chore(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Pending	Age	Confidence
alpine	final	patch	3.23.3 → 3.23.4
aquasecurity/trivy-action	action	minor	v0.35.0 → v0.36.0
github.com/Masterminds/semver/v3	require	minor	v3.4.0 → v3.5.0
github.com/fsnotify/fsnotify	require	minor	v1.9.0 → v1.10.1
github.com/kube-logging/logging-operator	require	digest	f62b93e → d9ac36b
github.com/kube-logging/telemetry-controller	require	digest	3ab36da → 92a3d5f
github.com/onsi/gomega	require	minor	v1.39.1 → v1.40.0
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring	require	minor	v0.90.1 → v0.91.0
github.com/stern/stern		minor	1.33.1 → 1.34.0
github.com/vladopajic/go-test-coverage/v2		patch	2.18.4 → 2.18.8
go.uber.org/zap	require	minor	v1.27.1 → v1.28.0
golang	stage	patch	1.26.2-alpine3.22 → 1.26.3-alpine3.22
golang		patch	1.26.2 → 1.26.3
golang.org/x/exp	require	digest	746e56f → 74f9aab
golangci/golangci-lint		minor	2.11.4 → 2.12.2
k8s.io/api	require	patch	v0.35.3 → v0.35.4	v0.36.0
k8s.io/apiextensions-apiserver	require	patch	v0.35.3 → v0.35.4	v0.36.0
k8s.io/apimachinery	require	patch	v0.35.3 → v0.35.4	v0.36.0
k8s.io/client-go	require	patch	v0.35.3 → v0.35.4	v0.36.0
kubernetes-sigs/controller-tools		minor	0.20.1 → 0.21.0
kubernetes-sigs/kubebuilder		minor	4.13.1 → 4.14.0
oj (source, changelog)		minor	'3.16.17' → '3.17.0'
rdkafka (source, changelog)		minor	'0.26.0' → '0.27.0'
sigs.k8s.io/controller-runtime	require	minor	v0.23.3 → v0.24.0
sigs.k8s.io/e2e-framework	require	minor	v0.6.0 → v0.7.0
vladopajic/go-test-coverage	action	patch	v2.18.4 → v2.18.8

---

Release Notes

aquasecurity/trivy-action (aquasecurity/trivy-action)

v0.36.0

Compare Source

What's Changed

• chore(ci): update bump-trivy workflow by @​DmitriyLewen in #​546
• ci: use action.yaml as single source of truth for Trivy version by @​nikpivkin in #​552
• ci: replace peter-evans/create-pull-request with gh CLI by @​nikpivkin in #​550
• test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @​nikpivkin in #​555
• ci: add dependabot config by @​nikpivkin in #​556
• chore: add zizmor config by @​nikpivkin in #​557
• chore(deps): bump the actions group with 5 updates by @​dependabot[bot] in #​558
• fix: use portable shebang in entrypoint.sh by @​Hayao0819 in #​545
• Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @​patrik-csak in #​547
• Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #​549 by @​Aditya09-cse in #​548
• chore: use GitHub Actions as git commit author in bump-trivy workflow by @​nikpivkin in #​561
• chore(deps): Update trivy to v0.70.0 by @​Argon-DevOps-Mgt in #​559
• chore: update action version to v0.36.0 in examples by @​nikpivkin in #​563

New Contributors

• @​dependabot[bot] made their first contribution in #​558
• @​Hayao0819 made their first contribution in #​545
• @​patrik-csak made their first contribution in #​547
• @​Aditya09-cse made their first contribution in #​548
• @​Argon-DevOps-Mgt made their first contribution in #​559

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.5.0

Compare Source

What's Changed

• Adding more prerelease tests by @​mattfarina in #​273
• Update constraint error messages by @​mattfarina in #​278
• Fix edge cases by @​mattfarina in #​279
• Adding some checks in by @​mattfarina in #​280
• Updating deps by @​mattfarina in #​281
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in #​282
• Bump actions/cache from 4.2.3 to 5.0.5 by @​dependabot[bot] in #​283
• Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @​dependabot[bot] in #​284
• Updating gitignore for devcontainers by @​mattfarina in #​286
• Fixing some quality issues by @​mattfarina in #​287

New Contributors

• @​dependabot[bot] made their first contribution in #​282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#​754)

• inotify, windows: don't rename sibling watches sharing a path prefix
  (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#​731)

• inotify: send Rename event if recursive watch is renamed (#​696)

• inotify: avoid copying event buffers when reading names (#​741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

• windows: fix nil pointer dereference in remWatch (#​736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

onsi/gomega (github.com/onsi/gomega)

v1.40.0

Compare Source

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

prometheus-operator/prometheus-operator (github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring)

v0.91.0: 0.91.0 / 2026-05-05

Compare Source

• [CHANGE] Enforce mutual exclusion of basicAuth, authorization and oauth2 in ScrapeConfig CRD. #​8480
• [CHANGE] Add minimum length validations to string fields in ScrapeConfig CRD. #​8479
• [CHANGE] Add validations for VictorOps receiver in AlertmanagerConfig CRD. #​8220
• [CHANGE] Add validations for OpsGenie receiver in AlertmanagerConfig CRD. #​8267
• [CHANGE] Add validations for Email receiver in AlertmanagerConfig CRD. #​8270
• [FEATURE] Implement shard retention based on Prometheus data retention (it requires the PrometheusShardRetentionPolicy feature gate). #​8478
• [FEATURE] Configure node selector when sharding mode is Topology for Prometheus and PrometheusAgent custom resources (it requires the PrometheusTopologySharding feature gate). #​8486
• [FEATURE] Configure external label with topology information when sharding mode is Topology for Prometheus and PrometheusAgent custom resources (it requires the PrometheusTopologySharding feature gate). #​8519
• [FEATURE] Distribute scrape targets within topology zones when sharding mode is Topology for Prometheus and PrometheusAgent custom resources (it requires the PrometheusTopologySharding feature gate). #​8538
• [FEATURE] Add --promql-options CLI argument to the admission-webhook binary. #​8531
• [FEATURE] Validate PrometheusRule resources selected by Prometheus resources based on the PromQL enabled features. #​8545
• [FEATURE] Add workload identity authentication method for AzureSD in ScrapeConfig CRD. #​8489
• [ENHANCEMENT] Support strategic merge patch of container probes when workloads are configured with HTTPS. #​8427
• [ENHANCEMENT] Support auth_secret_file field for Email receiver in Alertmanager configuration Secret. #​8394
• [ENHANCEMENT] Support smtp_auth_secret_file field in Alertmanager configuration Secret. #​8396
• [ENHANCEMENT] Add externalId field to SigV4 configuration in Alertmanager, Prometheus, PrometheusAgent and ThanosRuler CRDs. #​8494
• [ENHANCEMENT] Add cipherSuites support for Thanos Sidecars and Rulers. #​8524
• [ENHANCEMENT] Add curves support for Thanos Sidecars and Rulers. #​8542
• [ENHANCEMENT] Speed up configuration reloads by watching the config file's parent directory. #​7366
• [ENHANCEMENT] Support Mattermost global webhook URL support in Alertmanager configuration Secret. #​8501
• [ENHANCEMENT] Add Mattermost global webhook URL support in Alertmanager CRD. #​8503 #​8534
• [ENHANCEMENT] Support payload field for Webhook receiver in Alertmanager configuration Secret. #​8505
• [ENHANCEMENT] Support attachment fields for Mattermost receiver in Alertmanager configuration Secret. #​8508
• [ENHANCEMENT] Support update_message field for Slack receiver in Alertmanager configuration Secret. #​8502
• [ENHANCEMENT] Add threading configuration for email receiver in AlertmanagerConfig CRD. #​8400
• [ENHANCEMENT] Add healthFilter field for ConsulSD in ScrapeConfig CRD. #​8529
• [BUGFIX] Ensure that inactive shards don't scrape any targets when the sharding retention policy is Retain. #​8513
• [BUGFIX] Fix Telegram bot token validation in Alertmanager configuration Secret. #​8465

stern/stern (github.com/stern/stern)

v1.34.0

Compare Source

⚡ Notable Changes

New --qps and --burst flags for client-side throttling

You can now control the rate of requests to the Kubernetes API server with --qps and --burst flags. This is useful when you are tailing many pods and want to avoid overwhelming the API server.

stern . --qps 10 --burst 20

Changes

• Add --qps and --burst flags to control client-side throttling (#​363) 7e59e4e (Abhishek Pareek)
• fix: honor klog -stderrthreshold even when -logtostderr is true (#​364) 8e4ece3 (Pierluigi Lenoci)
• Update dependencies for Kubernetes 1.36 (#​365) 6761a78 (Takashi Kusumi)

vladopajic/go-test-coverage (github.com/vladopajic/go-test-coverage/v2)

v2.18.8

Compare Source

What's Changed

• fix(coverage): wrong index returned in #​308 by @​vladopajic in #​312

Full Changelog: vladopajic/go-test-coverage@v2.18.7...v2.18.8

v2.18.7

Compare Source

What's Changed

• fix(coverage): file search should be preceded by / by @​vladopajic in #​308
• chore(deps): bump github.com/rs/zerolog from 1.35.0 to 1.35.1 by @​dependabot[bot] in #​307

Full Changelog: vladopajic/go-test-coverage@v2.18.6...v2.18.7

v2.18.6

Compare Source

What's Changed

• fix(docker): add certs by @​vladopajic in #​306

Full Changelog: vladopajic/go-test-coverage@v2.18.5...v2.18.6

v2.18.5

Compare Source

What's Changed

• chore: remove deprecated field by @​vladopajic in #​286
• chore(deps): bump dawidd6/action-download-artifact from 16 to 18 by @​dependabot[bot] in #​287
• chore: cosmetics by @​vladopajic in #​288
• chore(deps): bump dawidd6/action-download-artifact from 18 to 19 by @​dependabot[bot] in #​289
• chore(deps): bump github.com/rs/zerolog from 1.34.0 to 1.35.0 by @​dependabot[bot] in #​290
• chore(deps): bump golang.org/x/image from 0.18.0 to 0.38.0 by @​dependabot[bot] in #​291
• chore: remove magic values from args by @​vladopajic in #​203
• chore: update .github/.testcoverage.yml by @​vladopajic in #​293
• chore: update docker-entrypoint.sh by @​vladopajic in #​294
• chore(ci): reuse action test steps by @​vladopajic in #​295
• ci: trigger via pull request by @​vladopajic in #​296
• test(action): add more test cases by @​vladopajic in #​297
• chore(deps): bump dawidd6/action-download-artifact from 19 to 20 by @​dependabot[bot] in #​299
• chore(deps): bump golang from 1.26.1 to 1.26.2 by @​dependabot[bot] in #​301
• fix(coverage): fix comment annotation column bound case by @​vladopajic in #​302
• chore(coverage): ruse file ast by @​vladopajic in #​304
• chore: improvements by @​vladopajic in #​303

TLD

• this release includes security hardening and various improvements.
• smaller performance gains in #​304

Full Changelog: vladopajic/go-test-coverage@v2.18.4...2.18.5

uber-go/zap (go.uber.org/zap)

v1.28.0

Compare Source

Enhancements:

• #​1534: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

golang/go (golang)

v1.26.3

Compare Source

golangci/golangci-lint (golangci/golangci-lint)

v2.12.2

Compare Source

Released on 2026-05-06

1. Linters bug fixes
   • gomodguard_v2: fix blocked configuration
   • gomodguard_v2: from 2.1.0 to 2.1.3
   • iface: from 1.4.1 to 1.4.2

v2.12.1

Compare Source

Released on 2026-05-01

1. Linters bug fixes
   • gomodguard_v2: fix panic with migration suggestion
2. Misc.
   • fix install.sh script (if you are still using an URL based on the branch master, please update to use https://golangci-lint.run/install.sh)

v2.12.0

Compare Source

Released on 2026-05-01

1. New linters
   • Add clickhouselint linter https://github.com/ClickHouse/clickhouse-go-linter
2. Linters new features or changes
   • dupl: from f665c8d to c99c5cf (extended detection)
   • funcorder: from 0.5.0 to 0.6.0 (new option: function)
   • goconst: add an option to ignore strings from tests
   • goconst: from 1.8.2 to 1.10.0 (extended detection)
   • gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)
   • gosec: from 619ce21 to 2.26.1 (new checks: G124, G708, G709, G710)
   • govet: add inline analyzer
   • makezero: from 2.1.0 to 2.2.1 (support slice type aliases)
   • paralleltest: expose checkcleanup option
   • sloglint: from 0.11.1 to 0.12.0 (new options: allowed-keys, custom-funcs)
   • wsl_v5: from 5.6.0 to 5.8.0 (new option: cuddle-max-statements; new checks: after-decl, after-defer, after-expr, after-go, cuddle-group)
3. Linters bug fixes
   • forbidigo: from 2.3.0 to 2.3.1
   • godot: from 1.5.4 to 1.5.6
   • govet-modernize: from 0.43.0 to 0.44.0
   • ireturn: from 0.4.0 to 0.4.1
   • rowserrcheck: from 1.1.1 to c5f79b8
4. Misc.
   • Decrease cache entropy
   • Embed the JSON schema in the binary
   • Filter env vars when cloning the repository with the custom command

kubernetes/api (k8s.io/api)

v0.35.4

Compare Source

kubernetes/apiextensions-apiserver (k8s.io/apiextensions-apiserver)

v0.35.4

Compare Source

kubernetes/apimachinery (k8s.io/apimachinery)

v0.35.4

Compare Source

kubernetes/client-go (k8s.io/client-go)

v0.35.4

Compare Source

kubernetes-sigs/controller-tools (kubernetes-sigs/controller-tools)

v0.21.0

Compare Source

What's Changed

• ⚠️ Bump to k8s.io/* v1.36 by @​sbueringer in #​1407
• ⚠️ Upgrade Go version to 1.26.0 by @​camilamacedo86 in #​1402
• ✨ Add kubebuilder:externalDoc marker by @​pedjak in #​1335
• ✨ Add optional roleName parameter to RBAC marker by @​AlirezaPourchali in #​1334
• ✨ Add support for external ApplyConfiguration mappings by @​andrew-farries in #​1327
• ✨ Add support for k8s:enum markers by @​alvaroaleman in #​1352
• ✨ Add support for k8s:immutable by @​alvaroaleman in #​1354
• ✨ ApplyConfigurations: Generate extract functions by @​alvaroaleman in #​1346
• ✨ Preserve Enum validation for IntOrString type in CRD generation by @​dongjiang1989 in #​1370
• ✨ Support nested pointer to type-aliased slices by @​dongjiang1989 in #​1331
• 🌱 Handle any/interface{} type in CRD generator with clear error by @​Fedosin in #​1362
• 🐛 Fix applyconfiguration generator for cluster-scoped resources by @​joelanford in #​1347

Misc

• 📖 docs: Add examples to all marker types. by @​camilamacedo86 in #​1340
• 🌱 Fix and test webhook testdata compilation by @​alvaroaleman in #​1345
• 🌱 Fix go generate validation by @​alvaroaleman in #​1348
• 🌱 Migrate away from custom GitHub action approval workflow by @​karimzakzouk in #​1372
• ✨ Migrate to new envtest location and newer Kubernetes version by @​sbueringer in #​1337
• 🌱 Test the test CRD can actually be applied by @​alvaroaleman in #​1351
• 🌱 Validate tidyness of all go modules by @​alvaroaleman in #​1349
• 🌱 Validate we use the same k8s.io/* version in all modules by @​alvaroaleman in #​1353

envtest

• ✨ Release envtest v1.36.0 by @​erikgb in #​1393
• 🌱 Promotion of envtest release for Kubernetes v1.36.0 by @​sbueringer in #​1400

Dependency bumps

• 🌱 Bump EndBug/add-and-commit from 9.1.4 to 10.0.0 in the all-github-actions group by @​dependabot[bot] in #​1369
• 🌱 Bump actions/setup-go from 6.1.0 to 6.2.0 in the all-github-actions group by @​dependabot[bot] in #​1326
• 🌱 Bump actions/setup-go from 6.2.0 to 6.3.0 in the all-github-actions group by @​dependabot[bot] in #​1356
• 🌱 Bump github.com/fatih/color from 1.18.0 to 1.19.0 in the all-go-mod-patch-and-minor group by @​dependabot[bot] in #​1368
• 🌱 Bump github.com/onsi/gomega from 1.38.3 to 1.39.0 in the all-go-mod-patch-and-minor group by @​dependabot[bot] in #​1322
• 🌱 Bump github.com/onsi/gomega from 1.39.0 to 1.39.1 in the all-go-mod-patch-and-minor group by @​dependabot[bot] in #​1330
• 🌱 Bump github.com/onsi/gomega from 1.39.1 to 1.40.0 in the all-go-mod-patch-and-minor group by @​dependabot[bot] in #​1405
• 🌱 Bump golang.org/x/tools from 0.40.0 to 0.41.0 in the all-go-mod-patch-and-minor group by @​dependabot[bot] in #​1325
• 🌱 Bump golang.org/x/tools from 0.41.0 to 0.42.0 in the all-go-mod-patch-and-minor group by @​dependabot[bot] in #​1342
• 🌱 Bump golang.org/x/tools from 0.42.0 to 0.43.0 in the all-go-mod-patch-and-minor group by @​dependabot[bot] in #​1364
• 🌱 Bump golang.org/x/tools from 0.43.0 to 0.44.0 in the all-go-mod-patch-and-minor group across 1 directory by @​dependabot[bot] in #​1377
• 🌱 Bump golangci-lint to v2.8.0 by @​dongjiang1989 in #​1332
• 🌱 Bump golangci-lint to v2.10.1 by @​dongjiang1989 in #​1358
• 🌱 Bump golangci-lint to v2.11.3 by @​dongjiang1989 in #​1367
• 🌱 Bump softprops/action-gh-release from 2.5.0 to 2.6.1 in the all-github-actions group by @​dependabot[bot] in #​1365
• 🌱 Bump the all-github-actions group across 1 directory with 4 updates by @​dependabot[bot] in #​1383
• 🌱 Bump the all-github-actions group with 2 updates by @​dependabot[bot] in #​1328
• 🌱 Bump tj-actions/changed-files from 47.0.1 to 47.0.2 in the all-github-actions group by @​dependabot[bot] in #​1343
• 🌱 Bump tj-actions/changed-files from 47.0.2 to 47.0.4 in the all-github-actions group by @​dependabot[bot] in #​1355
• 🌱 Bump tj-actions/changed-files from 47.0.4 to 47.0.5 in the all-github-actions group by @​dependabot[bot] in #​1361

New Contributors

• @​AlirezaPourchali made their first contribution in #​1334
• @​andrew-farries made their first contribution in #​1327
• @​pedjak made their first contribution in #​1335
• @​camilamacedo86 made their first contribution in #​1340
• @​Fedosin made their first contribution in #​1362
• @​karimzakzouk made their first contribution in #​1372

Full Changelog: kubernetes-sigs/controller-tools@v0.20.0...v0.21.0

kubernetes-sigs/kubebuilder (kubernetes-sigs/kubebuilder)

v4.14.0

Compare Source

🚀 Keep Your Scaffold Updated

The migration guide covers upgrading from any version to the latest, including AI-assisted helpers/commands for legacy scaffolds that may require manual steps. For the smoothest path, enable the AutoUpdate Plugin (uses GitHub Actions)) or run kubebuilder alpha update locally—both use the same update logic. The other options are primarily for older projects missing cliVersion in the PROJECT file as a one-time step to reach a supported version; after that, you can rely on these workflows for ongoing updates.

⚠️ Breaking changes

Only for users of the Helm Plugin (helm/v2-alpha)

To stabilise helm/v2-alpha, RBAC was reworked (#​5579), renaming rbacHelpers to rbac.helpers and introducing namespace/multi-namespace support with dynamic roles.

Required: run kubebuilder edit --plugins=helm/v2-alpha --force to update your Helm config.

Alternative: manually update values.yaml after running the command without --force (More info)

✨ Upgrades

• (go/v4): Upgrade certmanager from 1.20.0 to 1.20.1 (#​5563)
• (go/v4): Upgrade golang version from 1.25.3 to 1.25.7 (#​5615)
• (go/v4): Upgrade cert-manager version from 1.20.1 to 1.20.2 used in tests (#​5626)
• (go/v4): Upgrade golangci-lint to v2.11.4 (#​5653)

✨ New Features

• (helm/v2): Add support for extra volumes, Deployment Strategy, Priority Class, Topology Constraints, skip manager install, manager labels/annotations, default image tag from Chart.appVersion, expose service account in values, and enhance RBAC with namespace-scoped deployments, multi-namespace configuration, and dynamic Role/ClusterRole rendering (rename rbacHelpers to rbac.helpers) (#​5496, #​5577, #​5581, #​5580, #​5607, #​5603, #​5579
• (go/v4): Add support for multiple controllers per GVK (#​5539)
• (go/v4): Add YEAR placeholder in boilerplate for copyright (#​5559)
• (go/v4): Add --license-file flag and preserve boilerplate in alpha generate (#​5456)
• (go/v4): Enhance test output readability by converting inline comments to By() statements in e2e tests (#​5611)
• (CLI): Mark resource flags as required to improve completion (#​5647)

🐛 Bug Fixes

• (go/v4): Pin GitHub Actions to commit SHA hashes to improve security (#​5555)
• (go/v4): Disable kubectl kuberc in the e2e tests by default (#​5558)
• (go/v4, kustomize/v2): Add health probe port to manager deployment (#​5608)
• (go/v4, autoupdate/v1-alpha, helm/v2-alpha): Security hardening for GitHub Actions workflows (#​5578)
• (helm/v2-alpha): Fix duplicate tolerations block in generated manager template (#​5572)
• (helm/v2-alpha): Fix missing regular expression anchor (#​5582)
• (helm/v2-alpha): Use dot instead of full path inside imagePullSecrets block (#​5592)
• (helm/v2-alpha): Align test-chart workflow image with docker-build and kind load (#​5586)
• (helm/v2-alpha): Ignore latest tag and use commented tag format in Helm charts (#​5617)
• (helm/v2-alpha): Fix secretRef handling (#​5623)
• (helm/v2-alpha): Fix duplicate ServiceMonitor and invalid insecureSkipVerify: false without certificates (#​5624)
• (grafana/v1-alpha): Remove init subcommand from Grafana plugin (#​5627)
• (autoupdate/v1alpha): Remove init subcommand from Auto Update plugin (#​5633)
• (deploy-image/v1-alpha): Add validation for numeric flags (#​5634)
• (helm/v2-alpha): Use conditionals for optional K8s field manager.image.pullPolicy (#​5636)
• (cli): Change level for plugin discovery log to debug (#​5595)

🎉 Thanks to all contributors!

What's Changed ( Full Changelog )

• 🐛 fix(go/v4): bump google.golang.org/grpc to v1.79.3 to address CVE by @​0x48core in #​5554
• 🐛 (go/v4): Pin GitHub Actions to commit SHA hashes to improve security and align with the latest GitHub Actions security policy. For more details, see kubernetes/community#8911. by @​vitorfloriano in #​5555
• 🌱 infra(CI): actions/checkout version not compatible to hash by @​vitorfloriano in #​5560
• ✨ (helm/v2-alpha): add extra volumes support by @​camilamacedo86 in #​5496
• ✨ Upgrade certmanager from '1.20.0' to '1.20.1' by @​camilamacedo86 in #​5563
• 🌱 infra: Add Pinact GitHub Actions workflow by @​vitorfloriano in #​5556
• ✨ (go/v4): Add support for multiple controllers per GVK by @​camilamacedo86 in #​5539
• 📖 docs(helm/v1alpha): Add deprecation notice by @​vitorfloriano in #​5561
• ✨ (go/v4): add support YEAR placeholder in boilerplate for copyright

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Etc/UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: e2e/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 7 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.5 -> 1.25.7
github.com/go-openapi/jsonpointer	v0.22.1 -> v0.22.4
github.com/go-openapi/jsonreference	v0.21.3 -> v0.21.4
github.com/prometheus/procfs	v0.19.2 -> v0.20.1
github.com/vladimirvivien/gexe	v0.4.1 -> v0.5.0
golang.org/x/exp	v0.0.0-20260212183809-81e46e3db34a -> v0.0.0-20260410095643-746e56fc9e2f
k8s.io/apiserver	v0.35.3 -> v0.35.4
k8s.io/component-base	v0.35.3 -> v0.35.4

File name: pkg/sdk/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 4 additional dependencies were updated

Details:

Package	Change
github.com/go-openapi/jsonpointer	v0.22.1 -> v0.22.4
github.com/go-openapi/jsonreference	v0.21.3 -> v0.21.4
github.com/prometheus/procfs	v0.19.2 -> v0.20.1
k8s.io/apiextensions-apiserver	v0.35.2 -> v0.35.3

File name: pkg/sdk/logging/model/syslogng/config/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 6 additional dependencies were updated

Details:

Package	Change
github.com/go-openapi/jsonpointer	v0.22.1 -> v0.22.4
github.com/go-openapi/jsonreference	v0.21.3 -> v0.21.4
github.com/kube-logging/logging-operator	v0.0.0-20260410185345-f62b93e09011 -> v0.0.0-20260425065855-8588c1d2dd93
github.com/prometheus/procfs	v0.19.2 -> v0.20.1
k8s.io/apiextensions-apiserver	v0.35.2 -> v0.35.3
k8s.io/client-go	v0.35.3 -> v0.35.4

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: e2e/go.sum

Command failed: go get -t ./...
go: module sigs.k8s.io/controller-runtime@v0.24.0 requires go >= 1.26.0; switching to go1.26.3
go: downloading go1.26.3 (linux/amd64)
go: downloading github.com/kube-logging/logging-operator v0.0.0-20260511122519-d9ac36b80560
go: downloading emperror.dev/errors v0.8.1
go: downloading github.com/spf13/cast v1.10.0
go: downloading github.com/stretchr/testify v1.11.1
go: downloading k8s.io/api v0.36.0
go: downloading k8s.io/apimachinery v0.36.0
go: downloading k8s.io/client-go v0.36.0
go: downloading sigs.k8s.io/controller-runtime v0.24.0
go: downloading github.com/cisco-open/operator-tools v0.37.0
go: downloading github.com/MakeNowJust/heredoc v1.0.0
go: downloading helm.sh/helm/v3 v3.20.2
go: downloading k8s.io/apiextensions-apiserver v0.36.0
go: downloading github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.91.0
go: downloading sigs.k8s.io/e2e-framework v0.7.0
go: downloading github.com/pkg/errors v0.9.1
go: downloading go.uber.org/multierr v1.11.0
go: downloading github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
go: downloading github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
go: downloading k8s.io/klog/v2 v2.140.0
go: downloading gopkg.in/inf.v0 v0.9.1
go: downloading k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2
go: downloading sigs.k8s.io/randfill v1.0.0
go: downloading k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a
go: downloading sigs.k8s.io/structured-merge-diff/v6 v6.3.2
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading golang.org/x/net v0.53.0
go: downloading github.com/spf13/pflag v1.0.10
go: downloading golang.org/x/term v0.42.0
go: downloading github.com/evanphx/json-patch/v5 v5.9.11
go: downloading github.com/evanphx/json-patch v5.9.11+incompatible
go: downloading github.com/go-logr/logr v1.4.3
go: downloading github.com/go-logr/zapr v1.3.0
go: downloading go.uber.org/zap v1.27.1
go: downloading github.com/iancoleman/orderedmap v0.3.0
go: downloading github.com/Masterminds/semver/v3 v3.4.0
go: downloading github.com/Masterminds/sprig/v3 v3.3.0
go: downloading github.com/gosuri/uitable v0.0.4
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading k8s.io/cli-runtime v0.35.1
go: downloading sigs.k8s.io/yaml v1.6.0
go: downloading github.com/google/gnostic-models v0.7.1
go: downloading google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af
go: downloading github.com/vladimirvivien/gexe v0.5.0
go: downloading sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730
go: downloading github.com/json-iterator/go v1.1.12
go: downloading go.yaml.in/yaml/v2 v2.4.4
go: downloading github.com/fxamacker/cbor/v2 v2.9.0
go: downloading golang.org/x/oauth2 v0.35.0
go: downloading golang.org/x/time v0.14.0
go: downloading golang.org/x/sys v0.43.0
go: downloading dario.cat/mergo v1.0.2
go: downloading github.com/Masterminds/goutils v1.1.1
go: downloading github.com/google/uuid v1.6.0
go: downloading github.com/huandu/xstrings v1.5.0
go: downloading github.com/mitchellh/copystructure v1.2.0
go: downloading github.com/shopspring/decimal v1.4.0
go: downloading golang.org/x/crypto v0.50.0
go: downloading github.com/fatih/color v1.18.0
go: downloading github.com/cyphar/filepath-securejoin v0.6.1
go: downloading github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
go: downloading github.com/BurntSushi/toml v1.6.0
go: downloading github.com/gobwas/glob v0.2.3
go: downloading github.com/hashicorp/go-multierror v1.1.1
go: downloading k8s.io/kubectl v0.35.1
go: downloading github.com/containerd/containerd v1.7.30
go: downloading github.com/opencontainers/image-spec v1.1.1
go: downloading oras.land/oras-go/v2 v2.6.0
go: downloading github.com/Masterminds/squirrel v1.5.4
go: downloading github.com/jmoiron/sqlx v1.4.0
go: downloading github.com/lib/pq v1.10.9
go: downloading github.com/rubenv/sql-migrate v1.8.1
go: downloading github.com/spf13/cobra v1.10.2
go: downloading gopkg.in/evanphx/json-patch.v4 v4.13.0
go: downloading github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de
go: downloading github.com/moby/term v0.5.2
go: downloading golang.org/x/sync v0.20.0
go: downloading golang.org/x/text v0.36.0
go: downloading sigs.k8s.io/kustomize/api v0.20.1
go: downloading sigs.k8s.io/kustomize/kyaml v0.20.1
go: downloading go.yaml.in/yaml/v3 v3.0.4
go: downloading github.com/cisco-open/k8s-objectmatcher v1.10.0
go: downloading golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee
go: downloading github.com/x448/float16 v0.8.4
go: downloading gomodules.xyz/jsonpatch/v2 v2.5.0
go: downloading github.com/prometheus/client_golang v1.23.2
go: downloading github.com/go-openapi/jsonreference v0.21.4
go: downloading github.com/go-openapi/swag v0.25.4
go: downloading github.com/mitchellh/reflectwalk v1.0.2
go: downloading github.com/mattn/go-colorable v0.1.14
go: downloading github.com/mattn/go-isatty v0.0.20
go: downloading github.com/mattn/go-runewidth v0.0.9
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading k8s.io/component-base v0.36.0
go: downloading github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f
go: downloading github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
go: downloading k8s.io/apiserver v0.36.0
go: downloading github.com/containerd/log v0.1.0
go: downloading github.com/containerd/platforms v0.2.1
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/lann/builder v0.0.0-20180802200727-47ae307949d0
go: downloading github.com/go-gorp/gorp/v3 v3.1.0
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading github.com/peterbourgon/diskv v2.0.1+incompatible
go: downloading github.com/cppforlife/go-patch v0.2.0
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/prometheus/client_model v0.6.2
go: downloading github.com/prometheus/common v0.67.5
go: downloading github.com/fsnotify/fsnotify v1.9.0
go: downloading github.com/go-openapi/jsonpointer v0.22.4
go: downloading github.com/go-openapi/swag/cmdutils v0.25.4
go: downloading github.com/go-openapi/swag/conv v0.25.4
go: downloading github.com/go-openapi/swag/fileutils v0.25.4
go: downloading github.com/go-openapi/swag/jsonname v0.25.4
go: downloading github.com/go-openapi/swag/jsonutils v0.25.4
go: downloading github.com/go-openapi/swag/loading v0.25.4
go: downloading github.com/go-openapi/swag/mangling v0.25.4
go: downloading github.com/go-openapi/swag/netutils v0.25.4
go: downloading github.com/go-openapi/swag/stringutils v0.25.4
go: downloading github.com/go-openapi/swag/typeutils v0.25.4
go: downloading github.com/go-openapi/swag/yamlutils v0.25.4
go: downloading github.com/chai2010/gettext-go v1.0.2
go: downloading github.com/mitchellh/go-wordwrap v1.0.1
go: downloading github.com/russross/blackfriday/v2 v2.1.0
go: downloading github.com/containerd/errdefs v0.3.0
go: downloading google.golang.org/grpc v1.80.0
go: downloading github.com/sirupsen/logrus v1.9.3
go: downloading github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0
go: downloading github.com/google/btree v1.1.3
go: downloading github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c
go: downloading github.com/blang/semver/v4 v4.0.0
go: downloading github.com/go-errors/errors v1.4.2
go: downloading github.com/emicklei/go-restful/v3 v3.13.0
go: downloading github.com/briandowns/spinner v1.23.2
go: downloading github.com/wayneashleyberry/terminal-dimensions v1.1.0
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading github.com/prometheus/procfs v0.20.1
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9
go: downloading github.com/klauspost/compress v1.18.0
go: downloading github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00
go: downloading github.com/xlab/treeprint v1.2.0
go: github.com/kube-logging/logging-operator/e2e/common/setup imports
	helm.sh/helm/v3/pkg/action imports
	helm.sh/helm/v3/pkg/kube imports
	k8s.io/kubectl/pkg/cmd/util imports
	k8s.io/kubectl/pkg/scheme imports
	k8s.io/api/scheduling/v1alpha1: cannot find module providing package k8s.io/api/scheduling/v1alpha1

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[promptless-for-oss]

Promptless prepared a documentation update related to this change.

Triggered by PR #2227

Added documentation for the new Retain_Metadata_In_Forward_Mode field in ForwardOptions. This field controls whether fluent-bit appends log event metadata when forwarding records. The operator defaults it to false to maintain fluentd compatibility.

Review: Document Retain_Metadata_In_Forward_Mode option