Updates k8s.io/kube-openapi from v0.0.0-20241212222426-2c72e554b1e7 to
v0.0.0-20260502001324-b7f5293f4787 across api, kyaml, and kustomize modules,
then propagates the change across all workspace modules via make workspace-sync.
The new kube-openapi release switched from the monolithic go-openapi/swag
(v0.23.0) to the refactored split sub-modules (go-openapi/swag/* v0.25.4).
The old swag carried github.com/mailru/easyjson as a dependency; the new
sub-modules do not. After go mod tidy, easyjson and josharian/intern are
fully removed from all three module graphs.
Also upgraded: github.com/google/gnostic-models v0.6.9 → v0.7.0 (pulled
in by the same kube-openapi update).
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
* update go 1.24.6
* fix non-constant format string error
* update golang.org/x/tools@v0.36.0 and github.com/golangci/golangci-lint@v1.64.8 to pass execute golangci-lint
* add a verpose diff output to prow test
* remove pluginator binary version from generated files
This includes the go-difflib and go-spew reverts, which means the
corresponding exclusions can be removed. cmd/gorepomod/go.mod loses a
number of indirect dependencies thanks to the spf13/viper cleanup, but
hack/go.mod gains a few.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
* workspace sync
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* downgrade go-difflib and go-spew to tagged releases
commit d35edbf80d updated these dependencies
to untagged versions. The diff in both dependencies show that there's no
code changes, and it's unlikely for those modules to do new releases.
Unfortunate, because of that change all projects depending on kubernetes
or any of it's modules now had to upgrade to unreleased versions of
these.
This patch reverts those updates (but it may take some time before
all other projects can be reverted).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---------
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Pin to v5.4.1 with sha256 as example of how to ensure supply-chain
security. Pulling the latest kustomize image or source is insecure
without checksum validation.
- Bump example image tag to v0.1.1
* Pin tool versions with hack/go.mod
This change centralizes the tracking of versions for tools used for
development and testing. This way, the tools and all their
dependencies have their checksums stored in hack/go.sum, which
improves supply chain security.
* Workspace Sync & Tidy
- go mod tidy (all modules)
- go work sync
- Fixed plugin generation for Go 1.21
- Updated linting for Go 1.21
- Fixed minecraft example for Helm v3 pull download path
- Update dev docs to mention Go 1.21
- Regenerate plugins with Go 1.21
```shell
go work sync
for i in $(find . -name go.mod); do (cd $(dirname $i); go mod tidy); done
```
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
