chore(deps): bump the k8s-go-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the k8s-go-dependencies group with 8 updates in the /k8s-service directory:

Package	From	To
github.com/getkin/kin-openapi	0.133.0	0.137.0
github.com/labstack/echo/v4	4.15.1	4.15.2
github.com/minio/minio-go/v7	7.0.99	7.1.0
github.com/onsi/ginkgo/v2	2.27.2	2.28.3
github.com/rabbitmq/amqp091-go	1.10.0	1.11.0
go.uber.org/zap	1.27.1	1.28.0
k8s.io/api	0.35.3	0.36.0
k8s.io/client-go	0.35.3	0.36.0

Updates github.com/getkin/kin-openapi from 0.133.0 to 0.137.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.137.0

What's Changed

• revert to go 1.25 and revert cc4f8d99 by @​fenollp in getkin/kin-openapi#1161

Full Changelog: getkin/kin-openapi@v0.136.0...v0.137.0

v0.136.0

What's Changed

• openapi3: stop injecting contentless default in NewResponses() by @​0-don in getkin/kin-openapi#1148
• openapi3: standardize Origin json tag to "-" across all types by @​reuvenharrison in getkin/kin-openapi#1149
• Update usage message in cmd/validate by @​fenollp in getkin/kin-openapi#1150
• openapi3: fix determinism when handling discriminator mappings by @​fenollp in getkin/kin-openapi#1151
• feat: bump Go to 1.26 by @​fenollp in getkin/kin-openapi#1152
• openapi3: use componentNames for deterministic visitings by @​fenollp in getkin/kin-openapi#1153
• feat: add OpenAPI 3.1 support by @​reuvenharrison in getkin/kin-openapi#1125
• openapi3: add JoinFunc for custom $ref path resolution by @​reuvenharrison in getkin/kin-openapi#1154
• Add many many tests from ApisGuruOpenapiDirectory by @​fenollp in getkin/kin-openapi#1155
• openapi3: remove map-iteration order leaks causing flaky tests by @​cloudnativeninja in getkin/kin-openapi#1158
• openapi2conv: nil-guard components lookup in FromV3SchemaRef by @​SAY-5 in getkin/kin-openapi#1156
• Address various lint errors by @​fenollp in getkin/kin-openapi#1157

New Contributors

• @​0-don made their first contribution in getkin/kin-openapi#1148
• @​cloudnativeninja made their first contribution in getkin/kin-openapi#1158
• @​SAY-5 made their first contribution in getkin/kin-openapi#1156

Full Changelog: getkin/kin-openapi@v0.135.0...v0.136.0

v0.135.0

What's Changed

• openapi3: strip origin from Encodings and ServerVariables maps by @​reuvenharrison in getkin/kin-openapi#1132
• fix: update yaml3 to prevent panic on empty mapping node in sequence by @​reuvenharrison in getkin/kin-openapi#1133
• openapi3: strip origin from extension values to prevent spurious diffs by @​reuvenharrison in getkin/kin-openapi#1137
• openapi3: strip origin from slices in example values by @​reuvenharrison in getkin/kin-openapi#1138
• fix: bump yaml and yaml3 to v0.0.4 by @​reuvenharrison in getkin/kin-openapi#1136
• openapi3: OriginTree approach for origin tracking — separate pass, no inline stripping by @​reuvenharrison in getkin/kin-openapi#1142
• README: drop go-openapi/spec3 by @​zonescape in getkin/kin-openapi#1143
• fix: bump yaml3+yaml to v0.0.9 to fix -root schema origin by @​reuvenharrison in getkin/kin-openapi#1144
• openapi3: call ReadFromURIFunc before checking IsExternalRefsAllowed by @​reuvenharrison in getkin/kin-openapi#1146
• fix: use location.String() instead of location.Path for origin file tracking by @​reuvenharrison in getkin/kin-openapi#1145
• refactor: Replace sort usage with slices package by @​jedevc in getkin/kin-openapi#1147

New Contributors

• @​zonescape made their first contribution in getkin/kin-openapi#1143
• @​jedevc made their first contribution in getkin/kin-openapi#1147

Full Changelog: getkin/kin-openapi@v0.134.0...v0.135.0

v0.134.0

... (truncated)

Commits

• b641244 revert to go 1.25 and revert cc4f8d99
• ff4bce7 fix and upgrade goimports-reviser
• 028df2a refacto(tests): use t.Context instead of context.Background
• cc4f8d9 refacto: replace openapi3.*Ptr(..) funcs with new(..)
• df95b87 address various lint errors
• 3556929 openapi2conv: nil-guard components lookup in FromV3SchemaRef (#1156)
• 5a0a337 openapi3: remove map-iteration order leaks causing flaky tests (#1158)
• 3489553 openapi3: skip v3.1 load/validation flaky tests
• 3aa08cd openapi3: record v3.1 load/validation test failures
• 3179775 openapi3: enable testing for 3.1 documents
• Additional commits viewable in compare view

Updates github.com/labstack/echo/v4 from 4.15.1 to 4.15.2

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.15.2 - 2026-05-01

Security

• Context.Scheme() should validate values taken from header by @​aldas in labstack/echo#2962

Thanks to @​shblue21 for reporting this issue.

Commits

• 25685e6 Merge pull request #2963 from aldas/v4_changelog_4_15_2
• f9d7689 Changelog for v4.15.2
• 37fff28 Merge pull request #2962 from aldas/v4_valid_proto
• ca4f38a Context.Scheme should validate values taken from header
• 2e527a7 Update CI, update deps
• See full diff in compare view

Updates github.com/minio/minio-go/v7 from 7.0.99 to 7.1.0

Release notes

Sourced from github.com/minio/minio-go/v7's releases.

Release v7.1.0

What's Changed

• GetObjectAttributes: Add missing checksum & type by @​klauspost in minio/minio-go#2217
• support x-minio-source-time header for getobject / statObject by @​jiuker in minio/minio-go#2219
• Add new AWS checksums by @​klauspost in minio/minio-go#2221

Full Changelog: minio/minio-go@v7.0.100...v7.1.0

Commits

• f29e568 Add new AWS checksums (#2221)
• 68e87b1 support x-minio-source-time header for getobject / statObject (#2219)
• d457cd4 GetObjectAttributes: Add missing checksum & type (#2217)
• 570a610 Add ChecksumAlgorithm to list response (#2211)
• 9ab4afb Update signature of UpdateObjectEncryption (#2215)
• 30849ad fix: honor StartAfter when listing object versions (#2212)
• 2eacfe9 add SignV4WithServiceType function (#2214)
• dedfa39 tags: add MarshalJSON/UnmarshalJSON to Tags
• 4976cb3 get content encoding when available (#2208)
• d75e965 add S3 Outposts support: Implement request signing and endpoint validation fo...
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.27.2 to 2.28.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.3

2.28.3

Maintenance

Bump all dependencies

v2.28.2

2.28.2

• Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
• Implement shell completion [94151c8]
• Add asan CLI option mirroring msan implementation [4d21dbb]
• Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
• fix aspect ratio [9619647]
• update logos [5779304]

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

2.27.4

Fixes

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.3

Maintenance

Bump all dependencies

2.28.2

• Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
• Implement shell completion [94151c8]
• Add asan CLI option mirroring msan implementation [4d21dbb]
• Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
• fix aspect ratio [9619647]
• update logos [5779304]

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

2.27.3

Fixes

report exit result in case of failure [1c9f356]

... (truncated)

Commits

• 5de9c15 v2.28.3
• 7e2fa19 bump dependencies
• 1a81912 v2.28.2
• f3a36b6 Add ArtifactDir() to support Go 1.26 testing.TB interface
• 94151c8 Implement shell completion
• 4d21dbb Add asan CLI option mirroring msan implementation
• c102161 Bump uri from 1.0.3 to 1.0.4 in /docs (#1630)
• 9619647 fix aspect ratio
• 5779304 update logos
• 5d1d628 v2.28.1
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.38.2 to 1.40.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

v1.39.1

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v1.39.0

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

v1.38.3

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Commits

• 87ee9d3 v1.40.0
• ea66027 v1.40.0 (full)
• e3fd789 update docs to reflect new versioning strategy
• 7d4ee30 first push to master-lite
• e4a82d1 Bump github/codeql-action from 3 to 4 (#875)
• af62723 Bump rexml from 3.4.0 to 3.4.2 in /docs (#870)
• e164221 Bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 (#895)
• 334a282 Bump faraday from 2.12.2 to 2.14.1 in /docs (#896)
• 1a25a36 v1.39.1
• 406faee bump all deps
• Additional commits viewable in compare view

Updates github.com/rabbitmq/amqp091-go from 1.10.0 to 1.11.0

Release notes

Sourced from github.com/rabbitmq/amqp091-go's releases.

v1.11.0

What's Changed

• add methods Temporary and Recoverable to amqp.Error by @​peczenyj in rabbitmq/amqp091-go#265
• Small fixes and refactors by @​peczenyj in rabbitmq/amqp091-go#266
• chore: doc typo by @​AndrewWinterman in rabbitmq/amqp091-go#269
• Add test that demonstrates the issue by @​lukebakken in rabbitmq/amqp091-go#274
• Fixing simple errors by @​korolev-d-l in rabbitmq/amqp091-go#280
• Expose delivery not initialised error by @​Zerpet in rabbitmq/amqp091-go#293
• fix: unify receiver methods to avoid conflicts between value and pointer types by @​Raisul191491 in rabbitmq/amqp091-go#292
• Add warning about concurrency with Channels by @​Zerpet in rabbitmq/amqp091-go#294
• Return existing error instead of creating new for the same purpose by @​pingvincible in rabbitmq/amqp091-go#295
• Investigate GH-296 by @​lukebakken in rabbitmq/amqp091-go#297
• Fix linter error after migrating config to v2 by @​Zerpet in rabbitmq/amqp091-go#306
• feat: add MIME types constants for content types by @​YlanzinhoY in rabbitmq/amqp091-go#308
• Fix parseHeaderFrame to consume entire frame payload by @​lukebakken in rabbitmq/amqp091-go#314
• fix: typos in comments and tests by @​alexandear in rabbitmq/amqp091-go#312
• docs: update link to RabbitMQ tutorials by @​alexandear in rabbitmq/amqp091-go#313
• fix: modernize lint issues by @​alexandear in rabbitmq/amqp091-go#315
• Use RabbitMQ 4 in Makefile by @​Zerpet in rabbitmq/amqp091-go#319
• Add support for unsigned type values by @​Zerpet in rabbitmq/amqp091-go#317
• Fix incomplete routing diagram in QueueBind doc comment by @​Copilot in rabbitmq/amqp091-go#320
• refactor: simplify with atomic types by @​alexandear in rabbitmq/amqp091-go#318
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in rabbitmq/amqp091-go#321
• Bump the github-actions group with 4 updates by @​dependabot[bot] in rabbitmq/amqp091-go#326
• Eliminate race condition in Connection.Close() and related methods by @​Zerpet in rabbitmq/amqp091-go#328
• fix: respect context cancellation on publishing with context operations by @​NawafSwe in rabbitmq/amqp091-go#330

New Contributors

• @​peczenyj made their first contribution in rabbitmq/amqp091-go#265
• @​AndrewWinterman made their first contribution in rabbitmq/amqp091-go#269
• @​korolev-d-l made their first contribution in rabbitmq/amqp091-go#280
• @​Raisul191491 made their first contribution in rabbitmq/amqp091-go#292
• @​pingvincible made their first contribution in rabbitmq/amqp091-go#295
• @​YlanzinhoY made their first contribution in rabbitmq/amqp091-go#308
• @​alexandear made their first contribution in rabbitmq/amqp091-go#312
• @​Copilot made their first contribution in rabbitmq/amqp091-go#320
• @​NawafSwe made their first contribution in rabbitmq/amqp091-go#330

Full Changelog: rabbitmq/amqp091-go@v1.10.0...v1.11.0

Changelog

Sourced from github.com/rabbitmq/amqp091-go's changelog.

v1.11.0 (2026-04-21)

Full Changelog

Implemented enhancements:

• add better debug information on DialConfig #245

Fixed bugs:

• Channel error when acking via go-routines #296

Closed issues:

• PR #318 exposes a pre-existing race in Connection.Close(). #327
• Entire header frame isn't always read #309
• Incomplete support of 0-9-1 field type values #302
• Redelivered Flag Not Exposed #301
• consume input basicConsumeOk but response queueBindOk #291
• Channel is closed after Channel.ExchangeDeclarePassive fails #290
• Incomplete example in (*Channel).QueueBind documentation #279
• QueueDeclarePassive does not report queue type mismatch #273
• Release 1.10.0 #261
• Update minimum Go version to 1.18 #146

Merged pull requests:

• fix: respect context cancellation on publishing with context operations #330 (NawafSwe)
• Eliminate race condition in Connection.Close() and related methods #328 (Zerpet)
• Bump the github-actions group with 4 updates #326 (dependabot[bot])
• Bump github/codeql-action from 3 to 4 #321 (dependabot[bot])
• Fix incomplete routing diagram in QueueBind doc comment #320 (Copilot)
• Use RabbitMQ 4 in Makefile #319 (Zerpet)
• refactor: simplify with atomic types #318 (alexandear)
• Add support for unsigned type values #317 (Zerpet)
• fix: modernize lint issues #315 (alexandear)
• Fix parseHeaderFrame to consume entire frame payload #314 (lukebakken)
• docs: update link to RabbitMQ tutorials #313 (alexandear)
• fix: typos in comments and tests #312 (alexandear)
• feat: add MIME types constants for content types #308 (YlanzinhoY)
• Fix linter error after migrating config to v2 #306 (Zerpet)
• Investigate GH-296 #297 (lukebakken)
• Return existing error instead of creating new for the same purpose #295 (pingvincible)
• Add warning about concurrency with Channels #294 (Zerpet)
• Expose delivery not initialised error #293 (Zerpet)
• fix: unify receiver methods to avoid conflicts between value and pointer types #292 (Raisul191491)
• Fixing simple errors #280 (korolev-d-l)
• Add test that demonstrates the issue #274 (lukebakken)
• chore: doc typo #269 (AndrewWinterman)
• Small fixes and refactors #266 (peczenyj)

... (truncated)

Commits

• 5fdceeb Version 1.11.0
• a426238 Merge pull request #330 from NawafSwe/chore-329/publish-with-context-fix
• 6d3ec4f chore: follow gate-keeper approach for context management in publish
• 301e296 chore: respect context cancellation in PublishWithDeferredConfirmWithContext ...
• dbf5f69 chore: respect context cancellation in PublishWithContext function
• 9665ac6 Merge pull request #328 from rabbitmq/fix-race-condition
• 86058c1 go fmt
• e6b63d7 Add a concurrent connection closure test #328
• b5b3c52 Connection: briefly explain the purpose of each sync.Once
• 5f7f528 fix: eliminate race condition in Connection.Close() and related methods
• Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

Commits

• 5b81b37 release v1.28.0 (#1547)
• 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
• d278c59 [chore] CI: test on Go 1.26 (#1535)
• 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
• See full diff in compare view

Updates k8s.io/api from 0.35.3 to 0.36.0

Commits

• 545bb97 Update dependencies to v0.36.0 tag
• 879d396 Merge remote-tracking branch 'origin/master' into release-1.36
• 030d81f Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• aef6eb6 Add granular authorization for DRA ResourceClaim status updates
• 91061ea Merge pull request #136589 from tosi3k/preemption-mode
• e6b81e2 Add Workload-Aware Preemption fields to Workload and PodGroup APIs
• f8fce2e Merge pull request #136989 from nojnhuh/podgroup-resourceclaim
• b928f5e Workload API: PodGroup ResourceClaims (KEP-5729)
• 61bd78e Merge pull request #137190 from everpeace/KEP-5491-alpha
• 6bf46eb Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status
• Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.35.3 to 0.36.0

Commits

• debe1eb Update dependencies to v0.36.0 tag
• efb7f26 Merge remote-tracking branch 'origin/master' into release-1.36
• d966e56 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 79b3632 Merge pull request #137864 from yongruilin/dv-dra-mismatch
• a8822f7 Add slice and map union member support with tests
• 7dba2d0 Use IsZero instead of IsNil for union ratcheting check
• d95710f Fix union validation ratcheting when oldObj is nil
• 729062d Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
• 13b12e6 dependencies: bump kube-openapi to drop ginkgo/gomega indirect deps
• 27f4670 Merge pull request #136657 from Jefftree/sharding-test
• Additional commits viewable in compare view

Updates k8s.io/client-go from 0.35.3 to 0.36.0

Commits

• 1d95f02 Update dependencies to v0.36.0 tag
• f22a53e Merge remote-tracking branch 'origin/master' into release-1.36
• a948641 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 7e44ffc Add Workload-Aware Preemption fields to Workload and PodGroup APIs
• df2d882 Merge pull request #136989 from nojnhuh/podgroup-resourceclaim
• 4eece52 Workload API: PodGroup ResourceClaims (KEP-5729)
• 3d35c51 Merge pull request #137190 from everpeace/KEP-5491-alpha
• 0434117 Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status
• ba785be Drop CSR analogy, mark ObjectMeta +required,reduce limits (maxItems=500, maxL...
• 4a9c878 Add ResourcePoolStatusRequest API types and generated code
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions