build(deps): bump the gomod-dependencies group across 1 directory with 12 updates

[dependabot]

Bumps the gomod-dependencies group with 7 updates in the / directory:

Package	From	To
github.com/onsi/ginkgo/v2	2.21.0	2.23.4
github.com/prometheus/common	0.63.0	0.64.0
github.com/prometheus/prometheus	0.303.1	0.304.0
github.com/spf13/cobra	1.8.1	1.9.1
k8s.io/api	0.33.0	0.33.1
k8s.io/apiserver	0.33.0	0.33.1
k8s.io/metrics	0.33.0	0.33.1

Updates github.com/onsi/ginkgo/v2 from 2.21.0 to 2.23.4

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.23.4

2.23.4

Prior to this release Ginkgo would compute the incorrect number of available CPUs when running with -p in a linux container. Thanks to @​emirot for the fix!

Features

• Add automaxprocs for using CPUQuota [2b9c428]

Fixes

• clarify gotchas about -vet flag [1f59d07]

Maintenance

• bump dependencies [2d134d5]

v2.23.3

2.23.3

Fixes

• allow - as a standalone argument [cfcc1a5]
• Bug Fix: Add GinkoTBWrapper.Chdir() and GinkoTBWrapper.Context() [feaf292]
• ignore exit code for symbol test on linux [88e2282]

v2.23.2

2.23.2

🎉🎉🎉

At long last, some long-standing performance gaps between ginkgo and go test have been resolved!

Ginkgo operates by running go test -c to generate test binaries, and then running those binaries. It turns out that the compilation step of go test -c is slower than go test's compilation step because go test strips out debug symbols (ldflags=-w) whereas go test -c does not.

Ginkgo now passes the appropriate ldflags to go test -c when running specs to strip out symbols. This is only done when it is safe to do so and symbols are preferred when profiling is enabled and when ginkgo build is called explicitly.

This, coupled, with the instructions for disabling XProtect on MacOS yields a much better performance experience with Ginkgo.

v2.23.1

2.23.1

🚨 For users on MacOS 🚨

A long-standing Ginkgo performance issue on MacOS seems to be due to mac's antimalware XProtect. You can follow the instructions here to disable it in your terminal. Doing so sped up Ginkgo's own test suite from 1m8s to 47s.

Fixes

Ginkgo's CLI is now a bit clearer if you pass flags in incorrectly:

• make it clearer that you need to pass a filename to the various profile flags, not an absolute directory [a0e52ff]
• emit an error and exit if the ginkgo invocation includes flags after positional arguments [b799d8d]

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.23.4

Prior to this release Ginkgo would compute the incorrect number of available CPUs when running with -p in a linux container. Thanks to @​emirot for the fix!

Features

• Add automaxprocs for using CPUQuota [2b9c428]

Fixes

• clarify gotchas about -vet flag [1f59d07]

Maintenance

• bump dependencies [2d134d5]

2.23.3

Fixes

• allow - as a standalone argument [cfcc1a5]
• Bug Fix: Add GinkoTBWrapper.Chdir() and GinkoTBWrapper.Context() [feaf292]
• ignore exit code for symbol test on linux [88e2282]

2.23.2

🎉🎉🎉

At long last, some long-standing performance gaps between ginkgo and go test have been resolved!

Ginkgo operates by running go test -c to generate test binaries, and then running those binaries. It turns out that the compilation step of go test -c is slower than go test's compilation step because go test strips out debug symbols (ldflags=-w) whereas go test -c does not.

Ginkgo now passes the appropriate ldflags to go test -c when running specs to strip out symbols. This is only done when it is safe to do so and symbols are preferred when profiling is enabled and when ginkgo build is called explicitly.

This, coupled, with the instructions for disabling XProtect on MacOS yields a much better performance experience with Ginkgo.

2.23.1

🚨 For users on MacOS 🚨

A long-standing Ginkgo performance issue on MacOS seems to be due to mac's antimalware XProtect. You can follow the instructions here to disable it in your terminal. Doing so sped up Ginkgo's own test suite from 1m8s to 47s.

Fixes

Ginkgo's CLI is now a bit clearer if you pass flags in incorrectly:

• make it clearer that you need to pass a filename to the various profile flags, not an absolute directory [a0e52ff]
• emit an error and exit if the ginkgo invocation includes flags after positional arguments [b799d8d]

This might cause existing CI builds to fail. If so then it's likely that your CI build was misconfigured and should be corrected. Open an issue if you need help.

2.23.0

... (truncated)

Commits

• 229c981 v2.23.4
• 2d134d5 bump dependencies
• 2b9c428 Add automaxprocs for using CPUQuota
• 31137de Revert "Add automaxprocs to automatically match the linux container CPU Quota"
• 91b11b8 Add automaxprocs to automatically match the linux container CPU Quota
• cdfddb6 maybe escape quotes when you put them in a quoted string.
• 1f59d07 clarify gotchas about -vet flag
• 7ab7d10 bump all the things
• 04a9a74 v2.23.3
• cfcc1a5 allow - as a standalone argument
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.35.1 to 1.36.3

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.36.3

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822) [9fe5259]
• remove spurious "toolchain" from go.mod (#819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#800) [b55a92d]
• Fix typos (#813) [a1d518b]

v1.36.2

Maintenance

• Bump nokogiri from 1.16.3 to 1.16.5 in /docs by @​dependabot in onsi/gomega#757
• Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.22.1 by @​dependabot in onsi/gomega#808
• Bump golang.org/x/net from 0.30.0 to 0.33.0 by @​dependabot in onsi/gomega#807
• Bump google.golang.org/protobuf from 1.35.1 to 1.36.1 by @​dependabot in onsi/gomega#810

v1.36.1

1.36.1

Fixes

• Fix onsi/gomega#803 [1c6c112]
• resolves onsi/gomega#696: make HaveField great on pointer receivers given only a non-addressable value [4feb9d7]

v1.36.0

1.36.0

Features

• new: make collection-related matchers Go 1.23 iterator aware [4c964c6]

Maintenance

• Replace min/max helpers with built-in min/max [ece6872]
• Fix some typos in docs [8e924d7]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822) [9fe5259]
• remove spurious "toolchain" from go.mod (#819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#800) [b55a92d]
• Fix typos (#813) [a1d518b]

1.36.2

Maintenance

• Bump google.golang.org/protobuf from 1.35.1 to 1.36.1 (#810) [9a7609d]
• Bump golang.org/x/net from 0.30.0 to 0.33.0 (#807) [b6cb028]
• Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.22.1 (#808) [5756529]
• Bump nokogiri from 1.16.3 to 1.16.5 in /docs (#757) [dabc12e]

1.36.1

Fixes

• Fix onsi/gomega#803 [1c6c112]
• resolves onsi/gomega#696: make HaveField great on pointer receivers given only a non-addressable value [4feb9d7]

1.36.0

Features

• new: make collection-related matchers Go 1.23 iterator aware [4c964c6]

Maintenance

• Replace min/max helpers with built-in min/max [ece6872]
• Fix some typos in docs [8e924d7]

Commits

• 2251143 v1.36.3
• adb8b49 bump all the things
• 7613216 chore: replace interface{} with any
• 9fe5259 Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822)
• a0e85b9 remove spurious "toolchain" from go.mod (#819)
• 604a8b1 Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823)
• 36fbc84 Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772)
• ced70d7 Bump github-pages from 231 to 232 in /docs (#778)
• c8b4a07 Bump rexml from 3.2.6 to 3.3.9 in /docs (#788)
• 06431b9 Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812)
• Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.63.0 to 0.64.0

Release notes

Sourced from github.com/prometheus/common's releases.

v0.64.0

What's Changed

• Add deprecation notice to otlptranslator by @​ArthurSens in prometheus/common#773
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#774
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#775
• Update Go by @​SuperQ in prometheus/common#770
• chore: Upgrade golangci-lint to v2 by @​kakkoyun in prometheus/common#779
• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by @​dependabot in prometheus/common#777
• build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 by @​dependabot in prometheus/common#776
• promslog: Use the default timezone (again) by @​beorn7 in prometheus/common#739
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#787
• build(deps): bump github.com/prometheus/client_model from 0.6.1 to 0.6.2 by @​dependabot in prometheus/common#784
• build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 by @​dependabot in prometheus/common#785
• build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 by @​dependabot in prometheus/common#786
• refactor(promslog): make NewNopLogger() wrapper around New() by @​tjhop in prometheus/common#783
• build(deps): bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 by @​dependabot in prometheus/common#788

New Contributors

• @​kakkoyun made their first contribution in prometheus/common#779

Full Changelog: prometheus/common@v0.63.0...v0.64.0

Commits

• 6a35e02 build(deps): bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#788)
• 487c180 refactor(promslog): make NewNopLogger() wrapper around New() (#783)
• b8eddd7 build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 (#786)
• 8048031 build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#785)
• 4ca345a build(deps): bump github.com/prometheus/client_model from 0.6.1 to 0.6.2 (#784)
• 633961f Merge pull request #787 from prometheus/repo_sync
• 8c1fb2e Update common Prometheus files
• 8de85c2 Merge pull request #739 from prometheus/beorn7/log
• 31ee791 promslog: Use the default timezone (again)
• 318ef65 build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#776)
• Additional commits viewable in compare view

Updates github.com/prometheus/prometheus from 0.303.1 to 0.304.0

Commits

• 546b1d2 Adjust release date in CHANGELOG.md
• 93f7c78 Release 3.4.0 (#16600)
• 7a92230 Prepare release 3.4.0-rc.0 (#16517)
• 7789ef2 Upgraded npm dependencies pre 3.4.0-rc.0 (#16493)
• 46f1389 [BUILD] Remove Go toolchain line in internal/tools (#16516)
• 2626e0f Merge pull request #16508 from prometheus/dependabot/go_modules/documentation...
• c0f717a Merge pull request #16505 from prometheus/dependabot/go_modules/google.golang...
• 8255377 Merge pull request #16502 from prometheus/dependabot/go_modules/google.golang...
• ea945cc Merge pull request #16499 from prometheus/dependabot/go_modules/github.com/pr...
• 89cacd8 Merge pull request #16507 from prometheus/dependabot/go_modules/github.com/di...
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.8.1 to 1.9.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.9.1

🐛 Fixes

• Fix CompletionFunc implementation by @​ccoVeille in spf13/cobra#2234
• Revert "Make detection for test-binary more universal (#2173)" by @​marckhouzam in spf13/cobra#2235

Full Changelog: spf13/cobra@v1.9.0...v1.9.1

v1.9.0

✨ Features

• Allow linker to perform deadcode elimination for program using Cobra by @​aarzilli in spf13/cobra#1956
• Add default completion command even if there are no other sub-commands by @​marckhouzam in spf13/cobra#1559
• Add CompletionWithDesc helper by @​ccoVeille in spf13/cobra#2231

🐛 Fixes

• Fix deprecation comment for Command.SetOutput by @​thaJeztah in spf13/cobra#2172
• Replace deprecated ioutil usage by @​nirs in spf13/cobra#2181
• Fix --version help and output for plugins by @​nirs in spf13/cobra#2180
• Allow to reset the templates to the default by @​marckhouzam in spf13/cobra#2229

🤖 Completions

• Make Powershell completion work in constrained mode by @​lstemplinger in spf13/cobra#2196
• Improve detection for flags that accept multiple values by @​thaJeztah in spf13/cobra#2210
• add CompletionFunc type to help with completions by @​ccoVeille in spf13/cobra#2220
• Add similar whitespace escape logic to bash v2 completions than in other completions by @​kangasta in spf13/cobra#1743
• Print ActiveHelp for bash along other completions by @​marckhouzam in spf13/cobra#2076
• fix(completions): Complete map flags multiple times by @​gabe565 in spf13/cobra#2174
• fix(bash): nounset unbound file filter variable on empty extension by @​scop in spf13/cobra#2228

🧪 Testing

• Test also with go 1.23 by @​nirs in spf13/cobra#2182
• Make detection for test-binary more universal by @​thaJeztah in spf13/cobra#2173

✍🏼 Documentation

• docs: update README.md by @​eltociear in spf13/cobra#2197
• Improve site formatting by @​nirs in spf13/cobra#2183
• doc: add Conduit by @​raulb in spf13/cobra#2230
• doc: azion project added to the list of CLIs that use cobra by @​maxwelbm in spf13/cobra#2198
• Fix broken links in active_help.md by @​vuil in spf13/cobra#2202
• chore: fix function name in comment by @​zhuhaicity in spf13/cobra#2216

🔧 Dependency upgrades

• build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to 2.0.6 by @​thaJeztah in spf13/cobra#2206
• Update to latest go-md2man by @​mikelolasagasti in spf13/cobra#2201

... (truncated)

Commits

• 40b5bc1 Revert "Make detection for test-binary more universal (#2173)" (#2235)
• a97f9fd fix CompletionFunc implementation (#2234)
• 5f9c408 chore: Upgrade dependencies for v1.9.0 (#2233)
• 24ada7f Remove the default "completion" cmd if it is alone (#1559)
• 680936a New logo
• 8cb30f9 feat: add CompletionWithDesc helper (#2231)
• 17b6dca doc: add Conduit (#2230)
• ab5cadc Allow to reset the templates to the default (#2229)
• 4ba5566 fix(bash): nounset unbound file filter variable on empty extension (#2228)
• 41b26ec Print ActiveHelp for bash along other completions (#2076)
• Additional commits viewable in compare view

Updates github.com/spf13/pflag from 1.0.5 to 1.0.6

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.6

What's Changed

• Add exported functions to preserve pkg/flag compatibility by @​mckern in spf13/pflag#220
• remove dead code for checking error nil by @​yashbhutwala in spf13/pflag#282
• Add IPNetSlice and unit tests by @​rpothier in spf13/pflag#170
• allow for blank ip addresses by @​duhruh in spf13/pflag#316
• add github actions by @​sagikazarmark in spf13/pflag#419

New Contributors

• @​mckern made their first contribution in spf13/pflag#220
• @​yashbhutwala made their first contribution in spf13/pflag#282
• @​rpothier made their first contribution in spf13/pflag#170
• @​duhruh made their first contribution in spf13/pflag#316
• @​sagikazarmark made their first contribution in spf13/pflag#419

Full Changelog: spf13/pflag@v1.0.5...v1.0.6

Commits

• 5ca8134 Merge pull request #419 from spf13/ci
• 100ab0e disable unsupported dependency graph for now
• a0f4ddd fix govet
• f48cbd1 add github actions
• d5e0c06 allow for blank ip addresses (#316)
• 85dd5c8 Add IPNetSlice and unit tests (#170)
• 6971c29 remove dead code for checking error nil (#282)
• 81378bb Add exported functions to preserve pkg/flag compatibility (#220)
• See full diff in compare view

Updates k8s.io/api from 0.33.0 to 0.33.1

Commits

• 04f698e Update dependencies to v0.33.1 tag
• See full diff in compare view

Updates k8s.io/apimachinery from 0.33.0 to 0.33.1

Commits

• 173776a Merge pull request #131708tigrato/automated-cherry-pick-of-#131702
• a3d1fde fix: fixes a possible panic in NewYAMLToJSONDecoder
• See full diff in compare view

Updates k8s.io/apiserver from 0.33.0 to 0.33.1

Commits

• 338d7b8 Update dependencies to v0.33.1 tag
• See full diff in compare view

Updates k8s.io/client-go from 0.33.0 to 0.33.1

Commits

• e7397e5 Update dependencies to v0.33.1 tag
• See full diff in compare view

Updates k8s.io/component-base from 0.33.0 to 0.33.1

Commits

• 849956d Update dependencies to v0.33.1 tag
• See full diff in compare view

Updates k8s.io/metrics from 0.33.0 to 0.33.1

Commits

• 4f046be Update dependencies to v0.33.1 tag
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign dgrisonnet for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[richabanker]

/triage accepted
@RainbowMango can you help take a look here? Thanks!

[RainbowMango]

Sure
/ok-to-test

[RainbowMango]

It is supposed to bump all of the Kubernetes dependencies.

It's no big deal, but it would be great to bump k8s.io/apimachinery, k8s.io/client-go and k8s.io/component-base as well.

In my opinion, we can move this forward, the dependabot will bump the others later.

[RainbowMango]

/lgtm

Waiting for approval from approvers.