Skip to content

🌱 Bump the dependencies group across 1 directory with 6 updates#5867

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/hack/tools/dependencies-20cf1eb850
Open

🌱 Bump the dependencies group across 1 directory with 6 updates#5867
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/hack/tools/dependencies-20cf1eb850

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 11, 2026
edited
Loading

Bumps the dependencies group with 6 updates in the /hack/tools directory:

Package From To
github.com/itchyny/gojq 0.12.17 0.12.18
github.com/mikefarah/yq/v4 4.48.1 4.52.2
k8s.io/apimachinery 0.34.1 0.34.4
sigs.k8s.io/controller-tools 0.19.0 0.20.0
sigs.k8s.io/kind 0.30.0 0.31.0
sigs.k8s.io/kustomize/kustomize/v5 5.8.0 5.8.1

Updates github.com/itchyny/gojq from 0.12.17 to 0.12.18

Release notes

Sourced from github.com/itchyny/gojq's releases.

Release v0.12.18

  • implement trimstr/1, toboolean/0 function
  • fix last/1 to be included in builtins/0
  • fix --indent 0 to preserve newlines
  • fix string repetition to emit error when the result is too large
  • increase the array index limit to 536870912 (2^29)
  • stop numeric normalization for concurrent execution (see 1ace748d08df)
  • support binding expressions with binary operators (1 + 2 as $x | -$x)
  • improve gojq.NewIter to be a generic function
  • improve logic for getting file contents on JSON parse error
  • improve JSON parsing to preserve the precision of floating-point numbers
  • improve YAML parsing performance and preserve the precision of large integers
  • improve performance and reduce memory allocation of long-running queries
Changelog

Sourced from github.com/itchyny/gojq's changelog.

v0.12.18 (2025-12-02)

  • implement trimstr/1, toboolean/0 function
  • fix last/1 to be included in builtins/0
  • fix --indent 0 to preserve newlines
  • fix string repetition to emit error when the result is too large
  • increase the array index limit to 536870912 (2^29)
  • stop numeric normalization for concurrent execution (see 1ace748d08df)
  • support binding expressions with binary operators (1 + 2 as $x | -$x)
  • improve gojq.NewIter to be a generic function
  • improve logic for getting file contents on JSON parse error
  • improve JSON parsing to preserve the precision of floating-point numbers
  • improve YAML parsing performance and preserve the precision of large integers
  • improve performance and reduce memory allocation of long-running queries
Commits
  • fa534a1 bump up version to 0.12.18
  • d7e1531 update CHANGELOG.md for v0.12.18
  • 672cc79 update dependencies
  • 2263e18 update actions/checkout to v6
  • 5d8a53c add more tests for empty strings and NO_COLOR
  • 97274d3 make use of cmp package for comparisons
  • 3e31863 merge identical cases for getting operator functions
  • e4d456b avoid variable names that shadow built-in functions
  • 19a3975 stop replacing capturing group syntax
  • 5bb6d33 support binding expressions with binary operators (fix #283)
  • Additional commits viewable in compare view

Updates github.com/mikefarah/yq/v4 from 4.48.1 to 4.52.2

Release notes

Sourced from github.com/mikefarah/yq/v4's releases.

v4.52.2

  • Fixed bad instructions file breaking go-install (#2587) Thanks @​theyoprst
  • Fixed TOML table scope after comments (#2588) Thanks @​tomers
  • Multiply uses a readonly context (#2558)
  • Fixed merge globbing wildcards in keys (#2564)
  • Fixing TOML subarray parsing issue (#2581)

v4.52.1 - TOML roundtrip and more!

  • TOML encoder support - you can now roundtrip! #1364

  • Parent now supports negative indices, and added a 'root' command for referencing the top level document

  • Fixed scalar encoding for HCL

  • Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (#2583) Thanks @​jfenal

  • Add symlink check to file rename util (#2576) Thanks @​Elias-elastisys

  • Powershell fixed default command used for __completeNoDesc alias (#2568) Thanks @​teejaded

  • Unwrap scalars in shell output mode. (#2548) Thanks @​flintwinters

  • Added K8S KYAML output format support (#2560) Thanks @​robbat2

  • Bumped dependencies

  • Special shout out to @​ccoVeille for reviewing my PRs!

Thanks to everyone that contributed ❤️

v4.50.1 - HCL!

  • Added HCL Support - First cut - hopefully it works well! (#1844)
  • Fixing handling of CRLF #2352
  • Bumped dependencies

v4.49.2

v4.49.1 - Security Flags and TOML fixes

  • Added --security flags to disable env and file ops #2515
  • Fixing TOML ArrayTable parsing issues #1758
  • Fixing parsing of escaped characters #2506

v4.48.2

Changelog

Sourced from github.com/mikefarah/yq/v4's changelog.

4.52.2:

  • Fixed bad instructions file breaking go-install (#2587) Thanks @​theyoprst
  • Fixed TOML table scope after comments (#2588) Thanks @​tomers
  • Multiply uses a readonly context (#2558)
  • Fixed merge globbing wildcards in keys (#2564)
  • Fixing TOML subarray parsing issue (#2581)

4.52.1:

  • TOML encoder support - you can now roundtrip! #1364

  • Parent now supports negative indices, and added a 'root' command for referencing the top level document

  • Fixed scalar encoding for HCL

  • Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (#2583) Thanks @​jfenal

  • Add symlink check to file rename util (#2576) Thanks @​Elias-elastisys

  • Powershell fixed default command used for __completeNoDesc alias (#2568) Thanks @​teejaded

  • Unwrap scalars in shell output mode. (#2548) Thanks @​flintwinters

  • Added K8S KYAML output format support (#2560) Thanks @​robbat2

  • Bumped dependencies

  • Special shout out to @​ccoVeille for reviewing my PRs!

4.50.1:

  • Added HCL support!
  • Fixing handling of CRLF #2352
  • Bumped dependencies

4.49.2:

4.49.1:

  • Added --security flags to disable env and file ops #2515
  • Fixing TOML ArrayTable parsing issues #1758
  • Fixing parsing of escaped characters #2506

4.48.2:

Commits
  • 2be0094 Bumping version
  • 3c18d5b Preparing release
  • 2dcc229 Merge branch 'tomers-fix/toml-comments-table-scope-2588'
  • eb4fde4 Pulling out common code
  • 06ea4cf Fixing spelling
  • 37089d2 Merge branch 'fix/toml-comments-table-scope-2588' of github.com:tomers/yq int...
  • 7cf88a0 Add regression test for go install compatibility #2587 (#2591)
  • 41adc1a Fixing wrongly named instructions file
  • b4b96f2 Fix TOML table parsing after standalone comments
  • 2824d66 Multiply uses a readonly context #2558
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.34.1 to 0.34.4

Commits

Updates sigs.k8s.io/controller-tools from 0.19.0 to 0.20.0

Release notes

Sourced from sigs.k8s.io/controller-tools's releases.

v0.20.0

What's Changed

Misc

envtest

Dependency bumps

New Contributors

... (truncated)

Commits
  • 60c448e Merge pull request #1319 from sbueringer/pr-promo-envtest-1.35
  • b7d3668 Promotion of envtest release for Kubernetes v1.35.0
  • b5f217f Merge pull request #1317 from dongjiang1989/envtest-v1.35.0-rc.1
  • 3cbb76e Merge pull request #1318 from sbueringer/pr-bump-1.35
  • 52f5e83 add envtest version
  • 10c819c Adjust to changes in validation error messages
  • 9f6a8ba Adjust generated ApplyConfigurations to v0.35
  • 1c6de27 Bump to k8s.io/* v0.35.0
  • ed0bc4f Merge pull request #1316 from kubernetes-sigs/dependabot/github_actions/all-g...
  • 17ef504 Merge pull request #1315 from kubernetes-sigs/dependabot/go_modules/all-go-mo...
  • Additional commits viewable in compare view

Updates sigs.k8s.io/kind from 0.30.0 to 0.31.0

Release notes

Sourced from sigs.k8s.io/kind's releases.

v0.31.0

This release contains dependency updates and defaults to Kubernetes 1.35.0.

Please take note of the breaking changes from Kubernetes 1.35, and how to prepare for future changes to move off of the deprecated kubeam v1beta3 in favor of v1beta4. We will include updated reminders for both again in subsequent releases.

The default node image is now kindest/node:v1.35.0@sha256:452d707d4862f52530247495d180205e029056831160e22870e37e3f6c1ac31f

Kubernetes will be removing cgroup v1 support, and therefore kind node images at those versions will also be dropping support.

You can read more about this change in the Kubernetes release blog: https://kubernetes.io/blog/2025/12/17/kubernetes-v1-35-release/#removal-of-cgroup-v1-support

If you must use kind on cgroup v1, we recommend using an older Kubernetes release for the immediate future, but we also strongly recommend migrating to cgroup v2.

In the near future as Kubernetes support dwindles, KIND will also clean up cgroup v1 workarounds and drop support in future kind releases and images, regardless of Kubernetes version.

Most stable linux distros should be on cgroupv2 out of the box.

This is a reminder to use pinned images by digest, see the note below about images for this release.

WARNING: Future kind releases will adopt kubeadm v1beta4 configuration, kubeadm v1beta4 has a breaking change to extraArgs: https://kubernetes.io/blog/2024/08/23/kubernetes-1-31-kubeadm-v1beta4/.

If you use the kubeadmConfigPatches feature then you may need to prepare for this change. We recommend that you use versioned config patches that explicitly match the version required.

KIND uses kubeadm v1beta3 for Kubernetes 1.23+, and will likely use v1beta4 for Kubernetes 1.36+ The exact version is TBD pending work to fix this but expected to be 1.36. It will definitely be an as-of-yet-unreleased Kubernetes version to avoid surprises, and it will not be on a patch-release boundary.

KIND may still work with older Kubernetes versions at v1beta2, but we no longer test or actively support these as Kubernetes only supports 1.32+ currently: https://kubernetes.io/releases/

You likely only need v1beta3 + v1beta4 patches, you can take your existing patches that work with v1beta3, explicitly set apiVersion: kubeadm.k8s.io/v1beta3 in the patch at the top level, and make another copy for v1beta4. The v1beta4 patch will need to move extraArgs from a map to a list, for examples see: https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/

For a concrete example of kind config with kubeadm config patch targeting both v1beta3 and v1beta4, consider this simple kind config that sets verbosity of the apiserver logs:

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
kubeadmConfigPatches:
# patch for v1beta3 (1.23 ...)
- |
  kind: ClusterConfiguration
  apiVersion: kubeadm.k8s.io/v1beta3
  apiServer:
    extraArgs:
</tr></table>

... (truncated)

Commits

Updates sigs.k8s.io/kustomize/kustomize/v5 from 5.8.0 to 5.8.1

Release notes

Sourced from sigs.k8s.io/kustomize/kustomize/v5's releases.

kustomize/v5.8.1

Introduction

This release completes a fix for namespace propagation that occurred in v5.8.0. kubernetes-sigs/kustomize#6031 Also addressed the breaking changes introduced in helm v4. #6016

fix

#5990: fix: allow empty patches files #6016: fix: support helm v4 beside v3 #6038: Fix a failing test #6044: Fix namespace propagation problem at v5.8.0

Dependencies

#6057: Upgrade json-patch to v4.13.0 to remove pkg/errors dependency

chore

#6065: Update kyaml to v0.21.1 #6066: Update cmd/config to v0.21.1 #6067: Update api to v0.21.1

Commits
  • 9790a1c Merge pull request #6067 from koba1t/pinToApi
  • 4190d3d Update api to v0.21.1
  • 401be20 Merge pull request #6066 from koba1t/pinToCmdConfig
  • 8073ce8 Update cmd/config to v0.21.1
  • be024c9 Merge pull request #6065 from koba1t/pinToKyaml
  • bb26a70 Update kyaml to v0.21.1
  • 798d339 Merge pull request #6044 from koba1t/fix/namespace_propagation_problem_at_v5.8.0
  • 6c8c9cc Merge pull request #6016 from hmilkovi/fix/helm-4.0
  • 02d23d2 Merge pull request #6057 from dims/remove-pkg-errors-dep
  • c6ccb4f Merge branch 'kubernetes-sigs:master' into fix/helm-4.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added area/dependency Issues or PRs related to dependency changes kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. labels Feb 11, 2026
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority labels Feb 11, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 11, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign neolit123 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 11, 2026

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Feb 11, 2026
@dependabot
🌱 Bump the dependencies group across 1 directory with 6 updates
e6b3506 
Bumps the dependencies group with 6 updates in the /hack/tools directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/itchyny/gojq](https://github.com/itchyny/gojq) | `0.12.17` | `0.12.18` |
| [github.com/mikefarah/yq/v4](https://github.com/mikefarah/yq) | `4.48.1` | `4.52.2` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.34.1` | `0.34.4` |
| [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools) | `0.19.0` | `0.20.0` |
| [sigs.k8s.io/kind](https://github.com/kubernetes-sigs/kind) | `0.30.0` | `0.31.0` |
| [sigs.k8s.io/kustomize/kustomize/v5](https://github.com/kubernetes-sigs/kustomize) | `5.8.0` | `5.8.1` |



Updates `github.com/itchyny/gojq` from 0.12.17 to 0.12.18
- [Release notes](https://github.com/itchyny/gojq/releases)
- [Changelog](https://github.com/itchyny/gojq/blob/main/CHANGELOG.md)
- [Commits](itchyny/gojq@v0.12.17...v0.12.18)

Updates `github.com/mikefarah/yq/v4` from 4.48.1 to 4.52.2
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@v4.48.1...v4.52.2)

Updates `k8s.io/apimachinery` from 0.34.1 to 0.34.4
- [Commits](kubernetes/apimachinery@v0.34.1...v0.34.4)

Updates `sigs.k8s.io/controller-tools` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-tools@v0.19.0...v0.20.0)

Updates `sigs.k8s.io/kind` from 0.30.0 to 0.31.0
- [Release notes](https://github.com/kubernetes-sigs/kind/releases)
- [Commits](kubernetes-sigs/kind@v0.30.0...v0.31.0)

Updates `sigs.k8s.io/kustomize/kustomize/v5` from 5.8.0 to 5.8.1
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](kubernetes-sigs/kustomize@kustomize/v5.8.0...kustomize/v5.8.1)

---
updated-dependencies:
- dependency-name: github.com/itchyny/gojq
  dependency-version: 0.12.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/mikefarah/yq/v4
  dependency-version: 4.52.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.34.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: sigs.k8s.io/controller-tools
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: sigs.k8s.io/kind
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: sigs.k8s.io/kustomize/kustomize/v5
  dependency-version: 5.8.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/hack/tools/dependencies-20cf1eb850 branch from 46b7c76 to e6b3506 Compare February 18, 2026 09:53
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 18, 2026

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-cluster-api-provider-aws-e2e-blocking e6b3506 link true /test pull-cluster-api-provider-aws-e2e-blocking
pull-cluster-api-provider-aws-verify e6b3506 link true /test pull-cluster-api-provider-aws-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dlipovetsky dlipovetsky Awaiting requested review from dlipovetsky

@fiunchinho fiunchinho Awaiting requested review from fiunchinho

Assignees

No one assigned

Labels

area/dependency Issues or PRs related to dependency changes cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. needs-priority ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@k8s-ci-robot