Bump sigs.k8s.io/controller-runtime from 0.14.7 to 0.19.2

[dependabot]

Bumps sigs.k8s.io/controller-runtime from 0.14.7 to 0.19.2.

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.19.2

What's Changed

• ✨ Add EnableWatchBookmarks option to cache informers by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3018

Full Changelog: kubernetes-sigs/controller-runtime@v0.19.1...v0.19.2

v0.19.1

What's Changed

• [release-0.19] 🌱 Verify PR titles with shell script by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2947
• [release-0.19] 🐛 Fakeclient: preserve TypeMeta for PartialObjectMeta resources by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2951
• [release-0.19] 🌱 pr-verify: use env var for passing the PR title by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2962
• [release-0.19] 🌱 pr-verify: use env var for passing the PR title by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2965
• [release-0.19] 🌱 Fix PR verify action by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2974
• [release-0.19] 🐛 Fakeclient: Fix TOCTOU races by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2992

Full Changelog: kubernetes-sigs/controller-runtime@v0.19.0...v0.19.1

v0.19.0

⚠️ Deprecation Warnings

Please note that admission.Defaulter/Validator have been deprecated in favor of admission.CustomDefaulter/CustomValidator since v0.17 and will be removed with v0.20.

⚠️ Breaking Changes

• Bump to k8s.io/* v1.31 (#2798 #2858 #2867 #2872 #2883 #2900 #2906 #2924)
• Add generic TypedReconciler (#2799)
• client: Remove options.WarningHandler (#2887 #2903)
• controller: Validate controller names are unique & add SkipNameValidation option (#2902 #2918)

✨ New Features

• client: Add WithFieldValidation client (#2860 #2913)
• controller & webhook: Recover panics per default & add panic metrics (#2905)
• controllerutil: configure BlockOwnerDeletion when setting OwnerReference (#2847)
• fake client: Add scale subresource logic (#2855)
• predicate: Add missing generic version of ResourceVersionChangedPredicate (#2812)
• setup-envtest: Download binaries from controller-tools releases instead of GCS (#2811)
• setup-envtest: Publish setup-envtest binaries via release attachments (#2911)
• workqueue: Add controller label to workqueue metrics (#2895)

🐛 Bug Fixes

• apiutil.IsGVKNamespaced: Fix namespaced GVK check to use version (#2875)
• cache: Fix label defaulting of byObject when namespaces are configured (#2805)
• certwatcher: Recreate watcher if the file is unlinked and replaced (#2893)
• manager: Fix log in AddMetricsServerExtraHandler (#2874)

... (truncated)

Commits

• bfd1cf9 [release-0.19] ✨ Add EnableWatchBookmarks option to cache informers (#3018)
• 013f46f Merge pull request #2992 from k8s-infra-cherrypick-robot/cherry-pick-2980-to-...
• 4421425 bug: Fakeclient: Fix TOCTOU races
• aa14005 Merge pull request #2974 from k8s-infra-cherrypick-robot/cherry-pick-2973-to-...
• f883b25 Fix PR verify action
• 409ae31 Merge pull request #2965 from k8s-infra-cherrypick-robot/cherry-pick-2964-to-...
• 465b62a pr-verify: use env var for passing the PR title
• d32b491 Merge pull request #2962 from k8s-infra-cherrypick-robot/cherry-pick-2961-to-...
• b400366 pr-verify: use env var for passing the PR title
• 22d9eab Merge pull request #2951 from k8s-infra-cherrypick-robot/cherry-pick-2949-to-...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[zapier-sre-bot]

Mergecat's Review

Click to read mergecats review!

😼 Mergecat review of go.mod

@@ -1,7 +1,6 @@
 module github.com/zapier/kubechecks
 
 go 1.22
-
 toolchain go1.22.7
 
 require (
@@ -57,11 +56,11 @@ require (
 	google.golang.org/grpc v1.67.1
 	gopkg.in/dealancer/validate.v2 v2.1.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.26.15
-	k8s.io/apiextensions-apiserver v0.26.10
-	k8s.io/apimachinery v0.26.15
-	k8s.io/client-go v0.26.15
-	sigs.k8s.io/controller-runtime v0.14.7
+	k8s.io/api v0.31.0
+	k8s.io/apiextensions-apiserver v0.31.0
+	k8s.io/apimachinery v0.31.0
+	k8s.io/client-go v0.31.0
+	sigs.k8s.io/controller-runtime v0.19.2
 	sigs.k8s.io/yaml v1.4.0
 )
 
@@ -122,10 +121,10 @@ require (
 	github.com/docker/docker v27.2.1+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.2 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
-	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -152,6 +151,7 @@ require (
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-github/v53 v53.2.0 // indirect
 	github.com/google/go-jsonnet v0.20.0 // indirect
@@ -267,8 +267,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.32.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/sync v0.9.0 // indirect
 	golang.org/x/sys v0.27.0 // indirect
@@ -282,20 +281,21 @@ require (
 	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/apiserver v0.26.15 // indirect
+	k8s.io/apiserver v0.31.0 // indirect
 	k8s.io/cli-runtime v0.26.15 // indirect
-	k8s.io/component-base v0.26.15 // indirect
+	k8s.io/component-base v0.31.0 // indirect
 	k8s.io/component-helpers v0.26.15 // indirect
-	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-aggregator v0.26.15 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/kubectl v0.26.15 // indirect
 	k8s.io/kubernetes v1.26.15 // indirect
-	k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 // indirect
 	muzzammil.xyz/jsonc v1.0.0 // indirect
 	olympos.io/encoding/edn v0.0.0-20201019073823-d3554ca0b0a3 // indirect

Feedback & Suggestions:

1. Version Upgrades: The diff includes several version upgrades for dependencies like k8s.io/api, k8s.io/apimachinery, and sigs.k8s.io/controller-runtime. Ensure that these upgrades are compatible with your codebase and that any breaking changes are addressed. 🛠️

2. Dependency Consistency: The addition of gopkg.in/evanphx/json-patch.v4 seems to overlap with github.com/evanphx/json-patch/v5. Ensure that both are necessary and that they do not conflict with each other. Consider consolidating to a single version if possible to avoid potential issues. 🔄

3. Indirect Dependencies: The addition of github.com/google/gnostic-models as an indirect dependency should be verified for necessity. If it's not required, consider removing it to keep the dependency tree clean. 🧹

4. Removed Blank Line: The removal of the blank line after go 1.22 is stylistic. While it doesn't affect functionality, maintaining consistent formatting can improve readability. 📏

5. Version Consistency: Ensure that the versions of Kubernetes-related dependencies (k8s.io/*) are consistent across the board to prevent compatibility issues. This includes both direct and indirect dependencies. 🔍

---

---

Dependency Review

Click to read mergecats review!

No suggestions found

[dependabot]

Superseded by #316.