fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/cache	action	minor	v4.2.4 → v4.3.0
actions/checkout (changelog)	action	digest	11bd719 → 34e1148
actions/checkout	action	minor	v4.2.2 → v4.3.1
actions/dependency-review-action	action	minor	v4.5.0 → v4.9.0
actions/setup-go (changelog)	action	digest	93397be → 7b8cf10
actions/upload-artifact	action	patch	v3.2.1 → v3.2.2
dario.cat/mergo	require	patch	v1.0.1 → v1.0.2
docker/login-action (changelog)	action	digest	9780b0c → c94ce9f
docker/setup-qemu-action (changelog)	action	digest	49b3bc8 → c7c5346
github.com/knadh/koanf/v2	require	minor	v2.1.2 → v2.3.4
github.com/stretchr/testify	require	minor	v1.9.0 → v1.11.1
github/codeql-action	action	minor	v2.27.4 → v2.28.1
github/codeql-action (changelog)	action	digest	5b62e7a → b8d3b6e
go (source)	toolchain	minor	1.23.3 → 1.26.2
golangci/golangci-lint-action	action	minor	v6.1.1 → v6.5.2
k8s.io/apimachinery	require	minor	v0.31.2 → v0.36.0
k8s.io/kube-openapi	require	digest	32ad38e → b7f5293
ossf/scorecard-action	action	patch	v2.4.0 → v2.4.3
renovate/renovate	docker	digest	213766a → 80b071e
sigs.k8s.io/kustomize/kyaml	require	minor	v0.18.1 → v0.21.1
sigstore/cosign-installer	action	pinDigest	→ b5e753a
step-security/harden-runner	action	minor	v2.10.1 → v2.19.1
ubuntu	final	digest	278628f → c4a8d55

---

Release Notes

actions/cache (actions/cache)

v4.3.0

Compare Source

What's Changed

• Add note on runner versions by @​GhadimiR in #​1642
• Prepare v4.3.0 release by @​Link- in #​1655

New Contributors

• @​GhadimiR made their first contribution in #​1642

Full Changelog: actions/cache@v4...v4.3.0

actions/checkout (actions/checkout)

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

actions/dependency-review-action (actions/dependency-review-action)

v4.9.0: Dependency Review Action 4.9.0

Compare Source

This feature release contains a couple of notable changes:

• There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
• Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
• There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

• Compare normalized purls to account for encoding quirks by @​juxtin in #​1056
• Make purl comparisons case insensitive by @​juxtin in #​1057
• Feat: Add Patched Version to Vulnerabilities summary by @​felickz in #​1045
• fix: only get scorecard levels if user wants to see the OpenSSF scorecard by @​jantiebot in #​1060
• Bump actions/stale from 10.1.0 to 10.2.0 by @​dependabot[bot] in #​1058
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in #​1021
• Updates for release 4.9.0 by @​ahpook in #​1064

New Contributors

• @​jantiebot made their first contribution in #​1060

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

v4.8.3: 4.8.3

Compare Source

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

• GitHub Actions can't push to our protected main by @​dangoor in #​1017
• Bump actions/stale from 9.1.0 to 10.1.0 by @​dependabot[bot] in #​995
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in #​1003
• Bump actions/setup-node from 4 to 6 by @​dependabot[bot] in #​1005
• Upgrade glob to address a vulnerability by @​brrygrdn in #​1024
• Bump js-yaml by @​dependabot[bot] in #​1020
• Addressing vulnerabilities by @​Ahmed3lmallah in #​1036
• Bump fast-xml-parser from 5.3.3 to 5.3.5 by @​dependabot[bot] in #​1050
• Bump fast-xml-parser from 5.3.5 to 5.3.6 by @​dependabot[bot] in #​1053
• Properly truncate long summaries and catch errors by @​juxtin in #​1052
• Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @​dependabot[bot] in #​931
• Changes for Release 4.8.3 by @​ahpook in #​1054

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

v4.8.2

Compare Source

Minor fixes:

• Fix PURL parsing for scoped packages (#​1008 from @​danielhardej)
• Fix for large summaries (#​1007 from @​gitulisca)
• README includes a working example for allow-dependencies-licenses (#​1009 from @​danielhardej)

v4.8.1: Dependency Review Action v4.8.1

Compare Source

What's Changed

• (bug) Fix spamming link test in deprecation warning (again) by @​ahpook in #​1000
• Bump version for 4.8.1 release by @​ahpook in #​1001

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

Compare Source

What's Changed

• Make Ruby Code Scannable by @​ljones140 in #​978
• Batch some contributions for release by @​brrygrdn in #​986
  • Make license lists collapsable by @​jasperkamerling
  • feat: add large summary handling with artifact upload by @​MattMencel

New Contributors

• @​ljones140 made their first contribution in #​978
• @​jasperkamerling made their first contribution in #​986
• @​MattMencel made their first contribution in #​986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

v4.7.4

Compare Source

v4.7.3: 4.7.3

Compare Source

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in #​966
• Claire153/fix spamming mentioned issue by @​claire153 in #​974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in #​945
• Deprecate deny lists by @​claire153 in #​958
• Address discrepancy between docs and reality by @​ahpook in #​960

New Contributors

• @​KyFaSt made their first contribution in #​945
• @​claire153 made their first contribution in #​958
• @​ahpook made their first contribution in #​960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

Compare Source

• Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #​889
• License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

Compare Source

• Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #​809 and probably others)
• Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

Compare Source

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in #​870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in #​876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in #​878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in #​877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in #​891
• Allow deny package removal by @​ellenfieldn in #​888
• Fix typos by @​omahs in #​893
• Bump esbuild from 0.19.5 to 0.25.0 by @​dependabot in #​900
• Bump octokit and related dependencies by @​RomanIakovlev in #​904
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot in #​905
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in #​899
• Update transitive dependency spdx-license-ids by @​ailox in #​855
• To not print OpenSSF Scorecard section if no dependencies scanned by @​fabasoad in #​884
• Improve usage of this action in dependency-review.yml by @​fabasoad in #​883
• Clarify comment-summary-in-pr behaviour by @​Pantelis-Santorinios in #​902
• Prepare 4.6.0 Release candidate by @​brrygrdn in #​910

New Contributors

• @​AshelyTC made their first contribution in #​891
• @​ellenfieldn made their first contribution in #​888
• @​omahs made their first contribution in #​893
• @​RomanIakovlev made their first contribution in #​904
• @​ailox made their first contribution in #​855
• @​fabasoad made their first contribution in #​884
• @​Pantelis-Santorinios made their first contribution in #​902
• @​brrygrdn made their first contribution in #​910

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

actions/upload-artifact (actions/upload-artifact)

v3.2.2

Compare Source

v3.2.2 - What's new

[!Important]
actions/upload-artifact@​v3.2.2 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

This is a backport security updates release for GHES users. This version is deprecated on github.com and should not be used!

Node.js 24

This release updates the runtime to Node.js 24. The previous v3.2.1 ran on Node.js 16, which has reached end-of-life. Now this action will run on Node.js 24.

Pin your workflows to: https://github.com/actions/upload-artifact/releases/tag/v3.2.2-node20 which is available if you're still in the process of phasing out Node 20.

What's Changed

• Upgrade @​actions/artifact to 1.1.3 by @​Link-
• Security updates for direct and transitive dependencies
• Use node20 by @​robherley in #​606
• Ensure hidden files input is used by @​joshmgross in #​608
• Upgrade the actions used in workflows by @​Link-

Full Changelog: actions/upload-artifact@v3.2.1...v3.2.2

imdario/mergo (dario.cat/mergo)

v1.0.2

Compare Source

What's Changed

• Drops gopkg.in/yaml.v3, only used for loading fixtures. Thanks @​trim21 for bringing to my attention (#​262) that this library is no longer maintained.

Full Changelog: darccio/mergo@v1.0.1...v1.0.2

knadh/koanf (github.com/knadh/koanf/v2)

v2.3.4

Compare Source

What's Changed

• Bump github.com/nats-io/nats-server/v2 from 2.10.27 to 2.11.12 in /providers/nats by @​dependabot[bot] in #​400
• Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /providers/kiln by @​dependabot[bot] in #​399
• Bump google.golang.org/grpc from 1.71.1 to 1.79.3 in /providers/etcd by @​dependabot[bot] in #​405
• fix: hold RLock during copy in Get to prevent concurrent map access by @​alexchenai in #​406
• Add ability to check for prior values in cliflagv3.ProviderWithConfig() just like posflag by @​knadh in #​403

New Contributors

• @​alexchenai made their first contribution in #​406

Full Changelog: knadh/koanf@v2.3.3...v2.3.4

v2.3.3

Compare Source

What's Changed

• Fix deadlock in recursive Get*() calls in custom merge function. 2f44276
• Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /examples by @​dependabot[bot] in #​398

Full Changelog: knadh/koanf@v2.3.2...v2.3.3

v2.3.2

Compare Source

What's Changed

• fix: preserve nil pointer types in Get() method by @​Asakuri in #​397

New Contributors

• @​Asakuri made their first contribution in #​397

Full Changelog: knadh/koanf@v2.3.1...v2.3.2

v2.3.1

Compare Source

What's Changed

• providers/cliflagv3: Set the flags if they have a default value by @​xescugc in #​382
• fix panic in dotenv parser when callback function is not provided by @​nilsocket in #​387
• Bump golang.org/x/crypto from 0.40.0 to 0.45.0 in /providers/kiln by @​dependabot[bot] in #​391
• Bump golang.org/x/crypto from 0.37.0 to 0.45.0 in /providers/nats by @​dependabot[bot] in #​390
• refactor interface{} to any by @​nilsocket in #​385
• fix: pass event to callback instead of nil when file changes detected by @​josepdcs in #​384

New Contributors

• @​xescugc made their first contribution in #​382
• @​nilsocket made their first contribution in #​387
• @​josepdcs made their first contribution in #​384

Full Changelog: knadh/koanf@v2.3.0...v2.3.1

v2.3.0

Compare Source

What's Changed

• feat: add provider for kiln by @​Thunderbottom in #​369
• Fix rendering of header and add it to the table of contents by @​remyzandwijk in #​373
• Bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1 to 2.4.0 in /examples by @​dependabot[bot] in #​375
• feat: add HUML parser support by @​rhnvrm in #​374
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0 in /tests by @​dependabot[bot] in #​376
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0 in /providers/cliflagv3 by @​dependabot[bot] in #​378
• Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /providers/cliflagv2 by @​dependabot[bot] in #​380
• Add thread safety to resolve race conditions in Issues #​305 and #​335 by @​rhnvrm in #​377
• fix: bump mapstructure version by @​rostislaved in #​381

New Contributors

• @​remyzandwijk made their first contribution in #​373
• @​rostislaved made their first contribution in #​381

Full Changelog: knadh/koanf@v2.2.2...v2.3.0

v2.2.2

Compare Source

What's Changed

• Replace yaml package with go.yaml.in/yaml/v3 by @​devhaozi in #​365
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in /providers/cliflagv2 by @​dependabot[bot] in #​366
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @​dependabot[bot] in #​367
• feat: config to override env vars by @​nickajacks1 in #​341

New Contributors

• @​devhaozi made their first contribution in #​365
• @​nickajacks1 made their first contribution in #​341

Full Changelog: knadh/koanf@v2.2.1...v2.2.2

v2.2.1

Compare Source

What's Changed

• Bump github.com/nats-io/nats-server/v2 from 2.9.23 to 2.10.27 in /providers/nats by @​dependabot in #​350
• Bump golang.org/x/net from 0.36.0 to 0.38.0 in /providers/consul by @​dependabot in #​351
• Bump golang.org/x/net from 0.37.0 to 0.38.0 in /examples by @​dependabot in #​353
• changing cliflagv2 to support variadic forcedinclude parameter by @​kooroo in #​357
• adds urfave/cli/v3 parser by @​n0cloud in #​361
• add toggle to split nats kv on "." delimiter by @​nickchomey in #​355

New Contributors

• @​kooroo made their first contribution in #​357
• @​n0cloud made their first contribution in #​361
• @​nickchomey made their first contribution in #​355

Full Changelog: knadh/koanf@v2.2.0...v2.2.1

v2.2.0

Compare Source

This release sets the min required Go version to v1.23.0

An increasing number of important updates to various deps, including golang.org/x/*, require go >= 1.23.0. It is now untenable
to maintain support for older Go versions. This does not break existing installations, just that further updates will only be available to newer Go versions.

What's Changed

• Update CI by @​StefMa in #​332
• Fix typos by @​NathanBaulch in #​336
• adds urfave/cli/v2 flag parser by @​joicemjoseph in #​330
• Bump golang.org/x/net from 0.23.0 to 0.36.0 in /providers/consul by @​dependabot in #​342
• Added support for Azure Keyvault by @​arawin1979 in #​343
• Bump golang.org/x/crypto from 0.21.0 to 0.35.0 in /providers/vault by @​dependabot in #​348
• Bump golang.org/x/crypto from 0.17.0 to 0.35.0 in /providers/nats by @​dependabot in #​347
• Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 in /examples by @​dependabot in #​346
• Bump golang.org/x/net from 0.23.0 to 0.36.0 in /providers/vault by @​dependabot in #​344
• Upgrade min Go version and deps across all providers and parsers by @​knadh in #​349

New Contributors

• @​NathanBaulch made their first contribution in #​336
• @​joicemjoseph made their first contribution in #​330
• @​arawin1979 made their first contribution in #​343

Full Changelog: knadh/koanf@v2.1.2...v2.2.0

stretchr/testify (github.com/stretchr/testify)

v1.11.1

Compare Source

This release fixes #​1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

• Backport #​1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @​brackendawson in #​1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

Compare Source

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in #​1614
• Lazily render mock diff output on successful match by @​mikeauclair in #​1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in #​1427
• assert: add IsNotType by @​bartventer in #​1730
• assert.JSONEq: shortcut if same strings by @​dolmen in #​1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in #​1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in #​1761
• suite: faster methods filtering (internal refactor) by @​dolmen in #​1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in #​1345
• Fix failure message formatting for Positive and Negative asserts in #​1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in #​1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in #​1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in #​1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in #​1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in #​1688
• Replace deprecated io/ioutil with io and os by @​alexandear in #​1684
• Document consequences of calling t.FailNow() by @​greg0ire in #​1710
• chore: update docs for Unset #​1621 by @​techfg in #​1709
• README: apply gofmt to examples by @​alexandear in #​1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in #​1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in #​1716
• Update documentation for the Error function in assert or require package by @​architagr in #​1675
• assert: remove deprecated build constraints by @​alexandear in #​1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in #​1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in #​1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in #​1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in #​1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in #​1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in #​1742
• mock: enable parallel testing on internal testsuite by @​dolmen in #​1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in #​1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in #​1745
• deps: fix dependency cycle with objx (again) by @​dolmen in #​1567
• assert.Empty: comprehensive doc of "Empty"-ness rules by @​dolmen in #​1753
• doc: improve godoc of top level 'testify' package by @​dolmen in #​1760
• assert.ErrorAs: simplify retrieving the type name by @​ccoVeille in #​1740
• assert.EqualValues: improve test coverage to 100% by @​dolmen in #​1763
• suite.Run: simplify running of Setup/TeardownSuite by @​renzoarreaza in #​1769
• assert.CallerInfo: micro optimization by using LastIndexByte by @​dolmen in #​1767
• assert.CallerInfo: micro cleanup by @​dolmen in #​1768
• assert: refactor TestFileExists and TestDirExists tests to enable parallel testing by @​dolmen in #​1766
• suite.Run: refactor handling of stats for improved readability by @​dolmen in #​1764
• tests: improve captureTestingT helper by @​ccoVeille in #​1741
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​1778

New Contributors

• @​greg0ire made their first contribution in #​1710
• @​techfg made their first contribution in #​1709
• @​mikeauclair made their first contribution in #​1614
• @​cszczepaniak made their first contribution in #​1427
• @​architagr made their first contribution in #​1675
• @​tsioftas made their first contribution in #​1681
• @​siliconbrain made their first contribution in #​1729
• @​bartventer made their first contribution in #​1730
• @​Ararsa-Derese made their first contribution in #​1706
• @​renzoarreaza made their first contribution in #​1769
• @​3scalation made their first contribution in #​1743

Full Changelog: stretchr/testify@v1.10.0...v1.11.0

v1.10.0

Compare Source

What's Changed

Functional Changes

• Add PanicAssertionFunc by @​fahimbagar in #​1337
• assert: deprecate CompareType by @​dolmen in #​1566
• assert: make YAML dependency pluggable via build tags by @​dolmen in [#​1579](https://redirect.github.com/stretchr

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 04:00 AM and 04:59 AM, on day 1 and 16 of the month (* 4 1,16 * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 10 additional dependencies were updated

Details:

Package	Change
github.com/fxamacker/cbor/v2	v2.7.0 -> v2.9.0
github.com/go-logr/logr	v1.4.2 -> v1.4.3
github.com/go-openapi/swag	v0.23.0 -> v0.25.4
github.com/modern-go/reflect2	v1.0.2 -> v1.0.3-0.20250322232337-35a7c28c31ee
golang.org/x/net	v0.28.0 -> v0.49.0
golang.org/x/sys	v0.23.0 -> v0.40.0
k8s.io/klog/v2	v2.130.1 -> v2.140.0
k8s.io/utils	v0.0.0-20240711033017-18e509b52bc8 -> v0.0.0-20260210185600-b8788abfbbc2
sigs.k8s.io/json	v0.0.0-20221116044647-bc3834ca7abd -> v0.0.0-20250730193827-2d320260d730
sigs.k8s.io/yaml	v1.4.0 -> v1.6.0