Bump sigs.k8s.io/controller-runtime from 0.14.7 to 0.19.3

[dependabot]

Bumps sigs.k8s.io/controller-runtime from 0.14.7 to 0.19.3.

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.19.3

What's Changed

• 🐛 Refactor certificate watcher to use polling, instead of fsnotify by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3023
• 🐛 Use leader elector with client timeout by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3031

Full Changelog: kubernetes-sigs/controller-runtime@v0.19.2...v0.19.3

v0.19.2

What's Changed

• ✨ Add EnableWatchBookmarks option to cache informers by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3018

Full Changelog: kubernetes-sigs/controller-runtime@v0.19.1...v0.19.2

v0.19.1

What's Changed

• [release-0.19] 🌱 Verify PR titles with shell script by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2947
• [release-0.19] 🐛 Fakeclient: preserve TypeMeta for PartialObjectMeta resources by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2951
• [release-0.19] 🌱 pr-verify: use env var for passing the PR title by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2962
• [release-0.19] 🌱 pr-verify: use env var for passing the PR title by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2965
• [release-0.19] 🌱 Fix PR verify action by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2974
• [release-0.19] 🐛 Fakeclient: Fix TOCTOU races by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2992

Full Changelog: kubernetes-sigs/controller-runtime@v0.19.0...v0.19.1

v0.19.0

⚠️ Deprecation Warnings

Please note that admission.Defaulter/Validator have been deprecated in favor of admission.CustomDefaulter/CustomValidator since v0.17 and will be removed with v0.20.

⚠️ Breaking Changes

• Bump to k8s.io/* v1.31 (#2798 #2858 #2867 #2872 #2883 #2900 #2906 #2924)
• Add generic TypedReconciler (#2799)
• client: Remove options.WarningHandler (#2887 #2903)
• controller: Validate controller names are unique & add SkipNameValidation option (#2902 #2918)

✨ New Features

• client: Add WithFieldValidation client (#2860 #2913)
• controller & webhook: Recover panics per default & add panic metrics (#2905)
• controllerutil: configure BlockOwnerDeletion when setting OwnerReference (#2847)
• fake client: Add scale subresource logic (#2855)
• predicate: Add missing generic version of ResourceVersionChangedPredicate (#2812)
• setup-envtest: Download binaries from controller-tools releases instead of GCS (#2811)
• setup-envtest: Publish setup-envtest binaries via release attachments (#2911)
• workqueue: Add controller label to workqueue metrics (#2895)

... (truncated)

Commits

• 3e66810 Merge pull request #3037 from kubernetes-sigs/backport019-watch
• 2085acc add watch deprecated to certwatcher
• 0823530 Merge pull request #3031 from k8s-infra-cherrypick-robot/cherry-pick-3028-to-...
• e727239 [release-0.19] 🐛 Refactor certificate watcher to use polling, instead of fsno...
• 2a0ce59 🌱 Make using leader elector with client timeout non-breaking
• 4bc3811 🐛 Fix RenewDeadline typo in leader election
• 0170742 warning: Use leader elector with client timeout
• bfd1cf9 [release-0.19] ✨ Add EnableWatchBookmarks option to cache informers (#3018)
• 013f46f Merge pull request #2992 from k8s-infra-cherrypick-robot/cherry-pick-2980-to-...
• 4421425 bug: Fakeclient: Fix TOCTOU races
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Looks like sigs.k8s.io/controller-runtime is up-to-date now, so this is no longer needed.

[zapier-sre-bot]

Mergecat's Review

Click to read mergecats review!

😼 Mergecat review of go.mod

@@ -1,7 +1,6 @@
 module github.com/zapier/kubechecks
 
 go 1.22
-
 toolchain go1.22.7
 
 require (
@@ -57,11 +56,11 @@ require (
 	google.golang.org/grpc v1.67.1
 	gopkg.in/dealancer/validate.v2 v2.1.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.26.15
-	k8s.io/apiextensions-apiserver v0.26.10
-	k8s.io/apimachinery v0.26.15
-	k8s.io/client-go v0.26.15
-	sigs.k8s.io/controller-runtime v0.14.7
+	k8s.io/api v0.31.0
+	k8s.io/apiextensions-apiserver v0.31.0
+	k8s.io/apimachinery v0.31.0
+	k8s.io/client-go v0.31.0
+	sigs.k8s.io/controller-runtime v0.19.3
 	sigs.k8s.io/yaml v1.4.0
 )
 
@@ -122,10 +121,10 @@ require (
 	github.com/docker/docker v27.2.1+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.2 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
-	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -152,6 +151,7 @@ require (
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-github/v53 v53.2.0 // indirect
 	github.com/google/go-jsonnet v0.20.0 // indirect
@@ -267,8 +267,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.32.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/sync v0.9.0 // indirect
 	golang.org/x/sys v0.27.0 // indirect
@@ -282,20 +281,21 @@ require (
 	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/apiserver v0.26.15 // indirect
+	k8s.io/apiserver v0.31.0 // indirect
 	k8s.io/cli-runtime v0.26.15 // indirect
-	k8s.io/component-base v0.26.15 // indirect
+	k8s.io/component-base v0.31.0 // indirect
 	k8s.io/component-helpers v0.26.15 // indirect
-	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-aggregator v0.26.15 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/kubectl v0.26.15 // indirect
 	k8s.io/kubernetes v1.26.15 // indirect
-	k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 // indirect
 	muzzammil.xyz/jsonc v1.0.0 // indirect
 	olympos.io/encoding/edn v0.0.0-20201019073823-d3554ca0b0a3 // indirect

Feedback & Suggestions:

1. Go Version Declaration: The go version declaration has been changed from 1.22.0 to 1.22. While this change is syntactically correct, it's generally a good practice to specify the full version to avoid any ambiguity. Consider reverting to go 1.22.0 for clarity. 🐍

2. Dependency Updates:

   • The updates to the k8s.io dependencies from v0.26.x to v0.31.x and sigs.k8s.io/controller-runtime from v0.14.7 to v0.19.3 are significant. Ensure that these updates are compatible with your codebase and that any breaking changes are addressed. 📦
   • The update of github.com/emicklei/go-restful/v3 from v3.10.2 to v3.11.0 and github.com/evanphx/json-patch/v5 from v5.6.0 to v5.9.0 should be verified for compatibility as well. 🔄

3. Removed Dependency: The go.uber.org/atomic dependency has been removed. Ensure that this is intentional and that no part of your codebase relies on it. If it was removed by mistake, consider adding it back. 🧩

4. Indirect Dependencies: The addition of gopkg.in/evanphx/json-patch.v4 as an indirect dependency should be reviewed to ensure it doesn't conflict with the existing v5 version. Having multiple major versions of the same library can lead to unexpected behavior. ⚠️

5. Version Consistency: Ensure that all dependencies are updated consistently across your project to avoid potential conflicts or unexpected behavior. This is especially important for libraries that interact closely with each other. 🔍

---

---

Dependency Review

Click to read mergecats review!

No suggestions found