deps(deps): bump the go-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the go-dependencies group with 3 updates in the / directory: github.com/go-chi/chi/v5, helm.sh/helm/v3 and sigs.k8s.io/kind.

Updates github.com/go-chi/chi/v5 from 5.2.3 to 5.2.4

Commits

• 6eb3588 middleware: harden RedirectSlashes handler (#1044)
• de0d16e Update comment about min Go version (#1023)
• 9fb4a15 update reverseMethodMap in RegisterMethod (#1022)
• 51c977c Refactor to use atomic type (#1019)
• 563ab11 Refactor graceful shutdown example (#994)
• a52c582 Bump minimum Go and use new features (#1017)
• See full diff in compare view

Updates helm.sh/helm/v3 from 3.19.1 to 3.19.5

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.19.5 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

• Fixed bug where removing subchart value via override resulted in warning #31118
• Fixed bug where helm uninstall with --keep-history did not suspend previous deployed releases helm/helm#12556

Installation and Upgrading

Download Helm v3.19.5. The common platform binaries are here:

• MacOS amd64 (checksum / 57f4a847c349382b7cc742a6434ef25f88f0928a113d8cf49084b464878ef0b9)
• MacOS arm64 (checksum / 195e24e587f423f15a78feebab04583ceee68323598575a0e8b3b11b43fd26fe)
• Linux amd64 (checksum / a0a5e8c592ed3f376ac110715eff214730c7422f9a44d96cf98117d2b8b0e6c0)
• Linux arm (checksum / 1367926ea842729b4312fbf800234d15bcaa419c92201727b776da4550078a09)
• Linux arm64 (checksum / ce02147ffee6d993bf8ae97a44a22e9e1daf0b69d2d5b69a0c8cf6706445ccf5)
• Linux i386 (checksum / 54ec170590a6bfb26990c645426f92089d9eb574190c00620ca793d92b5891d5)
• Linux ppc64le (checksum / a51ba349875e2a219c909ae802435db403ea6924ca4725acb73f520da36e5f45)
• Linux s390x (checksum / 071f19deabaf2326a7ca54c3143934e2001c61bd106fa2949bf53d1e7452ecd0)
• Linux riscv64 (checksum / a33b2df76300d33008a2b47107f289a0de31d461e6bfb2354bf1fd747ccecc9b)
• Windows amd64 (checksum / f258b0d17a4c914ad453f9d8cc21643dddd354f4fbad4c7c595cf3480221379e)
• Windows arm64 (checksum / 232bccce9fe4212a22acc210a555edc75e101b26fb9a9eb1442c32bda8d102bf)

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @​scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 4.1.0 and 3.20.0 is the next minor releases and will be on January 21, 2026
• 4.1.1 and 3.20.1 are the next patch releases and will be on March 11, 2026

Changelog

• fix(rollback): errors.Is instead of string comp 4a19a5b6fb912c5c28a779e73f2e0880d9e239a4 (Hidde Beydals)
• fix(uninstall): supersede deployed releases 7a00235a0622b6eae1d06fbb87c2a33b718cbd7e (Hidde Beydals)
• fix null merge 578564ee26171e5ca2ee0edd0c06cb58a72fba87 (Ben Foster)

Helm v3.19.4 is a security fix for a Go CVE in the previous tag. This patch release rebuilds the Helm v3.19.3 release with the latest Go toolchain, to fix the Go CVE. Users are encouraged to upgrade.

The community keeps growing, and we'd love to see you there!

... (truncated)

Commits

• 4a19a5b fix(rollback): errors.Is instead of string comp
• 7a00235 fix(uninstall): supersede deployed releases
• 578564e fix null merge
• 7cfb6e4 Use latest patch release of Go in releases
• 59c951f chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0
• d45f3f1 chore(deps): bump github.com/cyphar/filepath-securejoin
• d459544 chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0
• becd387 chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0
• edb1579 chore(deps): bump the k8s-io group with 7 updates
• 8766e71 [backport] fix: get-helm-3 script use helm3-latest-version
• See full diff in compare view

Updates k8s.io/api from 0.34.1 to 0.34.2

Commits

• e28454b Update dependencies to v0.34.2 tag
• See full diff in compare view

Updates k8s.io/apimachinery from 0.34.1 to 0.34.2

Commits

• See full diff in compare view

Updates k8s.io/client-go from 0.34.1 to 0.34.2

Commits

• 54601aa Update dependencies to v0.34.2 tag
• 1bb1ad2 Merge pull request #134589liggitt/automated-cherry-pick-of-#134588
• 2505205 Remove invalid SAN certificate construction
• 7ffba0f Merge pull request #134004DerekFrank/automated-cherry-pick-of-#133573
• 145cb8f gofmt and review feedback
• ddcdc12 fix: Update unit test to catch actual nil Labels case and fix functionality t...
• See full diff in compare view

Updates sigs.k8s.io/kind from 0.30.0 to 0.31.0

Release notes

Sourced from sigs.k8s.io/kind's releases.

v0.31.0

This release contains dependency updates and defaults to Kubernetes 1.35.0.

Please take note of the breaking changes from Kubernetes 1.35, and how to prepare for future changes to move off of the deprecated kubeam v1beta3 in favor of v1beta4. We will include updated reminders for both again in subsequent releases.

The default node image is now kindest/node:v1.35.0@sha256:452d707d4862f52530247495d180205e029056831160e22870e37e3f6c1ac31f

Kubernetes will be removing cgroup v1 support, and therefore kind node images at those versions will also be dropping support.

You can read more about this change in the Kubernetes release blog: https://kubernetes.io/blog/2025/12/17/kubernetes-v1-35-release/#removal-of-cgroup-v1-support

If you must use kind on cgroup v1, we recommend using an older Kubernetes release for the immediate future, but we also strongly recommend migrating to cgroup v2.

In the near future as Kubernetes support dwindles, KIND will also clean up cgroup v1 workarounds and drop support in future kind releases and images, regardless of Kubernetes version.

Most stable linux distros should be on cgroupv2 out of the box.

This is a reminder to use pinned images by digest, see the note below about images for this release.

WARNING: Future kind releases will adopt kubeadm v1beta4 configuration, kubeadm v1beta4 has a breaking change to extraArgs: https://kubernetes.io/blog/2024/08/23/kubernetes-1-31-kubeadm-v1beta4/.

If you use the kubeadmConfigPatches feature then you may need to prepare for this change. We recommend that you use versioned config patches that explicitly match the version required.

KIND uses kubeadm v1beta3 for Kubernetes 1.23+, and will likely use v1beta4 for Kubernetes 1.36+ The exact version is TBD pending work to fix this but expected to be 1.36. It will definitely be an as-of-yet-unreleased Kubernetes version to avoid surprises, and it will not be on a patch-release boundary.

KIND may still work with older Kubernetes versions at v1beta2, but we no longer test or actively support these as Kubernetes only supports 1.32+ currently: https://kubernetes.io/releases/

You likely only need v1beta3 + v1beta4 patches, you can take your existing patches that work with v1beta3, explicitly set apiVersion: kubeadm.k8s.io/v1beta3 in the patch at the top level, and make another copy for v1beta4. The v1beta4 patch will need to move extraArgs from a map to a list, for examples see: https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/

For a concrete example of kind config with kubeadm config patch targeting both v1beta3 and v1beta4, consider this simple kind config that sets verbosity of the apiserver logs:

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
kubeadmConfigPatches:
# patch for v1beta3 (1.23 ...)
- |
  kind: ClusterConfiguration
  apiVersion: kubeadm.k8s.io/v1beta3
  apiServer:
    extraArgs:
</tr></table> 

... (truncated)

Commits

• a323333 version v0.31.0
• 32124c6 Merge pull request #4077 from BenTheElder/135
• b088420 drop almalinux 8
• b1b15ed bump node image to 1.35.0
• c17c183 Merge pull request #4069 from BenTheElder/latest-images
• 36ee7a6 update node image to 1.34.3 with runc 1.2.x
• 1f8526c Merge pull request #4073 from aoxn/typo
• a47cf1e license typo
• 57ed4da use base image with runc 1.2.x
• 5e1c871 downgrade runc to 1.2.9 due to broken Kubernetes 1.33 tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!