[2024-08-29] Bump dependency updates identified by dependabot

[henrybear327]

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

This pull request completes this week's etcd dependency updates following our dependency roster and dependency management instructions.

Summary of actions

Bumped

• https://github.com/etcd-io/etcd/pull/18504
• https://github.com/etcd-io/etcd/pull/18500
• https://github.com/etcd-io/etcd/pull/18499
• https://github.com/etcd-io/etcd/pull/18498
• https://github.com/etcd-io/etcd/pull/18497
• https://github.com/etcd-io/etcd/pull/18492 + https://github.com/etcd-io/etcd/pull/18491

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

[codecov-commenter]

:warning: Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 0% with 27 lines in your changes missing coverage. Please review.

Project coverage is 68.85%. Comparing base (fe796ab) to head (d82b977). Report is 2 commits behind head on main.

:exclamation: Current head d82b977 differs from pull request most recent head 06a6da0

Please upload reports for the commit 06a6da0 to get more accurate results.

Files with missing lines	Patch %	Lines
client/v3/kubernetes/client.go	0.00%	27 Missing :warning:

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

| [Files with missing lines](https://app.codecov.io/gh/etcd-io/etcd/pull/18515?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None) | Coverage Δ | | |---|---|---| | [client/v3/kubernetes/client.go](https://app.codecov.io/gh/etcd-io/etcd/pull/18515?src=pr&el=tree&filepath=client%2Fv3%2Fkubernetes%2Fclient.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-Y2xpZW50L3YzL2t1YmVybmV0ZXMvY2xpZW50Lmdv) | `0.00% <0.00%> (ø)` | | ... and [22 files with indirect coverage changes](https://app.codecov.io/gh/etcd-io/etcd/pull/18515/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None) ```diff @@ Coverage Diff @@ ## main #18515 +/- ## ========================================== + Coverage 68.77% 68.85% +0.08% ========================================== Files 420 420 Lines 35489 35470 -19 ========================================== + Hits 24407 24423 +16 + Misses 9650 9613 -37 - Partials 1432 1434 +2 ``` ------ [Continue to review full report in Codecov by Sentry](https://app.codecov.io/gh/etcd-io/etcd/pull/18515?dropdown=coverage&src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None) > `Δ = absolute (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://app.codecov.io/gh/etcd-io/etcd/pull/18515?dropdown=coverage&src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None). Last update [fe796ab...06a6da0](https://app.codecov.io/gh/etcd-io/etcd/pull/18515?dropdown=coverage&src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None).

[ivanvc]

@henrybear327, it looks like dependabot didn't try to update go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to 1.29.0. I think it's because we closed #18297, as it looked indirect, but it's a direct dependency defined in server/go.mod. So, maybe along with your commit 7ef38ee, you can update that dependency too if that makes sense.

[ahrtr]

I think it's because we closed #18297, as it looked indirect, but it's a direct dependency defined in server/go.mod

Right. purely indirect should mean that it's a purely indirect dependency in all modules.

maybe along with your commit 7ef38ee, you can update that dependency too

+1

[ahrtr]

So, maybe along with your commit 7ef38ee, you can update that dependency too if that makes sense.

It's OK to address it in a separate PR, which might be a little easier. @henrybear327 Please let's know if you want to resolve it in this PR or a separate PR

[henrybear327]

➜  etcd git:(dependencies/08_29_24) grep -Ri "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v" | grep -v sum 
./etcdutl/go.mod:       go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
./go.mod:       go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
./tests/go.mod: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
./server/go.mod:        go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0

I can bump it now. Sorry for missing the discussion!

[henrybear327]

LGTM. As @ahrtr suggested, we can bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc in a follow-up pull request. Thanks, Henry.

@ivanvc @ahrtr bumped the dependency as requested/spotted!

Sorry for missing out on the previous comment again.

[henrybear327]

/retest

[henrybear327]

/retest

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahrtr, henrybear327, ivanvc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/etcd-io/etcd/blob/main/OWNERS)~~ [ahrtr] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment