chore(deps): Bump github.com/kserve/kserve from 0.12.1 to 0.15.2

[dependabot]

Bumps github.com/kserve/kserve from 0.12.1 to 0.15.2.

Release notes

Sourced from github.com/kserve/kserve's releases.

v0.15.2

What's Changed

• Fixes CVE-2025-43859 by @​spolti in kserve/kserve#4468
• config: enable ModelCar by default by @​tarilabs in kserve/kserve#4316
• fix: huggingface e2e test output mismatch and add tests for stream requests by @​sivanantha321 in kserve/kserve#4482
• Rework the order in which the knative autoscaler configmap is read during reconciliation by @​brettmthompson in kserve/kserve#4471
• Add predictor_config to ModelServer init function by @​greenmoon55 in kserve/kserve#4491
• docs: enhance security documentation with detailed reporting and prevention mechanisms by @​sivanantha321 in kserve/kserve#4495
• fix: update workflow to use ubuntu-latest for rerun PR tests by @​sivanantha321 in kserve/kserve#4496
• Generate Release 0.15.2 by @​yuzisun in kserve/kserve#4497

New Contributors

• @​tarilabs made their first contribution in kserve/kserve#4316

Full Changelog: kserve/kserve@v0.15.1...v0.15.2

v0.15.1

What's Changed

• fix typo on inferenceservice-config by @​spolti in kserve/kserve#4244
• Bump Go version to 1.24 by @​sivanantha321 in kserve/kserve#4321
• CI: Increase timeout for REST client connections to improve reliability by @​sivanantha321 in kserve/kserve#4355
• Localmodel agent can watch node groups by @​greenmoon55 in kserve/kserve#4362
• Fixing flake8 linter error. by @​andresllh in kserve/kserve#4354
• Update Huggingface Transformer to 4.50.3 by @​rajatvig in kserve/kserve#4351
• fix: Register LoRA model name in model registry to avoid not found error by @​sivanantha321 in kserve/kserve#4352
• Update Huggingface Transformer to 4.51.0 and huggingface-hub for kserve by @​rajatvig in kserve/kserve#4364
• Router config fixes in configmap template by @​tmbochenski in kserve/kserve#4369
• Chore: Deprecate Openvino support in HF runtime by @​gavrissh in kserve/kserve#4379
• vLLM V1 support for HF Server Runtime by @​gavrissh in kserve/kserve#4368
• Support Numpy 2.x by @​sivanantha321 in kserve/kserve#4386
• [Model cache] Do not remove PVC and PV after isvc deletion by @​greenmoon55 in kserve/kserve#4390
• Fix Flaky multi processing tests by @​andyi2it in kserve/kserve#4383
• Rerank support for vLLM in HuggingFace Serving Runtime by @​AyushSawant18588 in kserve/kserve#4376
• Upgrade vllm to support Llama4 by @​gavrissh in kserve/kserve#4388
• Adding bitsandbytes package for 4 bit support by @​johnugeorge in kserve/kserve#4406
• Fix: Isvc matched with wrong ModelCache by @​HotsauceLee in kserve/kserve#4398
• Fix: remove duplicated OpenAIGenerativeModel in init by @​huazq in kserve/kserve#4399
• Feat: Allow inference service metadata injection at agent sidecar level for payload logging by @​tylerhyang in kserve/kserve#4325
• Fix for KEDA scaledobject target value is set to pointer instead of specified value by @​andyi2it in kserve/kserve#4373
• MultiNode change a logic to calculate ray node count and gpu count by @​Jooho in kserve/kserve#4356
• Remove internal annotations when no cache resource is matched by @​greenmoon55 in kserve/kserve#4412
• Add DeploymentMode to InferenceService and InferenceGraph status and prevent deploymentMode change by @​israel-hdez in kserve/kserve#4423
• Feat should not NewHPARecroncile for external hpa. by @​johnzheng1975 in kserve/kserve#4363
• chore: Upgrade prow-github-actions to version 2 in workflow files by @​sivanantha321 in kserve/kserve#4417
• Fix: update external autoscaler tests missed from PR 4363 by @​Jooho in kserve/kserve#4438
• Update OWNERS by @​terrytangyuan in kserve/kserve#4442
• Upgrade vLLM to support Qwen3 by @​gavrissh in kserve/kserve#4434
• InferenceGraph: Fix response code when condition step is not fulfilled by @​israel-hdez in kserve/kserve#4429
• Stop and resume a model by adding a new annotation [Serverless] by @​hdefazio in kserve/kserve#4337
• Improve Handling of Knative Autoscaler Confguration by @​brettmthompson in kserve/kserve#4394

... (truncated)

Commits

• d623ea2 Generate Release 0.15.2 (#4497)
• 63c7c5c fix: update workflow to use ubuntu-latest for rerun PR tests (#4496)
• 55119b7 docs: enhance security documentation with detailed reporting and prevention m...
• 1c34d67 Add predictor_config to ModelServer init function (#4491)
• dbe71fb Rework the order in which the knative autoscaler configmap is read during rec...
• 8f2a485 fix: huggingface e2e test output mismatch and add tests for stream requests (...
• f872c32 config: enable ModelCar by default (#4316)
• d413fc2 Fixes CVE-2025-43859 (#4468)
• 3a1dc46 Fixes vLLM V1 failures: Revert back the approach to initiate the background e...
• c5cffed Improve code coverage (#4385)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by Sourcery

Upgrade the Go module dependencies by bumping kserve to v0.15.2, updating the Go version, and aligning related libraries to their latest compatible releases.

Build:

• Bump GitHub.com/kserve/kserve dependency from v0.12.1 to v0.15.2 and switch Go version to 1.24.1
• Upgrade Kubernetes modules (api, apimachinery, client-go) to v0.32.3 and controller-runtime to v0.19.1
• Update gRPC to v1.71.0 and numerous indirect dependencies to their latest minor/patch versions for compatibility

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

[sourcery-ai]

Reviewer's Guide

This PR upgrades the kserve dependency from v0.12.1 to v0.15.2, bumps the Go toolchain from 1.23.0 to 1.24.1, and refreshes related Kubernetes and transitive module versions in go.mod and go.sum to align with the new kserve release.

ER Diagram: Update to KServe InferenceServiceStatus Structure

erDiagram
    InferenceServiceStatus {
        string url "URL of the InferenceService"
        string address_url "Addressable endpoint URL (nullable)"
        string deploymentMode "NEW: Deployment Mode (e.g., Serverless, RawDeployment)"
        string conditions "Serialized list of conditions"
        string components "Serialized map of component statuses"
        string otherFields "... (other existing fields)"
    }
    note "The 'deploymentMode' field was added to InferenceServiceStatus in KServe v0.15.1 (part of v0.15.2 update). TrustyAI Service Operator now depends on this updated structure."

Loading

File-Level Changes

Change	Details	Files
Upgrade kserve dependency to v0.15.2	update require directive for github.com/kserve/kserve from v0.12.1 to v0.15.2 regenerate module checksums to include release 0.15.2	go.mod go.sum
Bump Go language version	change go directive from 1.23.0 to 1.24.1	go.mod
Update Kubernetes and controller-runtime modules	bump k8s.io/api, k8s.io/apimachinery, k8s.io/client-go to v0.32.3 upgrade sigs.k8s.io/controller-runtime to v0.19.1	go.mod
Refresh and align transitive dependencies	tidy and update dozens of indirect modules (e.g., cloud.google.com/go, go.opentelemetry.io, knative, envoy proxy, prometheus, etc.) ensure go.sum reflects all new and updated versions	go.mod go.sum

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a trustyai-explainability member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.