build(go): Bump the go-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the go-dependencies group with 4 updates in the / directory: github.com/cert-manager/cert-manager, k8s.io/api, k8s.io/client-go and sigs.k8s.io/external-dns.

Updates github.com/cert-manager/cert-manager from 1.20.0 to 1.20.2

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.20.2

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.2 fixes invalid YAML generated in the Helm chart when both webhook.config and webhook.volumes are defined, and bumps Go to 1.26.2 along with dependencies to address reported vulnerabilities.

Changes by Kind

Bug or Regression

• Helm: Fix invalid YAML generated when both webhook.config and webhook.volumes are defined. (#8665, @​cert-manager-bot)

Other (Cleanup or Flake)

• Bump go dependencies with reported vulnerabilities (#8704, @​erikgb)
• Bump go to 1.26.2 (#8703, @​erikgb)

v1.20.1

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate parentRef bug when both issuer config and annotations are present (Gateway API).

Bug or Regression

• Fixed duplicate parentRef bug when both issuer config and annotations are present. (#8658, @​hjoshi123)
• Add missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. (#8655, @​erikgb)
• Bump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. (#8657, @​erikgb)

Commits

• e5b7b18 Merge pull request #8704 from erikgb/1-20-fix-vuln-go-deps
• e7ec855 Merge pull request #8703 from erikgb/1-20-bump-go-base-images
• cd96b95 [release-1.20] Bump go dependencies with reported vulnerabilities
• a1b6f11 [release-1.20] Bump go to 1.26.2 and bump base images
• 6dee676 Merge pull request #8665 from cert-manager-bot/cherry-pick-8664-to-release-1.20
• 9ccf555 Fix indentation in webhook-deployment when both webhook.volumes and webhook.c...
• dc96863 Merge pull request #8658 from cert-manager-bot/cherry-pick-8619-to-release-1.20
• 7e66079 removing duplicate parentRefs
• 75f90e4 Merge pull request #8657 from erikgb/fix-grpc-vuln
• f27364c Update module google.golang.org/grpc to v1.79.3 [security] (release-1.20)
• Additional commits viewable in compare view

Updates k8s.io/api from 0.35.3 to 0.36.0

Commits

• 545bb97 Update dependencies to v0.36.0 tag
• 879d396 Merge remote-tracking branch 'origin/master' into release-1.36
• 030d81f Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• aef6eb6 Add granular authorization for DRA ResourceClaim status updates
• 91061ea Merge pull request #136589 from tosi3k/preemption-mode
• e6b81e2 Add Workload-Aware Preemption fields to Workload and PodGroup APIs
• f8fce2e Merge pull request #136989 from nojnhuh/podgroup-resourceclaim
• b928f5e Workload API: PodGroup ResourceClaims (KEP-5729)
• 61bd78e Merge pull request #137190 from everpeace/KEP-5491-alpha
• 6bf46eb Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status
• Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.35.3 to 0.36.0

Commits

• debe1eb Update dependencies to v0.36.0 tag
• efb7f26 Merge remote-tracking branch 'origin/master' into release-1.36
• d966e56 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 79b3632 Merge pull request #137864 from yongruilin/dv-dra-mismatch
• a8822f7 Add slice and map union member support with tests
• 7dba2d0 Use IsZero instead of IsNil for union ratcheting check
• d95710f Fix union validation ratcheting when oldObj is nil
• 729062d Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
• 13b12e6 dependencies: bump kube-openapi to drop ginkgo/gomega indirect deps
• 27f4670 Merge pull request #136657 from Jefftree/sharding-test
• Additional commits viewable in compare view

Updates k8s.io/client-go from 0.35.3 to 0.36.0

Commits

• 1d95f02 Update dependencies to v0.36.0 tag
• f22a53e Merge remote-tracking branch 'origin/master' into release-1.36
• a948641 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 7e44ffc Add Workload-Aware Preemption fields to Workload and PodGroup APIs
• df2d882 Merge pull request #136989 from nojnhuh/podgroup-resourceclaim
• 4eece52 Workload API: PodGroup ResourceClaims (KEP-5729)
• 3d35c51 Merge pull request #137190 from everpeace/KEP-5491-alpha
• 0434117 Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status
• ba785be Drop CSR analogy, mark ObjectMeta +required,reduce limits (maxItems=500, maxL...
• 4a9c878 Add ResourcePoolStatusRequest API types and generated code
• Additional commits viewable in compare view

Updates sigs.k8s.io/external-dns from 0.20.0 to 0.21.0

Release notes

Sourced from sigs.k8s.io/external-dns's releases.

v0.21.0

⚠️ Breaking Changes

• chore(digitalocean)!: remove in-tree provider by @​simonoff in #6283
• chore(source)!: remove cloudfoundry support by @​ivankatliarchuk in #6074
• feat!: generalize PTR record support from rfc2136 to all providers by @​clwluvw in #6232
• feat(pihole)!: deprecate v5 API support by @​ivankatliarchuk in #6123
• feat(service)!: ignore unschedulable nodes by @​ivankatliarchuk in #6002
• feat(source/gateway-api)!: migrate Gateway and HTTPRoute to v1 by @​System-Arch in #6291
• feat(source/istio)!: migrate gateway and virtualservice sources to networking.istio.io/v1 by @​ivankatliarchuk in #6302

🚀 Features

• feat(aws): enable support for NAPTR records by @​alexbakker-quandago in #6022
• feat(azure): dns metadata (tags) support by @​vaspoz in #5984
• feat(client): add --kube-api-qps and --kube-api-burst flags for Kubernetes client rate limiting by @​ivankatliarchuk in #6322
• feat(cli): remove cobra cli support by @​ivankatliarchuk in #6034
• feat(cloudflare): support batch API for DNS record changes by @​mooseracerPT in #6208
• feat(coredns): rename ownerId and ownedBy to owner by @​farodin91 in #6032
• feat(coredns): use txt-owner-id to strictly separated external-dns instances by @​farodin91 in #5921
• feat(crd): Support MX record with trailing dot by @​HartmannVolker in #6163
• feat(endpoint): introduce record-type annotation and PTR endpoint helpers by @​clwluvw in #6282
• feat(endpoint): reject alias property on unsupported record types by @​u-kai in #6188
• feat(endpoint): validate PTR records in CheckEndpoint by @​clwluvw in #6275
• feat: end to end testing with coredns provider by @​Raffo in #5933
• feat(event): emit events for ingress,svc,pod,node,crd by @​ivankatliarchuk in #6099
• feat(event): standardize event messages and add resource kind lookup for events by @​ivankatliarchuk in #6101
• feat(fqdn): Deduplicate and sort ExecTemplate output. Add functions by @​ivankatliarchuk in #6173
• feat(gateway): add gateway-api listenerset support by @​jukie in #6254
• feat(informers): reduce informer cache memory footprint via object transformers by @​ivankatliarchuk in #6240
• feat(metrics): added skipped_records_owner_mismatch_per_sync to track ownership conflicts by @​ivankatliarchuk in #6121
• feat(pdns): add --[no-]prefer-alias flag and alias annotation support by @​ngnix in #6129
• feat(pdns): support GetDomainFilter interface by @​clwluvw in #6234
• feat(pihole)!: deprecate v5 API support by @​ivankatliarchuk in #6123
• feat(registry/txt): enable support for SRV and NAPTR by @​alexbakker-quandago in #6023
• feat(service)!: ignore unschedulable nodes by @​ivankatliarchuk in #6002
• feat(source): add support for ingress backed GlooEdge Gateway by @​cucxabong in #5909
• feat(source): add unstructured source by @​ivankatliarchuk in #6172
• feat(source): gateway api hostname source annotation by @​bogdankrasko in #5959
• feat(source/gateway-api)!: migrate Gateway and HTTPRoute to v1 by @​System-Arch in #6291
• feat(source/istio)!: migrate gateway and virtualservice sources to networking.istio.io/v1 by @​ivankatliarchuk in #6302
• feat(txt): add PTR record support to TXT registry mapper and PowerDNS trailing-dot handling by @​clwluvw in #6281
• feat(webhook): instrument HTTP client with request duration metrics by @​ivankatliarchuk in #6307

🐛 Bug fixes

• fix(annotations): initialize annotation keys at declaration time by @​ivankatliarchuk in #6159
• fix(api): rollback changes for omitempty by @​ivankatliarchuk in #6086
• fix(aws): use API validation for routing policies by @​u-kai in #6082
• fix(chart): ptsc indentation by @​andylim0221 in #6054

... (truncated)

Changelog

Sourced from sigs.k8s.io/external-dns's changelog.

Release

Release cycle

Currently we don't release regularly. Whenever we think it makes sense to release a new version we do it. You might want to ask in our Slack channel external-dns when the next release will come out.

Staging Release cycle

A new staging image is released weekly and can be found at gcr.io/k8s-staging-external-dns/external-dns.

There is a time lag between merging changes into the master branch and the subsequent creation of the staging image.

Example command to fetch 10 most recent staging images:

export EXT_DNS_VERSION="v0.21.0"
curl -sLk https://gcr.io/v2/k8s-staging-external-dns/external-dns/tags/list | jq | grep "$EXT_DNS_VERSION" | tail -n 10

Versioning convention

These are the conventions that we will be using for releases following 0.7.6:

• Patch version should be updated if we need to merge bugfixes, e.g. provider a does need a fix in order make updates working again. I would see updating or improving documentation here.

• Minor version should be updated if new features are implemented in existing providers or new provider get introduced.

• Major version should be upgraded if we introduce breaking changes.

Semantic Versioning Discipline

External-DNS follows semantic versioning principles:

• 0.x → pre-stable, APIs subject to change.
• 1.x → not yet considered.

Versioning & Releases External-DNS opts to stay within 0.x versioning scheme. We strive for stability, but reserve the right to introduce breaking changes in minor version bumps when necessary.

How to release a new image

Prerequisite

We use https://github.com/cli/cli to automate the release process. Please install it according to the official documentation.

You must be an official maintainer of the project to be able to do a release.

Steps

... (truncated)

Commits

• 066a11e feat(source/gateway-api)!: migrate Gateway and HTTPRoute to v1 (#6291)
• 8f024f0 ci: fix revision label (#6332)
• a3a692a ci: read golangci-lint version from scripts/install-tools.sh in lint workflow...
• 3a30b7e chore(deps): bump the dev-dependencies group with 9 updates (#6343)
• 4abf696 chore: cloudbild instance type bump (#6340)
• e1ef0be Revert "chore(deps): bump github.com/cloudflare/cloudflare-go from v5 to v6 (...
• e33ab8d feat(gateway): add gateway-api listenerset support (#6254)
• e3d8983 feat(azure): dns metadata (tags) support (#5984)
• 5211020 chore(deps): bump the mkdocs-deps group in /docs/scripts with 3 updates (#6331)
• e8479db chore(deps): bump the dev-dependencies group with 5 updates (#6330)
• Additional commits viewable in compare view