Skip to content

Bump the security group across 1 directory with 6 updates#105

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/security-ca8be2171c
Closed

Bump the security group across 1 directory with 6 updates#105
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/security-ca8be2171c

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 23, 2026
edited
Loading

Bumps the security group with 4 updates in the / directory: github.com/sirupsen/logrus, github.com/vmware-tanzu/velero, k8s.io/api and k8s.io/client-go.

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Commits
  • b61f268 Merge pull request #1472 from goldlinker/master
  • 15c29db refactor: replace the deprecated function in the ioutil package
  • cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
  • 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
  • d916819 Merge pull request #1427 from dolmen/fix-testify-usage
  • 135e482 README: small touch-ups
  • 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
  • 877ecec README: remove travis badge
  • 55cf256 Merge pull request #1393 from jsoref/grammar
  • 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
  • Additional commits viewable in compare view

Updates github.com/vmware-tanzu/velero from 1.17.1 to 1.17.2

Release notes

Sourced from github.com/vmware-tanzu/velero's releases.

v1.17.2

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.17.2

Container Image

velero/velero:v1.17.2

Documentation

https://velero.io/docs/v1.17/

Upgrading

https://velero.io/docs/v1.17/upgrade-to-1.17/

All Changes

v1.17.2-rc.2

v1.17.2

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.17.2-rc.2

Container Image

velero/velero:v1.17.2-rc.2

Documentation

https://velero.io/docs/v1.17/

Upgrading

https://velero.io/docs/v1.17/upgrade-to-1.17/

All Changes

v1.17.2-rc.1

v1.17.2

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.17.2-rc.1

Container Image

velero/velero:v1.17.2-rc.1

... (truncated)

Commits
  • 7013a40 Merge pull request #9479 from blackpiglet/add_role_rolebinding_in_resotre_seq...
  • b188701 Add Role, RoleBinding, ClusterRole, and ClusterRoleBinding in restore sequence.
  • 9d79e48 Merge pull request #9458 from Lyndon-Li/release-1.17
  • 1e350c0 Merge branch 'release-1.17' into release-1.17
  • 339dee0 Merge pull request #9459 from blackpiglet/bump_golang_and_ubuntu
  • 77b6812 Replace golang.org/x/net/context with context package to fix linter issues.
  • 8e35a19 Bump Golang to v1.24.11 and go/x/crypto to v0.45.0 to fix CVEs.
  • 69f2965 1.17.2 changelog
  • df05057 Fix managed fields patch for resources using GenerateName (#9408)
  • cad0169 Merge pull request #9409 from shubham-pampattiwar/fix-volume-info-generatenam...
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.34.2 to 0.35.1

Commits
  • 4aa217d Update dependencies to v0.35.1 tag
  • bbcbaa8 Merge remote-tracking branch 'origin/master' into release-1.35
  • 5bced61 Bump golang.org/x/crypto to v0.45.0
  • 39e2e26 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • c22b4a1 vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • e3b1f3d Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 3da327c Update vendored dependencies
  • c764b44 Merge pull request #132919 from ndixita/pod-level-in-place-pod-resize
  • aced136 Generated files from API changes
  • 02d790d Adding Resources and AllocatedResoures fields to the list of expected fields ...
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.34.2 to 0.35.1

Commits
  • 72d71ea Merge remote-tracking branch 'origin/master' into release-1.35
  • e2a2dbc Bump golang.org/x/crypto to v0.45.0
  • 2e9c228 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • f274aac vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • 9445443 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 52154f7 Update vendored dependencies
  • 5a348c5 KEP-5471: Extend tolerations operators (#134665)
  • 6f89492 Merge pull request #133648 from richabanker/merged-discovery
  • c77dde2 util/sort: Add MergePreservingRelativeOrder for topological sorting
  • 729c13d Merge pull request #134624 from yt2985/podcertificates-beta
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.34.2 to 0.35.1

Commits
  • b464ad8 Update dependencies to v0.35.1 tag
  • 2d83546 Merge remote-tracking branch 'origin/master' into release-1.35
  • 56b4af2 Merge pull request #135591 from p0lyn0mial/upstream-watchlist-reflector-log-f...
  • 891f94c Merge remote-tracking branch 'origin/master' into release-1.35
  • 65ffe04 Merge pull request #135580 from serathius/client-go-transformer
  • 2fe4ac2 downgrade reflector watchlist fallback log to V(4)
  • 97256a6 Bump golang.org/x/crypto to v0.45.0
  • 46360b5 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • 171ef8c Use transformer in consistency checker
  • 3878a64 vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20251002143259-bc988d571ff4

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the security group across 1 directory with 6 updates
9c1778e 
Bumps the security group with 4 updates in the / directory: [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus), [github.com/vmware-tanzu/velero](https://github.com/vmware-tanzu/velero), [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/client-go](https://github.com/kubernetes/client-go).


Updates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](sirupsen/logrus@v1.9.3...v1.9.4)

Updates `github.com/vmware-tanzu/velero` from 1.17.1 to 1.17.2
- [Release notes](https://github.com/vmware-tanzu/velero/releases)
- [Changelog](https://github.com/vmware-tanzu/velero/blob/main/CHANGELOG.md)
- [Commits](vmware-tanzu/velero@v1.17.1...v1.17.2)

Updates `k8s.io/api` from 0.34.2 to 0.35.1
- [Commits](kubernetes/api@v0.34.2...v0.35.1)

Updates `k8s.io/apimachinery` from 0.34.2 to 0.35.1
- [Commits](kubernetes/apimachinery@v0.34.2...v0.35.1)

Updates `k8s.io/client-go` from 0.34.2 to 0.35.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.34.2...v0.35.1)

Updates `k8s.io/utils` from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20251002143259-bc988d571ff4
- [Commits](https://github.com/kubernetes/utils/commits)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-version: 1.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: github.com/vmware-tanzu/velero
  dependency-version: 1.17.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/api
  dependency-version: 0.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/client-go
  dependency-version: 0.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/utils
  dependency-version: 0.0.0-20251002143259-bc988d571ff4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 25, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Feb 25, 2026
@dependabot dependabot bot deleted the dependabot/go_modules/security-ca8be2171c branch February 25, 2026 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependabot go type::security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants