Bump the kubernetes group across 1 directory with 6 updates

[dependabot]

Bumps the kubernetes group with 3 updates in the / directory: k8s.io/api, k8s.io/apiextensions-apiserver and sigs.k8s.io/controller-runtime.

Updates k8s.io/api from 0.35.4 to 0.36.1

Commits

• 25001c8 Update dependencies to v0.36.1 tag
• 879d396 Merge remote-tracking branch 'origin/master' into release-1.36
• 030d81f Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• aef6eb6 Add granular authorization for DRA ResourceClaim status updates
• 91061ea Merge pull request #136589 from tosi3k/preemption-mode
• e6b81e2 Add Workload-Aware Preemption fields to Workload and PodGroup APIs
• f8fce2e Merge pull request #136989 from nojnhuh/podgroup-resourceclaim
• b928f5e Workload API: PodGroup ResourceClaims (KEP-5729)
• 61bd78e Merge pull request #137190 from everpeace/KEP-5491-alpha
• 6bf46eb Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status
• Additional commits viewable in compare view

Updates k8s.io/apiextensions-apiserver from 0.35.4 to 0.36.1

Commits

• 5b822b1 Update dependencies to v0.36.1 tag
• 4cd8c3d Merge remote-tracking branch 'origin/master' into release-1.36
• c2fd557 Merge pull request #138346 from dashpole/update_otel_prop
• 1daa309 Merge remote-tracking branch 'origin/master' into release-1.36
• 1551264 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 6c97d2b update go.opentelemetry.io/otel to v1.41.0
• 862c52a update google.golang.org/grpc to v1.79.3
• abac065 Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
• 7acee75 Merge pull request #137843 from pacoxu/cobra-v1.10.2
• 612f1d8 dependencies: bump kube-openapi to drop ginkgo/gomega indirect deps
• Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.35.4 to 0.36.1

Commits

• 7af103a Update dependencies to v0.36.1 tag
• efb7f26 Merge remote-tracking branch 'origin/master' into release-1.36
• d966e56 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 79b3632 Merge pull request #137864 from yongruilin/dv-dra-mismatch
• a8822f7 Add slice and map union member support with tests
• 7dba2d0 Use IsZero instead of IsNil for union ratcheting check
• d95710f Fix union validation ratcheting when oldObj is nil
• 729062d Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
• 13b12e6 dependencies: bump kube-openapi to drop ginkgo/gomega indirect deps
• 27f4670 Merge pull request #136657 from Jefftree/sharding-test
• Additional commits viewable in compare view

Updates k8s.io/client-go from 0.35.4 to 0.36.1

Commits

• 55ef15a Update dependencies to v0.36.1 tag
• f22a53e Merge remote-tracking branch 'origin/master' into release-1.36
• a948641 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 7e44ffc Add Workload-Aware Preemption fields to Workload and PodGroup APIs
• df2d882 Merge pull request #136989 from nojnhuh/podgroup-resourceclaim
• 4eece52 Workload API: PodGroup ResourceClaims (KEP-5729)
• 3d35c51 Merge pull request #137190 from everpeace/KEP-5491-alpha
• 0434117 Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status
• ba785be Drop CSR analogy, mark ObjectMeta +required,reduce limits (maxItems=500, maxL...
• 4a9c878 Add ResourcePoolStatusRequest API types and generated code
• Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20251002143259-bc988d571ff4 to 0.0.0-20260210185600-b8788abfbbc2

Commits

• See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.23.3 to 0.24.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.24.1

What's Changed

• [release-0.24] 🐛 Fix regression in Apply typed error handling by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3516

Full Changelog: kubernetes-sigs/controller-runtime@v0.24.0...v0.24.1

v0.24.0

⚠️ Breaking Changes

• Dependencies: Update to k8s.io/* v1.36 (#3506 #3462 #3486 #3450)

🐛 Bug Fixes

• Cache: Fix IndexField blocking until informer is synced (#3445)
• Cache: Wait for cache sync when ReaderFailOnMissingInformer is true (#3425)
• Client: Update typed ApplyConfigurations with server response (#3475)
• Fakeclient: Fix SSA status patch resource version check (#3443)
• Fakeclient: Fix panic when using CRs with embedded pointer structs (#3431)
• Fakeclient: Fix status apply if existing object has managedFields set (#3430)
• Fakeclient: Retry GenerateName on AlreadyExists collisions (#3498)
• HTTP servers: Wire up base context into http servers (#3452)

🌱 Others

• Builder/Webhooks: Remove deprecated custom path function (#3465)
• Cache: Test cache reader waits for cache sync (#3434)
• Certwatcher: Deflake certwatcher tests (#3457)
• Dependencies: Use forked version of btree (#3449)
• Envtest: Ensure envtest stops the whole process group (#3447)
• Logging: Add missing space in zap-log-level flag description (#3492)
• Misc: Adopt new(x) over ptr.To(x) and re-enable newexpr lint (#3489)
• Owners: Cleanup (#3453)
• Recorder: Add logger into context for structured logging (#3454)
• Recorder: Switch to StartLogging for event debug logs (#3451)
• Scheme: Deprecate the scheme builder (#3461)
• Source/Kind: Improve logging for dynamic type kind source (#3494)
• Webhooks: Reduce memory usage of default webhooks (#3463 #3468)

🌱 CI & linters

• Chore: Update golangci-lint version to v2.8.0 (#3448)
• Chore: Update golangci-lint version to v2.10.1 (#3470)
• Chore: Update golangci-lint version to v2.11.3 (#3482)
• Migrate away from custom GitHub action approval workflow (#3491)
• Release: Auto-create git tags for the tools/setup-envtest submodule (#3476)

📖 Additionally, there has been 1 contribution to our documentation. (#3477)

Dependencies

... (truncated)

Commits

• 3be3f1b Merge pull request #3516 from k8s-infra-cherrypick-robot/cherry-pick-3515-to-...
• 0f7b33d Fix regression in Apply typed error handling
• d3eaef3 Merge pull request #3475 from alvaroaleman/fixfix
• 3296f32 🐛 Update typed Applyconfigurations with server response
• c8b4b9d Merge pull request #3506 from troy0820/troy0820/update-deps-k8s
• 557c314 update to k8s.io v1.36.0
• e4a998c Merge pull request #3499 from kubernetes-sigs/dependabot/github_actions/all-g...
• 1a31c56 Merge pull request #3498 from vieux/fix-fake-client-generatename-retry
• 80bc294 fakeclient: retry GenerateName on AlreadyExists collisions (match K8s 1.32 be...
• 77b730a 🌱 Bump the all-github-actions group with 2 updates
• Additional commits viewable in compare view

Summary by CodeRabbit

• Chores
  • Upgraded Go toolchain from 1.25.7 to 1.26.0
  • Updated core Kubernetes dependencies to v0.36.1
  • Updated controller-runtime to v0.24.1
  • Updated auxiliary dependencies for improved compatibility and security

[coderabbitai]

Walkthrough

Updates go.mod: bumps Go toolchain to 1.26.0, upgrades core Kubernetes modules to v0.36.1, advances controller-runtime to v0.24.1, refreshes several indirect dependencies, and removes an unused indirect dependency.

Changes

Go module dependency upgrade

Layer / File(s)	Summary
Go toolchain and direct Kubernetes dependencies go.mod	Go directive updated from 1.25.7 to 1.26.0. Core Kubernetes modules (k8s.io/api, k8s.io/apiextensions-apiserver, k8s.io/apimachinery, k8s.io/client-go) moved from v0.35.4 to v0.36.1. sigs.k8s.io/controller-runtime advanced from v0.23.3 to v0.24.1.
Indirect dependencies and cleanup go.mod	Removed indirect github.com/mxk/go-flowrate. Bumped github.com/prometheus/common to v0.67.5. Updated golang.org/x/time, google.golang.org/protobuf, Kubernetes auxiliary modules (k8s.io/component-base, k8s.io/kube-openapi, k8s.io/streaming) and sigs.k8s.io/structured-merge-diff/v6 to specified newer versions.

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• openshift/managed-cluster-validating-webhooks#489: Prior go.mod-only dependency bump for Kubernetes k8s.io/* stack and related components.
• openshift/managed-cluster-validating-webhooks#475: Earlier dependency-only update that bumps Kubernetes k8s.io/* stack and sigs.k8s.io/controller-runtime in the same pattern.

Suggested reviewers

• feichashao

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 2 warnings)

Check name	Status	Explanation	Resolution
No-Sensitive-Data-In-Logs	❌ Error	Code logs entire AdmissionRequest objects (12 instances) which include the full Kubernetes resource being operated on, potentially exposing sensitive data like secrets, API keys, passwords, and PII.	Remove or mask the full request.AdmissionRequest from log statements; log only non-sensitive fields like UID, operation, namespace, and username instead.
Single Node Openshift (Sno) Test Compatibility	⚠️ Warning	New e2e tests assume separate master/infra node roles unavailable in SNO without compatibility guards like [Skipped:SingleReplicaTopology] or skipOnSingleNodeTopology().	Add [Skipped:SingleReplicaTopology] label or skipOnSingleNodeTopology() guards to tests at lines 239, 252, and 328 that assume separate node roles.
Topology-Aware Scheduling Compatibility	⚠️ Warning	PR introduces required pod anti-affinity with topology.kubernetes.io/zone in build/resources.go deployment, breaking on SNO single-zone clusters.	Use preferred anti-affinity instead of required, or add topology-aware logic to conditionally apply constraints based on ControlPlaneTopology.

✅ Passed checks (12 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating Kubernetes-related Go module dependencies across the repository.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR only modifies go.mod/go.sum (dependency versions). No test files are changed, and existing tests use stable, deterministic names with no dynamic content.
Test Structure And Quality	✅ Passed	PR is a dependency version bump (go.mod/go.sum only) with no Ginkgo test code changes, so the test structure check is not applicable.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR—only go.mod dependencies are updated. The check only applies when tests are added.
Ote Binary Stdout Contract	✅ Passed	PR only modifies go.mod/go.sum (dependency updates), contains no source code changes. Pre-existing klog.SetOutput(os.Stdout) in cmd/main.go is not introduced by this PR.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests added; PR only updates go.mod dependencies. Custom check for IPv4/external connectivity issues in tests does not apply.
No-Weak-Crypto	✅ Passed	PR only updates go.mod dependency versions; no code changes introduce weak crypto (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB) or unsafe crypto patterns.
Container-Privileges	✅ Passed	PR only modifies go.mod (dependency versions), not container/K8s manifests. Check for privileged container settings is not applicable to dependency version updates.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/kubernetes-f5654d70b0

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign clcollins for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-binary-build-success	1f7281d	link	true	/test e2e-binary-build-success
ci/prow/pr-check	1f7281d	link	true	/test pr-check

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci]

rebase

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.