build(deps): bump the github-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the github-dependencies group with 9 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2/config	1.32.7	1.32.8
github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager	0.1.0	0.1.3
github.com/aws/aws-sdk-go-v2/service/ec2	1.279.2	1.289.1
github.com/elazarl/goproxy	1.7.2	1.8.2
github.com/google/cel-go	0.26.1	0.27.0
github.com/onsi/ginkgo/v2	2.27.5	2.28.1
github.com/onsi/gomega	1.39.0	1.39.1
github.com/operator-framework/api	0.37.0	0.39.0
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring	0.88.0	0.89.0

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.7 to 1.32.8

Commits

• 31c2f3f Release 2025-01-09
• ed70e6b Regenerated Clients
• 5aef5b0 Update partitions file
• 6e21e3f Update endpoints model
• 9017824 Update API model
• ebb7c02 retry net.ErrClosed by default (#2949)
• 19d2a28 Release 2025-01-08
• e153a59 Regenerated Clients
• 349cb94 Update endpoints model
• 740de30 Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.7 to 1.19.8

Commits

• 78fa10a Release 2025-02-05
• 2d65d97 Regenerated Clients
• 64e842d Update endpoints model
• f255e31 Update API model
• 68c4649 Track accountID endpoint mode in user-agent (#3000)
• c45eaac Release 2025-02-04
• 7aecaff Regenerated Clients
• a11e8e1 Update endpoints model
• 91f8178 Update API model
• d59b658 Release 2025-02-03
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager from 0.1.0 to 0.1.3

Commits

• d206334 Release 2020-10-26
• 59290c5 bump SDK core version and name
• 9984c37 update module go.sums
• 36fde8a checkpoint for release metadata
• 2a74240 tidy SDK module
• 1aeb416 update hand written modules smithy-go dep
• df7bd9a update endpoints
• 5f0f033 update api models
• 693e56c internal/repotools/cmd/makerelative: Support Relative Paths for Transitive De...
• cb36c8d Merge pull request #851 from aws/r53cust-fix
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ec2 from 1.279.2 to 1.289.1

Commits

• 03e49f7 Release 2026-02-16
• eb0ac66 Regenerated Clients
• 7902ad6 Update endpoints model
• ca03dda Update API model
• 09ac115 Release 2026-02-13
• ab1d333 Regenerated Clients
• 5947754 Update API model
• 3dca5e4 Release 2026-02-12
• 7caa4bd Regenerated Clients
• 14cc53e Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.94.0 to 1.96.0

Commits

• bdb98c5 Release 2026-01-28
• c878d57 Regenerated Clients
• 4f5d503 Update API model
• b7bf952 Feat release s3 transfer manager v2 (#3293)
• 0baa1dc Release 2026-01-27
• 11eae4b Regenerated Clients
• 297caa5 Update endpoints model
• 43d96e4 Update API model
• de58dc6 Release 2026-01-26
• dba39e6 Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/elazarl/goproxy from 1.7.2 to 1.8.2

Release notes

Sourced from github.com/elazarl/goproxy's releases.

v1.8.2

What's Changed

• Fix NewResponse writing HTTP/0.0 status lines in MITM mode by @​JamieMagee in elazarl/goproxy#749

New Contributors

• @​JamieMagee made their first contribution in elazarl/goproxy#749

Full Changelog: elazarl/goproxy@v1.8.1...v1.8.2

v1.8.1

What's Changed

• Use chunked response when http2 content length is missing by @​ErikPelli in elazarl/goproxy#742
• Always close request body, even with a custom response by @​ErikPelli in elazarl/goproxy#744
• Merge HTTPMitmConnect and MitmConnect actions by @​ErikPelli in elazarl/goproxy#743

Full Changelog: elazarl/goproxy@v1.8.0...v1.8.1

v1.8.0

What's Changed

• Fix typo in example code snippet by @​PrinceShaji in elazarl/goproxy#653
• Bump golang.org/x/net from 0.35.0 to 0.36.0 in /ext by @​dependabot[bot] in elazarl/goproxy#656
• Only chunk MITM response when body was modified by @​Skn0tt in elazarl/goproxy#720
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in elazarl/goproxy#728
• Bump golangci/golangci-lint-action from 6 to 9 by @​dependabot[bot] in elazarl/goproxy#725
• Fix keep alive logic and replace legacy response write logic by @​ErikPelli in elazarl/goproxy#734
• Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 in /ext by @​dependabot[bot] in elazarl/goproxy#708
• Bump github.com/coder/websocket from 1.8.12 to 1.8.14 in /examples by @​dependabot[bot] in elazarl/goproxy#711
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in elazarl/goproxy#709
• fix auth remote proxy in cascadeproxy by @​mcarbonneaux in elazarl/goproxy#664
• Fix linter configuration & issues by @​ErikPelli in elazarl/goproxy#735

New Contributors

• @​PrinceShaji made their first contribution in elazarl/goproxy#653
• @​Skn0tt made their first contribution in elazarl/goproxy#720
• @​mcarbonneaux made their first contribution in elazarl/goproxy#664

Full Changelog: elazarl/goproxy@v1.7.2...v1.8.0

Commits

• ffdf0b2 Fix NewResponse writing HTTP/0.0 status lines in MITM mode (#749)
• b343a9a Merge HTTPMitmConnect and MitmConnect actions and use the correct one based o...
• d6c78b7 Always close request body even if the proxy server had a custom response retu...
• c2d45c6 Reorganize funding section inside readme
• 44388f6 Use chunked response when http2 content length is missing (#742)
• 26d3e75 Fix linter configuration & issues (#735)
• 5f52967 fix auth remote proxy in cascadeproxy (#664)
• b81733c Bump actions/setup-go from 5 to 6 (#709)
• 2df6d8b Bump github.com/coder/websocket from 1.8.12 to 1.8.14 in /examples (#711)
• 1854770 Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 in /ext (#708)
• Additional commits viewable in compare view

Updates github.com/google/cel-go from 0.26.1 to 0.27.0

Release notes

Sourced from github.com/google/cel-go's releases.

Release v0.27.0

Release Summary

This release focuses on improving developer tooling and stability. Key highlights include significant enhancements to the REPL (YAML configuration support and parse-only evaluation), the addition of cost estimation for regex operations, and improved test coverage reporting.

On the stability front, this release addresses race conditions in reference types, improves namespace resolution, and ensures formatting directives align strictly with the CEL specification.

Note: This release includes a breaking change regarding how types are handled as variables. Please review the "Breaking Changes" section below.

⚠ Breaking Changes

Remove types as variables: The logic for handling types has been relaxed to support safe rollout of feature packages which introduce new types whose names may collide with existing variables. Please review your policies if you relied on types behaving strictly as variables in previous versions. [PR #1262](google/cel-go#1262)

Features & Enhancements

REPL & Tooling

• YAML Configuration: The REPL now supports reading and writing YAML environment configurations. [PR #1250](google/cel-go#1250)

• Parse-Only Mode: Added parse-only evaluation capabilities to the REPL. [PR #1254](google/cel-go#1254)

• Test Coverage: Introduced logic for CEL test coverage calculation and updated the reporter to handle error/unknown scenarios.[PR #1209](google/cel-go#1209) & [PR #1215](google/cel-go#1215)

Core Library

• Regex Costing: Added support for cost estimation and tracking within the regex library. [PR #1200](google/cel-go#1200)

• JSON Type Exposure: Exposed CEL JSON types to assist developers in converting to native values. [PR #1261](google/cel-go#1261)

• Policy Composition: Source information is now preserved during CEL policy composition, aiding in debugging. [PR #1253](google/cel-go#1253)

Extensibility:

• Updated extension option factory to resolve by ID (#1249).

• Refactored match output compiling to accept user-defined logic (#1246).

• Exposed Match source ID to callers (#1227).

Build & Maintenance

• Bazel: Migrated to use Bazel module only and improved configuration for dependent builds. [PR #1231](google/cel-go#1231) & [PR #1228](google/cel-go#1228)

• Cleanup: Removed strcase dependency, removed AppEngine code from REPL, and performed general linting. [PR #1230](google/cel-go#1230), #1216, #1251

Bug Fixes

• Concurrency: Fixed a race condition in the checker regarding reference types. [PR #1224](google/cel-go#1224)

• Namespace Resolution: Addressed an issue with namespace resolution. [PR #1256](google/cel-go#1256)

• Spec Compliance: Fixed formatting directives to fully support requirements documented in the cel-spec. [PR #1232](google/cel-go#1232)

... (truncated)

Commits

• 450089b Preserve source information during CEL policy composition. (#1253)
• c66b313 Remove types as variables to allow user-defined variables to shadow type decl...
• bff3a72 Expose the CEL JSON types to assist with conversion to native values (#1261)
• 559cbc9 Remove errant diff checked into a prior PR (#1260)
• fe26efa Simplify the disambiguation logic to a single boolean (#1263)
• 52280ba Clean up unused source info after checker rewrites the AST. (#1258)
• 3cb5705 Namespace resolution fix (#1256)
• 409bcbe Refactor match output compiling to accept user-defined logic. (#1246)
• e9f15ea Enable two var comprehension conformance tests. (#1255)
• 057fa1a Add parse only evaluation to REPL (#1254)
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.27.5 to 2.28.1

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

Commits

• 5d1d628 v2.28.1
• 676f985 update test mu language
• 8032100 appease go vet
• 41ca807 bump dependencies
• 2b2305b v2.28.0
• 71d2d89 feat: support component semantic version filtering
• 8cbbcb4 Fix doclink for ginkgo run
• See full diff in compare view

Updates github.com/onsi/gomega from 1.39.0 to 1.39.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.39.1

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

Commits

• 1a25a36 v1.39.1
• 406faee bump all deps
• See full diff in compare view

Updates github.com/operator-framework/api from 0.37.0 to 0.39.0

Release notes

Sourced from github.com/operator-framework/api's releases.

v0.39.0

Potentially Breaking Changes

#469 adds support for k8s 1.35, which necessitates some API changes.

What's Changed

• Fix k8s dependencies ci by @​grokspawn in operator-framework/api#469
• Bump sigs.k8s.io/controller-runtime from 0.23.0 to 0.23.1 in the k8s-dependencies group across 1 directory by @​dependabot[bot] in operator-framework/api#470
• move binary dependency management to bingo by @​grokspawn in operator-framework/api#471
• Bump github.com/google/cel-go from 0.26.1 to 0.27.0 by @​dependabot[bot] in operator-framework/api#472
• chore(deps): upgrade Go module dependencies (edge) by @​camilamacedo86 in operator-framework/api#473

Full Changelog: operator-framework/api@v0.38.0...v0.39.0

v0.38.0

What's Changed

• Bump the k8s-dependencies group with 4 updates by @​dependabot[bot] in operator-framework/api#461
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in operator-framework/api#462
• Update to golang 1.25 by @​tmshort in operator-framework/api#464
• Migrate away from ioutil by @​perdasilva in operator-framework/api#463
• 🌱 Upgrade controller-gen from v0.18.0 to v0.20.0 by @​camilamacedo86 in operator-framework/api#466
• Bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4 by @​dependabot[bot] in operator-framework/api#467

Full Changelog: operator-framework/api@v0.37.0...v0.38.0

Commits

• 884ff95 chore(deps): upgrade Go module dependencies (edge) (#473)
• c8bc31e Bump github.com/google/cel-go from 0.26.1 to 0.27.0 (#472)
• 0f51e11 move binary dependency management to bingo (#471)
• da8eedf Bump sigs.k8s.io/controller-runtime (#470)
• 8b52a3f Fix k8s dependencies ci (#469)
• 2dc4fea Bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4 (#467)
• 5fff887 🌱 Upgrade controller-gen from v0.18.0 to v0.20.0 (#466)
• 5367cbd Migrate away from ioutil (#463)
• dfd6338 Update to golang 1.25 (#464)
• aa24971 Bump actions/cache from 4 to 5 (#462)
• Additional commits viewable in compare view

Updates github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring from 0.88.0 to 0.89.0

Release notes

Sourced from github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's releases.

0.89.0 / 2026-02-05

• [ENHANCEMENT] Add hostNetwork field to the Alertmanager CRD. #8281
• [ENHANCEMENT] Add the crds and full-crds commands to the operator's binary. #8251
• [ENHANCEMENT] Report deprecated field usage in the Reconciled condition type. #8236
• [ENHANCEMENT] Avoid unnecessary reconciliation upon creation of the ThanosRuler StatefulSet. #8347
• [ENHANCEMENT] Add bodySizeLimit to the ScrapeConfig CRD. #8348
• [ENHANCEMENT] Support http_headers field in the Alertmanager Secret. #8357
• [ENHANCEMENT] Add the -kubelet-http-metrics flag to enable/disable the HTTP metrics port in the Kubelet endpoint (default=enabled). #8350
• [ENHANCEMENT] Include operator.prometheus.io/version annotation in the full version of CRDs. #8279
• [BUGFIX] Validate VictorOps global configuration in the Alertmanager CRD. #8020
• [BUGFIX] Validate Jira global configuration in the Alertmanager CRD. #8265
• [BUGFIX] Validate VictorOps receiver's URL in the AlertmanagerConfig CRD. #8258
• [BUGFIX] Validate Webex receiver's URL in the AlertmanagerConfig CRD. #8255
• [BUGFIX] Validate Jira receiver's URL configuration in the AlertmanagerConfig CRD. #8230
• [BUGFIX] Validate OpsGenie receiver configuration in the AlertmanagerConfig CRD. #8267
• [BUGFIX] Validate WeChat receiver configuration in the AlertmanagerConfig CRD. #8271
• [BUGFIX] Validate SNS receiver configuration in the AlertmanagerConfig CRD. #8217
• [BUGFIX] Validate Webex global configuration in the Alertmanager CRD. #7979
• [BUGFIX] Validate Telegram global configuration in the Alertmanager CRD. #8268
• [BUGFIX] Restore statefulset's labels if the creation fails with AlreadyExists. #8343
• [BUGFIX] Fix potential panic due to informer cache races. #8310
• [BUGFIX] Support probers defined with IPv6 addresses in the Probe CRD. #8354
• [BUGFIX] Prevent group and repeat intervals with zero duration from breaking Alertmanager. #8126
• [BUGFIX] Propagate all supported RocketChat attributes for AlertmanagerConfig CRD. #8016
• [BUGFIX] Add URL validation for WeChat receiver. #8256
• [BUGFIX] Add URL validation for SNS receiver. #8259
• [BUGFIX] Fix GCE service discovery for the ScrapeConfig CRD. #8284
• [BUGFIX] Avoid stale conditions in Alertmanager, ThanosRuler, Prometheus and PrometheusAgent resources. #8304
• [BUGFIX] Fix race condition when updating rule ConfigMaps. #8290
• [BUGFIX] Fix race condition when patching finalizers. #8323
• [BUGFIX] Reconcile ScrapeConfig resources when namespace selection changes. #8334

0.88.1 / 2026-01-27

• [BUGFIX] Validate webhookURL secret for MSTeams receiver in AlertmanagerConfig CRD. #8294
• [BUGFIX] Revert maximum version check for EC2/Lightsail SD in ScrapeConfig CRD. #8308
• [BUGFIX] Relax URL validation in Slack receiver in AlertmanagerConfig CRD to support Go templates. #8299 #8331
• [BUGFIX] Relax URL validation in PagerDuty in AlertmanagerConfig CRD to support Go templates. #8319
• [BUGFIX] Relax URL validation in WebhookConfig in AlertmanagerConfig CRD to support Go templates. #8307 #8317
• [BUGFIX] Relax URL validation in RocketChat receiver in AlertmanagerConfig CRD to support Go templates. #8318
• [BUGFIX] Relax URL validation in Pushover receiver in AlertmanagerConfig CRD to support Go templates. #8307 #8316

Changelog

Sourced from github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's changelog.

0.89.0 / 2026-02-05

• [ENHANCEMENT] Add hostNetwork field to the Alertmanager CRD. #8281
• [ENHANCEMENT] Add the crds and full-crds commands to the operator's binary. #8251
• [ENHANCEMENT] Report deprecated field usage in the Reconciled condition type. #8236
• [ENHANCEMENT] Avoid unnecessary reconciliation upon creation of the ThanosRuler StatefulSet. #8347
• [ENHANCEMENT] Add bodySizeLimit to the ScrapeConfig CRD. #8348
• [ENHANCEMENT] Support http_headers field in the Alertmanager Secret. #8357
• [ENHANCEMENT] Add the -kubelet-http-metrics flag to enable/disable the HTTP metrics port in the Kubelet endpoint (default=enabled). #8350
• [ENHANCEMENT] Include operator.prometheus.io/version annotation in the full version of CRDs. #8279
• [BUGFIX] Validate VictorOps global configuration in the Alertmanager CRD. #8020
• [BUGFIX] Validate Jira global configuration in the Alertmanager CRD. #8265
• [BUGFIX] Validate VictorOps receiver's URL in the AlertmanagerConfig CRD. #8258
• [BUGFIX] Validate Webex receiver's URL in the AlertmanagerConfig CRD. #8255
• [BUGFIX] Validate Jira receiver's URL configuration in the AlertmanagerConfig CRD. #8230
• [BUGFIX] Validate OpsGenie receiver configuration in the AlertmanagerConfig CRD. #8267
• [BUGFIX] Validate WeChat receiver configuration in the AlertmanagerConfig CRD. #8271
• [BUGFIX] Validate SNS receiver configuration in the AlertmanagerConfig CRD. #8217
• [BUGFIX] Validate Webex global configuration in the Alertmanager CRD. #7979
• [BUGFIX] Validate Telegram global configuration in the Alertmanager CRD. #8268
• [BUGFIX] Restore statefulset's labels if the creation fails with AlreadyExists. #8343
• [BUGFIX] Fix potential panic due to informer cache races. #8310
• [BUGFIX] Support probers defined with IPv6 addresses in the Probe CRD. #8354
• [BUGFIX] Prevent group and repeat intervals with zero duration from breaking Alertmanager. #8126
• [BUGFIX] Propagate all supported RocketChat attributes for AlertmanagerConfig CRD. #8016
• [BUGFIX] Add URL validation for WeChat receiver. #8256
• [BUGFIX] Add URL validation for SNS receiver. #8259
• [BUGFIX] Fix GCE service discovery for the ScrapeConfig CRD. #8284
• [BUGFIX] Avoid stale conditions in Alertmanager, ThanosRuler, Prometheus and PrometheusAgent resources. #8304
• [BUGFIX] Fix race condition when updating rule ConfigMaps. #8290
• [BUGFIX] Fix race condition when patching finalizers. #8323
• [BUGFIX] Reconcile ScrapeConfig resources when namespace selection changes. #8334

0.88.1 / 2026-01-27

• [BUGFIX] Validate webhookURL secret for MSTeams receiver in AlertmanagerConfig CRD. #8294
• [BUGFIX] Revert maximum version check for EC2/Lightsail SD in ScrapeConfig CRD. #8308
• [BUGFIX] Relax URL validation in Slack receiver in AlertmanagerConfig CRD to support Go templates. #8299 #8331
• [BUGFIX] Relax URL validation in PagerDuty in AlertmanagerConfig CRD to support Go templates. #8319
• [BUGFIX] Relax URL validation in WebhookConfig in AlertmanagerConfig CRD to support Go templates. #8307 #8317
• [BUGFIX] Relax URL validation in RocketChat receiver in AlertmanagerConfig CRD to support Go templates. #8318
• [BUGFIX] Relax URL validation in Pushover receiver in AlertmanagerConfig CRD to support Go templates. #8307 #8316

Commits

• e13fb15 chore: update go.mod files (#8361)
• cca237f chore: update go.mod files
• 1469a69 Merge pull request #8360 from simonpasquier/cut-0.89.0
• 2d28b87 chore: cut v0.89.0
• 5f5061e Merge pull request #8359 from prometheus-operator/dependabot/github_actions/i...
• f0259bc add URL validation for SNS receiver (#8259)
• 0262ae3 build(deps): bump imjasonh/setup-crane from 0.4 to 0.5
• 5e8d9c5 feat: integrate all supported rocketchat attributes for alertmanagerconfig CR...
• 69b3653 fix: validate nonzero duration in AlertmanagerConfig (#8126)
• 8eb57b7 fix: support IPv6 addresses in prober URL validation (#8354)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

Walkthrough

Dependency versions updated across go.mod, including AWS SDK v2, Kubernetes components, gRPC, OpenTelemetry, Prometheus, and related transitive dependencies to newer patch and minor releases.

Changes

Cohort / File(s)	Summary
Go Module Dependencies go.mod	Upgraded versions for AWS SDK v2 modules (config, credentials, transfermanager, ec2, s3), Kubernetes client-go and controller-runtime, gRPC/grpc-gateway, OpenTelemetry instrumentation packages, Prometheus, and related transitive dependencies. Non-functional version bumps across multiple dependency ecosystems.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/go_modules/github-dependencies-a15a01a54c

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign muraee for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 118: The controller-runtime version change to
sigs.k8s.io/controller-runtime v0.23.1 conflicts with an existing replace pin to
v0.19.7 and other deps (cluster-api v1.10.4, operator-framework/api v0.39.0,
Kubernetes v0.35.0); either revert the controller-runtime update in go.mod to
the previous compatible version or remove the replace directive forcing v0.19.7
and complete the required webhook.Validator migration before bumping
controller-runtime; update go.mod so controller-runtime, cluster-api,
operator-framework/api, and Kubernetes versions are mutually compatible (or
configure Dependabot to ignore controller-runtime until migration is done) and
ensure any code changes for webhook.Validator are implemented in the codebase
before removing the replace.
- Line 45: The go.mod upgrade to github.com/google/cel-go v0.27.0 may break
“types as variables” behavior and operator-framework/api v0.39.0 upgrades
Kubernetes deps—verify compatibility by locating the dependency line
"github.com/google/cel-go v0.27.0" and the operator-framework api bump, search
for any CEL policy code or admission/validation logic that treats types as
variables (e.g., policy expressions or code using cel.Env/Program creation), and
either (a) update those expressions to the new CEL semantics or (b) pin revert
the cel-go version until you can update policies; also run full unit/integration
tests against k8s API versions referenced by operator-framework/api v0.39.0, run
go mod tidy and go test, and if needed update CRD schemas to match
controller-runtime/k8s.io dependency changes before merging.
- Around line 94-101: The go.mod pins controller-runtime v0.19.7 which is not
compatible/tested with the k8s.io/* v0.35.0 modules; update to a
controller-runtime version that supports k8s.io v0.35 (e.g., controller-runtime
v0.22+), then run go mod tidy and fix any API changes (notably migrate usages of
webhook.Validator referenced in your code to the new webhook admission APIs) OR,
if you choose to keep v0.19.7, add a clear comment and project documentation
stating the known unsupported dependency combination (controller-runtime v0.19.7
vs k8s.io/* v0.35.0) and accept the testing/support implications.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n go.mod | head -80

Repository: openshift/hypershift

Length of output: 4538

---

🌐 Web query:

google/cel-go v0.27.0 release notes changelog

💡 Result:

google/cel-go v0.27.0 — release notes / changelog (released Jan 30, 2026)

Breaking change

• Remove “types as variables”: type-handling logic was relaxed to avoid collisions with newly introduced types; policies relying on types behaving as variables may need updates. [1]

Features & enhancements

• REPL/tooling
  • YAML env configuration read/write support. [1]
  • “Parse-only” evaluation mode. [1]
  • CEL test coverage calculation + reporter updates for error/unknown cases. [1]
• Core library
  • Regex cost estimation/tracking. [1]
  • Exposed CEL JSON types to help convert to native values. [1]
  • Preserve source info during policy composition (better debugging). [1]
• Extensibility
  • Extension option factory resolves by ID; match output compiling refactor; expose match source ID. [1]
• Build/maintenance
  • Bazel: migrate to Bazel module only + dependent-build config improvements; cleanup/linting (incl. removing strcase dep and AppEngine REPL code). [1]

Bug fixes

• Fix race condition in checker for reference types. [1]
• Fix namespace resolution issue. [1]
• Formatting directives aligned with CEL spec requirements. [1]

Full changelog: v0.26.1...v0.27.0 (GitHub release page). [1]

Sources: [1]

---

🌐 Web query:

operator-framework/api v0.39.0 release notes changelog breaking changes

💡 Result:

operator-framework/api v0.39.0 — release notes / changelog / breaking changes

Potentially breaking changes

• Kubernetes 1.35 support (k8s 0.35.0): v0.39.0 “adds support for k8s 1.35”, and this requires some API changes. (github.com)
  • In practice, this lands as updated k8s deps (e.g., k8s.io/api, k8s.io/apimachinery, k8s.io/client-go → 0.35.0) and controller-runtime → 0.23.x. (github.com)
  • The PR behind this includes CRD schema/content updates aligned to newer Kubernetes API behavior (examples visible in the diff include updated toleration operator docs and other schema text/fields changes). (github.com)

What changed (from the GitHub release entry)

• Fix k8s dependencies CI (#469) (github.com)
• Bump sigs.k8s.io/controller-runtime 0.23.0 → 0.23.1 (#470) (github.com)
• Move binary dependency management to bingo (#471) (github.com)
• Bump github.com/google/cel-go 0.26.1 → 0.27.0 (#472) (github.com)
• Upgrade Go module dependencies (“edge”) (#473) (github.com)

Full changelog / compare

• GitHub “Full Changelog” compare: v0.38.0...v0.39.0. (github.com)

Citations:

• 1: https://github.com/operator-framework/api/releases/tag/v0.39.0
• 2: Fix k8s dependencies ci operator-framework/api#469
• 3: https://github.com/operator-framework/api/pull/469/files
• 4: https://github.com/operator-framework/api/releases/tag/v0.39.0
• 5: https://github.com/operator-framework/api/releases/tag/v0.39.0
• 6: https://github.com/operator-framework/api/releases/tag/v0.39.0
• 7: https://github.com/operator-framework/api/releases/tag/v0.39.0
• 8: https://github.com/operator-framework/api/releases/tag/v0.39.0
• 9: https://github.com/operator-framework/api/releases/tag/v0.39.0

---

🌐 Web query:

prometheus-operator v0.89.0 release notes changelog

💡 Result:

prometheus-operator v0.89.0 — changelog (released 2026-02-05)

Enhancements

• Add hostNetwork field to the Alertmanager CRD. (github.com)
• Add crds and full-crds commands to the operator binary. (github.com)
• Report deprecated field usage in the Reconciled condition type. (github.com)
• Avoid unnecessary reconciliation on ThanosRuler StatefulSet creation. (github.com)
• Add bodySizeLimit to the ScrapeConfig CRD. (github.com)
• Support http_headers field in the Alertmanager Secret. (github.com)
• Add -kubelet-http-metrics flag (default enabled) for the Kubelet endpoint HTTP metrics port. (github.com)
• Include operator.prometheus.io/version annotation in the full version of CRDs. (github.com)

Bug fixes

• Add/extend validation for multiple Alertmanager + AlertmanagerConfig integrations (e.g., VictorOps, Jira, Webex, OpsGenie, WeChat, SNS, Telegram, RocketChat). (github.com)
• Restore StatefulSet labels if creation fails with AlreadyExists. (github.com)
• Fix potential panic due to informer cache races. (github.com)
• Support IPv6 addresses for probers in the Probe CRD. (github.com)
• Prevent zero-duration group/repeat intervals from breaking Alertmanager. (github.com)
• Fix GCE service discovery for the ScrapeConfig CRD. (github.com)
• Avoid stale conditions in Alertmanager, ThanosRuler, Prometheus, PrometheusAgent. (github.com)
• Fix race conditions updating rule ConfigMaps and patching finalizers. (github.com)
• Reconcile ScrapeConfig resources when namespace selection changes. (github.com)

If you want, tell me whether you prefer full raw notes (verbatim list) or a grouped summary by area (CRDs, reconciliation behavior, validations, etc.).

Citations:

• 1: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 2: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 3: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 4: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 5: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 6: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 7: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 8: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 9: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 10: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 11: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 12: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 13: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 14: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 15: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 16: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0
• 17: https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.89.0

---

Verify compatibility with cel-go v0.27.0 breaking change before upgrading.

The google/cel-go v0.27.0 release introduces a breaking change: removal of "types as variables" support. Policies relying on types behaving as variables will require updates. This is especially relevant since operator-framework/api v0.39.0 also bumps cel-go to 0.27.0, so both upgrades carry this risk.

Additionally, operator-framework/api v0.39.0 includes Kubernetes 1.35 support with dependency updates (k8s.io/api, k8s.io/apimachinery, k8s.io/client-go → 0.35.0; controller-runtime → 0.23.x) and CRD schema changes—verify these align with your Kubernetes version and usage patterns.

The prometheus-operator v0.89.0 release contains enhancements and bug fixes without breaking changes; no action required beyond standard testing.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 45, The go.mod upgrade to github.com/google/cel-go v0.27.0
may break “types as variables” behavior and operator-framework/api v0.39.0
upgrades Kubernetes deps—verify compatibility by locating the dependency line
"github.com/google/cel-go v0.27.0" and the operator-framework api bump, search
for any CEL policy code or admission/validation logic that treats types as
variables (e.g., policy expressions or code using cel.Env/Program creation), and
either (a) update those expressions to the new CEL semantics or (b) pin revert
the cel-go version until you can update policies; also run full unit/integration
tests against k8s API versions referenced by operator-framework/api v0.39.0, run
go mod tidy and go test, and if needed update CRD schemas to match
controller-runtime/k8s.io dependency changes before merging.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# First, check the go.mod file structure and locate the referenced dependencies
cat -n go.mod | tail -150

Repository: openshift/hypershift

Length of output: 9380

---

🏁 Script executed:

# Search for controller-runtime and cluster-api in go.mod with context
rg -A 2 -B 2 "(controller-runtime|cluster-api)" go.mod

Repository: openshift/hypershift

Length of output: 1623

---

🏁 Script executed:

# Also check the exact lines mentioned in the review (if they exist)
sed -n '310,340p' go.mod

Repository: openshift/hypershift

Length of output: 1686

---

🌐 Web query:

controller-runtime v0.19.7 Kubernetes v0.35.0 compatibility

💡 Result:

controller-runtime v0.19.7 is not considered compatible (supported/tested) with Kubernetes Go modules k8s.io/* v0.35.0 (including k8s.io/apimachinery v0.35.0).

• The controller-runtime project’s published compatibility guidance says each controller-runtime minor version is tested with a specific client-go / k8s.io/ minor*, and other combinations are “by chance” and not supported nor tested. It also lists controller-runtime v0.19 ↔ k8s.io/ v0.31* (not v0.35). [1]
• k8s.io/apimachinery v0.35.x is a newer module line (e.g., v0.35.1 published Dec 4, 2025), and v0.35.0 exists as well. [2][3]

What to do: use a controller-runtime minor that matches k8s.io/* v0.35 (or downgrade your k8s.io/* deps to v0.31.x if you must stay on controller-runtime v0.19.x). The latest compatibility table visible on pkg.go.dev only goes up to controller-runtime v0.22 ↔ k8s.io/ v0.34*, so you’ll likely need a newer controller-runtime than v0.22 for v0.35. [1]

Sources:
[1] https://pkg.go.dev/sigs.k8s.io/controller-runtime
[2] https://pkg.go.dev/k8s.io/apimachinery/pkg
[3] https://git.autistici.org/smol/assetmon/-/merge_requests/24

---

🌐 Web query:

Kubernetes v0.35.0 release notes breaking changes

💡 Result:

Kubernetes itself doesn’t have a v0.35.0 release line; v0.35.0 is the Go module tag used by k8s.io/client-go / k8s.io/apimachinery / k8s.io/api that corresponds to Kubernetes v1.35.0. [1]

Kubernetes / k8s.io v0.35.0 (Kubernetes v1.35.0) breaking / action-required changes

• cgroup v1 support is removed: on nodes that only have cgroup v1, the kubelet will fail to start; you must migrate/enable cgroup v2 before upgrading. [2]
• Dynamic Resource Allocation (DRA) is now always enabled (it was GA in v1.34 but could be disabled; in v1.35 it can’t). If you relied on turning it off, that behavior changes in v1.35. [3]

Not breaking immediately, but important upgrade-impact notes in the v1.35 notes

• kube-proxy IPVS mode is deprecated (still present, but now warns; migration to nftables is recommended). [2]
• v1.35 is the last Kubernetes release supporting containerd v1.x; you must move to containerd 2.0+ before upgrading beyond v1.35. [2]

Sources:
[1] kubernetes/client-go README (versioning; v0.x.y tags match Kubernetes v1.x.y) (github.com)
[2] Kubernetes v1.35 release blog (cgroup v1 removal, IPVS deprecation, containerd v1.x final call) (kubernetes.io)
[3] Kubernetes v1.35 release blog (DRA “always enabled”) (kubernetes.io)

Citations:

• 1: https://github.com/kubernetes/client-go?utm_source=openai
• 2: https://kubernetes.io/blog/2025/12/17/kubernetes-v1-35-release/
• 3: https://kubernetes.io/blog/2025/12/17/kubernetes-v1-35-release/

---

Confirm: controller-runtime v0.19.7 is unsupported with k8s.io/ v0.35.0 dependencies.*

The pinned controller-runtime v0.19.7 (line 335) is not tested or supported with the k8s.io modules at v0.35.0 (k8s.io/api, k8s.io/apimachinery, k8s.io/apiserver, k8s.io/client-go, k8s.io/component-base). Official compatibility guidance states controller-runtime v0.19 is tested only with k8s.io/* v0.31.

The code comment at line 334 ("webhook.Validator deprecation in v0.20 breaks everything") indicates this is a deliberate trade-off: downgrading from v0.23.1 to v0.19.7 to avoid API breaking changes. However, this creates an unsupported/untested dependency combination.

Options to resolve:

1. Update controller-runtime to a version supporting k8s.io/* v0.35 (v0.22+ likely required) and address webhook.Validator deprecation migration
2. Or explicitly document and accept this as a known incompatibility with testing/support implications

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 94 - 101, The go.mod pins controller-runtime v0.19.7
which is not compatible/tested with the k8s.io/* v0.35.0 modules; update to a
controller-runtime version that supports k8s.io v0.35 (e.g., controller-runtime
v0.22+), then run go mod tidy and fix any API changes (notably migrate usages of
webhook.Validator referenced in your code to the new webhook admission APIs) OR,
if you choose to keep v0.19.7, add a clear comment and project documentation
stating the known unsupported dependency combination (controller-runtime v0.19.7
vs k8s.io/* v0.35.0) and accept the testing/support implications.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# Read the go.mod file to verify the claims about line 118 and line 335
head -130 go.mod | tail -15
echo "---"
tail -20 go.mod

Repository: openshift/hypershift

Length of output: 1602

---

🏁 Script executed:

# Get complete line context around the critical lines
sed -n '110,130p' go.mod
echo "--- Replace section ---"
sed -n '330,340p' go.mod

Repository: openshift/hypershift

Length of output: 1535

---

🏁 Script executed:

# Check what version of controller-runtime cluster-api v1.10.4 requires
echo "=== Checking cluster-api v1.10.4 controller-runtime requirement ==="
curl -sL "https://raw.githubusercontent.com/kubernetes-sigs/cluster-api/v1.10.4/go.mod" 2>/dev/null | grep -A2 -B2 'controller-runtime'

echo -e "\n=== Checking operator-framework/api v0.39.0 controller-runtime requirement ==="
curl -sL "https://raw.githubusercontent.com/operator-framework/api/v0.39.0/go.mod" 2>/dev/null | grep -A2 -B2 'controller-runtime'

Repository: openshift/hypershift

Length of output: 505

---

🏁 Script executed:

# Check the actual K8s version requirements from controller-runtime v0.19.7 and v0.23.1
echo "=== Controller-runtime v0.19.7 K8s requirements ==="
curl -sL "https://raw.githubusercontent.com/kubernetes-sigs/controller-runtime/v0.19.7/go.mod" 2>/dev/null | grep -E 'k8s.io/(api|apimachinery|client-go|component-base)' | head -5

echo -e "\n=== Controller-runtime v0.23.1 K8s requirements ==="
curl -sL "https://raw.githubusercontent.com/kubernetes-sigs/controller-runtime/v0.23.1/go.mod" 2>/dev/null | grep -E 'k8s.io/(api|apimachinery|client-go|component-base)' | head -5

Repository: openshift/hypershift

Length of output: 450

---

🏁 Script executed:

# Verify the exact K8s version in hypershift's go.mod
echo "=== K8s component versions in hypershift go.mod ==="
grep -E 'k8s.io/(api|apimachinery|client-go|apiserver|component-base)' go.mod | head -10

Repository: openshift/hypershift

Length of output: 364

---

🏁 Script executed:

# Double-check cluster-api version dependency constraint
echo "=== Full cluster-api entry in go.mod ==="
grep 'sigs.k8s.io/cluster-api' go.mod | grep -v '//'

Repository: openshift/hypershift

Length of output: 705

---

Controller-runtime version update creates critical dependency conflicts.

The update to sigs.k8s.io/controller-runtime v0.23.1 cannot coexist with the replace directive forcing v0.19.7. This creates multiple incompatibilities:

• cluster-api v1.10.4 requires controller-runtime v0.20.4 or higher; v0.19.7 will not work
• operator-framework/api v0.39.0 requires controller-runtime v0.23.1; v0.19.7 will not work
• Kubernetes v0.35.0 (used throughout go.mod) requires controller-runtime v0.20.x or higher; v0.19.7 only supports K8s v0.31.0

Keeping the replace directive pinned to v0.19.7 while updating K8s components to v0.35.0 and cluster-api to v1.10.4 will cause build failures. The webhook.Validator migration must be completed before updating controller-runtime, or this change should be reverted and Dependabot configured to ignore controller-runtime updates until the migration is complete.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 118, The controller-runtime version change to
sigs.k8s.io/controller-runtime v0.23.1 conflicts with an existing replace pin to
v0.19.7 and other deps (cluster-api v1.10.4, operator-framework/api v0.39.0,
Kubernetes v0.35.0); either revert the controller-runtime update in go.mod to
the previous compatible version or remove the replace directive forcing v0.19.7
and complete the required webhook.Validator migration before bumping
controller-runtime; update go.mod so controller-runtime, cluster-api,
operator-framework/api, and Kubernetes versions are mutually compatible (or
configure Dependabot to ignore controller-runtime until migration is done) and
ensure any code changes for webhook.Validator are implemented in the codebase
before removing the replace.

[openshift-ci]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	83cc8ba	link	true	/test verify
ci/prow/okd-scos-images	83cc8ba	link	true	/test okd-scos-images
ci/prow/unit	83cc8ba	link	true	/test unit
ci/prow/images	83cc8ba	link	true	/test images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.