Bump the go-dependencies group with 10 updates

[dependabot]

Bumps the go-dependencies group with 10 updates:

Package	From	To
github.com/go-logr/logr	1.4.2	1.4.3
github.com/google/go-cmp	0.6.0	0.7.0
github.com/kubernetes-csi/external-snapshotter/client/v8	8.0.0	8.4.0
github.com/onsi/ginkgo/v2	2.22.0	2.28.1
github.com/onsi/gomega	1.36.1	1.39.0
github.com/sirupsen/logrus	1.9.3	1.9.4
github.com/xdg-go/stringprep	1.0.2	1.0.4
golang.org/x/crypto	0.45.0	0.47.0
golang.org/x/tools	0.38.0	0.41.0
gotest.tools/v3	3.5.1	3.5.2

Updates github.com/go-logr/logr from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.3

Minor release.

What's Changed

• Fix slog tests for 1.25 by @​hoeppi-google in go-logr/logr#361
• Remove one exception from Slog testing by @​thockin in go-logr/logr#362

New Contributors

• @​hoeppi-google made their first contribution in go-logr/logr#361

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

Commits

• 38a1c47 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18
• f08bedd build(deps): bump actions/setup-go from 5.4.0 to 5.5.0
• 6295e99 build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0
• 028840d build(deps): bump github/codeql-action from 3.28.15 to 3.28.17
• 511e5fa Merge pull request #367 from go-logr/dependabot/github_actions/github/codeql-...
• d806463 build(deps): bump github/codeql-action from 3.28.13 to 3.28.15
• 158c311 Merge pull request #366 from thockin/master
• c79ddb3 Update to support golangci-lint v2
• 20a64ba build(deps): bump github/codeql-action from 3.28.12 to 3.28.13
• 0385e14 Add comments around slog exceptions
• Additional commits viewable in compare view

Updates github.com/google/go-cmp from 0.6.0 to 0.7.0

Release notes

Sourced from github.com/google/go-cmp's releases.

v0.7.0

New API:

• (#367) Support compare functions with SortSlices and SortMaps

Panic messaging:

• (#370) Detect proto.Message types when failing to export a field

Commits

• 9b12f36 Detect proto.Message types when failing to export a field (#370)
• 4dd3d63 fix: type 'aribica' => 'arabica' (#368)
• 391980c Support compare functions with SortSlices and SortMaps (#367)
• See full diff in compare view

Updates github.com/kubernetes-csi/external-snapshotter/client/v8 from 8.0.0 to 8.4.0

Release notes

Sourced from github.com/kubernetes-csi/external-snapshotter/client/v8's releases.

client/v8.4.0

The release tag client/v8.4.0 is for VolumeSnapshot and VolumeGroupSnapshot APIs and client library which are in a separate go package.

Changes by Kind

API Change

• Introduce the v1beta2 VolumeGroupSnapshot API as described by KEP 5013 (#1312, @​leonardoce)
• Several VolumeGroupSnapshot, VolumeGroupSnapshotClass and VolumeGroupSnapshotContent fields are now immutable. The v1beta1 VolumeGroupSnapshot API is now marked as deprecated. (#1337, @​leonardoce)

Full Changelog

https://github.com/kubernetes-csi/external-snapshotter/blob/v8.4.0/CHANGELOG/CHANGELOG-8.4.md

v8.4.0

Overall Status

Volume snapshotting has been a GA feature since Kubernetes v1.20.

Supported CSI Spec Versions

1.0-1.12

• VolumeGroupSnapshot moves to GA in CSI spec v1.11.0.

Minimum Kubernetes version

1.25

Recommended Minimum Kubernetes version

1.25

Container

docker pull registry.k8s.io/sig-storage/snapshot-controller:v8.4.0
docker pull registry.k8s.io/sig-storage/csi-snapshotter:v8.4.0

Changes by Kind

API Change

• Introduce the v1beta2 VolumeGroupSnapshot API as described by KEP 5013 (#1312, @​leonardoce)

Feature

• The number of worker threads in the snapshot-controller and csi-snapshotter is now configurable via the worker-threads flag. (#282, @​huffmanca)

Other (Cleanup or Flake)

• Several VolumeGroupSnapshot, VolumeGroupSnapshotClass and VolumeGroupSnapshotContent fields are now immutable. The v1beta1 VolumeGroupSnapshot API is now marked as deprecated. (#1337, @​leonardoce)
• Update kubernetes dependencies to v1.34.0 (#1330, @​dobsonj)

Uncategorized

... (truncated)

Commits

• f21cb02 Merge pull request #1342 from xing-yang/changelog_8.4
• ff86d39 Add changelog for v8.4
• d282047 Merge pull request #1338 from Madhu-1/cleanup
• bf2ed74 Merge pull request #1337 from leonardoce/dev-api-review
• 5e23337 Merge pull request #1341 from xing-yang/csi_1.12
• 2573990 Update CSI spec to 1.12
• b96c58f Merge pull request #1340 from darshansreenivas/release_tool_update
• 1655048 Merge commit 'b3dcf6b186d9cab2da1ca62ea82312fec813e3d7' into release_tool_update
• b3dcf6b Squashed 'release-tools/' changes from 5f38a9075..74502e544
• 0d9a187 Add CEL test cases
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.22.0 to 2.28.1

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

v2.27.3

2.27.3

Fixes

report exit result in case of failure [1c9f356] fix data race [ece19c8]

v2.27.2

2.27.2

Fixes

• inline automaxprocs to simplify dependencies; this will be removed when Go 1.26 comes out [a69113a]

Maintenance

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

2.27.3

Fixes

report exit result in case of failure [1c9f356] fix data race [ece19c8]

2.27.2

Fixes

• inline automaxprocs to simplify dependencies; this will be removed when Go 1.26 comes out [a69113a]

Maintenance

• Fix syntax errors and typo [a99c6e0]
• Fix paragraph position error [f993df5]

2.27.1

Fixes

... (truncated)

Commits

• 5d1d628 v2.28.1
• 676f985 update test mu language
• 8032100 appease go vet
• 41ca807 bump dependencies
• 2b2305b v2.28.0
• 71d2d89 feat: support component semantic version filtering
• 8cbbcb4 Fix doclink for ginkgo run
• a928307 v2.27.5
• 0d0e96d don't make a new formatter for each GinkgoT(); that's just silly and uses pre...
• 867ce95 v2.27.4
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.36.1 to 1.39.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.39.0

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

v1.38.3

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

v1.38.2

1.38.2

• roll back to go 1.23.0 [c404969]

v1.38.1

1.38.1

Fixes

Numerous minor fixes and dependency bumps

v1.38.0

1.38.0

Features

• gstruct handles extra unexported fields [4ee7ed0]

Fixes

• support [] in IgnoringTopFunction function signatures (#851) [36bbf72]

Maintenance

• Bump golang.org/x/net from 0.40.0 to 0.41.0 (#846) [529d408]
• Fix typo [acd1f55]
• Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#835) [bae65a0]
• Bump nokogiri from 1.18.4 to 1.18.8 in /docs (#842) [8dda91f]
• Bump golang.org/x/net from 0.39.0 to 0.40.0 (#843) [212d812]
• Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#839) [59bd7f9]
• Bump nokogiri from 1.18.1 to 1.18.4 in /docs (#834) [328c729]
• Bump uri from 1.0.2 to 1.0.3 in /docs (#826) [9a798a1]
• Bump golang.org/x/net from 0.37.0 to 0.39.0 (#841) [04a72c6]

v1.37.0

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

... (truncated)

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

1.38.2

• roll back to go 1.23.0 [c404969]

1.38.1

Fixes

Numerous minor fixes and dependency bumps

1.38.0

Features

• gstruct handles extra unexported fields [4ee7ed0]

Fixes

• support [] in IgnoringTopFunction function signatures (#851) [36bbf72]

Maintenance

• Bump golang.org/x/net from 0.40.0 to 0.41.0 (#846) [529d408]
• Fix typo [acd1f55]
• Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#835) [bae65a0]
• Bump nokogiri from 1.18.4 to 1.18.8 in /docs (#842) [8dda91f]
• Bump golang.org/x/net from 0.39.0 to 0.40.0 (#843) [212d812]
• Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#839) [59bd7f9]
• Bump nokogiri from 1.18.1 to 1.18.4 in /docs (#834) [328c729]
• Bump uri from 1.0.2 to 1.0.3 in /docs (#826) [9a798a1]
• Bump golang.org/x/net from 0.37.0 to 0.39.0 (#841) [04a72c6]

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

1.36.3

Maintenance

• bump all the things [adb8b49]

... (truncated)

Commits

• 49561ad v1.39.0
• 8f7f425 document MatchErrorStrictly
• bae643d add matcher relecting errors.Is behavior
• a3ca2ca v1.38.3
• 4dada36 fix failing have http tests
• d40c691 make string formatitng more consistent for users who use format.Object directly
• 2a37b46 doc: fix typos
• ee26170 docs: fix HaveValue example
• cc85c05 Bump actions/setup-go from 5 to 6 (#866)
• 8905788 Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (#865)
• Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Commits

• b61f268 Merge pull request #1472 from goldlinker/master
• 15c29db refactor: replace the deprecated function in the ioutil package
• cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
• 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
• d916819 Merge pull request #1427 from dolmen/fix-testify-usage
• 135e482 README: small touch-ups
• 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
• 877ecec README: remove travis badge
• 55cf256 Merge pull request #1393 from jsoref/grammar
• 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
• Additional commits viewable in compare view

Updates github.com/xdg-go/stringprep from 1.0.2 to 1.0.4

Release notes

Sourced from github.com/xdg-go/stringprep's releases.

v1.0.4

Maintenance

• Bump golang.org/x/text to v0.3.8 due to CVE-2022-32149

v1.0.3

Maintenance

• Bump golang.org/x/text to v0.3.7 due to CVE-2021-38561

Changelog

Sourced from github.com/xdg-go/stringprep's changelog.

[v1.0.4] - 2022-12-07

Maintenance

• Bump golang.org/x/text to v0.3.8 due to CVE-2022-32149

[v1.0.3] - 2022-03-01

Maintenance

• Bump golang.org/x/text to v0.3.7 due to CVE-2021-38561

Commits

• dabf774 Add 1.18/19 to test matrix; remove 1.11/12/13
• 9836471 Bump golang.org/x/text to v0.3.8
• eb5c8f2 Add Go 1.17 to CI matrix
• 6b23024 Update CHANGELOG.md
• 544ab23 chore: update golang.org/x/text (CVE-2021-38561)
• See full diff in compare view

Updates golang.org/x/crypto from 0.45.0 to 0.47.0

Commits

• 506e022 go.mod: update golang.org/x dependencies
• 7dacc38 chacha20poly1305: error out in fips140=only mode
• 19acf81 go.mod: update golang.org/x dependencies
• 3a1c6b4 x509roots/fallback: update bundle
• f4602e4 ssh/agent: fix flaky test by ensuring a writeable home directory
• See full diff in compare view

Updates golang.org/x/tools from 0.38.0 to 0.41.0

Commits

• 2ad2b30 go.mod: update golang.org/x dependencies
• 5832cce internal/diff/lcs: introduce line diffs
• 67c4257 gopls/internal/golang: Definition: fix Windows bug wrt //go:embed
• 12c1f04 gopls/completion: check Selection invariant
• 6d87185 internal/server: add vulncheck scanning after vulncheck prompt
• 0c3a1fe go/ast/inspector: FindByPos returns the first innermost node
• ca281cf go/analysis/passes/ctrlflow: add noreturn funcs from popular pkgs
• 09c21a9 gopls/internal/analysis/unusedfunc: remove warnings for unused enum consts
• 03cb455 internal/modindex: suppress missing modcacheindex message
• 15d13e8 gopls/internal/util/typesutil: refine EnclosingSignature bug.Report
• Additional commits viewable in compare view

Updates gotest.tools/v3 from 3.5.1 to 3.5.2

Release notes

Sourced from gotest.tools/v3's releases.

v3.5.2

What's Changed

• assert: ensure message is always displayed & fix under bazel by @​cstrahan in gotestyourself/gotest.tools#276
• go.mod: golang.org/x/tools v0.13.0 for go1.22+ compatibility by @​thaJeztah in gotestyourself/gotest.tools#282
• poll: Continue(): use format.Message for formatting by @​thaJeztah in gotestyourself/gotest.tools#279
• fix TestFromDirSymlink on Windows due to missing drive-letter by @​thaJeztah in gotestyourself/gotest.tools#283
• Fix various linting issues and minor bugs by @​thaJeztah in gotestyourself/gotest.tools#280
• fix badges in readme, gofmt, and minor linting fix by @​thaJeztah in gotestyourself/gotest.tools#284
• circleci: add go1.21, go1.22, go1.23, and update golangci-lint to v1.60.3 by @​thaJeztah in gotestyourself/gotest.tools#285
• assert, assert/cmp: un-deprecate assert.ErrorType for now by @​thaJeztah in gotestyourself/gotest.tools#286

New Contributors

• @​cstrahan made their first contribution in gotestyourself/gotest.tools#276

Full Changelog: gotestyourself/gotest.tools@v3.5.1...v3.5.2

Commits

• 0b81523 Merge pull request #286 from thaJeztah/undeprecate_ErrorType
• c5dad8f Merge pull request #285 from thaJeztah/update_go_versions
• 160ab0e Remove go1.18 and go1.19
• 8569bbc Merge pull request #284 from thaJeztah/cleanup_readme
• 4256834 assert, assert/cmp: un-deprecate assert.ErrorType for now
• eb32186 circleci: update golangci-lint to v1.60.3
• 5fc8473 circleci: add go1.21, go1.22, go1.23
• 6f26df9 circleci: test generics on go1.20 and windows as well
• 732dfcf internal/difflib: rename funcs that collided with built-ins
• 7d95f55 internal/difflib: gofmt
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions