Bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.23.1#316
Bump sigs.k8s.io/controller-runtime from 0.14.6 to 0.23.1#316dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.6 to 0.23.1. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.14.6...v0.23.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Free Tier Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0 | ||
| github.com/stretchr/testify v1.8.2 | ||
| golang.org/x/time v0.3.0 | ||
| github.com/stretchr/testify v1.11.1 |
There was a problem hiding this comment.
Incompatible external-snapshotter pinned with new k8s dependencies
High Severity
kubernetes-csi/external-snapshotter/client/v4 v4.2.0 is officially supported only up to Kubernetes 1.22, but this PR bumps all k8s.io/* dependencies to v0.35.0 (Kubernetes 1.35) — a 13 minor-version gap. The v4 client's generated types and clientset were built against k8s ~v0.22 APIs and have never been tested with v0.35. The correct client version for Kubernetes 1.35 is external-snapshotter/client/v8. This creates a high-risk incompatible dependency combination that may cause compilation failures or subtle runtime issues.
Additional Locations (1)
Triggered by project rule: Gemini Project Review Guidelines
| module github.com/fairwindsops/gemini | ||
|
|
||
| go 1.20 | ||
| go 1.25.0 |
There was a problem hiding this comment.
Go version mismatch between go.mod and tooling config
High Severity
The go directive changed from 1.20 to 1.25.0, which in Go 1.21+ acts as a minimum required version. However, .tool-versions specifies golang 1.23 and .circleci/config.yml uses cimg/go:1.23. Developers using asdf/mise will get Go 1.23, which is below the required 1.25.0. While Go's auto-toolchain feature may download 1.25.0 in some environments, the goreleaser CI image (goreleaser/goreleaser:v1.11.4) uses a Go version too old to support automatic toolchain downloads, causing release builds to fail.
Triggered by project rule: Gemini Project Review Guidelines
|
Superseded by #321. |
dependabot
Bot
deleted the
dependabot/go_modules/sigs.k8s.io/controller-runtime-0.23.1
branch
Bumps sigs.k8s.io/controller-runtime from 0.14.6 to 0.23.1.
Release notes
Sourced from sigs.k8s.io/controller-runtime's releases.
... (truncated)
Commits
f52bbb8Merge pull request #3437 from k8s-infra-cherrypick-robot/cherry-pick-3430-to-...4f41337Merge pull request #3438 from k8s-infra-cherrypick-robot/cherry-pick-3434-to-...e29a1b9seedling: Test cache reader waits for cache sync83c8dc3bug: Fakeclient: Fix status apply if existing object has managedFields setbf6bcd5Merge pull request #3436 from k8s-infra-cherrypick-robot/cherry-pick-3431-to-...b6a3a46bug: Fix panic when using CRs with embedded pointer structs7866fb0Merge pull request #3433 from k8s-infra-cherrypick-robot/cherry-pick-3425-to-...90b26f7check to see if informer is synced and started before returning cache129853dMerge pull request #3419 from alvaroaleman/limit-cardinality00b8b07🐛 Limit depthWithPriorityMetric cardinality to 25Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Medium Risk
Upgrades core
controller-runtime/k8s.io/*dependencies and the Go toolchain version, which can introduce build-time breakages or subtle behavior changes in controller interactions with the API server.Overview
Updates the module to Go
1.25.0and bumps Kubernetes/controller dependencies, most notablysigs.k8s.io/controller-runtime0.14.6→0.23.1alongsidek8s.io/api,apimachinery,client-go, andapiextensions-apiservertov0.35.0.Refreshes the dependency graph accordingly (multiple
golang.org/x/*, logging, OpenAPI, YAML/JSON/merge-diff libs) and regeneratesgo.sumto match the new versions.Written by Cursor Bugbot for commit 99ae91f. This will update automatically on new commits. Configure here.