chore(deps): Bump the production-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the production-dependencies group with 6 updates in the / directory:

Package	From	To
github.com/onsi/gomega	1.36.3	1.37.0
github.com/fxamacker/cbor/v2	2.7.0	2.8.0
github.com/k8snetworkplumbingwg/network-attachment-definition-client	1.7.5	1.7.6
golang.org/x/net	0.37.0	0.38.0
google.golang.org/protobuf	1.36.5	1.36.6
kubevirt.io/containerized-data-importer-api	1.61.2	1.62.0

Updates github.com/onsi/gomega from 1.36.3 to 1.37.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.37.0

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

Commits

• 272fca3 v1.37.0
• 5666f98 add To/ToNot/NotTo aliases for AsyncAssertion
• See full diff in compare view

Updates github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.8.0 adds omitzero struct tag option, fixes and deprecates 3 functions, and bumps requirements to go 1.20+.

Many thanks to @​liggitt for contributing the omitzero support!

The "omitzero" option omits zero values from encoding, matching stdlib encoding/json behavior. When specified in the cbor tag, the option is always honored. When specified in the json tag, the option is honored when building with Go 1.24+.

This release fixes 3 functions (when called directly by user apps) to use same error handling on bad input as cbor.Unmarshal():

• RawTag.UnmarshalCBOR() (thanks @​thomas-fossati for reporting this!)
• ByteString.UnmarshalCBOR()
• SimpleValue.UnmarshalCBOR()

This release also deprecates those 3 functions because they were initially created for internal use. Please use Unmarshal() or UnmarshalFirst() instead.

To preserve backward compatibility, the deprecated functions were added to fuzz tests and will not be removed in v2.x.

What's Changed

• go: update go.mod and ci.yml to require go1.20 or newer (was go1.17) by @​fxamacker in fxamacker/cbor#626
• Replace interface{} with any by @​fxamacker in fxamacker/cbor#627
• Replace reflect.Ptr with reflect.Pointer by @​fxamacker in fxamacker/cbor#628
• Replace reflect.PtrTo with reflect.PointerTo by @​fxamacker in fxamacker/cbor#629
• Add omitzero support by @​liggitt in fxamacker/cbor#644
• Update error handling in RawTag.UnmarshalCBOR(), etc. to match cbor.Unmarshal() by @​fxamacker in fxamacker/cbor#645
• Optimize internal calls to UnmarshalCBOR() for ByteString, RawTag, SimpleValue by @​fxamacker in fxamacker/cbor#647

Other Changes

• Bump github/codeql-action from 3.25.10 to 3.25.11 by @​dependabot in fxamacker/cbor#562
• Bump actions/setup-go from 5.0.1 to 5.0.2 by @​dependabot in fxamacker/cbor#564
• Bump github/codeql-action from 3.25.11 to 3.25.12 by @​dependabot in fxamacker/cbor#565
• Bump github/codeql-action from 3.25.12 to 3.25.14 by @​dependabot in fxamacker/cbor#567
• Bump github/codeql-action from 3.25.14 to 3.25.15 by @​dependabot in fxamacker/cbor#569
• Bump github/codeql-action from 3.25.15 to 3.26.0 by @​dependabot in fxamacker/cbor#571
• Bump govulncheck from 1.0.4 to 1.1.3 by @​fxamacker in fxamacker/cbor#572
• Bump github/codeql-action from 3.26.0 to 3.26.2 by @​dependabot in fxamacker/cbor#575
• Add go1.23 to ci.yml by @​fxamacker in fxamacker/cbor#573
• Bump github/codeql-action from 3.26.2 to 3.26.6 by @​dependabot in fxamacker/cbor#580
• Mention new TinyGo feature branch in README by @​fxamacker in fxamacker/cbor#582
• Bump github/codeql-action from 3.26.6 to 3.26.8 by @​dependabot in fxamacker/cbor#585
• Bump github/codeql-action from 3.26.8 to 3.26.9 by @​dependabot in fxamacker/cbor#586
• Bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in fxamacker/cbor#587
• README: update benchmark comparisons, etc. by @​fxamacker in fxamacker/cbor#588
• Bump github/codeql-action from 3.26.9 to 3.26.11 by @​dependabot in fxamacker/cbor#590
• README: update to clarify CBOR benchmark comparison and resolve nits by @​fxamacker in fxamacker/cbor#591
• README: fix broken link to svg file by @​fxamacker in fxamacker/cbor#592
• Bump github/codeql-action from 3.26.11 to 3.26.12 by @​dependabot in fxamacker/cbor#594
• Bump actions/checkout from 4.2.0 to 4.2.1 by @​dependabot in fxamacker/cbor#593

... (truncated)

Commits

• cbe7442 Update docs for cbor v2.8.0 (#649)
• c9f772d Merge pull request #647 from fxamacker/fxamacker/optimize-unmarshalcbor-for-c...
• 64fbdbc Optimize calls to UnmarshalCBOR() for RawTag, etc.
• fe81c11 Merge pull request #645 from fxamacker/fxamacker/port-pr-636-to-master-branch
• d81ecdd Check CBOR well-formedness in ByteString.UnmarshalCBOR
• 4f3c6a5 Check CBOR well-formedness in SimpleValue.UnmarshalCBOR
• 621c666 Check CBOR well-formedness in RawTag.UnmarshalCBOR
• d34c8ec Merge pull request #644 from liggitt/omitzero
• 69da12b Adjust OmitZero tests to zero behavior
• 101dea7 Copy OmitEmpty tests to OmitZero tests
• Additional commits viewable in compare view

Updates github.com/k8snetworkplumbingwg/network-attachment-definition-client from 1.7.5 to 1.7.6

Release notes

Sourced from github.com/k8snetworkplumbingwg/network-attachment-definition-client's releases.

v1.7.6

This release fixes a regression affecting CNI plugins that do not specify interfaces in their CNI ADD result.

Previously, IP addresses returned without an associated interface index were not being assigned to any network-status entry. This release restores the prior behavior by assigning such IPs to the last network status (i.e., the last sandboxed interface), ensuring consistent handling across plugins, especially those that omit the interfaces field entirely.

This change is important for compatibility with certain CNI plugins and maintains expected behavior from earlier versions of the net-attach-def library.

Special thanks to @​Brian-McM for identifying the issue and providing the fix!

Commits

• e12bd55 Merge pull request #77 from Brian-McM/assign-ips-with-no-interface-to-default...
• 77dfd49 Update pkg/utils/net-attach-def_test.go
• 1945b69 Assign IPs that don't have an interface index to the last network status
• See full diff in compare view

Updates golang.org/x/net from 0.37.0 to 0.38.0

Commits

• e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
• ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
• 1f1fa29 publicsuffix: regenerate table
• 1215081 http2: improve error when server sends HTTP/1
• 312450e html: ensure <search> tag closes <p> and update tests
• 09731f9 http2: improve handling of lost PING in Server
• 55989e2 http2/h2c: use ResponseController for hijacking connections
• 2914f46 websocket: re-recommend gorilla/websocket
• See full diff in compare view

Updates google.golang.org/protobuf from 1.36.5 to 1.36.6

Updates kubevirt.io/containerized-data-importer-api from 1.61.2 to 1.62.0

Release notes

Sourced from kubevirt.io/containerized-data-importer-api's releases.

v1.62.0

This release follows v1.61.0 and consists of 54 changes, contributed by 17 people, leading to 3174 files changed, 129486 insertions(+), 67596 deletions(-).

The source code and selected binaries are available for download at: https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.62.0.

Pre-built CDI containers are published on Quay.io and can be viewed at: https://quay.io/repository/kubevirt/cdi-controller/ https://quay.io/repository/kubevirt/cdi-importer/ https://quay.io/repository/kubevirt/cdi-cloner/ https://quay.io/repository/kubevirt/cdi-uploadproxy/ https://quay.io/repository/kubevirt/cdi-apiserver/ https://quay.io/repository/kubevirt/cdi-uploadserver/ https://quay.io/repository/kubevirt/cdi-operator/

Notable changes

Enhancement: IBM Block Storage CSI driver now supports RWX access mode Cleanup: Deprecate DataVolume garbage collection BugFix: Watch for StorageProfile updates to reconcile DataVolumes BugFix: Fix PVC webhook rendering segfault when there is no default default storage class and no virtualization default storage class BugFix: size-detection pod is not always cleaned after it completes Cleanup: Bump CI to test 1.31 BugFix: Set DataVolume Bound condition to False instead of Unknown Enhancement: Allow extra VDDK configuration parameters to be passed to VDDK importer pods. Enhancement: Add PVC source support for DataImportCron BugFix: Dell PowerStore uses cloneStrategy: copy over csi-clone to avoid array snapshot limits Enhancement: Add volume capabilities for Oracle Cloud Enhancement: Added support for Infinibox nvme protocol Cleanup: k8s 1.31 dependencies Cleanup: Using golang 1.23.6 in builder Enhancement: Add RWX block to Portworx capabilities BugFix: Add openshift.io/required-scc to required workloads Enhancement: Create prow multi arch release script BugFix: Fix ImagePullFailed handling in DataImportCron controller Cleanup: DataImportCron tests - add waitForConditions to ensure all images got imported Enhancement: Add GCP hyperdisk capabilities BugFix: Fallback to host assisted cloning when source snapshot volume mode differs from target volume mode

Contributors

17 people contributed to this release:

    14	Alex Kalenyuk <[email protected]>
     9	Arnon Gilboa <[email protected]>

... (truncated)

Changelog

Sourced from kubevirt.io/containerized-data-importer-api's changelog.

v1.62.0 Enhancement: IBM Block Storage CSI driver now supports RWX access mode Cleanup: Deprecate DataVolume garbage collection BugFix: Watch for StorageProfile updates to reconcile DataVolumes BugFix: Fix PVC webhook rendering segfault when there is no default default storage class and no virtualization default storage class BugFix: size-detection pod is not always cleaned after it completes Cleanup: Bump CI to test 1.31 BugFix: Set DataVolume Bound condition to False instead of Unknown Enhancement: Allow extra VDDK configuration parameters to be passed to VDDK importer pods. Enhancement: Add PVC source support for DataImportCron BugFix: Dell PowerStore uses cloneStrategy: copy over csi-clone to avoid array snapshot limits Enhancement: Add volume capabilities for Oracle Cloud Enhancement: Added support for Infinibox nvme protocol Cleanup: k8s 1.31 dependencies Cleanup: Using golang 1.23.6 in builder Enhancement: Add RWX block to Portworx capabilities BugFix: Add openshift.io/required-scc to required workloads Enhancement: Create prow multi arch release script BugFix: Fix ImagePullFailed handling in DataImportCron controller Cleanup: DataImportCron tests - add waitForConditions to ensure all images got imported Enhancement: Add GCP hyperdisk capabilities BugFix: Fallback to host assisted cloning when source snapshot volume mode differs from target volume mode

Commits

• cdf8d90 v1.62.0 release notes v3
• a492f93 v1.62.0 release notes v2
• c3830b2 v1.62.0 release notes
• 6c47f48 Adding an if statement for the case that the certDir is not configured (#3651)
• acbd444 Run go run ./robots/cmd/uploader -workspace /home/prow/go/src/github.com/kube...
• 6a999b5 fix certrotation unit tests (#3673)
• 5ba59cc Enable Tinycore Functest image multiarch (#3628)
• b8621d0 Fallback to host-assised when volumeMode Differs (#3664)
• f4ddcc1 Revert "Clean up leftover snapshot sources from DataImportCron tests" (#3667)
• 8588876 Add GCP pd.csi.storage.gke.io capabilities (#3663)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign lyarwood for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.