🌱(deps): Bump the all-go-mod-patch-and-minor group across 2 directories with 5 updates

[dependabot]

Bumps the all-go-mod-patch-and-minor group with 2 updates in the / directory: github.com/onsi/ginkgo/v2 and gopkg.in/ini.v1.
Bumps the all-go-mod-patch-and-minor group with 3 updates in the /hack/tools directory: github.com/onsi/ginkgo/v2, github.com/golangci/golangci-lint/v2 and sigs.k8s.io/controller-runtime/tools/setup-envtest.

Updates github.com/onsi/ginkgo/v2 from 2.28.2 to 2.28.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.3

2.28.3

Maintenance

Bump all dependencies

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.3

Maintenance

Bump all dependencies

Commits

• 5de9c15 v2.28.3
• 7e2fa19 bump dependencies
• See full diff in compare view

Updates github.com/onsi/gomega from 1.39.1 to 1.40.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Commits

• 87ee9d3 v1.40.0
• ea66027 v1.40.0 (full)
• e3fd789 update docs to reflect new versioning strategy
• 7d4ee30 first push to master-lite
• e4a82d1 Bump github/codeql-action from 3 to 4 (#875)
• af62723 Bump rexml from 3.4.0 to 3.4.2 in /docs (#870)
• e164221 Bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 (#895)
• 334a282 Bump faraday from 2.12.2 to 2.14.1 in /docs (#896)
• See full diff in compare view

Updates gopkg.in/ini.v1 from 1.67.1 to 1.67.2

Updates github.com/onsi/ginkgo/v2 from 2.28.2 to 2.28.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.3

2.28.3

Maintenance

Bump all dependencies

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.3

Maintenance

Bump all dependencies

Commits

• 5de9c15 v2.28.3
• 7e2fa19 bump dependencies
• See full diff in compare view

Updates github.com/onsi/ginkgo/v2 from 2.28.2 to 2.28.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.3

2.28.3

Maintenance

Bump all dependencies

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.3

Maintenance

Bump all dependencies

Commits

• 5de9c15 v2.28.3
• 7e2fa19 bump dependencies
• See full diff in compare view

Updates github.com/golangci/golangci-lint/v2 from 2.11.4 to 2.12.1

Release notes

Sourced from github.com/golangci/golangci-lint/v2's releases.

v2.12.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

[!IMPORTANT] If you are using the install script from the master branch: https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh This branch is not used anymore, we are using main.

We recommend using https://golangci-lint.run/install.sh as URL to install golangci-lint.

https://golangci-lint.run/docs/welcome/install/local/#binaries

• 35b2189782a6a059489289257e6523550167cb64 fix: install.sh script (#6539)
• 3a006ab284f52a5aac0a7daa77ae683e43fb7b69 gomodguard: fix panic with migration suggestion (#6542)

v2.12.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

[!IMPORTANT] If you are using the install script from the master branch: https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh This branch is not used anymore, we are using main.

We recommend using https://golangci-lint.run/install.sh as URL to install golangci-lint.

https://golangci-lint.run/docs/welcome/install/local/#binaries

• d092dad51011497cda6dfcdeac572e87e7e00f79 Bump github.com/jingyugao/rowserrcheck from v1.1.1 to c5f79b8 (#6510)
• eec5c47e4a7a7e15fb0989cad1d6e41bf1b29c4b build(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0 (#6535)
• c670072b84808b392e04e9fa8b77355c99b7d4c0 build(deps): bump github.com/alecthomas/chroma/v2 from 2.23.1 to 2.24.1 (#6534)
• 493a1c881dad24cbe5fba5c2c8a1199ca383bb2c build(deps): bump github.com/ashanbrown/forbidigo/v2 from 2.3.0 to 2.3.1 (#6502)
• 3ad7eac33ff388240568f0fd0cccb2631e36f85d build(deps): bump github.com/ashanbrown/makezero/v2 from 2.1.0 to 2.2.0 (#6492)

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint/v2's changelog.

v2.12.1

Released on 2026-05-01

1. Linters bug fixes
   • gomodguard_v2: fix panic with migration suggestion
2. Misc.
   • fix install.sh script (if you are still using an URL based on the branch master, please update to use https://golangci-lint.run/install.sh)

v2.12.0

Released on 2026-05-01

1. New linters
   • Add clickhouselint linter https://github.com/ClickHouse/clickhouse-go-linter
2. Linters new features or changes
   • dupl: from f665c8d69b32 to c99c5cf5c202 (extended detection)
   • funcorder: from 0.5.0 to 0.6.0 (new option: function)
   • goconst: add an option to ignore strings from tests
   • goconst: from 1.8.2 to 1.10.0 (extended detection)
   • gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)
   • gosec: from 619ce2117e08 to 2.26.1 (new checks: G124, G708, G709, G710)
   • govet: add inline analyzer
   • makezero: from 2.1.0 to 2.2.1 (support slice type aliases)
   • paralleltest: expose checkcleanup option
   • sloglint: from 0.11.1 to 0.12.0 (new options: allowed-keys, custom-funcs)
   • wsl_v5: from 5.6.0 to 5.8.0 (new option: cuddle-max-statements; new checks: after-decl, after-defer, after-expr, after-go, cuddle-group)
3. Linters bug fixes
   • forbidigo: from 2.3.0 to 2.3.1
   • godot: from 1.5.4 to 1.5.6
   • govet-modernize: from 0.43.0 to 0.44.0
   • ireturn: from 0.4.0 to 0.4.1
   • rowserrcheck: from 1.1.1 to c5f79b8
4. Misc.
   • Decrease cache entropy
   • Embed the JSON schema in the binary
   • Filter env vars when cloning the repository with the custom command

Commits

• 9aa24e9 chore: prepare release
• 3a006ab gomodguard: fix panic with migration suggestion (#6542)
• 35b2189 fix: install.sh script (#6539)
• 6349bbc docs: update GitHub Action assets (#6538)
• 7761527 chore: prepare release
• 8116fb5 build(deps): bump github.com/bombsimon/wsl/v5 from 5.6.0 to 5.8.0 (#6536)
• eec5c47 build(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0 (#6535)
• c670072 build(deps): bump github.com/alecthomas/chroma/v2 from 2.23.1 to 2.24.1 (#6534)
• 80ad1dc feat: embed the JSON schema in the binary (#6533)
• 8589d80 build(deps): bump github.com/securego/gosec/v2 from 2.25.0 to 2.26.1 (#6532)
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.28.2 to 2.28.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.3

2.28.3

Maintenance

Bump all dependencies

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.3

Maintenance

Bump all dependencies

Commits

• 5de9c15 v2.28.3
• 7e2fa19 bump dependencies
• See full diff in compare view

Updates sigs.k8s.io/controller-runtime/tools/setup-envtest from 0.0.0-20250620151452-b9a9ca01fd37 to 0.24.0

Release notes

Sourced from sigs.k8s.io/controller-runtime/tools/setup-envtest's releases.

v0.24.0

⚠️ Breaking Changes

• Dependencies: Update to k8s.io/* v1.36 (#3506 #3462 #3486 #3450)

🐛 Bug Fixes

• Cache: Fix IndexField blocking until informer is synced (#3445)
• Cache: Wait for cache sync when ReaderFailOnMissingInformer is true (#3425)
• Client: Update typed ApplyConfigurations with server response (#3475)
• Fakeclient: Fix SSA status patch resource version check (#3443)
• Fakeclient: Fix panic when using CRs with embedded pointer structs (#3431)
• Fakeclient: Fix status apply if existing object has managedFields set (#3430)
• Fakeclient: Retry GenerateName on AlreadyExists collisions (#3498)
• HTTP servers: Wire up base context into http servers (#3452)

🌱 Others

• Builder/Webhooks: Remove deprecated custom path function (#3465)
• Cache: Test cache reader waits for cache sync (#3434)
• Certwatcher: Deflake certwatcher tests (#3457)
• Dependencies: Use forked version of btree (#3449)
• Envtest: Ensure envtest stops the whole process group (#3447)
• Logging: Add missing space in zap-log-level flag description (#3492)
• Misc: Adopt new(x) over ptr.To(x) and re-enable newexpr lint (#3489)
• Owners: Cleanup (#3453)
• Recorder: Add logger into context for structured logging (#3454)
• Recorder: Switch to StartLogging for event debug logs (#3451)
• Scheme: Deprecate the scheme builder (#3461)
• Source/Kind: Improve logging for dynamic type kind source (#3494)
• Webhooks: Reduce memory usage of default webhooks (#3463 #3468)

🌱 CI & linters

• Chore: Update golangci-lint version to v2.8.0 (#3448)
• Chore: Update golangci-lint version to v2.10.1 (#3470)
• Chore: Update golangci-lint version to v2.11.3 (#3482)
• Migrate away from custom GitHub action approval workflow (#3491)
• Release: Auto-create git tags for the tools/setup-envtest submodule (#3476)

📖 Additionally, there has been 1 contribution to our documentation. (#3477)

Dependencies

Added

• github.com/cenkalti/backoff/v5: v5.0.3
• gonum.org/v1/gonum: v0.16.0
• k8s.io/streaming: v0.36.0

Changed

... (truncated)

Commits

• See full diff in compare view

[netlify]

✅ Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!

Name	Link
🔨 Latest commit	6ebbfbd
🔍 Latest deploy log	https://app.netlify.com/projects/kubernetes-sigs-cluster-api-openstack/deploys/6a030be888f44c000837b7fe
😎 Deploy Preview	https://deploy-preview-3166--kubernetes-sigs-cluster-api-openstack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign fabriziopandini for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[lentzi90]

/hold
we need to bump the go version we use first

[k8s-ci-robot]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-provider-openstack-test	6ebbfbd	link	true	/test pull-cluster-api-provider-openstack-test
pull-cluster-api-provider-openstack-e2e-test	6ebbfbd	link	true	/test pull-cluster-api-provider-openstack-e2e-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.