The new cadvisor version requires newer golang.org/x modules. Module
version selection raised crypto, mod, net, sync, sys, term, text, and
tools. golang.org/x/net moves from a pseudo-version to the v0.57.0
release, which includes the http2 fixes the pseudo-version pointed at.
cadvisor/lib no longer depends on github.com/gogo/protobuf. This change
removes cadvisor/lib from the gogo/protobuf dependants list in
hack/unwanted-dependencies.json.
Kubernetes-commit: c2e122037dfaa8c5e4e7951c155df282236d30f4
detectNumCPU sized nf_conntrack_max using github.com/google/cadvisor/lib
machine topology. nf_conntrack_max is host-wide, so it must be sized from the
node's CPU count, not runtime.NumCPU(): the latter honors the process cpuset
and undercounts when kube-proxy runs under a static CPU policy, which is the
behavior cadvisor worked around (kubernetes/kubernetes#99225).
Use cpuset.NumCPU() from k8s.io/utils, which reads the node's online CPU count
from /sys/devices/system/cpu/online, with a runtime.NumCPU() fallback. This
drops the cadvisor dependency from pkg/proxy/conntrack and bumps k8s.io/utils
to pick up cpuset.NumCPU.
Kubernetes-commit: 92ce184653f03c312915993d7fde93d8e65602c1
Updates golang.org/x/net to v0.55.1-0.20260602153038-42abb857022c to pick up
the go1.27 http2 "wrap" fixes:
- CL 782940 (golang/go#79642): configureServer registers the h2 and http/1.1
ALPN protocols on s.TLSConfig.
- CL 785900 (golang/go#79778): ConfigureTransport/ConfigureTransports enable
HTTP/2 on the transport and keep TLSClientConfig non-nil.
With both, the kube-apiserver secure-serving path and the client-go / apiserver
HTTP/2 clients negotiate HTTP/2 under go1.27 with no Kubernetes-side changes;
no workaround is needed.
Gerrit: https://go-review.googlesource.com/c/net/+/782940
Gerrit: https://go-review.googlesource.com/c/net/+/785900
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 544a4612cd73250f69e6a95f4b3de8b94112e594
Fixes ci-kubernetes-e2e-kind-golang-tip and ci-kubernetes-unit-golang-tip,
which started failing under Go tip identifying as go1.27 with:
vendor/google.golang.org/grpc/internal/transport/handler_server.go:271:18:
undefined: http2.TrailerPrefix
In x/net v0.54.0, TrailerPrefix was defined only in http2/server.go, which
carries `//go:build !(go1.27 && !http2legacy)` and is therefore excluded
under go1.27. Upstream golang/net commit 1efab4271a moved TrailerPrefix
(and other symbols accidentally dropped by the go1.27 server wrapper) into
common files. That fix is released in v0.55.0.
Tracked in https://github.com/kubernetes/kubernetes/issues/139257
Kubernetes-commit: d7c6b52ac4b6387d740af2fea7f1dd007d71c64c
This only changes tests to drop gopkg.in/check.v1, which helps our
dependency tree a little.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: edf0df348c217271f4ed7acee3b436c27e71df88
Updates k8s.io/kube-openapi across all staging modules and vendors the new
revision. Key changes upstream:
- builder/openapi.go, builder3/openapi.go: use common.EscapeJsonPointer()
when keying definition names into swagger.Definitions / spec.Components.Schemas,
fixing incorrect lookups for types whose names contain JSON-Pointer-reserved
characters (e.g. '/', '~').
- pkg/generators/apidefinitions/loader.go (new): LoadAPIVersion() reads an
apiversion.yaml from a source-tree directory and validates its TypeMeta,
providing a declarative way to describe API versions in-tree.
- pkg/generators/apidefinitions/types.go (new): APIVersion type that carries
the schemeGroupVersion / kindAPIVersion metadata consumed by the loader.
- pkg/generators/config.go, openapi.go, model_names.go: minor generator
improvements accompanying the apidefinitions loader addition.
- pkg/generators/rules/list_type_streaming_tags.go: streaming-tag rule fix.
- pkg/schemaconv/openapi.go, proto_models.go: schema conversion cleanups.
- pkg/validation/validate/result.go: validation result cleanup.
Previous version: v0.0.0-20260317180543-43fb72c5454a
New version: v0.0.0-20260502001324-b7f5293f4787
Kubernetes-commit: eaf347cecb168ee85fc77ffc9a5cda4eb99ce1ca
Bump go-openapi dependencies to latest versions:
- github.com/go-openapi/jsonpointer v0.21.0 → v0.22.4
- github.com/go-openapi/jsonreference v0.20.2 → v0.21.4
- github.com/go-openapi/swag v0.23.0 → v0.25.4
The new swag version has been restructured into a multi-module monorepo
with submodules (cmdutils, conv, fileutils, jsonname, jsonutils, loading,
mangling, netutils, stringutils, typeutils, yamlutils). As a result:
- mailru/easyjson and josharian/intern are no longer transitive deps
and have been removed from vendor
- go-openapi/jsonpointer and go-openapi/swag no longer reference
unwanted deps davecgh/go-spew, mailru/easyjson, or gopkg.in/yaml.v3
- Updated hack/unwanted-dependencies.json accordingly
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 693dc57f5753ce69f7d3f49f26bfefc9554e47e6
Fixes CVE-2026-33814 (golang/go#78476): HTTP/2 Transport hangs
indefinitely when a peer sends a SETTINGS frame with MaxFrameSize=0.
This is reachable from kube-apiserver's OIDC, admission webhook,
and aggregated API client paths.
Kubernetes-commit: 12a2470693d86f63f4614048ffdd43dc393dd7e0