chore(deps): bump the security group across 1 directory with 21 updates #1789

dependabot · 2025-05-19T23:24:23Z

Bumps the security group with 15 updates in the / directory:

Package	From	To
github.com/casbin/govaluate	`1.3.0`	`1.4.0`
github.com/containers/image/v5	`5.34.3`	`5.35.0`
github.com/jackc/pgx/v5	`5.7.4`	`5.7.5`
github.com/microsoft/go-mssqldb	`1.8.0`	`1.8.1`
github.com/miekg/dns	`1.1.65`	`1.1.66`
github.com/shirou/gopsutil/v4	`4.25.3`	`4.25.4`
github.com/vishvananda/netlink	`1.3.0`	`1.3.1`
github.com/vmware-tanzu/velero	`1.16.0`	`1.16.1`
golang.org/x/sync	`0.13.0`	`0.14.0`
k8s.io/api	`0.32.3`	`0.33.1`
k8s.io/apiextensions-apiserver	`0.32.3`	`0.33.1`
k8s.io/cli-runtime	`0.32.3`	`0.33.1`
golang.org/x/net	`0.39.0`	`0.40.0`
helm.sh/helm/v3	`3.17.3`	`3.18.0`
k8s.io/kubelet	`0.32.3`	`0.33.1`

Updates github.com/casbin/govaluate from 1.3.0 to 1.4.0

Release notes

Sourced from github.com/casbin/govaluate's releases.

v1.4.0

1.4.0 (2025-05-10)

Features

reduce memory allocs to optimize performance (#13) (4697815)

Commits

4697815 feat: reduce memory allocs to optimize performance (#13)
See full diff in compare view

Updates github.com/containers/image/v5 from 5.34.3 to 5.35.0

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.35.0

What's Changed

Bump c/storage to v1.57.1, c/image to v5.34.0, then to v5.35.0-dev by @TomSweeneyRedHat in containers/image#2700

Update module github.com/vbatts/tar-split to v0.12.1 by @renovate in containers/image#2699

Update dependency containers/automation_images to v20250131 by @renovate in containers/image#2703

Update module golang.org/x/oauth2 to v0.26.0 by @renovate in containers/image#2705

Update module golang.org/x/sync to v0.11.0 by @renovate in containers/image#2706

Update module golang.org/x/sys to v0.30.0 by @renovate in containers/image#2707

Update module golang.org/x/term to v0.29.0 by @renovate in containers/image#2708

Add docker media types in OCI formats by @brbayes-msft in containers/image#2695

use new ReflinkOrCopy() from c/storage by @Luap99 in containers/image#2714

Update module golang.org/x/crypto to v0.33.0 by @renovate in containers/image#2712

Update module github.com/vbauerster/mpb/v8 to v8.9.2 by @renovate in containers/image#2711

Update module github.com/sigstore/rekor to v1.3.9 by @renovate in containers/image#2697

Update dependency golangci/golangci-lint to v1.64.3 by @renovate in containers/image#2715

Update dependency golangci/golangci-lint to v1.64.4 by @renovate in containers/image#2716

Update module github.com/sigstore/sigstore to v1.8.14 by @renovate in containers/image#2720

Update dependency golangci/golangci-lint to v1.64.5 by @renovate in containers/image#2719

policy.json BYOPKI signature verification API by @QiWang19 in containers/image#2579

Update module github.com/klauspost/compress to v1.18.0 by @renovate in containers/image#2722

Update module github.com/sigstore/sigstore to v1.8.15 by @renovate in containers/image#2723

Small cleanups + one bug fix by @mtrmac in containers/image#2718

oci/layout: add GetLocalBlobPath() by @Luap99 in containers/image#2728

Update module github.com/docker/docker to v28 by @renovate in containers/image#2727

Update module github.com/docker/cli to v28 by @renovate in containers/image#2726

OCPBUGS-51217: CVE-2025-27144: Bump go-jose to v4.0.5 by @sherine-k in containers/image#2738

Update module github.com/vbauerster/mpb/v8 to v8.9.3 by @renovate in containers/image#2735

Update module github.com/go-jose/go-jose/v3 to v3.0.4 [SECURITY] by @renovate in containers/image#2739

Update module github.com/docker/docker to v28.0.1+incompatible by @renovate in containers/image#2737

Update module github.com/docker/cli to v28.0.1+incompatible by @renovate in containers/image#2736

feat: add DestinationTimestamp to copy options by @aeijdenberg in containers/image#2730

fix(deps): update module github.com/docker/docker-credential-helpers to v0.9.1 by @renovate in containers/image#2740

Fix omitempty for PKI struct by @QiWang19 in containers/image#2746

fix: handle error on Close() of writable objects by @aeijdenberg in containers/image#2731

fix(deps): update github.com/containers/storage digest to 700b765 by @renovate in containers/image#2748

fix(deps): update github.com/cyberphone/json-canonicalization digest to 19d51d7 by @renovate in containers/image#2749

chore(deps): update dependency golangci/golangci-lint to v1.64.6 by @renovate in containers/image#2751

Merge back v5.34.1 into main by @Luap99 in containers/image#2755

fix(deps): update module github.com/opencontainers/image-spec to v1.1.1 by @renovate in containers/image#2752

Microoptimize an API use per gopls modernize by @mtrmac in containers/image#2732

Misc small nits to CI and build by @kolyshkin in containers/image#2573

fix(deps): update module github.com/docker/docker-credential-helpers to v0.9.2 by @renovate in containers/image#2757

fix: typo err and grammar err by @warjiang in containers/image#2758

Update c/storage after containers/storage#2276 by @mtrmac in containers/image#2769

Improve handling and documentation of various transport reference corner cases by @mtrmac in containers/image#2767

Migrate from github.com/xeipuuv/gojsonschema to github.com/santhosh-tekuri/jsonschema/v5 by @mtrmac in containers/image#2756

Don't silently ignore errors determining size in TryReuseBlob by @mtrmac in containers/image#2709

Add proxy for dockerClient by @warjiang in containers/image#2764

chore(deps): update dependency golangci/golangci-lint to v1.64.7 by @renovate in containers/image#2773

Update to Go 1.23 by @mtrmac in containers/image#2774

... (truncated)

Commits

617c288 Bump to c/image v5.35.0
1b83b3a Bump to c/storage v1.58.0
4279b17 Merge pull request #2826 from containers/renovate/golangci-golangci-lint-2.x
1d14076 chore(deps): update dependency golangci/golangci-lint to v2.1.1
12c8495 Merge pull request #2824 from containers/renovate/github.com-sigstore-rekor-1.x
010f504 fix(deps): update module github.com/sigstore/rekor to v1.3.10
9b83c49 Merge pull request #2823 from Luap99/github
a4b363d .github: check_cirrus_cron work around github bug
37150b4 .github: remove cirrus rerun action
6116c41 Merge pull request #2822 from containers/renovate/github.com-sigstore-sigstor...
Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.7.4 to 5.7.5

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.7.5 (May 17, 2025)

Support sslnegotiation connection option (divyam234)

Update golang.org/x/crypto to v0.37.0. This placates security scanners that were unable to see that pgx did not use the behavior affected by https://pkg.go.dev/vuln/GO-2025-3487.

TraceLog now logs Acquire and Release at the debug level (dave sinclair)

Add support for PGTZ environment variable

Add support for PGOPTIONS environment variable

Unpin memory used by Rows quicker

Remove PlanScan memoization. This resolves a rare issue where scanning could be broken for one type by first scanning another. The problem was in the memoization system and benchmarking revealed that memoization was not providing any meaningful benefit.

Commits

15bca4a Release v5.7.5
1d557f9 Remove PlanScan memoization
de7fe81 Use reflect.TypeFor instead of reflect.TypeOf
d9eb089 Remove unused function
6be24eb Fix comment typo
07871c0 Zero internal baseRows references to allow GC earlier
777e7e5 Merge pull request #2313 from stampy88/tracelog_pool_additions
151bd02 Switched to LogLevelDebug
540fcaa Add support for PGOPTIONS environment variable
3a248e3 Add support for PGTZ environment variable
Additional commits viewable in compare view

Updates github.com/microsoft/go-mssqldb from 1.8.0 to 1.8.1

Commits

6b3e174 replace ioutil with io everywhere (#258)
46d39b9 bump: github.com/golang-jwt/jwt/v5 v5.2.1 => v5.2.2 (#256)
549c925 isProc: recognize builtin-commands (#252)
b9933eb DATETIME: fix 1/300 of a seconds rounding logic (Bulk Copy related) (#242)
e804768 Add JSON-encoded version of NULL uniqueidentifier (#238)
d27f997 Try to fix the github PR validation workflow (#240)
ba24acc Fix GUID conversion (#207)
See full diff in compare view

Updates github.com/miekg/dns from 1.1.65 to 1.1.66

Commits

10d76bc Release 1.1.66
ed312a3 Fix logic in xfr ReadMsg + add test (#1649)
27318b9 RFC 8490: Implement DSO type registry
01abd80 DSO: Use Stateful as the suffix
64211b3 Add the rcode DSO-TYPE Not Implemented / RFC8490 (#1648)
8ec9f67 Upgrade all deps (#1647)
8a570c6 A comment concerning newline while scanning (#1645)
739cf21 Return error for empty target (#1627)
See full diff in compare view

Updates github.com/shirou/gopsutil/v4 from 4.25.3 to 4.25.4

Release notes

Sourced from github.com/shirou/gopsutil/v4's releases.

v4.25.4

What's Changed

cpu

fix nil ptr by @dvovk in shirou/gopsutil#1835

Fix win32_SystemProcessorPerformanceInformation struct by @niemp100 in shirou/gopsutil#1831

disk

[disk][linux] add bcachefs magic by @NewbieOrange in shirou/gopsutil#1838

host

refactor: using fmt.Errorf in InfoWithContext by @s0ders in shirou/gopsutil#1840

Other Changes

fix: update github actions runner images by @shirou in shirou/gopsutil#1841

chore: enable govet linter by @mmorel-35 in shirou/gopsutil#1825

[chore]: bump golangci-lint to v2.1.1 by @mmorel-35 in shirou/gopsutil#1829

chore: enable ineffassign linter by @mmorel-35 in shirou/gopsutil#1843

New Contributors

@NewbieOrange made their first contribution in shirou/gopsutil#1838

@dvovk made their first contribution in shirou/gopsutil#1835

@niemp100 made their first contribution in shirou/gopsutil#1831

@s0ders made their first contribution in shirou/gopsutil#1840

Full Changelog: shirou/gopsutil@v4.25.3...v4.25.4

Commits

3ba33b4 Merge pull request #1843 from mmorel-35/golangci-lint/ineffassign
6469062 chore: enable ineffassign linter
af2d6de Merge pull request #1825 from mmorel-35/golangci-lint/govet
10be661 chore: enable govet linter
3c34181 Merge pull request #1841 from shirou/feat/update_github_action_runners_images
c43a933 fix: update github actions runner images
f9f5620 Merge pull request #1840 from s0ders/refactor/host-info-error-msg
0bbc484 refactor: using fmt.Errorf on some error returns.
7d9af6f Merge pull request #1829 from mmorel-35/golangci-lint@v2
61f624b Merge pull request #1831 from niemp100/win32_cpu_values
Additional commits viewable in compare view

Updates github.com/vishvananda/netlink from 1.3.0 to 1.3.1

Release notes

Sourced from github.com/vishvananda/netlink's releases.

v1.3.1

What's Changed

Fix deprecated comments by @champtar in vishvananda/netlink#1011

Fix: Do not crash when enumerating tc filters with unknown actionType by @Matus-p in vishvananda/netlink#1013

Fix SetSendTimeout/SetReceiveTimeout by @robmry in vishvananda/netlink#1012

capture and return errors in ConntrackDeleteFilters by @aroradaman in vishvananda/netlink#1014

Fix FouList attribute body truncated error with kernel 5.2+ by @chanfung032 in vishvananda/netlink#1017

Preserve results when NLM_F_DUMP_INTR is set by @robmry in vishvananda/netlink#1018

netkit: Add support for IFLA_NETKIT_SCRUB and IFLA_NETKIT_PEER_SCRUB by @jrife in vishvananda/netlink#1022

fix CI failed Incidental in TestRuleListFiltered by @wangling94 in vishvananda/netlink#1043

disable broadcast if broadcast is set to net.IPv4zero by @WeidiDeng in vishvananda/netlink#1037

.github/workflows: Bump CI Go version to v1.22 by @dylandreimerink in vishvananda/netlink#1049

TC FLOWER enrich match field and action about vlan by @wangling94 in vishvananda/netlink#1045

link_linux: Add deserialization of IFF_RUNNING flag by @dylandreimerink in vishvananda/netlink#1038

Preserve results when NLM_F_DUMP_INTR is set by @adrianmoisey in vishvananda/netlink#1050

Add IFLA_PARENT_DEV_NAME / IFLA_PARENT_DEV_BUS_NAME to links by @akerouanton in vishvananda/netlink#1051

conntrack: prevent potential memory leak by @aroradaman in vishvananda/netlink#1058

Fix parsing 4-bytes attribute by @Asphaltt in vishvananda/netlink#1034

fix: Use correct offset for unix socket diagnosis by @srebhan in vishvananda/netlink#1061

vxlan: Fix parseVxlanData for source port range by @borkmann in vishvananda/netlink#1062

netkit: Allow setting MAC address in L2 mode by @jrife in vishvananda/netlink#1063

Add support for MTU Lock by @trozet in vishvananda/netlink#1067

pedit: Fix EncodeActions to add TcGen for pedit action by @chent1996 in vishvananda/netlink#1065

go.mod: github.com/vishvananda/netns v0.0.5 by @thaJeztah in vishvananda/netlink#1056

Add OifIndex option for RouteGetWithOptions by @dylandreimerink in vishvananda/netlink#1060

Support TC "sample" filter action by @lorenz in vishvananda/netlink#1042

Add support for XFRMA_SA_DIR and XFRMA_SA_PCPU attributes for XFRM by @ChinmayaSharma-hue in vishvananda/netlink#1044

Add support for ARP/ND Timestamps when retriving neighbors by @jlamanna in vishvananda/netlink#1039

New Contributors

@Matus-p made their first contribution in vishvananda/netlink#1013

@robmry made their first contribution in vishvananda/netlink#1012

@chanfung032 made their first contribution in vishvananda/netlink#1017

@jrife made their first contribution in vishvananda/netlink#1022

@wangling94 made their first contribution in vishvananda/netlink#1043

@WeidiDeng made their first contribution in vishvananda/netlink#1037

@dylandreimerink made their first contribution in vishvananda/netlink#1049

@adrianmoisey made their first contribution in vishvananda/netlink#1050

@akerouanton made their first contribution in vishvananda/netlink#1051

@Asphaltt made their first contribution in vishvananda/netlink#1034

@trozet made their first contribution in vishvananda/netlink#1067

@ChinmayaSharma-hue made their first contribution in vishvananda/netlink#1044

@jlamanna made their first contribution in vishvananda/netlink#1039

Full Changelog: vishvananda/netlink@v1.3.0...v1.3.1

What's Changed

Fix deprecated comments by @champtar in vishvananda/netlink#1011

Fix: Do not crash when enumerating tc filters with unknown actionType by @Matus-p in vishvananda/netlink#1013

Fix SetSendTimeout/SetReceiveTimeout by @robmry in vishvananda/netlink#1012

... (truncated)

Commits

17daef6 vlan: add support for flags and qos maps
b929916 filter: add classid and port range support for flower
06c2c01 feat: add vlanid - tunnelid mapping support
c4bb4f9 rdma: support rdma metrics: resource and statistic
e9f11f7 bugfix: parse ipv4 src/dst error
1f4f72c Mimic ipset C code for determining correct default ipset revision
2426b05 qdisc: fix wrong type info of tc_sfq_qopt
a2e4b9a veth: allow configuring peer attributes beyond namespace and address
9d88d83 feat: add support for RtoMin lock
6b5dd30 geneve: Support setting/getting source port range
Additional commits viewable in compare view

Updates github.com/vmware-tanzu/velero from 1.16.0 to 1.16.1

Release notes

Sourced from github.com/vmware-tanzu/velero's releases.

v1.16.1

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.16.1

Container Image

velero/velero:v1.16.1

Documentation

https://velero.io/docs/v1.16/

Upgrading

https://velero.io/docs/v1.16/upgrade-to-1.16/

All Changes

Call WaitGroup.Done() once only when PVB changes to final status the first time to avoid panic (#8940, @ywk253100)

Add VolumeSnapshotContent into the RIA and the mustHave resource list. (#8926, @blackpiglet)

Warn for not found error in patching managed fields (#8916, @sseago)

Fix issue 8878, relief node os deduction error checks (#8911, @Lyndon-Li)

v1.16.1-rc.1

v1.16.1

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.16.1-rc.1

Container Image

velero/velero:v1.16.1-rc.1

Documentation

https://velero.io/docs/v1.16/

Upgrading

https://velero.io/docs/v1.16/upgrade-to-1.16/

All Changes

Call WaitGroup.Done() once only when PVB changes to final status the first time to avoid panic (#8940, @ywk253100)

Add VolumeSnapshotContent into the RIA and the mustHave resource list. (#8926, @blackpiglet)

Warn for not found error in patching managed fields (#8916, @sseago)

Fix issue 8878, relief node os deduction error checks (#8911, @Lyndon-Li)

Commits

2eb97fa Merge pull request #8940 from ywk253100/250514_fix
f64fb36 Call WaitGroup.Done() once only when PVB changes to final status the first ti...
4bd86f1 Merge pull request #8939 from blackpiglet/modify_image_usage_1.16
18ef5e6 Support using image registry proxy in more cases.
01aa538 Add default bakcup repository configuration for E2E.
3617172 Merge pull request #8928 from Lyndon-Li/release-1.16
82dce51 1.16.1 changelog update
659a352 Add VolumeSnapshotContent into the RIA and the mustHave resource list. (#8926)
9eeea4f Merge pull request #8922 from Lyndon-Li/release-1.16
e1068d6 bump up base image
Additional commits viewable in compare view

Updates golang.org/x/sync from 0.13.0 to 0.14.0

Commits

506c70f errgroup: propagate panic and Goexit through Wait
See full diff in compare view

Updates k8s.io/api from 0.32.3 to 0.33.1

Commits

04f698e Update dependencies to v0.33.1 tag
16cedc7 Merge pull request #131088 from atiratree/rename-terminating-replicas-fg
dc88679 Merge pull request #131103 from ahrtr/etcd_sdk_20250328
4a456a2 bump etcd 3.5.21 sdk
96e38c9 rename DeploymentPodReplacementPolicy FG to DeploymentReplicaSetTerminatingRe...
c21a017 Merge pull request #129970 from mortent/AddResourceV1beta2API
d0673db Run make update
118546d Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
f9401a3 Merge pull request #130797 from jm-franc/configurable-tolerance
9b3e544 Generated UPDATE_COMPATIBILITY_FIXTURE_DATA
Additional commits viewable in compare view

Updates k8s.io/apiextensions-apiserver from 0.32.3 to 0.33.1

Commits

a0cfc63 Update dependencies to v0.33.1 tag
c066cbe Merge remote-tracking branch 'origin/master' into release-1.33
08c3d2f Move to released version of prometheus/client_golang v1.22.0 from rc.0
7c1033e fix narrow spaces of %e for x/net bump
cdf67dd bump etcd 3.5.21 sdk
b8b1528 Merge pull request #129872 from seans3/websocket-https-proxy
d5c7de8 Websocket HTTPS proxy support
de39b8d Merge pull request #130899 from serathius/watchcache-error
7022eab Merge pull request #130020 from mozillazg/patch-3
718a2c7 Merge pull request #130906 from serathius/streaming-validation
Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.32.3 to 0.33.1

Commits

173776a Merge pull request #131708tigrato/automated-cherry-pick-of-#131702
a3d1fde fix: fixes a possible panic in NewYAMLToJSONDecoder
955939f bump etcd 3.5.21 sdk
e8a77bd Merge pull request #130910 from googs1025/fix/datarace
7e8c77e Merge pull request #130906 from serathius/streaming-validation
27fd396 flake: fix data race for func TestBackoff_Step
8bcc6f1 Update kube-openapi and integrate streaming tags validation
6ce776c Merge pull request #130857 from thockin/kk_small_vg_diffs
f2c94d6 Comment on origin and JSON schema
b63ba07 Use origin in validateFalse's own test
Additional commits viewable in compare view

Updates k8s.io/apiserver from 0.32.3 to 0.33.1

Commits

338d7b8 Update dependencies to v0.33.1 tag
1fb809d Merge remote-tracking branch 'origin/master' into release-1.33
6aae451 Stop exposing list-via-watch from the server
345c8cf Merge remote-tracking branch 'origin/master' into release-1.33
11e6080 Merge pull request #131196 from siyuanfoundation/forward-api
e87c9db Move to released version of prometheus/client_golang v1.22.0 from rc.0
9ca332f bug fix: fix version order in emulation forward compatibility.
d4f2fc5 Merge pull request #131020 from wojtek-t/fix_asynchronous_error
beaef1d Merge pull request #131103 from ahrtr/etcd_sdk_20250328
1776f0c Parallelize cacher list tests
Additional commits viewable in compare view

Updates k8s.io/cli-runtime from 0.32.3 to 0.33.1

Commits

8aa16c9 Update dependencies to v0.33.1 tag
2811321 bump etcd 3.5.21 sdk
b44307f Merge pull request #129872 from seans3/websocket-https-proxy
f7c023c Websocket HTTPS proxy support
178adec Merge pull request #130906 from serathius/streaming-validation
1e2dc5c Update kube-openapi and integrate streaming tags validation
7d637a3 Merge pull request #130555 from thockin/k_k_randfill
67be32d Vendor randfill
2dc7b80 Merge pull request #130569 from dims/update-to-latest-cadvisor-v0.52.0
a4e93f9 update to v1.22.0-rc.0
Additional commits viewable in compare view

Updates k8s.io/client-go from 0.32.3 to 0.33.1

Commits

e7397e5 Update dependencies to v0.33.1 tag
ecbbb06 bump etcd 3.5.21 sdk
2086688 Merge pull request #129970 from mortent/AddResourceV1beta2API
dba34c7 Run make update
e359642 Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
3bf0a05 Merge pull request #130797 from jm-franc/configurable-tolerance
7a03a3b Generated files
1676beb Refresh autogenerated files following the configurable tolerance updates.
387edb8 Merge pull request #130967 from aojea/listers
21dc3b4 benchmark to show inefficient linear search lookup
Additional commits viewable in compare view

Updates golang.org/x/net from 0.39.0 to 0.40.0

Commits

7d6e62a go.mod: update golang.org/x dependencies
ea0c1d9 internal/timeseries: use built-in max/min to simplify the code
3e7a445 quic: skip packet numbers for optimistic ack defense
3f563d3 quic: use an enum for sentPacket state
a3b6e77 quic: don't re-lose packets when discarding keys
22500a6 quic: decode packet numbers >255 in tests
dd0b200 quic: remove go1.21 build constraint
See full diff in compare view

Updates golang.org/x/sys from 0.32.0 to 0.33.0

Commits

3d9a6b8 windows: add WSADuplicateSocket
c0a9559 cpu: add crypto extensions detection for riscv64
8e9e046 windows: add virtual key codes and console input consts
7138967 windows: fix slicing of NTUnicodeString values
6a85559 windows: fix dangling pointers in (*SECURITY_DESCRIPTOR).ToAbsolute
See full diff in compare view

Updates golang.org/x/text from 0.24.0 to 0.25.0

Commits

700cc20 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates helm.sh/helm/v3 from 3.17.3 to 3.18.0

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.18.0 is a feature release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

Join the discussion in Kubernetes Slack:

for questions and just to hang out

for discussing PRs, code, and bugs

Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom

Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

Add support for JSON Schema 2020

Enabled cpu and memory profiling

Add hook annotation to output hook logs to client on error

Installation and Upgrading

Download Helm v3.18.0. The common platform binaries are here:

MacOS amd64 (checksum / 2be99836549413c2f0212d644e8740abd8ba5d7f55484c29d3363cea339891d9)

MacOS arm64 (checksum / 4ce30bd86a3fc4f31d297827a5bf5b10ced8c4da2ff810bf9f53f561dbed7d10)

Linux amd64 (checksum / 961e587fc2c03807f8a99ac25ef063fa9e6915f1894729399cbb95d2a79af931)

Description has been truncated

Bumps the security group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/casbin/govaluate](https://github.com/casbin/govaluate) | `1.3.0` | `1.4.0` | | [github.com/containers/image/v5](https://github.com/containers/image) | `5.34.3` | `5.35.0` | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.4` | `5.7.5` | | [github.com/microsoft/go-mssqldb](https://github.com/microsoft/go-mssqldb) | `1.8.0` | `1.8.1` | | [github.com/miekg/dns](https://github.com/miekg/dns) | `1.1.65` | `1.1.66` | | [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) | `4.25.3` | `4.25.4` | | [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) | `1.3.0` | `1.3.1` | | [github.com/vmware-tanzu/velero](https://github.com/vmware-tanzu/velero) | `1.16.0` | `1.16.1` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.13.0` | `0.14.0` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.32.3` | `0.33.1` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.32.3` | `0.33.1` | | [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.32.3` | `0.33.1` | | [golang.org/x/net](https://github.com/golang/net) | `0.39.0` | `0.40.0` | | [helm.sh/helm/v3](https://github.com/helm/helm) | `3.17.3` | `3.18.0` | | [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.32.3` | `0.33.1` | Updates `github.com/casbin/govaluate` from 1.3.0 to 1.4.0 - [Release notes](https://github.com/casbin/govaluate/releases) - [Changelog](https://github.com/casbin/govaluate/blob/master/.releaserc.json) - [Commits](casbin/govaluate@v1.3.0...v1.4.0) Updates `github.com/containers/image/v5` from 5.34.3 to 5.35.0 - [Release notes](https://github.com/containers/image/releases) - [Commits](containers/image@v5.34.3...v5.35.0) Updates `github.com/jackc/pgx/v5` from 5.7.4 to 5.7.5 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.7.4...v5.7.5) Updates `github.com/microsoft/go-mssqldb` from 1.8.0 to 1.8.1 - [Release notes](https://github.com/microsoft/go-mssqldb/releases) - [Changelog](https://github.com/microsoft/go-mssqldb/blob/main/CHANGELOG.md) - [Commits](microsoft/go-mssqldb@v1.8.0...v1.8.1) Updates `github.com/miekg/dns` from 1.1.65 to 1.1.66 - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](miekg/dns@v1.1.65...v1.1.66) Updates `github.com/shirou/gopsutil/v4` from 4.25.3 to 4.25.4 - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](shirou/gopsutil@v4.25.3...v4.25.4) Updates `github.com/vishvananda/netlink` from 1.3.0 to 1.3.1 - [Release notes](https://github.com/vishvananda/netlink/releases) - [Commits](vishvananda/netlink@v1.3.0...v1.3.1) Updates `github.com/vmware-tanzu/velero` from 1.16.0 to 1.16.1 - [Release notes](https://github.com/vmware-tanzu/velero/releases) - [Changelog](https://github.com/vmware-tanzu/velero/blob/main/CHANGELOG.md) - [Commits](vmware-tanzu/velero@v1.16.0...v1.16.1) Updates `golang.org/x/sync` from 0.13.0 to 0.14.0 - [Commits](golang/sync@v0.13.0...v0.14.0) Updates `k8s.io/api` from 0.32.3 to 0.33.1 - [Commits](kubernetes/api@v0.32.3...v0.33.1) Updates `k8s.io/apiextensions-apiserver` from 0.32.3 to 0.33.1 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.32.3...v0.33.1) Updates `k8s.io/apimachinery` from 0.32.3 to 0.33.1 - [Commits](kubernetes/apimachinery@v0.32.3...v0.33.1) Updates `k8s.io/apiserver` from 0.32.3 to 0.33.1 - [Commits](kubernetes/apiserver@v0.32.3...v0.33.1) Updates `k8s.io/cli-runtime` from 0.32.3 to 0.33.1 - [Commits](kubernetes/cli-runtime@v0.32.3...v0.33.1) Updates `k8s.io/client-go` from 0.32.3 to 0.33.1 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.32.3...v0.33.1) Updates `golang.org/x/net` from 0.39.0 to 0.40.0 - [Commits](golang/net@v0.39.0...v0.40.0) Updates `golang.org/x/sys` from 0.32.0 to 0.33.0 - [Commits](golang/sys@v0.32.0...v0.33.0) Updates `golang.org/x/text` from 0.24.0 to 0.25.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.24.0...v0.25.0) Updates `helm.sh/helm/v3` from 3.17.3 to 3.18.0 - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.17.3...v3.18.0) Updates `k8s.io/kubelet` from 0.32.3 to 0.33.1 - [Commits](kubernetes/kubelet@v0.32.3...v0.33.1) Updates `k8s.io/metrics` from 0.32.3 to 0.33.0 - [Commits](kubernetes/metrics@v0.32.3...v0.33.0) --- updated-dependencies: - dependency-name: github.com/casbin/govaluate dependency-version: 1.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: github.com/containers/image/v5 dependency-version: 5.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.7.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/microsoft/go-mssqldb dependency-version: 1.8.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/miekg/dns dependency-version: 1.1.66 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/shirou/gopsutil/v4 dependency-version: 4.25.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/vishvananda/netlink dependency-version: 1.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/vmware-tanzu/velero dependency-version: 1.16.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: golang.org/x/sync dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/api dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/apimachinery dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/apiserver dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/cli-runtime dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/client-go dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/net dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/sys dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/text dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: helm.sh/helm/v3 dependency-version: 3.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/kubelet dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/metrics dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies go type::security labels May 19, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the security group across 1 directory with 21 updates #1789

chore(deps): bump the security group across 1 directory with 21 updates #1789

Uh oh!

dependabot bot commented on behalf of github May 19, 2025 •

edited

Loading

Uh oh!

Uh oh!

chore(deps): bump the security group across 1 directory with 21 updates #1789

Are you sure you want to change the base?

chore(deps): bump the security group across 1 directory with 21 updates #1789

Uh oh!

Conversation

dependabot bot commented on behalf of github May 19, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.4.0

1.4.0 (2025-05-10)

Features

v5.35.0

What's Changed

5.7.5 (May 17, 2025)

v4.25.4

What's Changed

cpu

disk

host

Other Changes

New Contributors

v1.3.1

What's Changed

New Contributors

What's Changed

v1.16.1

Download

Container Image

Documentation

Upgrading

All Changes

v1.16.1-rc.1

v1.16.1

Download

Container Image

Documentation

Upgrading

All Changes

Notable Changes

Installation and Upgrading

Uh oh!

Uh oh!

dependabot bot commented on behalf of github May 19, 2025 •

edited

Loading