chore(deps): Bump the production-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the production-dependencies group with 6 updates in the / directory:

Package	From	To
k8s.io/apimachinery	0.33.5	0.34.1
github.com/containerd/stargz-snapshotter/estargz	0.17.0	0.18.0
github.com/klauspost/compress	1.18.0	1.18.1
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring	0.85.0	0.86.1
go.uber.org/mock	0.5.1	0.6.0
gopkg.in/evanphx/json-patch.v4	4.12.0	4.13.0

Updates k8s.io/apimachinery from 0.33.5 to 0.34.1

Commits

• b72d93d Merge remote-tracking branch 'origin/master' into release-1.34
• cd8b91c clarify that staging repos are automatically published
• 8c59599 add pointer to CONTRIBUTING.md for more details on contributing, clarify read...
• ec3cea5 link to what a staging repository is
• e4db694 docs: clarify that this is a staging repository and not for direct contributions
• 04507a3 Merge pull request #132942 from thockin/kyaml
• 50e39b1 Merge pull request #132935 from benluddy/cbor-bump-custom-marshalers
• 7d108e8 Re-vendor sigs.k8s.io/yaml @ v1.6.0
• 58c4eb0 Merge pull request #133130 from ylink-lfs/chore/residual_boolptr_removal
• 38a24e6 chore: residual boolptr and intptr removal
• Additional commits viewable in compare view

Updates github.com/containerd/stargz-snapshotter/estargz from 0.17.0 to 0.18.0

Release notes

Sourced from github.com/containerd/stargz-snapshotter/estargz's releases.

v0.18.0

Notable Changes

• Fixed restoring error of snapshots on unexpected restart of stargz snapshotter (#2091, #2092), thanks to @​wswsmao
• Added FadvDontNeed option to reduce pagecache consumption in stargz snapshotter (#2095), thanks to @​wswsmao
• Removed testing dependency from code outside tests (#2098), thanks to @​rosstimothy
• Added all option for the ctr-remote's --gpus flag (#2102, #2118), thanks to @​wswsmao
• Added --prefetch-list flag to ctr-remote (#2113, #2148), thanks to @​wswsmao
• Enabled deduplication in ImageRecorder.Record (#2116), thanks to @​wswsmao
• Fixed potential data race in nativeconverter/estargz (#2133), thanks to @​escapefreeg
• Added support of decompression helpers in ctr-remote for better conversion speed (#2117), thanks to @​escapefreeg
• Improved logging behaviour in fusemanager (#2135), thanks to @​mmonaco
• Fixed to preserve normal snapshots during cleanup in stargz snapshotter (#2127), thanks to @​ChengyuZhu6
• Fixed lazy pulling failure on images with empty layers (#2137)
• Fixed stargz snapshotter to run without depending on fusermount by default (#2146)
• Enabled ctr-remote to capture early file access (#2129), thanks to @​wswsmao
• Refactors and document fixes (#2112, #2150), thanks to @​wswsmao

Commits

• d069a28 Merge pull request #2151 from ktock/prepare-v0.18.0
• 28f32ae Preapre for v0.18.0
• baee5d1 Merge pull request #2148 from wswsmao/main
• b919e72 ctr-remote: add wildcard support for prefetch-list option
• 8f3983e Merge pull request #2129 from wswsmao/monitor
• 3eb8ee2 Merge pull request #2150 from wswsmao/doc
• ec84d57 Merge pull request #2149 from ktock/dockerfile202510
• db260f8 fusemanager: fix typo
• e57ac7c Dockerfile: bump up dependencies
• e83587c Merge pull request #2147 from containerd/dependabot/go_modules/gomod-9d3bd425c7
• Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.18.0 to 1.18.1

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.1

What's Changed

• zstd: Fix incorrect buffer size in dictionary encodes by @​klauspost in klauspost/compress#1059
• s2: check for cap, not len of buffer in EncodeBetter/Best by @​vdarulis in klauspost/compress#1080
• zstd: Add simple zstd EncodeTo/DecodeTo functions by @​klauspost in klauspost/compress#1079
• zlib: Avoiding extra allocation in zlib.reader.Reset by @​travelpolicy in klauspost/compress#1086
• gzhttp: remove redundant err check in zstdReader by @​ryanfowler in klauspost/compress#1090
• Run modernize. Deprecate Go 1.22 by @​klauspost in klauspost/compress#1095
• flate: Simplify matchlen by @​klauspost in klauspost/compress#1101
• flate: Add examples by @​klauspost in klauspost/compress#1102
• flate: Use exact sizes for huffman tables by @​klauspost in klauspost/compress#1103
• flate: Faster load+store by @​klauspost in klauspost/compress#1104
• Add notice to S2 about MinLZ by @​klauspost in klauspost/compress#1065

New Contributors

• @​wooffie made their first contribution in klauspost/compress#1069
• @​vdarulis made their first contribution in klauspost/compress#1080
• @​travelpolicy made their first contribution in klauspost/compress#1086
• @​ryanfowler made their first contribution in klauspost/compress#1090

Full Changelog: klauspost/compress@v1.18.0...v1.18.1

Commits

• d10b525 build(deps): bump the github-actions group with 2 updates (#1105)
• 3c0d308 flate: Faster load+st0re (#1104)
• 6e2f5d5 flate: Use exact sizes for huffman tables (#1103)
• bda824b flate: Add examples (#1102)
• f44517c flate: Simplify matchlen (#1101)
• 54cb7a5 build(deps): bump the github-actions group with 3 updates (#1096)
• c43fcbb Run modernize. Deprecate Go 1.22 (#1095)
• 86a9489 gzhttp: remove redundant err check in zstdReader (#1090)
• ad4a030 build(deps): bump github/codeql-action in the github-actions group (#1087)
• 1a8c0e4 Avoiding extra allocation in Reset (#1086)
• Additional commits viewable in compare view

Updates github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring from 0.85.0 to 0.86.1

Release notes

Sourced from github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's releases.

0.86.1 / 2025-10-13

• [BUGFIX] Fix formatting of Kubernetes events. #8015

0.86.0 / 2025-10-07

[!NOTE] This release introduces the status subresource (behind the StatusForConfigurationResources feature gate) for ServiceMonitor, PodMonitor, Probe and Scrapeconfig custom resources. It is only supported for Prometheus resources.

[!IMPORTANT] This release enables automatic UTF-8 character support in label names, metric names and PrometheusRule expressions for Prometheus/PrometheusAgent resources running with version >= 3.0.0.

To preserve backward compatibility, the admission webhook service validates PrometheusRule resources against the legacy Prometheus scheme by default (but it can be changed with the --name-validation-scheme flag).

• [CHANGE] Remove automatic addition of the metadata-wal-records feature flag for Prometheus versions >= 3.4. #7893
• [CHANGE] Add miscellaneous validations to the ScrapeConfig CRD. #7856 #7823 #7835 #7838 #7838 ##7966
• [CHANGE/FEATURE] Add support for UTF-8 characters to label names and metric names in PrometheusRule resources and relabel configurations. #7637 #7985
• [FEATURE] Add the flag --name-validation-scheme to admission webhook to select between utf8 and legacy validations. #7985
• [FEATURE] Add status subresource for ServiceMonitor custom resources (requires the StatusForConfigurationResources feature gate). #7767 #7836 #7827 #7795
• [FEATURE] Add status subresource for PodMonitor custom resources (requires the StatusForConfigurationResources feature gate). #7929 #7914 #7936
• [FEATURE] Add status subresource for ScrapeConfig custom resources (requires the StatusForConfigurationResources feature gate). #7958 #7964 #7969
• [FEATURE] Add status subresource for Probe custom resources (requires the StatusForConfigurationResources feature gate). #7933 #7934 #7980
• [FEATURE] Add serviceDiscoveryRole field to ServiceMonitor. #7982
• [FEATURE] Add useFIPSSTSEndpoint field to Sigv4 config. #7987
• [FEATURE] Add UnderscoreEscapingWithoutSuffixes to the translationStrategy field for the Prometheus and PrometheusAgent CRDs. #7947
• [FEATURE] Add promoteScopeMetadata field to the Prometheus and PrometheusAgent CRDs. #7803
• [FEATURE] Add enableHttp2 field to Alertmanager and AlertmanagerConfig CRDs. #7963
• [ENHANCEMENT] Add the related object to the events emitted by the operator. #7867 #7953
• [ENHANCEMENT] Add webhook validation for the MSTeams V2 receiver of AlertmanagerConfig CRD. #7906
• [ENHANCEMENT] Add app.kubernetes.io/managed-by: prometheus-operator label to all managed resources. #7939
• [BUGFIX] Prevent duplicate authentication settings in PodMonitor. #7975
• [BUGFIX] Use distinct port name for the config-reloader init container to avoid duplicate port name warnings. #7904
• [BUGFIX] Validate the PagerDuty URL in the Alertmanager's global configuration. #7945

Changelog

Sourced from github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's changelog.

0.86.1 / 2025-10-13

• [BUGFIX] Fix formatting of Kubernetes events. #8015

0.86.0 / 2025-10-07

[!NOTE] This release introduces the status subresource (behind the StatusForConfigurationResources feature gate) for ServiceMonitor, PodMonitor, Probe and Scrapeconfig custom resources. It is only supported for Prometheus resources.

[!IMPORTANT] This release enables automatic UTF-8 character support in label names, metric names and PrometheusRule expressions for Prometheus/PrometheusAgent resources running with version >= 3.0.0.

To preserve backward compatibility, the admission webhook service validates PrometheusRule resources against the legacy Prometheus scheme by default (but it can be changed with the --name-validation-scheme flag).

• [CHANGE] Remove automatic addition of the metadata-wal-records feature flag for Prometheus versions >= 3.4. #7893
• [CHANGE] Add miscellaneous validations to the ScrapeConfig CRD. #7856 #7823 #7835 #7838 #7838 #7966
• [CHANGE/FEATURE] Add support for UTF-8 characters to label names and metric names in PrometheusRule resources and relabel configurations. #7637 #7985
• [FEATURE] Add the flag --name-validation-scheme to admission webhook to select between utf8 and legacy validations. #7985
• [FEATURE] Add status subresource for ServiceMonitor custom resources (requires the StatusForConfigurationResources feature gate). #7767 #7836 #7827 #7795
• [FEATURE] Add status subresource for PodMonitor custom resources (requires the StatusForConfigurationResources feature gate). #7929 #7914 #7936
• [FEATURE] Add status subresource for ScrapeConfig custom resources (requires the StatusForConfigurationResources feature gate). #7958 #7964 #7969
• [FEATURE] Add status subresource for Probe custom resources (requires the StatusForConfigurationResources feature gate). #7933 #7934 #7980
• [FEATURE] Add serviceDiscoveryRole field to ServiceMonitor. #7982
• [FEATURE] Add useFIPSSTSEndpoint field to Sigv4 config. #7987
• [FEATURE] Add UnderscoreEscapingWithoutSuffixes to the translationStrategy field for the Prometheus and PrometheusAgent CRDs. #7947
• [FEATURE] Add promoteScopeMetadata field to the Prometheus and PrometheusAgent CRDs. #7803
• [FEATURE] Add enableHttp2 field to Alertmanager and AlertmanagerConfig CRDs. #7963
• [ENHANCEMENT] Add the related object to the events emitted by the operator. #7867 #7953
• [ENHANCEMENT] Add webhook validation for the MSTeams V2 receiver of AlertmanagerConfig CRD. #7906
• [ENHANCEMENT] Add app.kubernetes.io/managed-by: prometheus-operator label to all managed resources. #7939
• [BUGFIX] Prevent duplicate authentication settings in PodMonitor. #7975
• [BUGFIX] Use distinct port name for the config-reloader init container to avoid duplicate port name warnings. #7904
• [BUGFIX] Validate the PagerDuty URL in the Alertmanager's global configuration. #7945

Commits

• f7f07bc Merge pull request #8026 from slashpai/cut-0.86.1
• 6406eb7 chore: cut v0.86.1
• 7668abf Merge pull request #8019 from kubeservice-stack/update-change-log
• e579f39 fix: format Kubernetes events properly (#8015)
• 12e736f update CHANGELOG.md
• 36d8f24 fix: format Kubernetes events properly
• 3e17d60 Merge pull request #7991 from slashpai/cut-0.86
• cc6aec1 chore: cut v0.86.0
• 264d19a Merge pull request #7987 from appian/usefips
• 51cba2b Merge pull request #7975 from simonpasquier/drop-invalid-authn-settings
• Additional commits viewable in compare view

Updates github.com/vbatts/tar-split from 0.12.1 to 0.12.2

Release notes

Sourced from github.com/vbatts/tar-split's releases.

v0.12.2

What's Changed

• Port a fix for CVE-2025-58183 by @​mtrmac in vbatts/tar-split#85

Full Changelog: vbatts/tar-split@v0.12.1...v0.12.2

Commits

• e93e901 Merge pull request #85 from mtrmac/backport
• 55da7d6 archive/tar: set a limit on the size of GNU sparse file 1.0 regions
• See full diff in compare view

Updates go.uber.org/mock from 0.5.1 to 0.6.0

Release notes

Sourced from go.uber.org/mock's releases.

v0.6.0

0.6.0 (18 Aug 2025)

Added

• #258[]: Archive mode: a new mockgen mode that generates mocks out of archive files.

Fixed

• #276[]: Fixed mockgen errors with go1.25 due to outdated golang.org/x/tools dependency.

#258: uber-go/mock#258 #276: uber-go/mock#276

v0.5.2

0.5.2 (28 Apr 2025)

Fixed

• #248[]: Fixed an issue with type aliases not being included in generated code correctly.

#248: uber-go/mock#248

Changelog

Sourced from go.uber.org/mock's changelog.

0.6.0 (18 Aug 2025)

Added

• #258[]: Archive mode: a new mockgen mode that generates mocks out of archive files.
• #262[]: Support for specifying mock names when using the _gomock_archive bazel rule.

Fixed

• #276[]: Fixed mockgen errors with go1.25 due to outdated golang.org/x/tools dependency.

#258: uber-go/mock#258 #262: uber-go/mock#262 #276: uber-go/mock#276

0.5.2 (28 Apr 2025)

Fixed

• #248[]: Fixed an issue with type aliases not being included in generated code correctly.

#248: uber-go/mock#248

Commits

• 2d1c581 Prepare release v0.6.0 (#278)
• c654195 Update CI to run 1.24/1.25 (#277)
• 5900c74 update golang.org/x/tools to v0.36.0 (#276)
• 6a0445c feat(bazel): mock_names flag support in archive mode (#262)
• aa11bfc feat(bazel): support archive mode (#259)
• 359202c Support for archive mode (#258)
• 871d86b Back to development (#251)
• 0b8095f Prepare release v0.5.2 (#250)
• 8ce01ac Bump go.mod to 1.23 and remove alias replacements (#248)
• 6568d88 Back to development. (#242)
• See full diff in compare view

Updates gopkg.in/evanphx/json-patch.v4 from 4.12.0 to 4.13.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign 0xfelix for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kubevirt-bot]

Hi @dependabot[bot]. Thanks for your PR.

PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test all.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[0xFelix]

/test pull-containerdisks-build

[kubevirt-bot]

@dependabot[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-containerdisks-build	e966136	link	true	/test pull-containerdisks-build

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.