Bump the github-dependencies group across 1 directory with 6 updates

[dependabot[bot]]

Bumps the github-dependencies group with 5 updates in the / directory:

Package	From	To
github.com/go-logr/zapr	1.2.3	1.3.0
github.com/prometheus/client_golang	1.19.0	1.19.1
github.com/spf13/cobra	1.7.0	1.8.0
golang.org/x/net	0.24.0	0.25.0
google.golang.org/protobuf	1.34.0	1.34.1

Updates github.com/go-logr/zapr from 1.2.3 to 1.3.0

Release notes

Sourced from github.com/go-logr/zapr's releases.

v1.3.0

This release adds support for slog. zapr implements slogr.SlogSink and therefore can be used through slogr.NewSlogHandler as backend for slog.

What's Changed

• Added dependabot by @​Neo2308 in go-logr/zapr#63
• Updated min supported version to go 1.18 by @​Neo2308 in go-logr/zapr#62
• update linter config and fix issues by @​pohly in go-logr/zapr#61
• Bump github.com/go-logr/logr from 1.2.4 to 1.3.0 by @​dependabot in go-logr/zapr#71
• support slog by @​pohly in go-logr/zapr#60

---

• Bump github.com/stretchr/testify from 1.8.0 to 1.8.4 by @​dependabot in go-logr/zapr#65
• Bump actions/checkout from 2 to 3 by @​dependabot in go-logr/zapr#66
• Bump actions/setup-go from 2 to 4 by @​dependabot in go-logr/zapr#67
• Bump golangci/golangci-lint-action from 2 to 3 by @​dependabot in go-logr/zapr#68
• Bump actions/checkout from 3 to 4 by @​dependabot in go-logr/zapr#69
• Bump go.uber.org/zap from 1.24.0 to 1.25.0 by @​dependabot in go-logr/zapr#64
• Bump go.uber.org/zap from 1.25.0 to 1.26.0 by @​dependabot in go-logr/zapr#70

New Contributors

• @​Neo2308 made their first contribution in go-logr/zapr#63
• @​dependabot made their first contribution in go-logr/zapr#65

Full Changelog: https://github.com/go-logr/zapr/compare/v1.2.4...v1.3.0

v1.2.4

What's Changed

• Bump Go version for GH actions by @​thockin in go-logr/zapr#54
• [fix]fix security yaml.v3 CVE-2022-28948 by @​dongjiang1989 in go-logr/zapr#58

New Contributors

• @​dongjiang1989 made their first contribution in go-logr/zapr#58

Full Changelog: https://github.com/go-logr/zapr/compare/v1.2.3...v1.2.4

Commits

• 78b8af5 Merge pull request #60 from pohly/slog
• ae27dfc support slog + logr 1.3.0
• 6684601 Merge pull request #71 from go-logr/dependabot/go_modules/github.com/go-logr/...
• 4d152a1 Bump github.com/go-logr/logr from 1.2.4 to 1.3.0
• 191bfc4 Merge pull request #61 from pohly/linting
• fe8a3cc Merge pull request #70 from go-logr/dependabot/go_modules/go.uber.org/zap-1.26.0
• 575b337 Bump go.uber.org/zap from 1.25.0 to 1.26.0
• 437f574 Merge pull request #64 from go-logr/dependabot/go_modules/go.uber.org/zap-1.25.0
• 203c517 Merge pull request #69 from go-logr/dependabot/github_actions/actions/checkout-4
• 2aef912 Bump actions/checkout from 3 to 4
• Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.19.0 to 1.19.1

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.19.1

What's Changed

• Security patches for golang.org/x/sys and google.golang.org/protobuf

New Contributors

• @​lukasauk made their first contribution in prometheus/client_golang#1494

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

Commits

• 6e3f4b1 Cut 1.19.1 (#1494)
• cad1bfa Merge pull request #1454 from prometheus/small-nits
• 0aa8c9f Rephrase incompatibility with common v0.48.0
• See full diff in compare view

Updates github.com/spf13/cobra from 1.7.0 to 1.8.0

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.8.0

✨ Features

• Support usage as plugin for tools like kubectl by @​nirs in spf13/cobra#2018 - this means that programs that utilize a "plugin-like" structure have much better support and usage (like for completions, command paths, etc.)
• Move documentation sources to site/content by @​umarcor in spf13/cobra#1428
• Add 'one required flag' group by @​marevers in spf13/cobra#1952 - this includes a new MarkFlagsOneRequired API for flags which can be used to mark a flag group as required and cause command failure if at least one is not used when invoked.
• Customizable error message prefix by @​5ouma in spf13/cobra#2023 - This adds the SetErrPrefix and ErrPrefix APIs on the Command struct to allow for setting a custom prefix for errors
• feat: add getters for flag completions by @​avirtopeanu-ionos in spf13/cobra#1943
• Feature: allow running persistent run hooks of all parents by @​vkhoroz in spf13/cobra#2044
• Improve API to get flag completion function by @​marckhouzam in spf13/cobra#2063

🐛 Bug fixes

• Fix typo in fish completions by @​twpayne in spf13/cobra#1945
• Fix grammar: 'allows to' by @​supertassu in spf13/cobra#1978
• powershell: escape variable with curly brackets by @​Luap99 in spf13/cobra#1960
• Don't complete --help flag when flag parsing disabled by @​marckhouzam in spf13/cobra#2061
• Replace all non-alphanumerics in active help env var program prefix by @​scop in spf13/cobra#1940

🔧 Maintenance

• build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @​dependabot in spf13/cobra#1971
• build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @​dependabot in spf13/cobra#1976
• build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @​dependabot in spf13/cobra#2021
• build(deps): bump actions/setup-go from 3 to 4 by @​dependabot in spf13/cobra#1934
• build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3 by @​dependabot in spf13/cobra#2047
• build(deps): bump actions/checkout from 3 to 4 by @​dependabot in spf13/cobra#2028
• command: temporarily disable G602 due to securego/gosec#1005 by @​umarcor in spf13/cobra#2022

🧪 Testing & CI/CD

• test: make fish_completions_test more robust by @​branchvincent in spf13/cobra#1980
• golangci: enable 'unused' and disable deprecated replaced by it by @​umarcor in spf13/cobra#1983
• cleanup: minor corrections to unit tests by @​JunNishimura in spf13/cobra#2003
• ci: test golang 1.21 by @​nunoadrego in spf13/cobra#2024
• Fix linter errors by @​marckhouzam in spf13/cobra#2052
• Add tests for flag completion registration by @​marckhouzam in spf13/cobra#2053

✏️ Documentation

• doc: fix typo, Deperecated -> Deprecated by @​callthingsoff in spf13/cobra#2000
• Add notes to doc about the execution condition of *PreRun and *PostRun functions by @​haoming29 in spf13/cobra#2041

---

Thank you everyone who contributed to this release and all your hard work! Cobra and this community would never be possible without all of you!!!! 🐍

Full Changelog: https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0

Commits

• a0a6ae0 Improve API to get flag completion function (#2063)
• 890302a Support usage as plugin for tools like kubectl (#2018)
• 48cea5c build(deps): bump actions/checkout from 3 to 4 (#2028)
• 22953d8 Replace all non-alphanumerics in active help env var program prefix (#1940)
• 00b68a1 Add tests for flag completion registration (#2053)
• b711e87 Don't complete --help flag when flag parsing disabled (#2061)
• 8b1eba4 Fix linter errors (#2052)
• 4cafa37 Allow running persistent run hooks of all parents (#2044)
• 5c962a2 build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3 (#2047)
• efe8fa3 build(deps): bump actions/setup-go from 3 to 4 (#1934)
• Additional commits viewable in compare view

Updates go.uber.org/zap from 1.19.0 to 1.26.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.26.0

Enhancements:

• #1297[]: Add Dict as a Field.
• #1319[]: Add WithLazy method to Logger which lazily evaluates the structured context.
• #1350[]: String encoding is much (~50%) faster now.

Thanks to @​hhk7734, @​jquirke, @​cdvr1993 for their contributions to this release.

#1297: uber-go/zap#1297 #1319: uber-go/zap#1319 #1350: uber-go/zap#1350

v1.25.0

This release contains several improvements including performance, API additions, and two new experimental packages whose APIs are unstable and may change in the future.

Enhancements:

• #1246[]: Add zap/exp/zapslog package for integration with slog.
• #1273[]: Add Name to Logger which returns the Logger's name if one is set.
• #1281[]: Add zap/exp/expfield package which contains helper methods Str and Strs for constructing String-like zap.Fields.
• #1310[]: Reduce stack size on Any.

Thanks to @​knight42, @​dzakaammar, @​bcspragu, and @​rexywork for their contributions to this release.

#1246: uber-go/zap#1246 #1273: uber-go/zap#1273 #1281: uber-go/zap#1281 #1310: uber-go/zap#1310

v1.24.0

Enhancements:

• #1148[]: Add Level to both Logger and SugaredLogger that reports the current minimum enabled log level.
• #1185[]: SugaredLogger turns errors to zap.Error automatically.

Thanks to @​Abirdcfly, @​craigpastro, @​nnnkkk7, and @​sashamelentyev for their contributions to this release.

#1148: uber-go/zap#1148 #1185: uber-go/zap#1185

v1.23.0

Enhancements:

• #1147[]: Add a zapcore.LevelOf function to determine the level of a

... (truncated)

Changelog

Sourced from go.uber.org/zap's changelog.

1.26.0 (14 Sep 2023)

Enhancements:

• #1297[]: Add Dict as a Field.
• #1319[]: Add WithLazy method to Logger which lazily evaluates the structured context.
• #1350[]: String encoding is much (~50%) faster now.

Thanks to @​hhk7734, @​jquirke, and @​cdvr1993 for their contributions to this release.

#1297: uber-go/zap#1297 #1319: uber-go/zap#1319 #1350: uber-go/zap#1350

1.25.0 (1 Aug 2023)

This release contains several improvements including performance, API additions, and two new experimental packages whose APIs are unstable and may change in the future.

Enhancements:

• #1246[]: Add zap/exp/zapslog package for integration with slog.
• #1273[]: Add Name to Logger which returns the Logger's name if one is set.
• #1281[]: Add zap/exp/expfield package which contains helper methods Str and Strs for constructing String-like zap.Fields.
• #1310[]: Reduce stack size on Any.

Thanks to @​knight42, @​dzakaammar, @​bcspragu, and @​rexywork for their contributions to this release.

#1246: uber-go/zap#1246 #1273: uber-go/zap#1273 #1281: uber-go/zap#1281 #1310: uber-go/zap#1310

1.24.0 (30 Nov 2022)

Enhancements:

• #1148[]: Add Level to both Logger and SugaredLogger that reports the current minimum enabled log level.
• #1185[]: SugaredLogger turns errors to zap.Error automatically.

Thanks to @​Abirdcfly, @​craigpastro, @​nnnkkk7, and @​sashamelentyev for their contributions to this release.

#1148: https://github.coml/uber-go/zap/pull/1148 #1185: https://github.coml/uber-go/zap/pull/1185

1.23.0 (24 Aug 2022)

Enhancements:

... (truncated)

Commits

• 96038b7 Prepare for release v1.26.0 (#1355)
• c17272e Add WithLazy Logger method (#1319)
• 99f1811 exp: Add a changelog (#1353)
• 7728f39 chore(CHANGELOG): Move reference links to sections (#1352)
• 5a27bab perf: Faster string encoding (#1350)
• 82c728b Replace benbjohnson/clock with custom MockClock (#1349)
• b7aed24 zapslog: Handle empty attrs centrally (#1351)
• 2b35963 lint: Enable errcheck, fix failures (#1345)
• 9a36792 test: improve slog coverage (#1347)
• e5e8b70 build(deps): bump actions/checkout from 3 to 4 (#1346)
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.24.0 to 0.25.0

Commits

• d27919b go.mod: update golang.org/x dependencies
• e0324fc http2: use net.ErrClosed
• b20cd59 quic: initiate key rotation earlier in connections
• f95a3b3 html: fix typo in package doc
• 0a24555 http/httpguts: speed up ValidHeaderFieldName
• ec05fdc http2: don't retry the first request on a connection on GOAWAY error
• b67a0f0 http2: send correct LastStreamID in stream-caused GOAWAY
• a130fcc quic: don't consider goroutines running when tests start as leaked
• See full diff in compare view

Updates google.golang.org/protobuf from 1.34.0 to 1.34.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot] Once this PR has been reviewed and has the lgtm label, please assign saad-ali for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/kubernetes-csi/external-attacher/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.