Renovate: Update External dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/gardener/gardener	v1.133.0 → v1.141.1
github.com/onsi/ginkgo/v2	v2.27.2 → v2.28.3
github.com/onsi/gomega	v1.38.2 → v1.40.0
go.uber.org/zap	v1.27.1 → v1.28.0
golang.org/x/sync	v0.18.0 → v0.20.0
sigs.k8s.io/controller-runtime	v0.22.4 → v0.24.0

---

Release Notes

gardener/gardener (github.com/gardener/gardener)

v1.141.1

Compare Source

[github.com/gardener/gardener:v1.141.1]

🐛 Bug Fixes

• [OPERATOR] An issue causing the guestbook TM test to fail against IPv6 Shoot clusters in now fixed. by @​plkokanov [#​14705]
• [DEPENDENCY] The reconcileSeedWebhookConfig function now correctly reconciles both MutatingWebhookConfiguration and ValidatingWebhookConfiguration for extensions that register both mutating and validating admission webhooks. Previously, only the first configuration was reconciled due to a premature return in the loop. by @​Roncossek [#​14688]

🏃 Others

• [OPERATOR] Add resourceId for image istio-basic-auth-server to fix overwrite image lookup by @​MartinWeindel [#​14721]
• [OPERATOR] Certain best-practice Envoy settings for HTTP2 protocol options have been applied to istio-ingressgateways. by @​oliver-goetz [#​14685]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/ext-authz-server from v0.2.0 to v0.3.0. Release Notes by @​ScheererJ [#​14728]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:a533cff53ce26faae8d16ce777e42acfaec59f37b14e037f3df49897eb6e37a6
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:f9a88c4286072181ba44333dae0899fd7f04e6109deee7649b7ec4225d061c2e
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:e4a314c878793de9230de8e578f4affde97f13669773b1038a1cedb542e3a46f
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:ec09bb23be84cdc04592a29db374e1107b91114c4420523bb8ad52a07777d2e2
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:2f4e2274461634f42f90fb5787cf2176d00079b0dcb1cbd6d6b06b5e8bfa3243
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:a20de14a51d7512cf7e4658a4e52a2c60dff17efbf2965ef20565a696619aa6a
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:0723efdd00b677215935e8d86c5568c7c583afbecc130f1a281bd1da4ccacb67
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:e1ddbc08706eb9ac4af03811a12553cadeb00915f890883572ba7c267173473f
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:2904444a43a685fee5e601b621603114585857c6205d3d9286921a114110849c
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:a592e08ced947cda1565a4bf3800785c2596880940542843787388baf0ad51ee
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:63efdd9693ec670ba326fd4c3f70f88702aa41aaac69c268c83ab4a69820eea1
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:f61bcb10bfbd98c0a17d944d061357b78a59e09f79bc207db64203488bfb6ebd
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:358db949d83420843f863158d5b97d6a7d2d6df8ed48e4ac4a442e883387c0d9
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:90d8da86f54ce63dd043285388d7acce0f9b3fb30f15e040ae4452f59d1d5b02
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:1c50c5a130190374ed9ddf8244e48585ef15fc4bed428817b7db101e8b14d747
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:9b1947be7ce2fe329591e02acb40960aadb1c41a88f9b8b9e10824ed5dd85787
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:0406036d984dcb000eb4a7af85a453ca7ec8a5cf7772c0cf7dfdbd6e576ba881
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:c5272548e8a05a13aeaf02d69bc1b10a57fd0e3de0ce44cf51433b43d00f964b

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.141.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.141.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.141.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.141.1

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.141.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.141.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.141.1
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.141.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.141.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.141.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.141.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.141.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.141.1

v1.141.0

Compare Source

[github.com/gardener/gardener:v1.141.0]

⚠️ Breaking Changes

• [OPERATOR] The NewWorkerPoolHash feature gate has been promoted to GA and can no longer be disabled. by @​timuthy [#​14531]
• [OPERATOR] ⚠️ Gardener does no longer support Garden, Seed, or Shoot clusters with Kubernetes versions <= 1.30. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @​timuthy [#​14501]
• [USER] Newly created Shoots now have a set period of 28d for etcd encryption key rotation. by @​AleksandarSavchev [#​14034]
• [DEVELOPER] make gardenadm-up SCENARIO=connect now deploys the Gardener (gardener-operator and Garden resource) directly into the self-hosted shoot. Previously, it was deploying them next to the machine pods of the self-hosted shoot in the kind cluster. Use make gardenadm-up SCENARIO=connect-kind for the out-of-self-hosted-shoot deployment mode. by @​rfranzke [#​14387]
• [DEPENDENCY] The obsolete Provider field was removed from the extensionswebhook.Webhook struct. The field can be removed without substitution. by @​timuthy [#​14460]

📰 Noteworthy

• [OPERATOR] The gardener-resource-manager HA config webhook now uses ScheduleAnyway instead of DoNotSchedule for the hostname topology spread constraint when there is at most one node in the cluster. A new node-high-availability-config controller re-triggers the webhook when the node count crosses this threshold. by @​rfranzke [#​14595]
• [OPERATOR] machine-controller-manager's RBAC permissions for the source cluster have been reduced to follow the principle of least privilege. by @​dimityrmirchev [#​14372]
• [DEVELOPER] Added panic recovery to flow.Task to prevent a single task failure from crashing the entire controller. If you previously implemented custom panic recovery within your tasks, you can consider removing that custom panic recovery. by @​dergeberl [#​14606]
• [DEVELOPER] The local setup now includes a cloud-controller-manager-local, which is deployed for kind clusters (in the kube-system namespace) and for shoot clusters (in the control plane namespace). The cloud-controller-manager implements Services of type LoadBalancer by creating dedicated Docker containers listening on external IPs (automatically added to the host's loopback interface on kind cluster creation). This replaces previous hacks for implementing load balancers in provider-local and supports load balancers in shoot clusters for the first time. by @​timebertt [#​14415]
• [DEPENDENCY] Extension charts deployed on self-hosted shoot clusters may not receive .Values.gardener.seed when the shoot has not yet been promoted to a Seed. Charts should guard Seed-dependent values with {{ if .Values.gardener.seed }}. by @​rfranzke [#​14395]
• [DEPENDENCY] A new helper function BuildExtensionTypeNamespaceSelector has been introduced. It builds proper namespaces selectors for extension webhooks, based on the extension type and class attributes. by @​timuthy [#​14460]

✨ New Features

• [OPERATOR] Added spec.runtimeCluster.settings.loadBalancerServices.proxyProtocol.allowed and spec.runtimeCluster.settings.loadBalancerServices.externalTrafficPolicy to the Garden resource. When Allowed set to true, gardener-operator configures the Istio ingress gateway to terminate PROXY protocol, enabling preservation of the original client IP address for load balancers that use PROXY protocol. The explicit nature of the setting allows a seamless migration while enforcing a good security posture. ExternalTrafficPolicy allows configuring the Gateway either as Cluster (default) or Local, similar to the Seed. by @​jamand [#​14420]
• [OPERATOR] The gardener-node-agent now monitors the health of systemd units declared in the OperatingSystemConfig and reports a SystemdUnitsReady condition on the Node. Unhealthy units are surfaced on the Shoot via the EveryNodeReady condition. by @​rfranzke [#​14496]
• [USER] The Shoot spec field spec.kubernetes.kubeAPIServer.encryptionConfig.provider.type now supports the aesgcm and secretbox encryption provider types. The field is immutable. by @​AleksandarSavchev [#​14034]
• [USER] The Garden spec fields spec.virtualCluster.kubernetes.kubeAPIServer.encryptionConfig.provider.typeand spec.virtualCluster.gardener.gardenerAPIServer.encryptionConfig.provider.type now support the aesgcm and secretbox encryption provider types. The fields are immutable. by @​AleksandarSavchev [#​14034]

🐛 Bug Fixes

• [OPERATOR] The garbage collection logic now also deletes pods that are stuck due to preemption by the kubelet or scheduler. by @​rfranzke [#​14519]
• [OPERATOR] The observability setup is deleted as late as possible so that, in case an error occurs during the deletion of any components, there is still enough information available to investigate the issue. by @​iypetrov [#​14475]
• [OPERATOR] A bug was fixed where gardenadm init could fail due to a transient error while fetching the shoot-gardener-node-agent ManagedResource when the Kubernetes API server is temporarily unavailable due to static pod rollout. by @​ialidzhikov [#​14601]
• [OPERATOR] A bug has been fixed that caused unintentional ShootState creations for Shoots running on managed seed clusters (those backed by ManagedSeed objects). The affected ShootState resources are automatically cleaned up by gardenlet during start-up. by @​plkokanov [#​14666]
• [USER] Cluster-proportional autoscaling of coredns now works with Kubernetes >= 1.33 by @​ScheererJ [#​14638]
• [DEPENDENCY] The golangci-lint makefile install recipe can be used in Gardener extensions again. by @​timebertt [#​14555]

🏃 Others

• [OPERATOR] Gardener Discovery Server is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14587]
• [OPERATOR] Alertmanager is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14575]
• [OPERATOR] Vali is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14567]
• [OPERATOR] OpenTelemetry Collector is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14585]
• [OPERATOR] Use Info logging for admission denials instead of Error so that the full stack trace to every denial log entry does not get logged by @​DockToFuture [#​14561]
• [OPERATOR] Apiserver-Proxy uses a dedicated network interface apiserver-proxy for its advertised IP address. Requests from nodes such as kubelet probes will use the proper IP as per the route table again. by @​domdom82 [#​14440]
• [OPERATOR] Shoot advertised addresses are now configurable by extension components for Shoot VirtualService resources. by @​ScheererJ [#​14534]
• [OPERATOR] During Shoot reconciliation MachineDeployments are now deployed in parallel. This should speed up the reconciliation of the Worker resource. by @​plkokanov [#​14220]
• [OPERATOR] Resource limits have been removed for node-problem-detector by @​domdom82 [#​14450]
• [OPERATOR] Prometheus is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14573]
• [OPERATOR] Additional per nodegroup metrics can be exposed by cluster-autoscaler via the field .spec.kubernetes.clusterAutoscaler.emitPerNodeGroupMetrics in the Shoot API . by @​aaronfern [#​14557]
• [OPERATOR] Gardener Dashboard is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14586]
• [OPERATOR] Patch is now used to label all Machines with force-deletion: True instead of Update when the Shoot is being hibernated or deleted. Additionally, the function used to do this during the reconciliation of the Worker resource is now only executed once instead of for each MachineDeployment. by @​plkokanov [#​14220]
• [OPERATOR] The gardenadm init flow now determines Pod network availability by checking the Node's NetworkUnavailable condition instead of the shoot-core-coredns ManagedResource health. This is a prerequisite improvement for the control plane Node restoration feature. by @​ialidzhikov [#​14523]
• [OPERATOR] The following dependencies have been updated:
  • gardener/etcd-druid from v0.36.2 to v0.36.3. Release Notes
  • github.com/gardener/etcd-druid/api from v0.36.2 to v0.36.3. by @​Shreyas-s14 [#​14661]
• [OPERATOR] cluster-autoscaler now supports a new expander least-nodes from v1.31 onwards by @​aaronfern [#​14558]
• [OPERATOR] Plutono is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14142]
• [USER] VPN-related dashboards now show a shared crosshair on all panels. by @​domdom82 [#​14576]
• [DEVELOPER] The DinD version used in the remote local setup has been updated to v29. by @​vicwicker [#​14644]
• [DEVELOPER] make seed-down and make garden-down cleanup additional resources by @​matthias-horne [#​14547]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/prometheus/node-exporter from v1.10.2 to v1.11.1. by @​gardener-ci-robot [#​14508]
• [DEPENDENCY] The following dependencies have been updated:
  • gcr.io/istio-release/pilot from 1.29.1 to 1.29.2.
  • gcr.io/istio-release/proxyv2 from 1.29.1 to 1.29.2.
  • istio.io/api from v1.29.1 to v1.29.2. by @​gardener-ci-robot [#​14582]
• [DEPENDENCY] Update kindest/node image to v1.35.1 (Kubernetes v1.35.1, containerd v2.2.1). by @​LucaBernstein [#​14421]
• [DEPENDENCY] The following dependencies have been updated:
  • credativ/vali from v2.2.31 to v2.2.32. Release Notes by @​gardener-ci-robot [#​14611]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.5.5 to 2.6.0. by @​gardener-ci-robot [#​14537]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/etcd-druid from v0.36.1 to v0.36.2. Release Notes
  • github.com/gardener/etcd-druid/api from v0.36.1 to v0.36.2. by @​gardener-ci-robot [#​14579]
• [DEPENDENCY] The following dependencies have been updated:
  • credativ/plutono from v7.5.46 to v7.5.47. Release Notes by @​gardener-ci-robot [#​14613]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/gardener-discovery-server from v0.9.0 to v0.10.0. Release Notes by @​gardener-ci-robot [#​14600]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/coredns-config-adapter from v0.5.0 to v0.6.0. Release Notes by @​gardener-ci-robot [#​14605]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/prometheus/alertmanager from v0.31.1 to v0.32.0. by @​gardener-ci-robot [#​14538]
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from distroless-v1.37.0 to v1.37.2. Release Notes by @​gardener-ci-robot [#​14563]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:4c0764b6cbd79bea391de905c444e8901f3ef901c9cc601a5b8fcf66394aa40a
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:a4bed35099c21fb59a719a718afc1f83040d4746a7dfaf81c4442e09725bf0ab
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:549aafc0b61b16d9e7d6fa1ab0bd95bd68f0d7dfac77989be541e9551f4dc726
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:b0675085cef3786d983b6a751cff7820b6dd896e55afccd99e07cefa2891f161
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:3757e8e04a1e555abbe832c72932211b4fb766ee8f3d6ded15c9acd6a14adde9
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:68bc182b3b1cbfcbbdb26bcb9b0ac5a182e0de0b1ae785c7f0fd9947e9653ccd
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:558ae9de4cfffe41cce57e22bc8505c9f38d54e0fb8feea7b06754970b9090a3
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:ca399bfd9253860c2a8f5287aec8ecdd90b8b4fa96e8694dede72a05f0fbe263
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:47b8d427ac8f6deee19004e196c2a3396edd5010293bb1272abd7aaa2d385dae
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:88953b01d223307b0ea3e05c8df24eeb1f08e5c1883b85be42b5e5da7a2f5af3
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:97bbf8d719ee9a6a441aee3ea1690bcb054eaf5ee23b3e98ee7ba580e5732a80
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:b40af8512c84cb32e56541716cba9036152e4393e9c810d0ea109d9e89f3abe7
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:b687d0080c773f8b51d7e7fe262bd38774cace83dc175bd59e86b38d4378fa89
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:de2bed5eedb5348fb5399b7ade0ec3569a247f75a6ea532b1365cab8c84cba59
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:127276658aff87d975ce690a0a862c0073d1c119028110d0a4dcb1a71e281c50
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:637b96ae9ddebe86ce4b36cb9a275b88a5dcd6cc7a7c1ac3993d7d93c0b89374
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:118cf6da60ad6930362891b741ab79a4d596a5fc8933c2cef7f8cb9fe75653f8
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:f9aa546df5d17ae6fe8510da46bb403de6d5a594febec773258cf79886257ec6

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.141.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.141.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.141.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.141.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.141.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.141.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.141.0
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.141.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.141.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.141.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.141.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.141.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.141.0

v1.140.3

Compare Source

[github.com/gardener/gardener:v1.140.3]

🐛 Bug Fixes

• [OPERATOR] An issue causing the guestbook TM test to fail against IPv6 Shoot clusters in now fixed. by @​plkokanov [#​14702]
• [DEPENDENCY] The reconcileSeedWebhookConfig function now correctly reconciles both MutatingWebhookConfiguration and ValidatingWebhookConfiguration for extensions that register both mutating and validating admission webhooks. Previously, only the first configuration was reconciled due to a premature return in the loop. by @​Roncossek [#​14689]

🏃 Others

• [OPERATOR] Certain best-practice Envoy settings for HTTP2 protocol options have been applied to istio-ingressgateways. by @​oliver-goetz [#​14684]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:1822e85f811978fb349b74680f28221c87f4fa2d04fe0762de218b332075e992
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:e716405933cb7b0c95dad7c8b11a124cb9b571c30895a4d2f84f9cd2771ba93e
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:1ef36f5654df729eb00af9ab0810911e3e3421f6dedaebb5608a92e16e91f41e
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:4e7a18d5e6bc47206fc791b49a86bc9771f6f66d7834e949f4fe9f067dd60e42
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:75206bf16fb2d8d00455cb980e841f21cb2cb9b1d6f6c65289868f0016aa0ff4
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:9e17e10e5233fe816fa941337079a5f0cf4971706e56b3ca41d53891f4298bc8
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:362e9f27c3ef430116f35bf61b9c978f357d19ff1adeb006dbb0806490d36804
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:4ea00980471d300bcfea2d9a14aa6e86fc7cb9576cac09d52654971e82bc13b1
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:86bcf0386b0c339a0cc6575d0a90fe35e90d2e9ed23def3cab61d0a34c920088
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:e7412d581e18a4abcd07de047e4b54d57a33a971bdb0c8ed0865bc75d4cbe95d
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:92cd70254d04d18c7344eb8ce7403bb55bf7daeac13aa3aab396584a83c1f2d2
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:d8c29267cee2c67ff2e2f763d0d30b2bb9da26b85785f62d7ee848b1be4167d4
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:4618dc33e7a7a6107a4a1a913a59227c9789bd5e0bb104fa386abc268e50e563
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:fb2981dbb5af259f7efed3fb486461e7390bc85a061da6c76bfcd0885a9daeaa
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:1392b85a90c73abb2ffc3c5de671a7ff31caacd18b6386b6830cc709eb788e9e
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:91be0a00364158cab7080cbd4f4d4c63f55e3efb518541af5ff6084606eab9b5
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:7ba50df1dc37cd310633090fca423084453a5f426e3066e2f075c047753e727c
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:85cab24d82c6cac2806c8cf94cec16274c41df98f569c0926de5b8994b837d9c

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.140.3
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.140.3
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.140.3
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.140.3

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.140.3
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.140.3
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.140.3
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.140.3
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.140.3
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.140.3
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.140.3
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.140.3
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.140.3

v1.140.2

Compare Source

[github.com/gardener/gardener:v1.140.2]

🐛 Bug Fixes

• [OPERATOR] A bug has been fixed that caused unintentional ShootState creations for Shoots running on managed seed clusters (those backed by ManagedSeed objects). The affected ShootState resources are automatically cleaned up by gardenlet during start-up. by @​tobschli [#​14652]
• [USER] Cluster-proportional autoscaling of coredns now works with Kubernetes >= 1.33 by @​ScheererJ [#​14650]

🏃 Others

• [DEPENDENCY] The following dependencies have been updated:
  • gardener/gardener-discovery-server from v0.9.0 to v0.10.0. Release Notes by @​gardener-ci-robot [#​14609]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:8e632c165a58e3d73b7b8d91ba20c6c9c0d56eb2c77eb51ed8f68c53b7c119ec
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:b1bbf47c6050a0b0bd375b1caa6ed7676ab3f55c415ebf7d0b5ef6e474d6b3c0
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:3dbd103fd2bff6f557201f8c2089d835ab8690aa7c45fc2ab3ea9d246faa4d5c
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:bba291fa54adf1fee863013d8e1853eb1b69e269957837619ccb44882293d79e
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:197cc1f8adb17c6dedf2bff14cae41e2995101208b664ddea635e79410738d61
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:3f2d2108871940f6a8ad215cc221044fc27998f835ee4a4a5b486f7b0f14b080
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:666d9f776aa93a4aadc2abe094acfab8b042407255ee44f6f085e346741c3478
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:dfc8facb4841da0a19feea65952dbfc3306404ada2e595ef1ca322fd594db0c7
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:670478cf01ee601df03a77215e1c79fbda52181d4ec43c293b43cb2c4c468faf
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:e69825509720518c2419a2b701e9a9433359a4a3d067176473557d2587a4b4f6
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:0ce0315f2f8b870e9518a63a6ef3ce1d7c3b8f4871a049a5f645c7b6f1f41bb7
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:38781d55c778f4b5432c5b8189b06780eebe2850085ea3268a9111ec328afba7
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:649244b2bebce7cd92c3b6db632a7e8c26a0e4a9f40670ca2ce7da7f205551f4
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:b55360921c2a8c84a1897a3d64c25dfbb3f0603d0c3d9d20c516a0a2c3b76e26
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:5155120ca1aac1ce9b752b1a629fcef61c246e1e74621e3c58aead8bdfd33bac
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:b547e944c7be9504bc0ec013beaaf507bb4794e22ceb9d925456d1eab8430849
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:44b1e433d7e7870a787774b2964657a4113ca758ac1e5a6444ea820f484ec038
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:fe309373e4bd99f3a1ae293fefce589cd8a4afe69269db261ce6c1fd2986f1e4

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.140.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.140.2
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.140.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.140.2

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.140.2
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.140.2
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.140.2
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.140.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.140.2
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.140.2
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.140.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.140.2
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.140.2

v1.140.1

Compare Source

[github.com/gardener/gardener:v1.140.1]

🐛 Bug Fixes

• [DEPENDENCY] The golangci-lint makefile install recipe can be used in Gardener extensions again. by @​timebertt [#​14564]

🏃 Others

• [DEPENDENCY] The following dependencies have been updated:
  • gardener/etcd-druid from v0.36.1 to v0.36.2. Release Notes
  • github.com/gardener/etcd-druid/api from v0.36.1 to v0.36.2. by @​gardener-ci-robot [#​14581]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.140.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.140.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.140.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.140.1

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.140.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.140.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.140.1
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.140.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.140.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.140.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.140.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.140.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.140.1

v1.140.0

Compare Source

[github.com/gardener/gardener:v1.140.0]

⚠️ Breaking Changes

• [OPERATOR] The UseUnifiedHTTPProxyPort feature gate has been promoted to Beta and is enabled by default. If using the Gardener ACL Extension you need make sure that at least version v1.15.0 is installed and all Shoots are reconciled before the upgrade. by @​jamand [#​14422]
• [DEVELOPER] The generate-admin-kubeconf.sh script has been renamed to generate-kubeconfig.sh. It now supports generating both admin (default) and viewer kubeconfigs. by @​timuthy [#​14464]
• [DEVELOPER] The gardenadm machine pods have their state persisted in a unified PVC. Existing local gardenadm setups need to be recreated. To reset a local machine pod, delete both the pod and its corresponding PVC. by @​LucaBernstein [#​14359]
• [DEVELOPER] GEN_CRD_API_REFERENCE_DOCS make command has been replaced with CRD_REF_DOCS. by @​acumino [#​14324]
• [DEPENDENCY] The pkg/utils/time package is now removed. Use k8s.io/utils/clock.Clock instead. by @​shafeeqes [#​14515]

📰 Noteworthy

• [OPERATOR] The SeedAuthorizer now enforces field/label selectors for gardenlet list/watch requests on ControllerInstallation, Bastion, Gardenlet, Seed, Shoot, and ManagedSeed resources, restricting each gardenlet to only observe resources belonging to its own seed. by @​rfranzke [#​14452]
• [OPERATOR] The gardener-resource-manager's NetworkPolicy controller now only creates policies in namespaces that have pods with matching to-* labels, significantly reducing the number of NetworkPolicy objects on seeds. by @​rfranzke [#​14410]
• [OPERATOR] RemoveVali FeatureGate has been introduced. When enabled, every Vali instance will be removed. This feature gate is available for both the gardenlet and the gardener-operator. by @​rrhubenov [#​14279]
• [DEVELOPER] The sast and sast-report checks have been removed from verify and verify-extended make targets. Please call them explicitly when required. by @​oliver-goetz [#​14443]

✨ New Features

• [OPERATOR] The Project API now has a .status.conditions field for allowing controllers to report conditions on Project objects. by @​jamand [#​14403]
• [DEVELOPER] The local setup has been augmented to make the self-hosted shoot's API server directly accessible from the host machine without kubectl port-forward. A new unified hack/usage/generate-admin-kubeconfig-local.sh script supports generating kubeconfigs for both the virtual garden and the self-hosted shoot. by @​rfranzke [#​14370]

🐛 Bug Fixes

• [OPERATOR] The formatting of event-logger logs when the OpenTelemetryCollector feature gate is enabled is now partially fixed. The event-logger logs are now properly structured with fields as attributes, but to make them searchable with the unpack feature a change in the fluent-bit output plugin is required. by @​iypetrov [#​14423]
• [OPERATOR] The gardenlet reconciler in the gardener-operator now uses the virtual cluster client to fetch the pull secret and CA bundle secret. It was wrongly using the runtime cluster client earlier. by @​shafeeqes [#​14331]
• [OPERATOR] Fix a bug where the shoot-care controller cannot reconcile shoots with spec.maintenance.confineSpecUpdateRollout=true and updated DNS credentials, i.e. shoot.spec.dns.providers[].credentialsRef, until the shoot is reconciled. by @​vpnachev [#​14397]
• [USER] Fixed EveryNodeReady shoot condition incorrectly reporting NodeAgentUnhealthy for nodes not managed by MCM. by @​acumino [#​14509]
• [DEVELOPER] Pull secrets in the remote setup are labeled correctly to be automatically propagated by @​matthias-horne [#​14502]
• [DEPENDENCY] Extension shoot webhook configs are now always produced even when mergeShootWebhooksIntoSeedWebhooks is true, so that a self-hosted Shoot promoted to a Seed has the correct shoot webhooks registered. by @​rfranzke [#​14389]

🏃 Others

• [OPERATOR] Fix KubePodNotReadyControlPlane alert to not trigger for pods in Completed state. by @​adenitiu [#​14404]
• [OPERATOR] Create pull secret in garden namespace of virtual garden for remote setup. by @​DockToFuture [#​14449]
• [OPERATOR] Introduce seed reconciliation alerts. by @​adenitiu [#​14441]
• [OPERATOR] Enable notification flexibility of EtcdDbSizeLimitApproaching and EtcdDbSizeLimitCrossed alert for seeds by @​adenitiu [#​14384]
• [OPERATOR] The following dependencies have been updated:
  • gardener/autoscaler from v1.34.0 to v1.34.1. Release Notes
  • gardener/autoscaler from v1.33.0 to v1.33.1. Release Notes
  • gardener/autoscaler from v1.32.2 to v1.32.3. Release Notes
  • gardener/autoscaler from v1.31.0 to v1.31.1. Release Notes
  • gardener/autoscaler from v1.30.2 to v1.30.3. Release Notes by @​aaronfern [#​14479]
• [OPERATOR] There is now maxConnectionDuration of 1 day for connections to kube-apiserver endpoints. Their maxConnections limit has been removed. by @​oliver-goetz [#​14463]
• [DEVELOPER] The default shoot for test machinery tests was adjusted to work with Kubernetes 1.35. by @​timuthy [#​14439]
• [DEVELOPER] In the remote setup Kyverno now always adds imagePullSecret for images in the remote registry. by @​matthias-horne [#​14478]
• [DEPENDENCY] The following dependencies have been updated:
  • registry.k8s.io/autoscaling/vpa-admission-controller from 1.5.1 to 1.6.0.
  • registry.k8s.io/autoscaling/vpa-recommender from 1.5.1 to 1.6.0.
  • registry.k8s.io/autoscaling/vpa-updater from 1.5.1 to 1.6.0. by @​gardener-ci-robot [#​14036]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/machine-controller-manager from v0.61.2 to v0.61.3. Release Notes
  • github.com/gardener/machine-controller-manager from v0.61.2 to v0.61.3. by @​gardener-ci-robot [#​14453]
• [DEPENDENCY] Istio charts and images are updated to v1.29.1 by @​axel7born [#​14454]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/gardener-metrics-exporter from 0.43.0 to 0.44.0. Release Notes by @​gardener-ci-robot [#​14486]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.5.0 to 2.5.5. by @​gardener-ci-robot [#​14480]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/coredns-config-adapter from v0.4.0 to v0.5.0. Release Notes by @​DockToFuture [#​14490]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.140.0
• gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.1

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 8am on Friday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 60 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.26 -> 1.26.0
github.com/distribution/distribution/v3	v3.0.0 -> v3.1.0
k8s.io/api	v0.34.2 -> v0.36.0
k8s.io/apiextensions-apiserver	v0.34.2 -> v0.36.0
k8s.io/apimachinery	v0.34.2 -> v0.36.0
k8s.io/client-go	v0.34.2 -> v0.36.0
k8s.io/utils	v0.0.0-20251002143259-bc988d571ff4 -> v0.0.0-20260319190234-28399d86e0b5
github.com/bshuster-repo/logrus-logstash-hook	v1.0.0 -> v1.1.0
github.com/coreos/go-systemd/v22	v22.6.0 -> v22.7.0
github.com/docker/docker-credential-helpers	v0.8.2 -> v0.9.5
github.com/docker/go-events	v0.0.0-20190806004212-e31b211e4f1c -> v0.0.0-20250808211157-605354379745
github.com/go-openapi/jsonpointer	v0.22.1 -> v0.22.5
github.com/go-openapi/jsonreference	v0.21.2 -> v0.21.5
github.com/go-openapi/swag	v0.23.1 -> v0.25.4
github.com/go-openapi/swag/jsonname	v0.25.1 -> v0.25.5
github.com/google/pprof	v0.0.0-20250820193118-f64d9cf942d6 -> v0.0.0-20260402051712-545e8a4df936
github.com/grpc-ecosystem/grpc-gateway/v2	v2.27.2 -> v2.28.0
github.com/klauspost/compress	v1.18.1 -> v1.18.5
github.com/prometheus/common	v0.67.4 -> v0.67.5
github.com/prometheus/otlptranslator	v0.0.2 -> v1.0.0
github.com/prometheus/procfs	v0.17.0 -> v0.20.1
github.com/sirupsen/logrus	v1.9.3 -> v1.9.4
github.com/spf13/cobra	v1.10.1 -> v1.10.2
go.opentelemetry.io/contrib/bridges/prometheus	v0.57.0 -> v0.67.0
go.opentelemetry.io/contrib/exporters/autoexport	v0.57.0 -> v0.67.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.62.0 -> v0.67.0
go.opentelemetry.io/otel	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc	v0.14.0 -> v0.18.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	v0.14.0 -> v0.19.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/prometheus	v0.60.0 -> v0.64.0
go.opentelemetry.io/otel/exporters/stdout/stdoutlog	v0.14.0 -> v0.18.0
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/log	v0.14.0 -> v0.19.0
go.opentelemetry.io/otel/metric	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/sdk	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/sdk/log	v0.14.0 -> v0.19.0
go.opentelemetry.io/otel/sdk/metric	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/trace	v1.38.0 -> v1.43.0
go.opentelemetry.io/proto/otlp	v1.7.1 -> v1.10.0
golang.org/x/crypto	v0.45.0 -> v0.50.0
golang.org/x/mod	v0.30.0 -> v0.35.0
golang.org/x/net	v0.47.0 -> v0.53.0
golang.org/x/oauth2	v0.32.0 -> v0.36.0
golang.org/x/sys	v0.38.0 -> v0.43.0
golang.org/x/term	v0.37.0 -> v0.42.0
golang.org/x/text	v0.31.0 -> v0.36.0
golang.org/x/time	v0.14.0 -> v0.15.0
golang.org/x/tools	v0.39.0 -> v0.44.0
google.golang.org/genproto/googleapis/api	v0.0.0-20250825161204-c5933d9347a5 -> v0.0.0-20260401024825-9d38bb4040a9
google.golang.org/genproto/googleapis/rpc	v0.0.0-20251022142026-3a174f9686a8 -> v0.0.0-20260401024825-9d38bb4040a9
google.golang.org/grpc	v1.76.0 -> v1.80.0
google.golang.org/protobuf	v1.36.10 -> v1.36.12-0.20260120151049-f2248ac996af
k8s.io/klog/v2	v2.130.1 -> v2.140.0
k8s.io/kube-openapi	v0.0.0-20250814151709-d7b6acb124c3 -> v0.0.0-20260317180543-43fb72c5454a
sigs.k8s.io/structured-merge-diff/v6	v6.3.0 -> v6.3.2