chore(deps): bump the dev-dependencies group with 9 updates

[dependabot]

Bumps the dev-dependencies group with 9 updates:

Package	From	To
github.com/hashicorp/consul/api	1.26.1	1.27.0
github.com/kubernetes-csi/csi-lib-utils	0.15.0	0.17.0
github.com/prometheus/client_golang	1.17.0	1.18.0
github.com/spf13/cobra	1.7.0	1.8.0
github.com/spf13/viper	1.17.0	1.18.2
golang.org/x/net	0.19.0	0.20.0
google.golang.org/grpc	1.59.0	1.61.0
google.golang.org/protobuf	1.31.0	1.32.0
k8s.io/klog/v2	2.110.1	2.120.1

Updates github.com/hashicorp/consul/api from 1.26.1 to 1.27.0

Changelog

Sourced from github.com/hashicorp/consul/api's changelog.

1.17.2 (January 23, 2024)

SECURITY:

• Upgrade OpenShift container images to use ubi9-minimal:9.3 as the base image. [GH-20014]

IMPROVEMENTS:

• connect: Remove usage of deprecated Envoy field match_subject_alt_names in favor of match_typed_subject_alt_names. [GH-19954]
• connect: replace usage of deprecated Envoy field envoy.config.router.v3.WeightedCluster.total_weight. [GH-20011]
• xds: Replace usage of deprecated Envoy field envoy.config.cluster.v3.Cluster.http_protocol_options [GH-20010]
• xds: remove usages of deprecated Envoy fields: envoy.config.cluster.v3.Cluster.http2_protocol_options, envoy.config.bootstrap.v3.Admin.access_log_path [GH-19940]
• xds: replace usage of deprecated Envoy field envoy.extensions.filters.http.lua.v3.Lua.inline_code [GH-20012]

DEPRECATIONS:

• cli: Deprecate the -admin-access-log-path flag from consul connect envoy command in favor of: -admin-access-log-config. [GH-19943]

BUG FIXES:

• prepared-query: (Enterprise-only) Fix issue where sameness-group failover targets to peers would attempt to query data from the default partition, rather than the sameness-group's partition always.
• ui: update token list on Role details page to show only linked tokens [GH-19912]

1.17.1 (December 12, 2023)

SECURITY:

• Update github.com/golang-jwt/jwt/v4 to v4.5.0 to address PRISMA-2022-0270. [GH-19705]
• Upgrade to use Go 1.20.12. This resolves CVEs CVE-2023-45283: (path/filepath) recognize ??\ as a Root Local Device path prefix (Windows) CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows) CVE-2023-39326: (net/http) limit chunked data overhead CVE-2023-45285: (cmd/go) go get may unexpectedly fallback to insecure git [GH-19840]
• connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address CVE-2023-44487 [GH-19274]

FEATURES:

• acl: Adds nomad client templated policy [GH-19827]
• cli: Adds new subcommand peering exported-services to list services exported to a peer . Refer to the CLI docs for more information. [GH-19821]

IMPROVEMENTS:

• mesh: parse the proxy-defaults protocol when write the config-entry to avoid parsing it when compiling the discovery chain. [GH-19829]
• wan-federation: use a hash to diff config entries when replicating in the secondary DC to avoid unnecessary writes.. [GH-19795]
• Replaces UI Side Nav with Helios Design System Side Nav. Adds dc/partition/namespace searching in Side Nav. [GH-19342]
• acl: add api-gateway templated policy [GH-19728]
• acl: add templated policy descriptions [GH-19735]
• api: Add support for listing ACL tokens by service name when using templated policies. [GH-19666]
• cli: stop simultaneous usage of -templated-policy and -templated-policy-file when creating a role or token. [GH-19389]
• cloud: push additional server TLS metadata to HCP [GH-19682]
• connect: Default stats_flush_interval to 60 seconds when using the Consul Telemetry Collector, unless custom stats sink are present or an explicit flush interval is configured. [GH-19663]

... (truncated)

Commits

• 3fac134 updated go mod for api
• 0e7c7e2 Backport of check error in TestDNSCycleRecursorCheckAllFail before asserting ...
• ecb6ed0 Backport of ci: Use Consul Go version for Vault int tests into release/1.17.x...
• 39d60cd Backport of NET-7025 - ci: test-integrations failures in compatibility tests....
• cd8f8bf Backport of Add docs for k8s liveness / startup probes. into release/1.17.x (...
• 5d350c6 Backport of agent: remove data race in agent config into release/1.17.x (#20203)
• 05043bc Backport of docs: fix partition target in samenessgroups into release/1.17.x ...
• 0d97ec5 Backport of Various race condition and test fixes. into release/1.17.x (#20216)
• 9a36b73 Backport of docs: Remove ACLs section from k8s cluster peering page into rele...
• 0b4f4fd Backport of compliance: license checker to enforce MPL pre-EOY 2023 no longer...
• Additional commits viewable in compare view

Updates github.com/kubernetes-csi/csi-lib-utils from 0.15.0 to 0.17.0

Release notes

Sourced from github.com/kubernetes-csi/csi-lib-utils's releases.

v0.17.0

https://github.com/kubernetes-csi/csi-lib-utils/blob/v0.17.0/CHANGELOG/CHANGELOG-0.17.md

v0.16.0

Changelog

https://github.com/kubernetes-csi/csi-lib-utils/blob/v0.16.0/CHANGELOG/CHANGELOG-0.16.md

Commits

• f82f9de Merge pull request #157 from sunnylovestiramisu/changelog
• a3717ad Add changelog for v0.17.0
• ce50692 Merge commit 'd23abe87af245d13e7cfff2e45afd681fdbc1c33' into changelog
• d23abe8 Squashed 'release-tools/' changes from f8c8cc4..b54c1ba
• e96af46 Merge pull request #156 from sunnylovestiramisu/module-update-master
• c3c5eb4 Update dependency go modules for k8s v1.29.0
• 564b75a Merge pull request #155 from sunnylovestiramisu/module-update-master
• 319f1e6 Squashed 'release-tools/' changes from de2fba8..f8c8cc4
• 7485e19 Merge commit '319f1e61ea67d2f34a6f2b5f488be1cdfbc488e7' into module-update-ma...
• cb0badc Update dependency go modules for k8s v1.29.0-rc.1
• Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.17.0 to 1.18.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.18.0

What's Changed

• [FEATURE] promlint: Allow creation of custom metric validations. #1311
• [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
• [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
• [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
• [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

New Contributors

• @​srenatus made their first contribution in prometheus/client_golang#1350
• @​jadolg made their first contribution in prometheus/client_golang#1342
• @​manas-rust made their first contribution in prometheus/client_golang#1383
• @​bluekeyes made their first contribution in prometheus/client_golang#1378
• @​tsipo made their first contribution in prometheus/client_golang#1387

Full Changelog: prometheus/client_golang@v1.17.0...v1.18.0

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.18.0 / 2023-12-22

• [FEATURE] promlint: Allow creation of custom metric validations. #1311
• [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
• [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
• [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
• [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

Commits

• 53be91d Revert "change api http.client to interface"
• 1a2d072 Add 1.18 changelog
• 239b123 Merge pull request #1387 from tsipo/main
• 3f8bd73 Merge pull request #1370 from prometheus/dependabot/go_modules/tutorial/whats...
• 5e55b31 Bump google.golang.org/grpc from 1.53.0 to 1.56.3 in /tutorial/whatsup
• e96fb18 Merge pull request #1401 from prometheus/dependabot/go_modules/golang.org/x/s...
• 2a8fc90 Bump golang.org/x/sys from 0.13.0 to 0.15.0
• 24d59e9 change client to interface, allow override by other implementations (e.g. git...
• 80d3f0b Normalize empty help values in CollectAndCompare (#1378)
• 3f80cd1 Add example of NewConstMetricWithCreatedTimestamp (#1375)
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.7.0 to 1.8.0

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.8.0

✨ Features

• Support usage as plugin for tools like kubectl by @​nirs in spf13/cobra#2018 - this means that programs that utilize a "plugin-like" structure have much better support and usage (like for completions, command paths, etc.)
• Move documentation sources to site/content by @​umarcor in spf13/cobra#1428
• Add 'one required flag' group by @​marevers in spf13/cobra#1952 - this includes a new MarkFlagsOneRequired API for flags which can be used to mark a flag group as required and cause command failure if at least one is not used when invoked.
• Customizable error message prefix by @​5ouma in spf13/cobra#2023 - This adds the SetErrPrefix and ErrPrefix APIs on the Command struct to allow for setting a custom prefix for errors
• feat: add getters for flag completions by @​avirtopeanu-ionos in spf13/cobra#1943
• Feature: allow running persistent run hooks of all parents by @​vkhoroz in spf13/cobra#2044
• Improve API to get flag completion function by @​marckhouzam in spf13/cobra#2063

🐛 Bug fixes

• Fix typo in fish completions by @​twpayne in spf13/cobra#1945
• Fix grammar: 'allows to' by @​supertassu in spf13/cobra#1978
• powershell: escape variable with curly brackets by @​Luap99 in spf13/cobra#1960
• Don't complete --help flag when flag parsing disabled by @​marckhouzam in spf13/cobra#2061
• Replace all non-alphanumerics in active help env var program prefix by @​scop in spf13/cobra#1940

🔧 Maintenance

• build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @​dependabot in spf13/cobra#1971
• build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @​dependabot in spf13/cobra#1976
• build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @​dependabot in spf13/cobra#2021
• build(deps): bump actions/setup-go from 3 to 4 by @​dependabot in spf13/cobra#1934
• build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3 by @​dependabot in spf13/cobra#2047
• build(deps): bump actions/checkout from 3 to 4 by @​dependabot in spf13/cobra#2028
• command: temporarily disable G602 due to securego/gosec#1005 by @​umarcor in spf13/cobra#2022

🧪 Testing & CI/CD

• test: make fish_completions_test more robust by @​branchvincent in spf13/cobra#1980
• golangci: enable 'unused' and disable deprecated replaced by it by @​umarcor in spf13/cobra#1983
• cleanup: minor corrections to unit tests by @​JunNishimura in spf13/cobra#2003
• ci: test golang 1.21 by @​nunoadrego in spf13/cobra#2024
• Fix linter errors by @​marckhouzam in spf13/cobra#2052
• Add tests for flag completion registration by @​marckhouzam in spf13/cobra#2053

✏️ Documentation

• doc: fix typo, Deperecated -> Deprecated by @​callthingsoff in spf13/cobra#2000
• Add notes to doc about the execution condition of *PreRun and *PostRun functions by @​haoming29 in spf13/cobra#2041

---

Thank you everyone who contributed to this release and all your hard work! Cobra and this community would never be possible without all of you!!!! 🐍

Full Changelog: spf13/cobra@v1.7.0...v1.8.0

Commits

• a0a6ae0 Improve API to get flag completion function (#2063)
• 890302a Support usage as plugin for tools like kubectl (#2018)
• 48cea5c build(deps): bump actions/checkout from 3 to 4 (#2028)
• 22953d8 Replace all non-alphanumerics in active help env var program prefix (#1940)
• 00b68a1 Add tests for flag completion registration (#2053)
• b711e87 Don't complete --help flag when flag parsing disabled (#2061)
• 8b1eba4 Fix linter errors (#2052)
• 4cafa37 Allow running persistent run hooks of all parents (#2044)
• 5c962a2 build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3 (#2047)
• efe8fa3 build(deps): bump actions/setup-go from 3 to 4 (#1934)
• Additional commits viewable in compare view

Updates github.com/spf13/viper from 1.17.0 to 1.18.2

Release notes

Sourced from github.com/spf13/viper's releases.

v1.18.2

tl;dr Skip 1.18.0 and 1.18.1 and upgrade to this version instead.

This release fixes a regression that appears in rare circumstances when using Unmarshal or UnmarshalExact to decode values onto pointers with multiple indirection (eg. pointer to a pointer, etc). The change was introduced in 1.18.0 as a means to resolve a long-standing bug when decoding environment variables to structs.

The feature is now disabled by default and can be enabled using the viper_bind_struct build tag. It's also considered experimental at this point, so breaking changes may be introduced in the future.

What's Changed

Bug Fixes 🐛

• feat!: hide struct binding behind a feature flag by @​sagikazarmark in spf13/viper#1715

Full Changelog: spf13/viper@v1.18.1...v1.18.2

v1.18.1

What's Changed

Bug Fixes 🐛

• Merge missing struct keys inside UnmarshalExact by @​krakowski in spf13/viper#1704

Full Changelog: spf13/viper@v1.18.0...v1.18.1

v1.18.0

Major changes

Highlighting some of the changes for better visibility.

Please share your feedback in the Discussion forum. Thanks! ❤️

AutomaticEnv works with Unmarshal

Previously, environment variables that weren't bound manually or had no defaults could not be mapped by Unmarshal. (The problem is explained in details in this issue: #761)

#1429 introduced a solution that solves that issue.

What's Changed

Enhancements 🚀

• chore: rename files according to enabled build tags by @​alexandear in spf13/viper#1642
• test: replace ifs with asserts to simplify tests by @​alexandear in spf13/viper#1656
• ci: enable test shuffle and fix tests by @​alexandear in spf13/viper#1643
• fix: gocritic lint issues by @​alexandear in spf13/viper#1696

Bug Fixes 🐛

• Implement viper.BindStruct for automatic unmarshalling from environment variables by @​krakowski in spf13/viper#1429
• fix isPathShadowedInFlatMap type cast bug by @​linuxsong in spf13/viper#1585

Dependency Updates ⬆️

• build(deps): bump github/codeql-action from 2.21.9 to 2.22.3 by @​dependabot in spf13/viper#1661
• build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by @​dependabot in spf13/viper#1659

... (truncated)

Commits

• ab3a50c fix!: hide struct binding behind a feature flag
• 9154b90 build(deps): bump actions/setup-go from 4.1.0 to 5.0.0
• 08e4a00 build(deps): bump github/codeql-action from 2.22.8 to 2.22.9
• fb6eb1e fix: merge missing struct keys inside UnmarshalExact
• f5fcb4a chore: update crypt
• f736363 fix isPathShadowedInFlatMap type cast bug (#1585)
• 36a3868 Review changes
• f0c4ccd fix: gocritic lint issues
• 3a23b80 ci: enable test shuffle; fix tests
• 73dfb94 feat: make Unmarshal work with AutomaticEnv
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.19.0 to 0.20.0

Commits

• cb5b10f go.mod: update golang.org/x dependencies
• 689bbc7 quic: deflake TestStreamsCreateConcurrency
• f12db26 internal/quic/cmd/interop: use wget --no-verbose in Dockerfile
• c136d0c quic: avoid panic when PTO expires and implicitly-created streams exist
• f9726a9 quic: fix packet size logging
• c337daf quic: enable qlog output in tests
• 2b416c3 quic/qlog: create log files with O_EXCL
• 1e59a7e quic/qlog: correctly write negative durations
• b0eb4d6 quic: compute pnum len from max ack received, not sent
• b952594 quic: fix data race in connection close
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.59.0 to 1.61.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.61.0

New Features

• resolver: provide method, AuthorityOverrider, to allow resolver.Builders to override the default authority for a ClientConn. (EXPERIMENTAL) (#6752)
  • Special Thanks: @​Aditya-Sood
• xds: add support for mTLS Credentials in xDS bootstrap (gRFC A65) (#6757)
  • Special Thanks: @​atollena
• server: add grpc.WaitForHandlers ServerOption to cause Server.Stop to block until method handlers return. (EXPERIMENTAL) (#6922)

Performance Improvements

• grpc: skip compression of empty messages as an optimization (#6842)
  • Special Thanks: @​jroper
• orca: use atomic pointer to improve performance in server metrics recorder (#6799)
  • Special Thanks: @​danielzhaotongliu

Bug Fixes

• client: correctly enable TCP keepalives with OS defaults on windows (#6863)
  • Special Thanks: @​mmatczuk
• server: change some stream operations to return UNAVAILABLE instead of UNKNOWN when underlying connection is broken (#6891)
  • Special Thanks: @​mustafasen81
• server: fix GracefulStop to block until all method handlers return (v1.60 regression). (#6922)
• server: fix two bugs that could lead to panics at shutdown when using NumStreamWorkers (EXPERIMENTAL). (#6856)
• reflection: do not send invalid descriptors to clients for files that cannot be fully resolved (#6771)
  • Special Thanks: @​jhump
• xds: don't fail channel/server startup when xds creds is specified, but bootstrap is missing certificate providers (#6848)
• xds: Atomically read and write xDS security configuration client side (#6796)
• xds/server: fix RDS handling for non-inline route configs (#6915)

Release v1.60.1

Bug Fixes

• server: fix two bugs that could lead to panics at shutdown when using NumStreamWorkers (experimental feature).

Release 1.60.0

Security

• credentials/tls: if not set, set TLS MinVersion to 1.2 and CipherSuites according to supported suites not forbidden by RFC7540.
  • This is a behavior change to bring us into better alignment with RFC 7540.

API Changes

• resolver: remove deprecated and experimental ClientConn.NewServiceConfig (#6784)
• client: remove deprecated grpc.WithServiceConfig DialOption (#6800)

... (truncated)

Commits

• 8167bc3 Change version to 1.61.0 (#6936)
• 52e2363 test/xds: Use different import path for gRPC Messages (#6933)
• 67e50be transport: Remove redundant if in handleGoAway (#6930)
• e96f521 alts: Extract AuthInfo after handshake in ALTS e2e test. (#6931)
• 987df13 metadata: move FromOutgoingContextRaw() to internal (#6765)
• 61eab37 server: block GracefulStop on method handlers and make blocking optional for ...
• ddd377f xds/server: fix RDS handling for non-inline route configs (#6915)
• 8b455de removing Roots deprecated Subjects field in tests (#6907)
• 953d12a alts: Forward-fix of ALTS queuing of handshake requests. (#6906)
• 6ce73bf internal/transport: convert ConnectionError to Unavailable status when wr...
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.31.0 to 1.32.0

Updates k8s.io/klog/v2 from 2.110.1 to 2.120.1

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.30 (Take 2)

What's Changed

• textlogger: allow caller to override stack unwinding by @​pohly in kubernetes/klog#397

Full Changelog: kubernetes/klog@v2.120.0...v2.120.1

Prepare klog release for Kubernetes v1.30 (Take 1)

What's Changed

• OWNERS: remove serathius, add mengjiao-liu, promote pohly by @​pohly in kubernetes/klog#394
• docs: clarify relationship between different features by @​pohly in kubernetes/klog#395
• Add SafePtr wrapper by @​kaisoz in kubernetes/klog#393
• logr v1.4.1 + SetSlogLogger by @​pohly in kubernetes/klog#396

New Contributors

• @​kaisoz made their first contribution in kubernetes/klog#393

Full Changelog: kubernetes/klog@v2.110.1...v2.120.0

Commits

• 007e661 textlogger: allow caller to override stack unwinding
• 2d08296 Merge pull request #396 from pohly/slog-helper
• e4deee8 slog: use main logr package instead of logr/slogr
• 5d1d2d5 add SetSlogLogger
• 39afdba dependencies: logr v1.4.1
• 2086216 Merge pull request #393 from kaisoz/add-safeptr
• 881fa0b Add SafePtr wrapper
• 8dd3f2e Merge pull request #395 from pohly/readme-update
• d3dd725 docs: clarify relationship between different features
• 761b630 Merge pull request #394 from pohly/owners-update
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The following labels could not be found: dependencies.

[dependabot]

Superseded by #58.