Renovate: Update External dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/gardener/gardener	v1.133.0 → v1.142.0
github.com/onsi/ginkgo/v2	v2.27.2 → v2.28.3
github.com/onsi/gomega	v1.38.2 → v1.40.0
go.uber.org/zap	v1.27.1 → v1.28.0
golang.org/x/sync	v0.18.0 → v0.20.0
sigs.k8s.io/controller-runtime	v0.22.4 → v0.24.0

---

Release Notes

gardener/gardener (github.com/gardener/gardener)

v1.142.0

Compare Source

[github.com/gardener/gardener:v1.142.0]

⚠️ Breaking Changes

• [OPERATOR] With the discontinued support of Kubernetes 1.31, the API group settings.gardener.cloud was completely removed from the Gardener API.
  Earlier, this API group contained the resources OpenIDConnectPreset and ClusterOpenIDConnectPreset which have been unsupported since Kubernetes 1.32.
  Please make sure to clean up all OpenIDConnectPreset and ClusterOpenIDConnectPreset objects and automations before upgrading to this version. by @​timuthy [#​14615]
• [OPERATOR] ⚠️ Gardener does no longer support Garden, Seed, or Shoot clusters with Kubernetes version 1.31. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @​timuthy [#​14615]
• [USER] The deprecated gardener/controlplane Helm chart has been removed. Use gardener-operator to deploy Gardener instead. by @​rfranzke [#​14614]
• [DEVELOPER] The make operator-seed-{up,dev,down} targets have been renamed to make gardener-{up,dev,down}. make kind-{up,down} is now an alias for make kind-single-node-{up,down}. All local development scenarios that were previously based on the legacy gardener/controlplane Helm chart are now based on gardener-operator. by @​rfranzke [#​14614]
• [DEVELOPER] In case you're using the remote development setup, the kubeconfig of the remote cluster you're using as seed is no longer expected in /dev-setup/remote/kubeconfigs/kubeconfig but in dev-setup/kubeconfigs/remote/kubeconfig. by @​rfranzke [#​14614]
• [DEVELOPER] ./hack/usage/generate-admin-kubeconfig.sh has been merged into ./hack/usage/generate-kubeconfig.sh. Use ./hack/usage/generate-kubeconfig.sh --help to learn about the usage. by @​rfranzke [#​14614]

📰 Noteworthy

• [OPERATOR] DisableNginxIngressInGarden allows to disable nginx-ingress in a Garden runtime cluster managed by gardener-operator. by @​ScheererJ [#​14636]
• [OPERATOR] DisableNginxIngressInSeed allows to disable nginx-ingress in Seed clusters. by @​ScheererJ [#​14636]
• [OPERATOR] DisableNginxIngressInShoot allows to disable nginx-ingress for Shoot clusters:
  • If set for gardener-apiserver, it disallows creation of new Shoot clusters with the nginx-ingress addon enabled and it prevents existing shoot clusters from enabling it. Shoot cluster, which already have the addon enabled, are left as is.
  • If set for gardener-controller-manager, it disables the nginx-ingress addon for all Shoot clusters during their next maintenance period. by @​ScheererJ [#​14636]
• [OPERATOR] The propagateCAFromKubeAPIServerSNI field was added to the GardenerDashboardConfig API. When the kube-apiserver SNI endpoint uses a private/custom CA, set this field to true to include the CA certificate in the dashboard's apiServerCaData. This makes the behavior introduced in #​14217 opt-in, preserving transparent CA rotation for publicly trusted certificates. by @​petersutter [#​14637]
• [OPERATOR] The gardener-operator now deploys an extensionsv1alpha1.BackupEntry alongside the BackupBucket when etcd backup is configured (when BackupEntryForGarden feature gate is enabled), aligning the garden controller with the same extension contract that shoot clusters use for backup credential management. by @​rfranzke [#​14628]
• [OPERATOR] When backup is configured in the Garden resource, the gardener-operator now requires a BackupEntry controller registration in the operator.gardener.cloud/v1alpha1.Extension resource of the backup provider when the new BackupEntryForGarden feature gate is enabled. If the Extension object for the provider does not yet include BackupEntry in .spec.resources, it must be added before upgrading gardener-operator. All provider extensions should also enable their BackupEntry controllers when running in the garden runtime cluster. by @​rfranzke [#​14628]
• [DEVELOPER] The local gardenadm development setup for the unmanaged infrastructure scenario now uses GinD (Gardener-in-Docker) instead of KinD. Refer to the updated documentation for details. by @​rfranzke [#​14700]

✨ New Features

• [USER] The Shoot API now supports configuring cluster-autoscaler's maxBinpackingTime flag for specifying a longer duration to be spent on binpacking for scale-up. by @​takoverflow [#​14698]
• [DEVELOPER] ManagedResources that use the resources.gardener.cloud/delete-on-invalid-update annotation can now also specify the deletion propagation with the annotation resources.gardener.cloud/deletion-propagation-on-invalid-update by @​maboehm [#​14642]

🐛 Bug Fixes

• [OPERATOR] An issue causing the guestbook TM test to fail against IPv6 Shoot clusters in now fixed. by @​plkokanov [#​14701]
• [OPERATOR] The secret used for the kube-rbac-proxy for the opentelemetry-collector is now deployed for all shoot clusters, independent of whether node logging is enabled or not. by @​iypetrov [#​14428]
• [OPERATOR] A bug has been fixed where the EveryNodeReadyCondition was showing and error for self-hosted shoots on unmanaged infrastructure. by @​tobschli [#​14665]
• [OPERATOR] The systemdunitcheck controller now correctly treats systemd units that are in a failed state but explicitly disabled as healthy. by @​cerealsnow [#​14733]
• [OPERATOR] Errors during resource deletion caused by missing CRDs are now ignored by @​matthias-horne [#​14645]
• [USER] Rotating the etcd encryption key tolerates unavailable APIServices. by @​robinschneider [#​14679]
• [DEPENDENCY] The reconcileSeedWebhookConfig function now correctly reconciles both MutatingWebhookConfiguration and ValidatingWebhookConfiguration for extensions that register both mutating and validating admission webhooks. Previously, only the first configuration was reconciled due to a premature return in the loop. by @​Roncossek [#​14664]

🏃 Others

• [OPERATOR] Add resourceId for image istio-basic-auth-server to fix overwrite image lookup by @​MartinWeindel [#​14716]
• [OPERATOR] Certain best-practice Envoy settings for HTTP2 protocol options have been applied to istio-ingressgateways. by @​oliver-goetz [#​14678]
• [OPERATOR] The images of the registry caches used in the dev setups are now updated to distribution/distribution@v3.1.0. by @​dimitar-kostadinov [#​14718]
• [OPERATOR] The Prometheus health check rule evaluation interval has been reduced from 60s to 5s for faster detection of health check state changes. by @​vicwicker [#​14662]
• [OPERATOR] The garden Prometheus maximum metric retention has been increased to 30 days. by @​vicwicker [#​14657]
• [DEVELOPER] The TM tests no longer rely on the nginx-ingress addon for any Kubernetes release. by @​ScheererJ [#​14643]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/ext-authz-server from v0.2.0 to v0.3.0. Release Notes by @​gardener-ci-robot [#​14725]
• [DEPENDENCY] The following dependencies have been updated:
  • registry.k8s.io/coredns/coredns from v1.14.2 to v1.14.3. by @​gardener-ci-robot [#​14724]
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from distroless-v1.37.2 to v1.38.0. Release Notes by @​gardener-ci-robot [#​14674]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/cortexproject/cortex from v1.20.1 to v1.21.0. by @​gardener-ci-robot [#​14695]
• [DEPENDENCY] The following dependencies have been updated:
  • registry.k8s.io/dns/k8s-dns-node-cache from 1.26.7 to 1.26.8. by @​gardener-ci-robot [#​14659]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/prometheus/alertmanager from v0.32.0 to v0.32.1. by @​gardener-ci-robot [#​14732]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.6.0 to 2.7.1. by @​gardener-ci-robot [#​14699]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/brancz/kube-rbac-proxy from v0.21.2 to v0.22.0. by @​gardener-ci-robot [#​14703]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.83.11 to 1.84.1. Release Notes by @​marc1404 [#​14771]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:1eb5d65be651660ff2e4dd3012315ab4f8feac3b94af8e321f833e0848ab69c4
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:f926858481411ed15cc1a31be14b214e764f882163c764e23def1c1fe1d9daf6
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:0e02ebedbe9ed6a34dc99736a6e41b45ad5b730f564b1eaa848d5f156e11e311
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:1815b4550cbd1f2c6c4b7d50ac6e092e3ad3e6f207de9666ad889243bb0988f8
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:7234f2705acad476e26c663eb8d589770e7f77108eeeb28fa33a38c07908c0f3
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:f5a956378f5fba34b51ca828e0f1c448b11a9e27f65633ec73874d695231689c
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:3b7c03096e6f8de1fee49ec62a17849aeae261b67751871da0dc635764d689b5
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:fc7085b785212951f63bfaa63bbea9d019cdc7f66735c2fc2dcec753f01bb70a
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:34f283da125518e68415117b86c926ed5b103ec88a4c82c2602399172dc5d70a
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:d7f1c555d75bc17c1a3c3fc6c6034fd9e934396a455d8e4df2c03021f4921438
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:5c26ac6437adcfcd20aeab1a233d29d774980fc4d8f1801ffde480fb4a893635
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:7b518fb710dc7cc187784d621fe5deb7e5d3032623233768232596b5a575db0f
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:13c624f9dfbf1b6b146f314b8da20b5edde93a4c4c14ddbb0d4424555e04f138
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:22549456a978c9ff74e6b79252abb655e3926b36c0bfdc8714c127f412c800f1
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:9769cc9338182588139cb6a6d3c39ad79f9a0a27a3bc447c3b1c0292b1968391
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:a8745e5d63dc898d042ccbad0947cc617e5624bf1165bb8bf90744dcbcd91471
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:0a6ec2623516f5c20d688b379c0ee075ed81deff5509abb600569182fd5c9add
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:57694de6715aae8751988b140957adff88db9b020f01cecac1f0cf42b5ad27c5

Helm Charts

• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.142.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.142.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.142.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.142.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.142.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.142.0
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.142.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.142.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.142.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.142.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.142.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.142.0

v1.141.2

Compare Source

[github.com/gardener/gardener:v1.141.2]

🐛 Bug Fixes

• [OPERATOR] The systemdunitcheck controller now correctly treats systemd units that are in a failed state but explicitly disabled as healthy. by @​cerealsnow [#​14735]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:5dd670caa5309d8b06b460b71f33725b8bfcb25aeda6b3ee64a6db918193a67d
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:933d25c394b74a6ac0fcfd5b6e678935602f8aa84351df2798043da37109dfd8
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:9781050578e62778b20ba950f7d43045b150c7b6d0214a38b43dc61c4bebbd46
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:dcedc5a442e8c821cb2f18914a408b87ad9e23f950bb3a4eb8ecf3bb9e96ada2
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:a95ecd742a1a0a489a92130a31e07a8c1d66a734c1cdf8d1709765473d67e941
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:e45ba9cc83a504ac48831a51121412d706a4d1790dd6d0635e0e5cf5456fe98f
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:122515831cb6ec9981fbbaa9a45c8e4356077ddb824c561a4341f9c6a3197d40
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:6678b6c8a9c982f5d8d2b9e23559badaa0382ea23400129b28cc313091678ef2
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:a7fa8035167b9570a725a4e39ee10396ee57c6909b02688dfe56f0629944f851
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:e2c4afe9f2b0209660104da05f25cd71830b10fc16d6261e35d3a4ab9891ccbb
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:9859d4465d38f82463ba1c96087a99210b6b16ab49f506888155d93c024839b5
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:cbf63ae7bad9d390cd84fb67d2accc04b4ab5c183348a348b2ec07e1939f300c
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:593456a34d5c363a25270ee46a89d0ad362033ff8e3d7feb97c4decf2a2910eb
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:82c7af01130929040201be55b8655223cc75f203422aa849d8f8859729370133
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:0f06b6c79b939f097da495f51593df2846f1bc7a35cbb847c721a4dd596071aa
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:9108e978171f8121c32219c222d61151494fd5f90668342bbe117c9ac397292a
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:39ebd15a2e3c45c25b36972820ce1a6d91aa0f7ec02713e19b9a42ad97224b39
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:a59564c628591b8785fb69c03cb84a936a4674a6e4429f28779ee93dc2e596aa

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.141.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.141.2
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.141.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.141.2

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.141.2
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.141.2
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.141.2
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.141.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.141.2
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.141.2
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.141.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.141.2
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.141.2

v1.141.1

Compare Source

[github.com/gardener/gardener:v1.141.1]

🐛 Bug Fixes

• [OPERATOR] An issue causing the guestbook TM test to fail against IPv6 Shoot clusters in now fixed. by @​plkokanov [#​14705]
• [DEPENDENCY] The reconcileSeedWebhookConfig function now correctly reconciles both MutatingWebhookConfiguration and ValidatingWebhookConfiguration for extensions that register both mutating and validating admission webhooks. Previously, only the first configuration was reconciled due to a premature return in the loop. by @​Roncossek [#​14688]

🏃 Others

• [OPERATOR] Add resourceId for image istio-basic-auth-server to fix overwrite image lookup by @​MartinWeindel [#​14721]
• [OPERATOR] Certain best-practice Envoy settings for HTTP2 protocol options have been applied to istio-ingressgateways. by @​oliver-goetz [#​14685]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/ext-authz-server from v0.2.0 to v0.3.0. Release Notes by @​ScheererJ [#​14728]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:a533cff53ce26faae8d16ce777e42acfaec59f37b14e037f3df49897eb6e37a6
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:f9a88c4286072181ba44333dae0899fd7f04e6109deee7649b7ec4225d061c2e
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:e4a314c878793de9230de8e578f4affde97f13669773b1038a1cedb542e3a46f
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:ec09bb23be84cdc04592a29db374e1107b91114c4420523bb8ad52a07777d2e2
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:2f4e2274461634f42f90fb5787cf2176d00079b0dcb1cbd6d6b06b5e8bfa3243
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:a20de14a51d7512cf7e4658a4e52a2c60dff17efbf2965ef20565a696619aa6a
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:0723efdd00b677215935e8d86c5568c7c583afbecc130f1a281bd1da4ccacb67
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:e1ddbc08706eb9ac4af03811a12553cadeb00915f890883572ba7c267173473f
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:2904444a43a685fee5e601b621603114585857c6205d3d9286921a114110849c
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:a592e08ced947cda1565a4bf3800785c2596880940542843787388baf0ad51ee
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:63efdd9693ec670ba326fd4c3f70f88702aa41aaac69c268c83ab4a69820eea1
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:f61bcb10bfbd98c0a17d944d061357b78a59e09f79bc207db64203488bfb6ebd
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:358db949d83420843f863158d5b97d6a7d2d6df8ed48e4ac4a442e883387c0d9
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:90d8da86f54ce63dd043285388d7acce0f9b3fb30f15e040ae4452f59d1d5b02
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:1c50c5a130190374ed9ddf8244e48585ef15fc4bed428817b7db101e8b14d747
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:9b1947be7ce2fe329591e02acb40960aadb1c41a88f9b8b9e10824ed5dd85787
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:0406036d984dcb000eb4a7af85a453ca7ec8a5cf7772c0cf7dfdbd6e576ba881
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:c5272548e8a05a13aeaf02d69bc1b10a57fd0e3de0ce44cf51433b43d00f964b

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.141.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.141.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.141.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.141.1

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.141.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.141.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.141.1
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.141.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.141.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.141.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.141.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.141.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.141.1

v1.141.0

Compare Source

[github.com/gardener/gardener:v1.141.0]

⚠️ Breaking Changes

• [OPERATOR] The NewWorkerPoolHash feature gate has been promoted to GA and can no longer be disabled. by @​timuthy [#​14531]
• [OPERATOR] ⚠️ Gardener does no longer support Garden, Seed, or Shoot clusters with Kubernetes versions <= 1.30. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @​timuthy [#​14501]
• [USER] Newly created Shoots now have a set period of 28d for etcd encryption key rotation. by @​AleksandarSavchev [#​14034]
• [DEVELOPER] make gardenadm-up SCENARIO=connect now deploys the Gardener (gardener-operator and Garden resource) directly into the self-hosted shoot. Previously, it was deploying them next to the machine pods of the self-hosted shoot in the kind cluster. Use make gardenadm-up SCENARIO=connect-kind for the out-of-self-hosted-shoot deployment mode. by @​rfranzke [#​14387]
• [DEPENDENCY] The obsolete Provider field was removed from the extensionswebhook.Webhook struct. The field can be removed without substitution. by @​timuthy [#​14460]

📰 Noteworthy

• [OPERATOR] The gardener-resource-manager HA config webhook now uses ScheduleAnyway instead of DoNotSchedule for the hostname topology spread constraint when there is at most one node in the cluster. A new node-high-availability-config controller re-triggers the webhook when the node count crosses this threshold. by @​rfranzke [#​14595]
• [OPERATOR] machine-controller-manager's RBAC permissions for the source cluster have been reduced to follow the principle of least privilege. by @​dimityrmirchev [#​14372]
• [DEVELOPER] Added panic recovery to flow.Task to prevent a single task failure from crashing the entire controller. If you previously implemented custom panic recovery within your tasks, you can consider removing that custom panic recovery. by @​dergeberl [#​14606]
• [DEVELOPER] The local setup now includes a cloud-controller-manager-local, which is deployed for kind clusters (in the kube-system namespace) and for shoot clusters (in the control plane namespace). The cloud-controller-manager implements Services of type LoadBalancer by creating dedicated Docker containers listening on external IPs (automatically added to the host's loopback interface on kind cluster creation). This replaces previous hacks for implementing load balancers in provider-local and supports load balancers in shoot clusters for the first time. by @​timebertt [#​14415]
• [DEPENDENCY] Extension charts deployed on self-hosted shoot clusters may not receive .Values.gardener.seed when the shoot has not yet been promoted to a Seed. Charts should guard Seed-dependent values with {{ if .Values.gardener.seed }}. by @​rfranzke [#​14395]
• [DEPENDENCY] A new helper function BuildExtensionTypeNamespaceSelector has been introduced. It builds proper namespaces selectors for extension webhooks, based on the extension type and class attributes. by @​timuthy [#​14460]

✨ New Features

• [OPERATOR] Added spec.runtimeCluster.settings.loadBalancerServices.proxyProtocol.allowed and spec.runtimeCluster.settings.loadBalancerServices.externalTrafficPolicy to the Garden resource. When Allowed set to true, gardener-operator configures the Istio ingress gateway to terminate PROXY protocol, enabling preservation of the original client IP address for load balancers that use PROXY protocol. The explicit nature of the setting allows a seamless migration while enforcing a good security posture. ExternalTrafficPolicy allows configuring the Gateway either as Cluster (default) or Local, similar to the Seed. by @​jamand [#​14420]
• [OPERATOR] The gardener-node-agent now monitors the health of systemd units declared in the OperatingSystemConfig and reports a SystemdUnitsReady condition on the Node. Unhealthy units are surfaced on the Shoot via the EveryNodeReady condition. by @​rfranzke [#​14496]
• [USER] The Shoot spec field spec.kubernetes.kubeAPIServer.encryptionConfig.provider.type now supports the aesgcm and secretbox encryption provider types. The field is immutable. by @​AleksandarSavchev [#​14034]
• [USER] The Garden spec fields spec.virtualCluster.kubernetes.kubeAPIServer.encryptionConfig.provider.typeand spec.virtualCluster.gardener.gardenerAPIServer.encryptionConfig.provider.type now support the aesgcm and secretbox encryption provider types. The fields are immutable. by @​AleksandarSavchev [#​14034]

🐛 Bug Fixes

• [OPERATOR] The garbage collection logic now also deletes pods that are stuck due to preemption by the kubelet or scheduler. by @​rfranzke [#​14519]
• [OPERATOR] The observability setup is deleted as late as possible so that, in case an error occurs during the deletion of any components, there is still enough information available to investigate the issue. by @​iypetrov [#​14475]
• [OPERATOR] A bug was fixed where gardenadm init could fail due to a transient error while fetching the shoot-gardener-node-agent ManagedResource when the Kubernetes API server is temporarily unavailable due to static pod rollout. by @​ialidzhikov [#​14601]
• [OPERATOR] A bug has been fixed that caused unintentional ShootState creations for Shoots running on managed seed clusters (those backed by ManagedSeed objects). The affected ShootState resources are automatically cleaned up by gardenlet during start-up. by @​plkokanov [#​14666]
• [USER] Cluster-proportional autoscaling of coredns now works with Kubernetes >= 1.33 by @​ScheererJ [#​14638]
• [DEPENDENCY] The golangci-lint makefile install recipe can be used in Gardener extensions again. by @​timebertt [#​14555]

🏃 Others

• [OPERATOR] Gardener Discovery Server is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14587]
• [OPERATOR] Alertmanager is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14575]
• [OPERATOR] Vali is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14567]
• [OPERATOR] OpenTelemetry Collector is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14585]
• [OPERATOR] Use Info logging for admission denials instead of Error so that the full stack trace to every denial log entry does not get logged by @​DockToFuture [#​14561]
• [OPERATOR] Apiserver-Proxy uses a dedicated network interface apiserver-proxy for its advertised IP address. Requests from nodes such as kubelet probes will use the proper IP as per the route table again. by @​domdom82 [#​14440]
• [OPERATOR] Shoot advertised addresses are now configurable by extension components for Shoot VirtualService resources. by @​ScheererJ [#​14534]
• [OPERATOR] During Shoot reconciliation MachineDeployments are now deployed in parallel. This should speed up the reconciliation of the Worker resource. by @​plkokanov [#​14220]
• [OPERATOR] Resource limits have been removed for node-problem-detector by @​domdom82 [#​14450]
• [OPERATOR] Prometheus is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14573]
• [OPERATOR] Additional per nodegroup metrics can be exposed by cluster-autoscaler via the field .spec.kubernetes.clusterAutoscaler.emitPerNodeGroupMetrics in the Shoot API . by @​aaronfern [#​14557]
• [OPERATOR] Gardener Dashboard is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14586]
• [OPERATOR] Patch is now used to label all Machines with force-deletion: True instead of Update when the Shoot is being hibernated or deleted. Additionally, the function used to do this during the reconciliation of the Worker resource is now only executed once instead of for each MachineDeployment. by @​plkokanov [#​14220]
• [OPERATOR] The gardenadm init flow now determines Pod network availability by checking the Node's NetworkUnavailable condition instead of the shoot-core-coredns ManagedResource health. This is a prerequisite improvement for the control plane Node restoration feature. by @​ialidzhikov [#​14523]
• [OPERATOR] The following dependencies have been updated:
  • gardener/etcd-druid from v0.36.2 to v0.36.3. Release Notes
  • github.com/gardener/etcd-druid/api from v0.36.2 to v0.36.3. by @​Shreyas-s14 [#​14661]
• [OPERATOR] cluster-autoscaler now supports a new expander least-nodes from v1.31 onwards by @​aaronfern [#​14558]
• [OPERATOR] Plutono is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14142]
• [USER] VPN-related dashboards now show a shared crosshair on all panels. by @​domdom82 [#​14576]
• [DEVELOPER] The DinD version used in the remote local setup has been updated to v29. by @​vicwicker [#​14644]
• [DEVELOPER] make seed-down and make garden-down cleanup additional resources by @​matthias-horne [#​14547]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/prometheus/node-exporter from v1.10.2 to v1.11.1. by @​gardener-ci-robot [#​14508]
• [DEPENDENCY] The following dependencies have been updated:
  • gcr.io/istio-release/pilot from 1.29.1 to 1.29.2.
  • gcr.io/istio-release/proxyv2 from 1.29.1 to 1.29.2.
  • istio.io/api from v1.29.1 to v1.29.2. by @​gardener-ci-robot [#​14582]
• [DEPENDENCY] Update kindest/node image to v1.35.1 (Kubernetes v1.35.1, containerd v2.2.1). by @​LucaBernstein [#​14421]
• [DEPENDENCY] The following dependencies have been updated:
  • credativ/vali from v2.2.31 to v2.2.32. Release Notes by @​gardener-ci-robot [#​14611]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.5.5 to 2.6.0. by @​gardener-ci-robot [#​14537]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/etcd-druid from v0.36.1 to v0.36.2. Release Notes
  • github.com/gardener/etcd-druid/api from v0.36.1 to v0.36.2. by @​gardener-ci-robot [#​14579]
• [DEPENDENCY] The following dependencies have been updated:
  • credativ/plutono from v7.5.46 to v7.5.47. Release Notes by @​gardener-ci-robot [#​14613]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/gardener-discovery-server from v0.9.0 to v0.10.0. Release Notes by @​gardener-ci-robot [#​14600]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/coredns-config-adapter from v0.5.0 to v0.6.0. Release Notes by @​gardener-ci-robot [#​14605]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/prometheus/alertmanager from v0.31.1 to v0.32.0. by @​gardener-ci-robot [#​14538]
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from distroless-v1.37.0 to v1.37.2. Release Notes by @​gardener-ci-robot [#​14563]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:4c0764b6cbd79bea391de905c444e8901f3ef901c9cc601a5b8fcf66394aa40a
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:a4bed35099c21fb59a719a718afc1f83040d4746a7dfaf81c4442e09725bf0ab
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:549aafc0b61b16d9e7d6fa1ab0bd95bd68f0d7dfac77989be541e9551f4dc726
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:b0675085cef3786d983b6a751cff7820b6dd896e55afccd99e07cefa2891f161
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:3757e8e04a1e555abbe832c72932211b4fb766ee8f3d6ded15c9acd6a14adde9
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:68bc182b3b1cbfcbbdb26bcb9b0ac5a182e0de0b1ae785c7f0fd9947e9653ccd
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:558ae9de4cfffe41cce57e22bc8505c9f38d54e0fb8feea7b06754970b9090a3
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:ca399bfd9253860c2a8f5287aec8ecdd90b8b4fa96e8694dede72a05f0fbe263
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:47b8d427ac8f6deee19004e196c2a3396edd5010293bb1272abd7aaa2d385dae
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:88953b01d223307b0ea3e05c8df24eeb1f08e5c1883b85be42b5e5da7a2f5af3
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:97bbf8d719ee9a6a441aee3ea1690bcb054eaf5ee23b3e98ee7ba580e5732a80
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:b40af8512c84cb32e56541716cba9036152e4393e9c810d0ea109d9e89f3abe7
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:b687d0080c773f8b51d7e7fe262bd38774cace83dc175bd59e86b38d4378fa89
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:de2bed5eedb5348fb5399b7ade0ec3569a247f75a6ea532b1365cab8c84cba59
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:127276658aff87d975ce690a0a862c0073d1c119028110d0a4dcb1a71e281c50
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:637b96ae9ddebe86ce4b36cb9a275b88a5dcd6cc7a7c1ac3993d7d93c0b89374
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:118cf6da60ad6930362891b741ab79a4d596a5fc8933c2cef7f8cb9fe75653f8
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:f9aa546df5d17ae6fe8510da46bb403de6d5a594febec773258cf79886257ec6

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.141.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.141.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.141.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.141.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.141.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.141.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.141.0
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.141.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.141.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.141.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.141.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.141.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.141.0

v1.140.4

Compare Source

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:c6c8d824d637786e9aa017bba029ef512306df31df4903f493b21fbc05280414
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:d16460876d36d3dbcf248a4417d70b7c172de0c5b561e064798894628366cf9a
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:0b3a7a1a0b373410208b9f4938676ed9a600aa18c22ffb7930e7b7e5b006ae25
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:d9a9c687409af12c577bc0512342ebfe175ab00dd657f9d96d40610b9914825c
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:0ed24cae71f8dd1c3724de9315e4bebfbe8aaf6f6491a4137baaa30f7c84ca45
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:ec1ef7abbeebfe998ce84a6831659ad4ed8ae1e4dc5771c711453b57232b9dac
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:8396aa742d759b566aeaedda1cd5cac5b3e5fc6b4460a3842cf5c871d39bf831
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:b7409242b8fe8580e8ff99cc36c47d057e52a494ff2519ede56aa76f38de90ed
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:3d6f1c7aed329de13deb935266a13b7afa2a9f4bb0a7d6b181e1e54cd664c5d2
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:8093e74b25495dc76c910a961c2285af2d0976b14b8e3caced8f18d81e1632a0
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:2f7d207280740289640d57b10c771a68dfa944c7002fb3860c6ebc237f716e7e
• node-agent-spdx-ref: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:9f9b4d2d9923a3d8a3eee0a7444b006a4ad

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 8am on Friday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 62 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.26 -> 1.26.0
github.com/distribution/distribution/v3	v3.0.0 -> v3.1.1
k8s.io/api	v0.34.2 -> v0.36.0
k8s.io/apiextensions-apiserver	v0.34.2 -> v0.36.0
k8s.io/apimachinery	v0.34.2 -> v0.36.0
k8s.io/client-go	v0.34.2 -> v0.36.0
k8s.io/utils	v0.0.0-20251002143259-bc988d571ff4 -> v0.0.0-20260319190234-28399d86e0b5
github.com/Masterminds/semver/v3	v3.4.0 -> v3.5.0
github.com/bshuster-repo/logrus-logstash-hook	v1.0.0 -> v1.1.0
github.com/coreos/go-systemd/v22	v22.6.0 -> v22.7.0
github.com/docker/docker-credential-helpers	v0.8.2 -> v0.9.5
github.com/docker/go-events	v0.0.0-20190806004212-e31b211e4f1c -> v0.0.0-20250808211157-605354379745
github.com/go-openapi/jsonpointer	v0.22.1 -> v0.22.5
github.com/go-openapi/jsonreference	v0.21.2 -> v0.21.5
github.com/go-openapi/swag	v0.23.1 -> v0.25.4
github.com/go-openapi/swag/jsonname	v0.25.1 -> v0.25.5
github.com/google/pprof	v0.0.0-20250820193118-f64d9cf942d6 -> v0.0.0-20260402051712-545e8a4df936
github.com/grpc-ecosystem/grpc-gateway/v2	v2.27.2 -> v2.28.0
github.com/klauspost/compress	v1.18.1 -> v1.18.5
github.com/prometheus/common	v0.67.4 -> v0.67.5
github.com/prometheus/otlptranslator	v0.0.2 -> v1.0.0
github.com/prometheus/procfs	v0.17.0 -> v0.20.1
github.com/sirupsen/logrus	v1.9.3 -> v1.9.4
github.com/spf13/cobra	v1.10.1 -> v1.10.2
go.opentelemetry.io/contrib/bridges/prometheus	v0.57.0 -> v0.67.0
go.opentelemetry.io/contrib/exporters/autoexport	v0.57.0 -> v0.67.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.62.0 -> v0.67.0
go.opentelemetry.io/otel	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc	v0.14.0 -> v0.19.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	v0.14.0 -> v0.19.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/prometheus	v0.60.0 -> v0.65.0
go.opentelemetry.io/otel/exporters/stdout/stdoutlog	v0.14.0 -> v0.19.0
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/log	v0.14.0 -> v0.19.0
go.opentelemetry.io/otel/metric	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/sdk	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/sdk/log	v0.14.0 -> v0.19.0
go.opentelemetry.io/otel/sdk/metric	v1.38.0 -> v1.43.0
go.opentelemetry.io/otel/trace	v1.38.0 -> v1.43.0
go.opentelemetry.io/proto/otlp	v1.7.1 -> v1.10.0
go.yaml.in/yaml/v2	v2.4.3 -> v2.4.4
golang.org/x/crypto	v0.45.0 -> v0.50.0
golang.org/x/mod	v0.30.0 -> v0.35.0
golang.org/x/net	v0.47.0 -> v0.53.0
golang.org/x/oauth2	v0.32.0 -> v0.36.0
golang.org/x/sys	v0.38.0 -> v0.43.0
golang.org/x/term	v0.37.0 -> v0.42.0
golang.org/x/text	v0.31.0 -> v0.36.0
golang.org/x/time	v0.14.0 -> v0.15.0
golang.org/x/tools	v0.39.0 -> v0.44.0
google.golang.org/genproto/googleapis/api	v0.0.0-20250825161204-c5933d9347a5 -> v0.0.0-20260406210006-6f92a3bedf2d
google.golang.org/genproto/googleapis/rpc	v0.0.0-20251022142026-3a174f9686a8 -> v0.0.0-20260406210006-6f92a3bedf2d
google.golang.org/grpc	v1.76.0 -> v1.80.0
google.golang.org/protobuf	v1.36.10 -> v1.36.12-0.20260120151049-f2248ac996af
k8s.io/klog/v2	v2.130.1 -> v2.140.0
k8s.io/kube-openapi	v0.0.0-20250814151709-d7b6acb124c3 -> v0.0.0-20260317180543-43fb72c5454a
sigs.k8s.io/structured-merge-diff/v6	v6.3.0 -> v6.3.2