Bump NVIDIA/holodeck from 0.2.18 to 0.3.6

[dependabot]

Bumps NVIDIA/holodeck from 0.2.18 to 0.3.6.

Release notes

Sourced from NVIDIA/holodeck's releases.

v0.3.6

Changelog

• 046f543112017c71cec4e6c45c93a3157de01a50: chore(brew): bump holodeck to v0.3.5 ( <>)
• 9672fed3b9be2ca5c4a5e8bc5c1e71620f9eb659: feat(release): ship macOS via Homebrew Cask to avoid Tahoe sandbox bug (#835) (@​ArangoGutierrez)

v0.3.5

Changelog

• 5e99a9a67b2b94ca181543fd58ce4176601caee9: feat(release): make holodeck installable via Homebrew (#825) (@​ArangoGutierrez)

v0.3.4

Holodeck v0.3.4

A point release on top of v0.3.3 with two new features, a critical AL2023 CRI-O provisioner fix, and the usual round of dependency hygiene.

Highlights

• feat(api): Kubernetes.RemoteAccess for external kubeconfig access (#818)
• feat: holodeck skill command — catalog + claude/cursor/codex/gemini installers (#812)
• Add Ubuntu 26.04 support to the provisioner
• fix(provisioner): expose CRI-O bundled runtimes on PATH for AL2023 (#824) — required to unblock rpm-al2023 E2E after nvidia-container-toolkit 1.19.1 changed nvidia-ctk runtime configure --runtime=crio behavior

Features

• API: Kubernetes.RemoteAccess lets callers expose a kubeconfig outside the bastion (#818)
• CLI: holodeck skill catalog + per-IDE installers (Claude, Cursor, Codex, Gemini) (#812)
• Provisioner: Ubuntu 26.04 added to the supported OS family matrix

Fixes

• Provisioner: symlink the opensuse CRI-O package's bundled runc/crun/conmon/pinns from /usr/libexec/crio/ onto PATH on Amazon Linux 2023, so nvidia-ctk runtime configure --runtime=crio can infer and preserve the existing runtimes in 99-nvidia.toml. Without this, systemctl restart crio failed after toolkit install (#824).

Docs

• holodeck + AICR integration preview (provisioning + snapshot/recipe) (#819)

Dependency updates

• golang.org/x/crypto 0.50.0 → 0.52.0
• k8s.io/apimachinery bump
• github.com/onsi/ginkgo/v2 2.28.3 → 2.29.0
• github.com/onsi/gomega 1.40.0 → 1.41.0
• github.com/aws/aws-sdk-go-v2/service/ec2 multiple bumps
• github.com/aws/aws-sdk-go-v2/config bump
• Docker base: golang:1.26.2-bookworm → golang:1.26.3-bookworm

Full changelog: NVIDIA/holodeck@v0.3.3...v0.3.4

v0.3.3

What's Changed

... (truncated)

Changelog

Sourced from NVIDIA/holodeck's changelog.

Changelog

All notable changes to this project will be documented in this file.

[v0.3.2] - 2026-04-22

Bug Fixes

Provisioning

• fix containerd.io apt package install (#779)
• fix bug in NVIDIA Driver install script when package version is specified (#782)
• fix(nv-driver): strict post-install version check for pinned driver installs (#786)

[v0.3.1] - 2026-04-02

Bug Fixes

SSH Reliability

• fix: add SSH keepalive and handshake timeout (#772) — SSH connections now send keepalive probes every 30 seconds to prevent session drops during long operations (e.g., kubeadm init). A 15-second handshake timeout prevents connectOrDie from blocking indefinitely against hosts that accept TCP but never complete the SSH handshake.

AWS Resource Cleanup — Provider

• fix: HA NLB hairpin routing (#746, #762) — Control-plane nodes now use localhost:6443 for kubectl instead of the NLB endpoint, avoiding AWS NLB hairpin/loopback timeouts.
• fix: switch HA NLB to internal scheme (#760) — NLB uses internal scheme to keep traffic within the VPC.
• fix: handle InvalidInternetGatewayID.NotFound in IGW detach (#772) — The detach step now recognizes InvalidInternetGatewayID.NotFound alongside Gateway.NotAttached and skips retries.
• fix: handle NotFound errors in NLB/listener/target-group deletion (#772) — All NLB cleanup paths now check for LoadBalancerNotFound, ListenerNotFound, and TargetGroupNotFound, treating already-deleted resources as success.

AWS Resource Cleanup — Periodic Cleanup Action

• fix: NLB cleanup in periodic VPC cleaner (#762) — DeleteVPCResources now deletes NLB listeners, target groups, and load balancers before attempting subnet/IGW/VPC deletion, preventing DependencyViolation errors from NLB-owned ENIs.
• fix: revoke cross-referencing SG rules before deletion (#766) — Security groups that reference each other are now cleaned up by revoking all ingress/egress rules before attempting deletion.
• fix: treat InvalidVpcID.NotFound as success in VPC cleanup (#769) — VPCs that no longer exist are treated as successfully cleaned up.
• fix: suppress NotFound warnings in all cleanup delete functions (#772) — The periodic cleanup job no longer logs misleading warnings when IGWs, security groups, subnets, or route tables are already gone.

CI

• ci: update periodic cleanup and add manual trigger (#758, #765) — Periodic cleanup workflow uses the latest holodeck binary and supports manual dispatch.

[v0.3.0] - 2026-03-30

Features

Production-Grade Cluster Networking (#720–#728)

A complete overhaul of multi-node cluster networking for production workloads:

• Add cluster networking cache constants and struct fields (#720, @​ArangoGutierrez)
• Add public subnet for cluster mode (#723, @​ArangoGutierrez)
• Add Transport abstraction for SSH connections (#724, @​ArangoGutierrez)
• Separate control-plane and worker security groups (#725, @​ArangoGutierrez)
• Cleanup dual security groups on cluster delete (#726, @​ArangoGutierrez)
• Wire SSM transport for private-subnet cluster nodes (#727, @​ArangoGutierrez)

... (truncated)

Commits

• 9672fed feat(release): ship macOS via Homebrew Cask to avoid Tahoe sandbox bug (#835)
• 046f543 chore(brew): bump holodeck to v0.3.5
• 5e99a9a feat(release): make holodeck installable via Homebrew (#825)
• 483116e fix(provisioner): expose CRI-O bundled runtimes on PATH for AL2023 (#824)
• aaea804 chore(deps): Bump github.com/aws/aws-sdk-go-v2/config (#823)
• 4c151fb chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/ec2 (#822)
• 1263faa chore(deps): Bump golang.org/x/crypto from 0.51.0 to 0.52.0 (#821)
• 117571e docs(guides): add holodeck + AICR integration preview (provisioning + snapsho...
• 50d7138 feat: holodeck skill command (catalog + claude/cursor/codex/gemini installers...
• fb8f94a chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/ec2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)