Skip to content

chore(deps): bump the go-dependencies group with 2 updates#960

Merged
mbevc1 merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-d4c9db19bf
Jun 17, 2026
Merged

chore(deps): bump the go-dependencies group with 2 updates#960
mbevc1 merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-d4c9db19bf

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group with 2 updates: github.com/Azure/azure-sdk-for-go/sdk/azidentity and k8s.io/kubernetes.

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.13.1 to 1.14.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.

sdk/azidentity/v1.14.0

1.14.0 (2026-06-15)

Breaking Changes

These changes affect only code written against a beta version such as v1.14.0-beta.3

  • Removed WorkloadIdentityCredentialOptions.EnableAzureProxy. It will return in v1.15.0-beta.1

Bugs Fixed

  • AzureDeveloperCLICredential improved reporting of error messages returned from azd

Other Changes

  • Returned azidentity errors include links to the troubleshooting guide when appropriate
  • This module now requires a minimum Go version of 1.25
  • Upgraded dependencies
Commits

Updates k8s.io/kubernetes from 1.36.1 to 1.36.2

Release notes

Sourced from k8s.io/kubernetes's releases.

v1.36.2

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the go-dependencies group with 2 updates
68033f0 
Bumps the go-dependencies group with 2 updates: [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) and [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes).


Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.13.1 to 1.14.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Commits](Azure/azure-sdk-for-go@sdk/azidentity/v1.13.1...sdk/azcore/v1.14.0)

Updates `k8s.io/kubernetes` from 1.36.1 to 1.36.2
- [Release notes](https://github.com/kubernetes/kubernetes/releases)
- [Commits](kubernetes/kubernetes@v1.36.1...v1.36.2)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: k8s.io/kubernetes
  dependency-version: 1.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 16, 2026
@claude

claude Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Claude finished @dependabot[bot]'s task in 59s —— View job

Dependency bump review

  • Identify changed dependencies
  • Check changelogs / semver for breaking changes
  • Find usage in repo
  • Assess compatibility
  • Post review summary

Summary

Four modules change (2 direct, 2 transitive):

Module From → To Type
azure-sdk-for-go/sdk/azidentity 1.13.1 → 1.14.0 direct (minor)
k8s.io/kubernetes 1.36.1 → 1.36.2 direct (patch)
AzureAD/microsoft-authentication-library-for-go 1.6.0 → 1.7.2 indirect
golang-jwt/jwt/v5 5.3.0 → 5.3.1 indirect

Verdict: low risk. Looks safe to merge.

azidentity 1.13.1 → 1.14.0

  • Usage: only internal/azure/azure_apps.go:405 and :466, both calling azidentity.NewClientSecretCredential(tenantId, clientId, clientSecret, nil). This is a long-stable API — its signature is unchanged in 1.14.0.
  • Breaking change in the release notes (removal of WorkloadIdentityCredentialOptions.EnableAzureProxy) affects beta-only code and is not used here.
  • Minimum Go version raised to 1.25go.mod already declares go 1.26.4, so this is satisfied.
  • Other changes are error-message/troubleshooting-link improvements; no behavioral impact on the client-secret flow.

k8s.io/kubernetes 1.36.1 → 1.36.2

  • Usage: a single import in internal/kube/kube_test.go:18e2epod "k8s.io/kubernetes/test/e2e/framework/pod" (test-only helper). The companion k8s.io/api, apimachinery, and client-go are unchanged (still 0.36.0), so no API-surface drift.
  • 1.36.2 is a patch release: cherry-picks + a Go-image bump to go 1.26.4. No public API changes. The go.mod hash for kubernetes is unchanged (h1:...MLdeJ3qw2...), confirming it's a content patch only.

Transitive bumps

  • microsoft-authentication-library-for-go 1.6.0 → 1.7.2 and golang-jwt/jwt/v5 5.3.0 → 5.3.1 — pulled in by the azidentity upgrade. Both retain the same go.mod hash suffix (no module-graph reshaping); not imported directly by this repo. The jwt v5.3.1 patch is a routine fix release.

Suggested follow-up

  • I could not run go build ./... / go vet here (sandbox requires approval), so I relied on source analysis. Recommend confirming the CI build + internal/azure and internal/kube tests pass green on this branch before merge — that fully closes the loop on the NewClientSecretCredential and e2epod usages.

@mbevc1 mbevc1 merged commit 5e2663d into main Jun 17, 2026
15 checks passed
@mbevc1 mbevc1 deleted the dependabot/go_modules/go-dependencies-d4c9db19bf branch June 17, 2026 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mbevc1 mbevc1 mbevc1 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mbevc1