044)
• 5c962a2 build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3 (#2047)
• efe8fa3 build(deps): bump actions/setup-go from 3 to 4 (#1934)
• Additional commits viewable in compare view

Updates k8s.io/api from 0.28.2 to 0.28.3

Commits

• 59c6b15 Update dependencies to v0.28.3 tag
• 579c82b Merge pull request #121128 from MadhavJivrajani/bump-x-net-128
• f72d479 .: bump golang.org/x/net to v0.17.0
• See full diff in compare view

Updates k8s.io/apiserver from 0.28.1 to 0.28.3

Commits

• 1ba64a2 Update dependencies to v0.28.3 tag
• 1ebb103 Merge pull request #121204enj/automated-cherry-pick-of-#121203
• afde85c Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests
• 8efa5e2 Merge pull request #121196enj/automated-cherry-pick-of-#121120
• 11df348 Disable UnauthenticatedHTTP2DOSMitigation by default
• 850deeb Prevent rapid reset http2 DOS on API server
• e874526 Merge pull request #121128 from MadhavJivrajani/bump-x-net-128
• ffd1c5c .: bump golang.org/x/net to v0.17.0
• d48ffca Merge pull request #120544 from ritazh/kmsv2-reload-bugbackport
• ef77af0 Merge pull request #120587pacoxu/automated-cherry-pick-of-#119824
• Additional commits viewable in compare view

Updates k8s.io/klog/v2 from 2.100.1 to 2.110.1

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.29 (Take 1)

What's Changed

• fix: SetLogger via klog.SetLogger will output an unexpected newline by @​aimuz in kubernetes/klog#378
• resolve comments warning by @​lowang-bh in kubernetes/klog#379
• stderrthreshold: fix flag comment by @​pohly in kubernetes/klog#376
• enable "go vet" checks for parameters by @​pohly in kubernetes/klog#390
• promote experimental code to stable by @​pohly in kubernetes/klog#392
• golangci-lint action by @​pohly in kubernetes/klog#380
• output: handle WithName like zapr does by @​pohly in kubernetes/klog#391
• slog support + logr 1.3.0 update by @​pohly in kubernetes/klog#384

New Contributors

• @​aimuz made their first contribution in kubernetes/klog#378
• @​lowang-bh made their first contribution in kubernetes/klog#379

Full Changelog: kubernetes/klog@v2.100.1...v2.110.1

Commits

• e3f75b8 Merge pull request #384 from pohly/slog
• 44eadc3 add slog support
• cc856bb update to logr 1.3.0
• 02e7b69 Merge pull request #391 from pohly/with-name-output
• 009a04a output: handle WithName like zapr does
• b588475 Merge pull request #380 from pohly/golangci-lint-action
• 1a0dfc5 github: run golangci-lint via action
• ef25537 fix revive issues
• edee20c Merge pull request #392 from pohly/promote-experimental
• 18cdd3a promote experimental code to stable
• Additional commits viewable in compare view

Updates k8s.io/metrics from 0.28.1 to 0.28.3

Commits

• 3f0de2a Update dependencies to v0.28.3 tag
• aaebfae Merge pull request #121128 from MadhavJivrajani/bump-x-net-128
• f791138 .: bump golang.org/x/net to v0.17.0
• 7792b40 Merge pull request #120329liggitt/automated-cherry-pick-of-#120327
• 45d3924 Revert to json-patch 4.12.0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign serathius for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[dgrisonnet]

/ok-to-test
/lgtm
/assign @serathius

[k8s-ci-robot]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-metrics-server-test-unit	b15e27d	link	true	/test pull-metrics-server-test-unit
pull-metrics-server-test-e2e-ha	b15e27d	link	true	/test pull-metrics-server-test-e2e-ha
pull-metrics-server-test-e2e	b15e27d	link	true	/test pull-metrics-server-test-e2e
pull-metrics-server-test-e2e-helm	b15e27d	link	true	/test pull-metrics-server-test-e2e-helm
pull-metrics-server-verify	b15e27d	link	true	/test pull-metrics-server-verify
pull-metrics-server-test-version	b15e27d	link	true	/test pull-metrics-server-test-version

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[dgrisonnet]

/triage accepted

[dependabot]

Superseded by #1367.