Skip to content

Bump github.com/gardener/gardener to v1.143.0 and align Go dependencies#208

Merged
gardener-prow[bot] merged 2 commits into
gardener:masterfrom
ashwani2k:deps/renovate-batch-2026-05-25
May 27, 2026
Merged

Bump github.com/gardener/gardener to v1.143.0 and align Go dependencies#208
gardener-prow[bot] merged 2 commits into
gardener:masterfrom
ashwani2k:deps/renovate-batch-2026-05-25

Conversation

@ashwani2k

@ashwani2k ashwani2k commented May 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Consumes latest gardener/gardener release: v1.143.0
  • Aligns all Go module versions with what gardener/gardener@v1.143.0 uses
  • Bumps Go toolchain from 1.25.61.25.9 (matches gardener, never exceeds it)
  • Adds github.com/gardener/gardener/pkg/apis@v1.143.0 as a new direct dependency — required by the module split introduced in gardener v1.137.0 where pkg/apis became its own Go submodule
  • Updates helper import path in controllers/cluster/cluster_controller.go: pkg/apis/core/v1beta1/helperpkg/api/core/v1beta1/helper (moved per the same split)
  • Bumps golang.org/x/net to v0.55.0 to fix GO-2026-5026 (idna ASCII Punycode rejection bypass — reachable via GetScaleResource)
  • Updates Dockerfile base image from golang:1.25.7golang:1.25.9
  • Passes make verify, make sast, make build, make check-vulnerabilities

Modules bumped

Module Old New
github.com/gardener/gardener v1.136.2 v1.143.0
github.com/gardener/gardener/pkg/apis (new) v1.143.0
sigs.k8s.io/controller-runtime v0.22.5 v0.23.3
k8s.io/api v0.35.1 v0.35.5
k8s.io/apimachinery v0.35.1 v0.35.5
k8s.io/client-go v0.35.1 v0.35.5
k8s.io/utils old digest ff6756f316d2
github.com/gardener/machine-controller-manager v0.61.2 v0.61.3
github.com/onsi/gomega v1.39.1 v1.41.0
go.uber.org/zap v1.27.1 v1.28.0
google.golang.org/grpc v1.77.0 v1.80.0
github.com/moby/spdystream v0.5.0 v0.5.1
go.opentelemetry.io/otel v1.40.0 v1.43.0
github.com/go-jose/go-jose/v4 v4.1.3 v4.1.4
golang.org/x/net v0.54.0 v0.55.0 (security fix)

Renovate PRs applied

Renovate PRs skipped (ahead of gardener v1.143.0)

Go toolchain

1.25.61.25.9

Possible values:

  • category: breaking|feature|bugfix|doc|other
  • target_group: user|operator|developer|dependency
    -->
Bump github.com/gardener/gardener to v1.143.0 and align Go dependencies

@gardener-prow gardener-prow Bot added do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels May 25, 2026
@ashwani2k ashwani2k force-pushed the deps/renovate-batch-2026-05-25 branch from 83d9c52 to 03711fa Compare May 25, 2026 14:40
@gardener-prow gardener-prow Bot added cla: no Indicates the PR's author has not signed the cla-assistant.io CLA. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. and removed cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. cla: no Indicates the PR's author has not signed the cla-assistant.io CLA. labels May 25, 2026
@ashwani2k ashwani2k force-pushed the deps/renovate-batch-2026-05-25 branch from 03711fa to 569bb7f Compare May 25, 2026 14:52
@ashwani2k

ashwani2k commented May 25, 2026

Copy link
Copy Markdown
Contributor Author

/test pull-dependency-watchdog-unit

@ashwani2k ashwani2k requested review from shreyas-s-rao and unmarshall and removed request for shreyas-s-rao May 26, 2026 04:10
unmarshall
unmarshall approved these changes May 27, 2026
View reviewed changes

@unmarshall unmarshall left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good, because we are using the flow package from g/g we have to add the entire g/g dependency. We can remove that as it is not really needed and then change the dependency to g/g API go module only.

@gardener-prow gardener-prow Bot added the lgtm Indicates that a PR is ready to be merged. label May 27, 2026
@gardener-prow

gardener-prow Bot commented May 27, 2026

Copy link
Copy Markdown

LGTM label has been added.

DetailsGit tree hash: 97c05ecb7a80c0c433c3061446d05f74a6a9fd82

@gardener-prow gardener-prow Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 27, 2026
@unmarshall

unmarshall commented May 27, 2026

Copy link
Copy Markdown
Member

/approve

@gardener-prow

gardener-prow Bot commented May 27, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: unmarshall

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ashwani2k ashwani2k added the kind/task General task label May 27, 2026
@gardener-prow gardener-prow Bot removed the do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. label May 27, 2026
@gardener-prow gardener-prow Bot merged commit 4409299 into gardener:master May 27, 2026
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@unmarshall unmarshall unmarshall approved these changes

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/task General task lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ashwani2k @unmarshall