Bump the all-go-mod-patch-and-minor group across 1 directory with 7 updates

[dependabot]

Bumps the all-go-mod-patch-and-minor group with 2 updates in the / directory: github.com/operator-framework/operator-lib and github.com/prometheus/client_golang.

Updates github.com/operator-framework/operator-lib from 0.18.0 to 0.19.0

Release notes

Sourced from github.com/operator-framework/operator-lib's releases.

v0.19.0

What's Changed

• 🌱 Bump github.com/operator-framework/api from 0.30.0 to 0.31.0 by @​dependabot in operator-framework/operator-lib#238
• 🌱 Bump github.com/go-logr/logr from 1.4.2 to 1.4.3 by @​dependabot in operator-framework/operator-lib#240
• updating dependencies to support k8s 1.33 by @​acornett21 in operator-framework/operator-lib#241

Full Changelog: operator-framework/operator-lib@v0.18.0...v0.19.0

Commits

• 44e6f81 updating dependencies to support k8s 1.33 (#241)
• 426fc03 🌱 Bump github.com/go-logr/logr from 1.4.2 to 1.4.3 (#240)
• 2e043cb 🌱 Bump github.com/operator-framework/api from 0.30.0 to 0.31.0 (#238)
• See full diff in compare view

Updates github.com/prometheus/client_golang from 1.22.0 to 1.23.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.23.0 - 2025-07-30

• [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
• [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
• [FEATURE] Add exemplars for native histograms #1686
• [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
• [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
• [BUGFIX] exp/api: client prompt return on context cancellation #1729

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.23.0 / 2025-07-30

• [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
• [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
• [FEATURE] Add exemplars for native histograms #1686
• [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
• [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
• [BUGFIX] exp/api: client prompt return on context cancellation #1729

Commits

• e4b2208 Cut v1.23.0 (#1848)
• d9492af cut v1.23.0-rc.1 (#1842)
• aeae8a0 Cut v1.23.0-rc.0 (#1837)
• b157309 Update common Prometheus files (#1832)
• a704e28 build(deps): bump the github-actions group with 3 updates (#1826)
• c774311 Fix errNotImplemented reference (#1835)
• db4db7b Update runtime metrics for Go v1.23 and v1.24 (#1833)
• 99d380e Update common Prometheus files (#1831)
• f3ef320 Merge pull request #1828 from prometheus/dependabot/go_modules/exp/github.com...
• 520c91a build(deps): bump github.com/prometheus/common in /exp
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.39.0 to 0.40.0

Commits

• 7d6e62a go.mod: update golang.org/x dependencies
• ea0c1d9 internal/timeseries: use built-in max/min to simplify the code
• 3e7a445 quic: skip packet numbers for optimistic ack defense
• 3f563d3 quic: use an enum for sentPacket state
• a3b6e77 quic: don't re-lose packets when discarding keys
• 22500a6 quic: decode packet numbers >255 in tests
• dd0b200 quic: remove go1.21 build constraint
• See full diff in compare view

Updates k8s.io/api from 0.33.0 to 0.33.2

Commits

• c9534e4 Update dependencies to v0.33.2 tag
• See full diff in compare view

Updates k8s.io/apimachinery from 0.33.0 to 0.33.2

Commits

• 173776a Merge pull request #131708tigrato/automated-cherry-pick-of-#131702
• a3d1fde fix: fixes a possible panic in NewYAMLToJSONDecoder
• See full diff in compare view

Updates k8s.io/client-go from 0.33.0 to 0.33.2

Commits

• f2e6cad Update dependencies to v0.33.2 tag
• See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.20.4 to 0.21.0

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.21.0

Highlights

• Bump to Kubernetes v1.33 libraries
• Improvements for priority queue (#2374)
• envtest now has an option to download envtest binaries (can be used to replace setup-envtest depending on use case)
• Metric improvements: native histograms, all Go runtime metrics are enabled now
• Various bug fixes
• New reviewers: @​troy0820, @​JoelSpeed!!

⚠️ Breaking Changes

• Bump to k8s.io/* v0.33.0 and Go 1.24 (#3104 #3142 #3161 #3204 #3215)
• config: Stop enabling client-side ratelimiter by default (#3119)
  • Previous behavior can be preserved by setting QPS 20 and Burst 30 on the rest.Config
• controller: NewUnmanaged/NewTypedUnmanaged: Stop requiring a manager (#3141)
• reconcile: Deprecate Result.Requeue (#3107)

✨ New Features

• controller: priority queue:
  • Add debug logging for the state of the priority queue (#3075)
  • Add priority label to queue depth metric (#3156)
  • Leverage IsInInitialList (#3162)
  • Remove redundant WithLowPriorityWhenUnchanged in builder (#3168)
  • Retain the priority after Reconcile (#3167)
  • Set priority automatically in handlers (#3111 #3152 #3160 #3174)
• envtest: Add Environment.KubeConfig field (#2278)
• envtest: Add option to download envtest binaries (#3135 #3137)
• events: Add IsInInitialList to TypedCreateEvent (#3162)
• log/zap: Enable panic log level (#3186)
• logging: Adopt WarningHandlerWithContext (#3176)
• logging: Improve logging by adopting contextual logging (#3149)
• metrics: Adopt native histograms (#3165)
• metrics: Expose all Go runtime metrics (#3070)

🐛 Bug Fixes

• apiutil: restmapper: Respect preferred version (#3151)
• builder: webhook: Fix custom path for webhook conflicts (#3102)
• cache: Clone maps to prevent data races when concurrently creating caches using the same options (#3078)
• cache: Stop accumulating lists in multi-namespace cache implementation (#3195)
• cache: List out of global cache when present and necessary (#3126)
• client: Return error if pagination is used with the cached client (#3134)
• controller: Support WaitForSync in TypedSyncingSource (#3084)
• controller: priority queue: Fix behavior of rate limit option in priorityqueue.AddWithOpts (#3103)
• controller: priority queue: Yet another queue_depth metric fix (#3085)
• controllerutil: CreateOrUpdate: Avoid panic when the MutateFn is nil (#2828)
• envtest: Fix nil pointer exception in Stop() (#3153)
• fake client: Fix data races when writing to the scheme (#3143)

... (truncated)

Commits

• 71f7db5 Merge pull request #3225 from troy0820/troy0820/prepare-for-0.21-release
• 52d8779 update README with go version
• ab37f74 Merge pull request #3223 from troy0820/troy0820/return-warnings-on-webhooks
• 250a88f return warnings on webhooks
• 85ee7a9 Merge pull request #3217 from kubernetes-sigs/dependabot/github_actions/all-g...
• 81f1fae 🌱 Bump the all-github-actions group across 1 directory with 3 updates
• d9a2274 Merge pull request #3187 from dongjiang1989/update-golangci-lint-v2
• 9c38211 update golangci-lint to v2
• 9b5f6a7 Merge pull request #3208 from troy0820/troy0820/api-machinery-marshal
• b3278df use sigs.k8s.io/json to unmarshal in fakeclient
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud