deps(go): bump the go-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the go-dependencies group with 4 updates in the / directory: github.com/onsi/ginkgo/v2, github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring, github.com/prometheus/common and go.uber.org/zap.

Updates github.com/onsi/ginkgo/v2 from 2.27.2 to 2.28.1

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

v2.27.3

2.27.3

Fixes

report exit result in case of failure [1c9f356] fix data race [ece19c8]

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

2.27.3

Fixes

report exit result in case of failure [1c9f356] fix data race [ece19c8]

Commits

• 5d1d628 v2.28.1
• 676f985 update test mu language
• 8032100 appease go vet
• 41ca807 bump dependencies
• 2b2305b v2.28.0
• 71d2d89 feat: support component semantic version filtering
• 8cbbcb4 Fix doclink for ginkgo run
• a928307 v2.27.5
• 0d0e96d don't make a new formatter for each GinkgoT(); that's just silly and uses pre...
• 867ce95 v2.27.4
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.38.2 to 1.39.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.39.0

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

v1.38.3

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Commits

• 49561ad v1.39.0
• 8f7f425 document MatchErrorStrictly
• bae643d add matcher relecting errors.Is behavior
• a3ca2ca v1.38.3
• 4dada36 fix failing have http tests
• d40c691 make string formatitng more consistent for users who use format.Object directly
• 2a37b46 doc: fix typos
• ee26170 docs: fix HaveValue example
• cc85c05 Bump actions/setup-go from 5 to 6 (#866)
• 8905788 Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (#865)
• Additional commits viewable in compare view

Updates github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring from 0.78.2 to 0.89.0

Release notes

Sourced from github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's releases.

0.89.0 / 2026-02-05

• [ENHANCEMENT] Add hostNetwork field to the Alertmanager CRD. #8281
• [ENHANCEMENT] Add the crds and full-crds commands to the operator's binary. #8251
• [ENHANCEMENT] Report deprecated field usage in the Reconciled condition type. #8236
• [ENHANCEMENT] Avoid unnecessary reconciliation upon creation of the ThanosRuler StatefulSet. #8347
• [ENHANCEMENT] Add bodySizeLimit to the ScrapeConfig CRD. #8348
• [ENHANCEMENT] Support http_headers field in the Alertmanager Secret. #8357
• [ENHANCEMENT] Add the -kubelet-http-metrics flag to enable/disable the HTTP metrics port in the Kubelet endpoint (default=enabled). #8350
• [ENHANCEMENT] Include operator.prometheus.io/version annotation in the full version of CRDs. #8279
• [BUGFIX] Validate VictorOps global configuration in the Alertmanager CRD. #8020
• [BUGFIX] Validate Jira global configuration in the Alertmanager CRD. #8265
• [BUGFIX] Validate VictorOps receiver's URL in the AlertmanagerConfig CRD. #8258
• [BUGFIX] Validate Webex receiver's URL in the AlertmanagerConfig CRD. #8255
• [BUGFIX] Validate Jira receiver's URL configuration in the AlertmanagerConfig CRD. #8230
• [BUGFIX] Validate OpsGenie receiver configuration in the AlertmanagerConfig CRD. #8267
• [BUGFIX] Validate WeChat receiver configuration in the AlertmanagerConfig CRD. #8271
• [BUGFIX] Validate SNS receiver configuration in the AlertmanagerConfig CRD. #8217
• [BUGFIX] Validate Webex global configuration in the Alertmanager CRD. #7979
• [BUGFIX] Validate Telegram global configuration in the Alertmanager CRD. #8268
• [BUGFIX] Restore statefulset's labels if the creation fails with AlreadyExists. #8343
• [BUGFIX] Fix potential panic due to informer cache races. #8310
• [BUGFIX] Support probers defined with IPv6 addresses in the Probe CRD. #8354
• [BUGFIX] Prevent group and repeat intervals with zero duration from breaking Alertmanager. #8126
• [BUGFIX] Propagate all supported RocketChat attributes for AlertmanagerConfig CRD. #8016
• [BUGFIX] Add URL validation for WeChat receiver. #8256
• [BUGFIX] Add URL validation for SNS receiver. #8259
• [BUGFIX] Fix GCE service discovery for the ScrapeConfig CRD. #8284
• [BUGFIX] Avoid stale conditions in Alertmanager, ThanosRuler, Prometheus and PrometheusAgent resources. #8304
• [BUGFIX] Fix race condition when updating rule ConfigMaps. #8290
• [BUGFIX] Fix race condition when patching finalizers. #8323
• [BUGFIX] Reconcile ScrapeConfig resources when namespace selection changes. #8334

0.88.1 / 2026-01-27

• [BUGFIX] Validate webhookURL secret for MSTeams receiver in AlertmanagerConfig CRD. #8294
• [BUGFIX] Revert maximum version check for EC2/Lightsail SD in ScrapeConfig CRD. #8308
• [BUGFIX] Relax URL validation in Slack receiver in AlertmanagerConfig CRD to support Go templates. #8299 #8331
• [BUGFIX] Relax URL validation in PagerDuty in AlertmanagerConfig CRD to support Go templates. #8319
• [BUGFIX] Relax URL validation in WebhookConfig in AlertmanagerConfig CRD to support Go templates. #8307 #8317
• [BUGFIX] Relax URL validation in RocketChat receiver in AlertmanagerConfig CRD to support Go templates. #8318
• [BUGFIX] Relax URL validation in Pushover receiver in AlertmanagerConfig CRD to support Go templates. #8307 #8316

0.88.0 / 2026-01-09

• [CHANGE] Use narrower selectors for StatefulSet informers in Alertmanager and ThanosRuler controllers. It is recommended to upgrade from v0.85.0 (at least). #8246
• [CHANGE] Reject EC2/Lightsail SD for Prometheus >= 3.8.0 in ScrapeConfig CRD. #8175
• [FEATURE] Add podManagementPolicy field to Prometheus, PrometheusAgent, Alertmanager and ThanosRuler CRDs. #8119
• [FEATURE] Add updateStrategy field to Prometheus, PrometheusAgent, Alertmanager and ThanosRuler CRDs. #8202
• [FEATURE] Add scrapeNativeHistograms field to Prometheus, PrometheusAgent, ServiceMonitor, PodMonitor, Probe and ScrapeConfig CRDs. #8102
• [FEATURE] Add scope field to AzureAD remote write configuration. #8240

... (truncated)

Changelog

Sourced from github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's changelog.

0.89.0 / 2026-02-05

• [ENHANCEMENT] Add hostNetwork field to the Alertmanager CRD. #8281
• [ENHANCEMENT] Add the crds and full-crds commands to the operator's binary. #8251
• [ENHANCEMENT] Report deprecated field usage in the Reconciled condition type. #8236
• [ENHANCEMENT] Avoid unnecessary reconciliation upon creation of the ThanosRuler StatefulSet. #8347
• [ENHANCEMENT] Add bodySizeLimit to the ScrapeConfig CRD. #8348
• [ENHANCEMENT] Support http_headers field in the Alertmanager Secret. #8357
• [ENHANCEMENT] Add the -kubelet-http-metrics flag to enable/disable the HTTP metrics port in the Kubelet endpoint (default=enabled). #8350
• [ENHANCEMENT] Include operator.prometheus.io/version annotation in the full version of CRDs. #8279
• [BUGFIX] Validate VictorOps global configuration in the Alertmanager CRD. #8020
• [BUGFIX] Validate Jira global configuration in the Alertmanager CRD. #8265
• [BUGFIX] Validate VictorOps receiver's URL in the AlertmanagerConfig CRD. #8258
• [BUGFIX] Validate Webex receiver's URL in the AlertmanagerConfig CRD. #8255
• [BUGFIX] Validate Jira receiver's URL configuration in the AlertmanagerConfig CRD. #8230
• [BUGFIX] Validate OpsGenie receiver configuration in the AlertmanagerConfig CRD. #8267
• [BUGFIX] Validate WeChat receiver configuration in the AlertmanagerConfig CRD. #8271
• [BUGFIX] Validate SNS receiver configuration in the AlertmanagerConfig CRD. #8217
• [BUGFIX] Validate Webex global configuration in the Alertmanager CRD. #7979
• [BUGFIX] Validate Telegram global configuration in the Alertmanager CRD. #8268
• [BUGFIX] Restore statefulset's labels if the creation fails with AlreadyExists. #8343
• [BUGFIX] Fix potential panic due to informer cache races. #8310
• [BUGFIX] Support probers defined with IPv6 addresses in the Probe CRD. #8354
• [BUGFIX] Prevent group and repeat intervals with zero duration from breaking Alertmanager. #8126
• [BUGFIX] Propagate all supported RocketChat attributes for AlertmanagerConfig CRD. #8016
• [BUGFIX] Add URL validation for WeChat receiver. #8256
• [BUGFIX] Add URL validation for SNS receiver. #8259
• [BUGFIX] Fix GCE service discovery for the ScrapeConfig CRD. #8284
• [BUGFIX] Avoid stale conditions in Alertmanager, ThanosRuler, Prometheus and PrometheusAgent resources. #8304
• [BUGFIX] Fix race condition when updating rule ConfigMaps. #8290
• [BUGFIX] Fix race condition when patching finalizers. #8323
• [BUGFIX] Reconcile ScrapeConfig resources when namespace selection changes. #8334

0.88.1 / 2026-01-27

• [BUGFIX] Validate webhookURL secret for MSTeams receiver in AlertmanagerConfig CRD. #8294
• [BUGFIX] Revert maximum version check for EC2/Lightsail SD in ScrapeConfig CRD. #8308
• [BUGFIX] Relax URL validation in Slack receiver in AlertmanagerConfig CRD to support Go templates. #8299 #8331
• [BUGFIX] Relax URL validation in PagerDuty in AlertmanagerConfig CRD to support Go templates. #8319
• [BUGFIX] Relax URL validation in WebhookConfig in AlertmanagerConfig CRD to support Go templates. #8307 #8317
• [BUGFIX] Relax URL validation in RocketChat receiver in AlertmanagerConfig CRD to support Go templates. #8318
• [BUGFIX] Relax URL validation in Pushover receiver in AlertmanagerConfig CRD to support Go templates. #8307 #8316

0.88.0 / 2026-01-09

• [CHANGE] Use narrower selectors for StatefulSet informers in Alertmanager and ThanosRuler controllers. It is recommended to upgrade from v0.85.0 (at least). #8246
• [CHANGE] Reject EC2/Lightsail SD for Prometheus >= 3.8.0 in ScrapeConfig CRD. #8175
• [FEATURE] Add podManagementPolicy field to Prometheus, PrometheusAgent, Alertmanager and ThanosRuler CRDs. #8119
• [FEATURE] Add updateStrategy field to Prometheus, PrometheusAgent, Alertmanager and ThanosRuler CRDs. #8202
• [FEATURE] Add scrapeNativeHistograms field to Prometheus, PrometheusAgent, ServiceMonitor, PodMonitor, Probe and ScrapeConfig CRDs. #8102

... (truncated)

Commits

• e13fb15 chore: update go.mod files (#8361)
• cca237f chore: update go.mod files
• 1469a69 Merge pull request #8360 from simonpasquier/cut-0.89.0
• 2d28b87 chore: cut v0.89.0
• 5f5061e Merge pull request #8359 from prometheus-operator/dependabot/github_actions/i...
• f0259bc add URL validation for SNS receiver (#8259)
• 0262ae3 build(deps): bump imjasonh/setup-crane from 0.4 to 0.5
• 5e8d9c5 feat: integrate all supported rocketchat attributes for alertmanagerconfig CR...
• 69b3653 fix: validate nonzero duration in AlertmanagerConfig (#8126)
• 8eb57b7 fix: support IPv6 addresses in prober URL validation (#8354)
• Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.67.2 to 0.67.5

Release notes

Sourced from github.com/prometheus/common's releases.

v0.67.5

What's Changed

• build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.34.0 by @​dependabot[bot] in prometheus/common#871
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#866
• build(deps): bump golang.org/x/net from 0.46.0 to 0.48.0 by @​dependabot[bot] in prometheus/common#872
• build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 by @​dependabot[bot] in prometheus/common#870

Full Changelog: prometheus/common@v0.67.4...v0.67.5

v0.67.4 / 2025-11-18

What's Changed

• chore: clean up golangci-lint configuration by @​mmorel-35 in prometheus/common#782
• chore: 'omitempty' to Oauth2 fields with type Secret to avoid requiring them by @​JorTurFer in prometheus/common#864
• chore: Add omitempty tag to all config fields by @​JorTurFer in prometheus/common#865

Full Changelog: prometheus/common@v0.67.3...v0.67.4

v0.67.3 / 2025-11-18

What's Changed

• Support JWT Profile for Authorization Grant (RFC 7523 3.1) by @​JorTurFer in prometheus/common#862
• Config: remove outdated comment about HTTP/2 issues by @​bboreham in prometheus/common#863

New Contributors

• @​JorTurFer made their first contribution in prometheus/common#862

Full Changelog: prometheus/common@v0.67.2...v0.67.3

Changelog

Sourced from github.com/prometheus/common's changelog.

Changelog

main / unreleased

What's Changed

Commits

• 934ff37 build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 (#870)
• 1e29804 build(deps): bump golang.org/x/net from 0.46.0 to 0.48.0 (#872)
• 0bd1c40 Synchronize common files from prometheus/prometheus (#866)
• b644201 build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.34.0 (#871)
• d80d854 chore: Add omitempty tag to all config fields (#865)
• 04686b2 chore: 'omitempty' to Oauth2 fields with type Secret to avoid requiring them ...
• 0b2fbf3 chore: clean up golangci-lint configuration (#782)
• b2cdb07 Merge pull request #863 from prometheus/remove-http2-comment
• cd1ab56 Config: remove outdated comment about HTTP/2 issues
• f4c0aea Support JWT Profile for Authorization Grant (RFC 7523 3.1) (#862)
• See full diff in compare view

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

• 7b755a3 release 1.27.1 (#1521)
• d6b395b Update lazy logger not to materialize unless it's being written to (#1519)
• 4b9cea0 ci: Test with Go 1.24, Go 1.25 (#1508)
• 7c80d7b Fix race condition in WithLazy implementation (#1426) (#1511)
• 07077a6 Prevent zap.Object from panicing on nils (#1501)
• a6afd05 Fix lint check name (#1502)
• 6d48253 chore: fix typo (#1482)
• 32f2ec1 Fix the field test for bool type (#1480)
• fe16eb5 Upgrade grpc in zapgrc test package & bump go version (#1478)
• 5f00c34 test(AtomicLevel): demonstrate Handler is not vulnerable to XSS (#1477)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: release-note-none. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

👋 Thanks for your contribution!

This PR is from a fork, so the e2e tests require approval to run (they use GPU resources).

For maintainers/admins: Comment /ok-to-test to trigger the e2e tests after reviewing the code.

For contributors: Please wait for a maintainer or admin to approve running the tests.