chore(deps): bump the dev-dependencies group with 9 updates

[dependabot]

Bumps the dev-dependencies group with 9 updates:

Package	From	To
github.com/hashicorp/consul/api	1.26.1	1.28.2
github.com/kubernetes-csi/csi-lib-utils	0.15.0	0.17.0
github.com/prometheus/client_golang	1.17.0	1.19.0
github.com/spf13/cobra	1.7.0	1.8.0
github.com/spf13/viper	1.17.0	1.18.2
golang.org/x/net	0.17.0	0.20.0
google.golang.org/grpc	1.59.0	1.63.2
google.golang.org/protobuf	1.31.0	1.33.0
k8s.io/klog/v2	2.110.1	2.120.1

Updates github.com/hashicorp/consul/api from 1.26.1 to 1.28.2

Commits

• ecbea9f Retract [email protected]
• 4a63a28 Retract [email protected] (#20764)
• 82da8d2 API Bump submodule versions 1.18.0 (#20756)
• 0aecf0b Update CHANGELOG.md (#20746)
• 67e4449 1.18.0 changelog (#20742)
• 349cec1 Hardcode links to CCM to be false (#20730)
• fe8bbb3 Backport of NET-7813 - DNS : SERVFAIL when resolving PTR records into release...
• 50a6876 docs: Update v2 K8s docs to use virtual port references
• 1cc9ffd Xw/revert grpc staging backport 1.18.0 (#20719)
• d6b60ac feat: add alert to link to hcp modal to ask a user refresh a page; up… (#20691)
• Additional commits viewable in compare view

Updates github.com/kubernetes-csi/csi-lib-utils from 0.15.0 to 0.17.0

Release notes

Sourced from github.com/kubernetes-csi/csi-lib-utils's releases.

v0.17.0

https://github.com/kubernetes-csi/csi-lib-utils/blob/v0.17.0/CHANGELOG/CHANGELOG-0.17.md

v0.16.0

Changelog

https://github.com/kubernetes-csi/csi-lib-utils/blob/v0.16.0/CHANGELOG/CHANGELOG-0.16.md

Commits

• f82f9de Merge pull request #157 from sunnylovestiramisu/changelog
• a3717ad Add changelog for v0.17.0
• ce50692 Merge commit 'd23abe87af245d13e7cfff2e45afd681fdbc1c33' into changelog
• d23abe8 Squashed 'release-tools/' changes from f8c8cc4..b54c1ba
• e96af46 Merge pull request #156 from sunnylovestiramisu/module-update-master
• c3c5eb4 Update dependency go modules for k8s v1.29.0
• 564b75a Merge pull request #155 from sunnylovestiramisu/module-update-master
• 319f1e6 Squashed 'release-tools/' changes from de2fba8..f8c8cc4
• 7485e19 Merge commit '319f1e61ea67d2f34a6f2b5f488be1cdfbc488e7' into module-update-ma...
• cb0badc Update dependency go modules for k8s v1.29.0-rc.1
• Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.17.0 to 1.19.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.19.0

What's Changed

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

• [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
• [FEATURE] collectors: Add version collector. #1422 #1427

New Contributors

• @​michurin made their first contribution in prometheus/client_golang#1423
• @​kavu made their first contribution in prometheus/client_golang#1445
• @​ywwg made their first contribution in prometheus/client_golang#1448

Full Changelog: prometheus/client_golang@v1.18.0...v1.19.0

v1.18.0

What's Changed

• [FEATURE] promlint: Allow creation of custom metric validations. #1311
• [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
• [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
• [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
• [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

New Contributors

• @​srenatus made their first contribution in prometheus/client_golang#1350
• @​jadolg made their first contribution in prometheus/client_golang#1342
• @​manas-rust made their first contribution in prometheus/client_golang#1383
• @​bluekeyes made their first contribution in prometheus/client_golang#1378
• @​tsipo made their first contribution in prometheus/client_golang#1387

Full Changelog: prometheus/client_golang@v1.17.0...v1.18.0

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.19.0 / 2023-02-27

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

• [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
• [FEATURE] collectors: Add version collector. #1422 #1427

1.18.0 / 2023-12-22

• [FEATURE] promlint: Allow creation of custom metric validations. #1311
• [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
• [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
• [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
• [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

Commits

• 77d4003 Add 1.19.0 changelog (#1451)
• 14259fa Merge pull request #1448 from ywwg/owilliams/content-negotiation
• 6d03920 deps: bump prometheus/common version
• 353395b Remove support for go 1.19 (#1449)
• 9dd5d2a Merge pull request #1445 from kavu/add_go122_metrics_test
• c906a5e Add support for Go 1.22
• 7ac9036 Merge pull request #1440 from prometheus/dependabot/github_actions/github-act...
• 8c7e30f Merge pull request #1441 from prometheus/dependabot/go_modules/tutorial/whats...
• 08769f8 Bump github.com/prometheus/common in /tutorial/whatsup
• 83d5940 Bump the github-actions group with 2 updates
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.7.0 to 1.8.0

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.8.0

✨ Features

• Support usage as plugin for tools like kubectl by @​nirs in spf13/cobra#2018 - this means that programs that utilize a "plugin-like" structure have much better support and usage (like for completions, command paths, etc.)
• Move documentation sources to site/content by @​umarcor in spf13/cobra#1428
• Add 'one required flag' group by @​marevers in spf13/cobra#1952 - this includes a new MarkFlagsOneRequired API for flags which can be used to mark a flag group as required and cause command failure if at least one is not used when invoked.
• Customizable error message prefix by @​5ouma in spf13/cobra#2023 - This adds the SetErrPrefix and ErrPrefix APIs on the Command struct to allow for setting a custom prefix for errors
• feat: add getters for flag completions by @​avirtopeanu-ionos in spf13/cobra#1943
• Feature: allow running persistent run hooks of all parents by @​vkhoroz in spf13/cobra#2044
• Improve API to get flag completion function by @​marckhouzam in spf13/cobra#2063

🐛 Bug fixes

• Fix typo in fish completions by @​twpayne in spf13/cobra#1945
• Fix grammar: 'allows to' by @​supertassu in spf13/cobra#1978
• powershell: escape variable with curly brackets by @​Luap99 in spf13/cobra#1960
• Don't complete --help flag when flag parsing disabled by @​marckhouzam in spf13/cobra#2061
• Replace all non-alphanumerics in active help env var program prefix by @​scop in spf13/cobra#1940

🔧 Maintenance

• build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @​dependabot in spf13/cobra#1971
• build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @​dependabot in spf13/cobra#1976
• build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @​dependabot in spf13/cobra#2021
• build(deps): bump actions/setup-go from 3 to 4 by @​dependabot in spf13/cobra#1934
• build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3 by @​dependabot in spf13/cobra#2047
• build(deps): bump actions/checkout from 3 to 4 by @​dependabot in spf13/cobra#2028
• command: temporarily disable G602 due to securego/gosec#1005 by @​umarcor in spf13/cobra#2022

🧪 Testing & CI/CD

• test: make fish_completions_test more robust by @​branchvincent in spf13/cobra#1980
• golangci: enable 'unused' and disable deprecated replaced by it by @​umarcor in spf13/cobra#1983
• cleanup: minor corrections to unit tests by @​JunNishimura in spf13/cobra#2003
• ci: test golang 1.21 by @​nunoadrego in spf13/cobra#2024
• Fix linter errors by @​marckhouzam in spf13/cobra#2052
• Add tests for flag completion registration by @​marckhouzam in spf13/cobra#2053

✏️ Documentation

• doc: fix typo, Deperecated -> Deprecated by @​callthingsoff in spf13/cobra#2000
• Add notes to doc about the execution condition of *PreRun and *PostRun functions by @​haoming29 in spf13/cobra#2041

---

Thank you everyone who contributed to this release and all your hard work! Cobra and this community would never be possible without all of you!!!! 🐍

Full Changelog: spf13/cobra@v1.7.0...v1.8.0

Commits

• a0a6ae0 Improve API to get flag completion function (#2063)
• 890302a Support usage as plugin for tools like kubectl (#2018)
• 48cea5c build(deps): bump actions/checkout from 3 to 4 (#2028)
• 22953d8 Replace all non-alphanumerics in active help env var program prefix (#1940)
• 00b68a1 Add tests for flag completion registration (#2053)
• b711e87 Don't complete --help flag when flag parsing disabled (#2061)
• 8b1eba4 Fix linter errors (#2052)
• 4cafa37 Allow running persistent run hooks of all parents (#2044)
• 5c962a2 build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3 (#2047)
• efe8fa3 build(deps): bump actions/setup-go from 3 to 4 (#1934)
• Additional commits viewable in compare view

Updates github.com/spf13/viper from 1.17.0 to 1.18.2

Release notes

Sourced from github.com/spf13/viper's releases.

v1.18.2

tl;dr Skip 1.18.0 and 1.18.1 and upgrade to this version instead.

This release fixes a regression that appears in rare circumstances when using Unmarshal or UnmarshalExact to decode values onto pointers with multiple indirection (eg. pointer to a pointer, etc). The change was introduced in 1.18.0 as a means to resolve a long-standing bug when decoding environment variables to structs.

The feature is now disabled by default and can be enabled using the viper_bind_struct build tag. It's also considered experimental at this point, so breaking changes may be introduced in the future.

What's Changed

Bug Fixes 🐛

• feat!: hide struct binding behind a feature flag by @​sagikazarmark in spf13/viper#1715

Full Changelog: spf13/viper@v1.18.1...v1.18.2

v1.18.1

What's Changed

Bug Fixes 🐛

• Merge missing struct keys inside UnmarshalExact by @​krakowski in spf13/viper#1704

Full Changelog: spf13/viper@v1.18.0...v1.18.1

v1.18.0

Major changes

Highlighting some of the changes for better visibility.

Please share your feedback in the Discussion forum. Thanks! ❤️

AutomaticEnv works with Unmarshal

Previously, environment variables that weren't bound manually or had no defaults could not be mapped by Unmarshal. (The problem is explained in details in this issue: #761)

#1429 introduced a solution that solves that issue.

What's Changed

Enhancements 🚀

• chore: rename files according to enabled build tags by @​alexandear in spf13/viper#1642
• test: replace ifs with asserts to simplify tests by @​alexandear in spf13/viper#1656
• ci: enable test shuffle and fix tests by @​alexandear in spf13/viper#1643
• fix: gocritic lint issues by @​alexandear in spf13/viper#1696

Bug Fixes 🐛

• Implement viper.BindStruct for automatic unmarshalling from environment variables by @​krakowski in spf13/viper#1429
• fix isPathShadowedInFlatMap type cast bug by @​linuxsong in spf13/viper#1585

Dependency Updates ⬆️

• build(deps): bump github/codeql-action from 2.21.9 to 2.22.3 by @​dependabot in spf13/viper#1661
• build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by @​dependabot in spf13/viper#1659

... (truncated)

Commits

• ab3a50c fix!: hide struct binding behind a feature flag
• 9154b90 build(deps): bump actions/setup-go from 4.1.0 to 5.0.0
• 08e4a00 build(deps): bump github/codeql-action from 2.22.8 to 2.22.9
• fb6eb1e fix: merge missing struct keys inside UnmarshalExact
• f5fcb4a chore: update crypt
• f736363 fix isPathShadowedInFlatMap type cast bug (#1585)
• 36a3868 Review changes
• f0c4ccd fix: gocritic lint issues
• 3a23b80 ci: enable test shuffle; fix tests
• 73dfb94 feat: make Unmarshal work with AutomaticEnv
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.17.0 to 0.20.0

Commits

• cb5b10f go.mod: update golang.org/x dependencies
• 689bbc7 quic: deflake TestStreamsCreateConcurrency
• f12db26 internal/quic/cmd/interop: use wget --no-verbose in Dockerfile
• c136d0c quic: avoid panic when PTO expires and implicitly-created streams exist
• f9726a9 quic: fix packet size logging
• c337daf quic: enable qlog output in tests
• 2b416c3 quic/qlog: create log files with O_EXCL
• 1e59a7e quic/qlog: correctly write negative durations
• b0eb4d6 quic: compute pnum len from max ack received, not sent
• b952594 quic: fix data race in connection close
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.59.0 to 1.63.2

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.63.2

Bugs

• Fix the user agent string

Release 1.63.1

Bugs

• grpc: fixed subchannel log messages to properly reference the parent channel (#7101)
  • Special thanks: @​daniel-weisse

API Changes

• grpc: remove Deprecated tag from Dial and DialContext; these will be deprecated in v1.64 instead (#7103)

Release 1.63.0

Behavior Changes

• grpc: Return canonical target string from resolver.Address.String() (experimental) (#6923)
• client & server: when using write buffer pooling, use input value for buffer size instead of size*2 (#6983)
  • Special Thanks: @​raghav-stripe

New Features

• grpc: add ClientConn.CanonicalTarget() to return the canonical target string. (#7006)
• xds: implement LRS named metrics support (gRFC A64) (#7027)
  • Special Thanks: @​danielzhaotongliu
• grpc: introduce grpc.NewClient to allow users to create new clients in idle mode and with "dns" as the default resolver (#7010)
  • Special Thanks: @​bruuuuuuuce

API Changes

• grpc: stabilize experimental method ClientConn.Target() (#7006)

Bug Fixes

• xds: fix an issue that would cause the client to send an empty list of resources for LDS/CDS upon reconnecting with the management server (#7026)
• server: Fix some errors returned by a server when using a grpc.Server as an http.Handler with the Go stdlib HTTP server (#6989)
• resolver/dns: add SetResolvingTimeout to allow configuring the DNS resolver's global timeout (#6917)
  • Special Thanks: @​and1truong
• Set the security level of Windows named pipes to NoSecurity (#6956)
  • Special Thanks: @​irsl

Release 1.62.2

Dependencies

• Update http2 library to address vulnerability CVE-2023-45288

Release 1.62.1

Bug Fixes

• xds: fix a bug that results in no matching virtual host found RPC errors due to a difference between the target and LDS resource names (#6997)
• server: fixed stats handler data InPayload.Length for unary RPC calls (#6766)

... (truncated)

Commits

• d32e66c Change version to 1.63.2 (#7104)
• 92f6dd0 channelz: pass parent pointer instead of parent ID to RegisterSubChannel (#7101)
• 0f6ef0f grpc: un-deprecate Dial and DialContext
• 58dc749 Change version to 1.63.1-dev (#7051)
• c68f456 Change version to 1.63.0 (#7050)
• 6369167 *: update http2 dependency (#7082)
• 8854761 cherry-pick: channelz: fix race accessing channelMap without lock (#7079) (#7...
• e62770d channelz: add LocalAddr to listen sockets and test (#7062) (#7063)
• 4ffccf1 googlec2p: use xdstp style template for client LDS resource name (#7048)
• faf9964 gracefulswitch: add ParseConfig and make UpdateClientConnState call SwitchTo ...
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Updates k8s.io/klog/v2 from 2.110.1 to 2.120.1

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.30 (Take 2)

What's Changed

• textlogger: allow caller to override stack unwinding by @​pohly in kubernetes/klog#397

Full Changelog: kubernetes/klog@v2.120.0...v2.120.1

Prepare klog release for Kubernetes v1.30 (Take 1)

What's Changed

• OWNERS: remove serathius, add mengjiao-liu, promote pohly by @​pohly in kubernetes/klog#394
• docs: clarify relationship between different features by @​pohly in kubernetes/klog#395
• Add SafePtr wrapper by @​kaisoz in kubernetes/klog#393
• logr v1.4.1 + SetSlogLogger by @​pohly in kubernetes/klog#396

New Contributors

• @​kaisoz made their first contribution in kubernetes/klog#393

Full Changelog: kubernetes/klog@v2.110.1...v2.120.0

Commits

• 007e661 textlogger: allow caller to override stack unwinding
• 2d08296 Merge pull request #396 from pohly/slog-helper
• e4deee8 slog: use main logr package instead of logr/slogr
• 5d1d2d5 add SetSlogLogger
• 39afdba dependencies: logr v1.4.1
• 2086216 Merge pull request #393 from kaisoz/add-safeptr
• 881fa0b Add SafePtr wrapper
• 8dd3f2e Merge pull request #395 from pohly/readme-update
• d3dd725 docs: clarify relationship between different features
• 761b630 Merge pull request #394 from pohly/owners-update
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The following labels could not be found: dependencies.

[dependabot]

Superseded by #60.