chore(deps): bump the dev-dependencies group with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates:

Package	From	To
github.com/go-logr/logr	1.2.4	1.3.0
github.com/onsi/gomega	1.27.8	1.29.0
k8s.io/api	0.27.3	0.28.3
k8s.io/client-go	0.27.3	0.28.3
sigs.k8s.io/controller-runtime	0.15.0	0.16.3

Updates github.com/go-logr/logr from 1.2.4 to 1.3.0

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.3.0

This release adds support for slog in a new, self-contained logr/slogr package. Implementers of a logr.LogSink are encouraged, but not required, to extend their implementation to improve the quality of log output coming from a slog API call.

Breaking change: the call depth for LogSink.Enabled when called via Logger.Enabled was fixed to be the same as for other call paths. Implementers of a LogSink who have worked around this bug will need to remove their workarounds.

Security best practices were improved. Only Go versions >= 1.18 are supported by this release.

What's Changed

• Fix golangci-lint fails by @​thockin in go-logr/logr#173
• Add minimal permissions to workflows by @​pnacht in go-logr/logr#177
• Add a security policy by @​pnacht in go-logr/logr#178
• Update security email by @​thockin in go-logr/logr#181
• docs: explain relationship between Logger{} and Discard() by @​pohly in go-logr/logr#182
• Add the OpenSSF Scorecard workflow by @​pnacht in go-logr/logr#186
• README: show of OpenSSF Scorecard badge by @​pohly in go-logr/logr#187
• Hash-pin workflow Actions by @​pnacht in go-logr/logr#189
• Bump go versions to 1.18+ by @​thockin in go-logr/logr#203
• slogr: add glue code for logging to slog.Handler and with slog.Logger by @​pohly in go-logr/logr#205
• slogr: restore original backend when converting back and forth by @​pohly in go-logr/logr#210
• slogr: add SlogSink by @​pohly in go-logr/logr#211
• Use same call depth for Enabled, Info, Error by @​thockin in go-logr/logr#218
• test: eliminate helper func by @​thockin in go-logr/logr#219
• docs: interoperability with slog by @​pohly in go-logr/logr#222

---

• build(deps): bump actions/setup-go from 3.5.0 to 4.0.1 by @​dependabot in go-logr/logr#190
• build(deps): bump github/codeql-action from 2.20.1 to 2.20.3 by @​dependabot in go-logr/logr#191
• build(deps): bump github/codeql-action from 2.20.3 to 2.20.4 by @​dependabot in go-logr/logr#192
• build(deps): bump github/codeql-action from 2.20.4 to 2.21.0 by @​dependabot in go-logr/logr#193
• build(deps): bump github/codeql-action from 2.21.0 to 2.21.2 by @​dependabot in go-logr/logr#194
• build(deps): bump github/codeql-action from 2.21.2 to 2.21.3 by @​dependabot in go-logr/logr#207
• build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by @​dependabot in go-logr/logr#206
• build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @​dependabot in go-logr/logr#209
• build(deps): bump github/codeql-action from 2.21.3 to 2.21.4 by @​dependabot in go-logr/logr#208
• build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @​dependabot in go-logr/logr#214
• build(deps): bump github/codeql-action from 2.21.4 to 2.21.5 by @​dependabot in go-logr/logr#217
• build(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @​dependabot in go-logr/logr#220
• build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @​dependabot in go-logr/logr#221
• build(deps): bump github/codeql-action from 2.21.5 to 2.21.7 by @​dependabot in go-logr/logr#223
• build(deps): bump github/codeql-action from 2.21.7 to 2.21.8 by @​dependabot in go-logr/logr#224
• build(deps): bump actions/checkout from 4.0.0 to 4.1.0 by @​dependabot in go-logr/logr#225
• build(deps): bump github/codeql-action from 2.21.8 to 2.21.9 by @​dependabot in go-logr/logr#226
• build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 by @​dependabot in go-logr/logr#227
• build(deps): bump github/codeql-action from 2.21.9 to 2.22.0 by @​dependabot in go-logr/logr#228
• build(deps): bump github/codeql-action from 2.22.0 to 2.22.3 by @​dependabot in go-logr/logr#229
• build(deps): bump actions/checkout from 4.1.0 to 4.1.1 by @​dependabot in go-logr/logr#231
• build(deps): bump github/codeql-action from 2.22.3 to 2.22.4 by @​dependabot in go-logr/logr#230

New Contributors

... (truncated)

Commits

• 8adefbe docs: interoperability with slog
• ebabbb9 build(deps): bump github/codeql-action from 2.22.3 to 2.22.4
• 9c361f0 build(deps): bump actions/checkout from 4.1.0 to 4.1.1
• d9b2b78 Merge pull request #229 from go-logr/dependabot/github_actions/github/codeql-...
• 91cec29 build(deps): bump github/codeql-action from 2.22.0 to 2.22.3
• 2ea8628 Merge pull request #228 from go-logr/dependabot/github_actions/github/codeql-...
• 37a4f55 Merge pull request #227 from go-logr/dependabot/github_actions/ossf/scorecard...
• ecf310c build(deps): bump github/codeql-action from 2.21.9 to 2.22.0
• d73e05e build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0
• 1d1c415 Merge pull request #226 from go-logr/dependabot/github_actions/github/codeql-...
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.27.8 to 1.29.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.29.0

1.29.0

Features

• MatchError can now take an optional func(error) bool + description [2b39142]

v1.28.1

1.28.1

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.13.0 [635d196]
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 [14f8859]
• Bump golang.org/x/net from 0.14.0 to 0.17.0 [d8a6508]
• #703 doc(matchers): HaveEach() doc comment updated [2705bdb]
• Minor typos (#699) [375648c]

v1.28.0

1.28.0

Features

• Add VerifyHost handler to ghttp (#698) [0b03b36]

Fixes

• Read Body for Newer Responses in HaveHTTPBodyMatcher (#686) [18d6673]

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.12.0 (#693) [55a33f3]
• Typo in matchers.go (#691) [de68e8f]
• Bump commonmarker from 0.23.9 to 0.23.10 in /docs (#690) [ab17f5e]
• chore: update test matrix for Go 1.21 (#689) [5069017]
• Bump golang.org/x/net from 0.12.0 to 0.14.0 (#688) [babe25f]

v1.27.10

1.27.10

Fixes

• fix: go 1.21 adding goroutine ID to creator+location (#685) [bdc7803]

v1.27.9

1.27.9

Fixes

• Prevent nil-dereference in format.Object for boxed nil error (#681) [3b31fc3]

Maintenance

• Bump golang.org/x/net from 0.11.0 to 0.12.0 (#679) [360849b]
• chore: use String() instead of fmt.Sprintf (#678) [86f3659]
• Bump golang.org/x/net from 0.10.0 to 0.11.0 (#674) [642ead0]
• chore: unnecessary use of fmt.Sprintf (#677) [ceb9ca6]
• Bump github.com/onsi/ginkgo/v2 from 2.10.0 to 2.11.0 (#675) [a2087d8]

... (truncated)

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.29.0

Features

• MatchError can now take an optional func(error) bool + description [2b39142]

1.28.1

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.13.0 [635d196]
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 [14f8859]
• Bump golang.org/x/net from 0.14.0 to 0.17.0 [d8a6508]
• #703 doc(matchers): HaveEach() doc comment updated [2705bdb]
• Minor typos (#699) [375648c]

1.28.0

Features

• Add VerifyHost handler to ghttp (#698) [0b03b36]

Fixes

• Read Body for Newer Responses in HaveHTTPBodyMatcher (#686) [18d6673]

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.12.0 (#693) [55a33f3]
• Typo in matchers.go (#691) [de68e8f]
• Bump commonmarker from 0.23.9 to 0.23.10 in /docs (#690) [ab17f5e]
• chore: update test matrix for Go 1.21 (#689) [5069017]
• Bump golang.org/x/net from 0.12.0 to 0.14.0 (#688) [babe25f]

1.27.10

Fixes

• fix: go 1.21 adding goroutine ID to creator+location (#685) [bdc7803]

1.27.9

Fixes

• Prevent nil-dereference in format.Object for boxed nil error (#681) [3b31fc3]

Maintenance

• Bump golang.org/x/net from 0.11.0 to 0.12.0 (#679) [360849b]
• chore: use String() instead of fmt.Sprintf (#678) [86f3659]
• Bump golang.org/x/net from 0.10.0 to 0.11.0 (#674) [642ead0]
• chore: unnecessary use of fmt.Sprintf (#677) [ceb9ca6]
• Bump github.com/onsi/ginkgo/v2 from 2.10.0 to 2.11.0 (#675) [a2087d8]
• docs: fix ContainSubstring references (#673) [fc9a89f]
• Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 (#671) [9076019]

Commits

• b94b195 v1.29.0
• 2b39142 MatchError can now take an optional func(error) bool + description
• ab6045c v1.28.1
• 635d196 Bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.13.0
• 14f8859 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0
• d8a6508 Bump golang.org/x/net from 0.14.0 to 0.17.0
• 2705bdb #703 doc(matchers): HaveEach() doc comment updated
• 375648c Minor typos (#699)
• 85681d4 v1.28.0
• 0b03b36 Add VerifyHost handler to ghttp (#698)
• Additional commits viewable in compare view

Updates k8s.io/api from 0.27.3 to 0.28.3

Commits

• 59c6b15 Update dependencies to v0.28.3 tag
• 579c82b Merge pull request #121128 from MadhavJivrajani/bump-x-net-128
• f72d479 .: bump golang.org/x/net to v0.17.0
• 546e425 Merge pull request #120329liggitt/automated-cherry-pick-of-#120327
• 7315e44 Revert to json-patch 4.12.0
• 962dfd4 Merge pull request #120208mimowo/automated-cherry-pick-of-#120204
• 37b4561 Mark Job onPodConditions as optional in pod failure policy
• ac59949 Merge remote-tracking branch 'origin/master' into release-1.28
• e32cee6 Merge pull request #119876 from marosset/revert-118895
• b582191 Revert "Merge pull request #118895 from RyanAoh/kep-1860"
• Additional commits viewable in compare view

Updates k8s.io/client-go from 0.27.3 to 0.28.3

Commits

• 9d454d6 Update dependencies to v0.28.3 tag
• fb42861 Merge pull request #121128 from MadhavJivrajani/bump-x-net-128
• a013666 .: bump golang.org/x/net to v0.17.0
• 745513a Merge pull request #120359Jefftree/automated-cherry-pick-of-#119870
• 29a840d Merge pull request #120329liggitt/automated-cherry-pick-of-#120327
• 805102c Revert to json-patch 4.12.0
• fe76ecc Merge remote-tracking branch 'origin/master' into release-1.28
• a715d8b Merge pull request #119876 from marosset/revert-118895
• 3163e5a Revert "Merge pull request #118895 from RyanAoh/kep-1860"
• 43a6d93 Fallback to legacy discovery on a wider range of conditions in aggregator
• Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.15.0 to 0.16.3

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.16.3

What's Changed

• 🐛Update dependency go-restful to 3.11.0 by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2516
• 🐛 Correctly identify if patch call was made on status by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2515
• 🐛 Handle unstructured status update with fake client by @​troy0820 in kubernetes-sigs/controller-runtime#2523
• ✨ Cache: Allow defining options that apply to all namespaces that themselves have no explicit config by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2539
• 🐛 bump golang.org/x/net to v0.17.0 by @​joelanford in kubernetes-sigs/controller-runtime#2541
• 🌱 Bump k8s to 1.28.3 by @​varshaprasad96 in kubernetes-sigs/controller-runtime#2552

Full Changelog: kubernetes-sigs/controller-runtime@v0.16.2...v0.16.3

v0.16.2

What's Changed

• 🐛 Add corev1, coordinationv1 scheme for leader election when LeaderElection manager option is true by @​troy0820 in kubernetes-sigs/controller-runtime#2466
• 🐛 Use http client from leaderElectionConfig by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2468
• 🐛 Default namespace only for namespaced object by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2482
• 🐛 Do not update anything but status when using subresource client by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2483
• 🐛 Fix status subresource getting updated on Update when it is empty by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2485
• 🐛 Fix returning object after status update by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2490
• 🐛 Return NoResourceMatchError when appropriate for backwards compatibility. by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2492

Full Changelog: kubernetes-sigs/controller-runtime@v0.16.1...v0.16.2

v0.16.1

What's Changed

• 🐛 Refactor tests to drop hard otel dependency by @​howardjohn in kubernetes-sigs/controller-runtime#2465
• 🌱 Bump k8s.io/apiserver from 0.28.0 to 0.28.1 by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2459

Full Changelog: kubernetes-sigs/controller-runtime@v0.16.0...v0.16.1

v0.16.0

Highlights

• Granular cache configuration (#2421)
• New cache option to fail on missing informer on cache reads (#2406)
• Secure metrics serving (#2407)
• Upgrade to Kubernetes 1.28 libraries (#2393, #2405, #2449)

Changes since v0.15

⚠️ Breaking Changes

• Bump k8s.io/* dependencies to v1.28.0 by @​sbueringer (#2393, #2405, #2449)
• Allow configuring more granular cache filtering by @​alvaroaleman (#2421)
• Introduce Metrics Options & secure metrics serving by @​sbueringer (#2407)
• Return an error if the continue list option is set for the cache reader by @​shuheiktgw (#2439)
• Remove deprecated manager, webhook and cluster options by @​sbueringer (#2422)
• Remove deprecated MultiNamespacedCacheBuilder, NewFakeClientWithScheme, controllerutil.Object, envtest.Environment.KubeAPIServerFlags & zap.Options.DestWritter by @​sbueringer (#2423)
• controller builder: return error when multiple reconcilers are set by @​sbueringer (#2415)

... (truncated)

Commits

• 5f8d96b Merge pull request #2552 from varshaprasad96/bump/k8s-1.28.3
• 5572514 [fix]: Bump k8s to 1.28.3
• 7c1e2d9 Merge pull request #2541 from joelanford/0.16-golang-x-net
• 5201923 🐛 bump golang.org/x/net to v0.17.0
• 8b5b1a2 Merge pull request #2539 from k8s-infra-cherrypick-robot/cherry-pick-2528-to-...
• b9c691d sparkles: Cache: Allow defining options that apply to all namespaces that the...
• 8361246 Merge pull request #2523 from troy0820/troy0820/cherry-pick-to-release-0.16
• f7b7450 🐛 Handle unstructured status update with fake client (#2495)
• 2d6b699 [release-0.16] 🐛 Correctly identify if patch call was made on status (#2515)
• da31104 Merge pull request #2516 from k8s-infra-cherrypick-robot/cherry-pick-2507-to-...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The following labels could not be found: dependencies.