Bump the go-minor group across 3 directories with 13 updates

[dependabot]

Bumps the go-minor group with 10 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2/config	1.28.10	1.29.6
github.com/aws/aws-sdk-go-v2/service/dynamodb	1.39.8	1.40.0
github.com/aws/aws-sdk-go-v2/service/s3	1.72.2	1.76.0
github.com/cyphar/filepath-securejoin	0.3.5	0.4.1
github.com/fluxcd/pkg/apis/event	0.13.0	0.16.0
github.com/fluxcd/pkg/apis/meta	1.9.0	1.10.0
github.com/fluxcd/pkg/runtime	0.52.0	0.53.0
github.com/fluxcd/pkg/tar	0.10.0	0.11.0
google.golang.org/grpc	1.69.4	1.70.0
github.com/fluxcd/pkg/ssa	0.43.0	0.45.0

Bumps the go-minor group with 2 updates in the /api directory: github.com/fluxcd/pkg/apis/meta and sigs.k8s.io/controller-runtime.
Bumps the go-minor group with 3 updates in the /tfctl directory: github.com/fluxcd/pkg/apis/meta, sigs.k8s.io/controller-runtime and github.com/fluxcd/pkg/ssa.

Updates github.com/aws/aws-sdk-go-v2/config from 1.28.10 to 1.29.6

Commits

• 78fa10a Release 2025-02-05
• 2d65d97 Regenerated Clients
• 64e842d Update endpoints model
• f255e31 Update API model
• 68c4649 Track accountID endpoint mode in user-agent (#3000)
• c45eaac Release 2025-02-04
• 7aecaff Regenerated Clients
• a11e8e1 Update endpoints model
• 91f8178 Update API model
• d59b658 Release 2025-02-03
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/dynamodb from 1.39.8 to 1.40.0

Commits

• 8c233fb Release 2023-09-26
• d302e51 Regenerated Clients
• 01077b0 Update API model
• def1175 Release 2023-09-25
• b4bd57b Regenerated Clients
• 94187c8 Update endpoints model
• 297cdcf Update API model
• 1fe8c9e Release 2023-09-22
• 48b3ce9 Regenerated Clients
• b0f2416 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.72.2 to 1.76.0

Commits

• 061fd1b Release 2025-02-06
• 92f835c Regenerated Clients
• 56564d3 Update partitions file
• 54678cf Update endpoints model
• 1244c28 Update API model
• d4c5594 Fix for #2383 (#3004)
• 78fa10a Release 2025-02-05
• 2d65d97 Regenerated Clients
• 64e842d Update endpoints model
• f255e31 Update API model
• Additional commits viewable in compare view

Updates github.com/cyphar/filepath-securejoin from 0.3.5 to 0.4.1

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.4.1

This release fixes a regression introduced in one of the hardening features added to filepath-securejoin 0.4.0.

• The restrictions added for root paths passed to SecureJoin in 0.4.0 was found to be too strict and caused some regressions when folks tried to update, so this restriction has been relaxed to only return an error if the path contains a .. component. We still recommend users use filepath.Clean (and even filepath.EvalSymlinks) on the root path they are using, but at least you will no longer be punished for "trivial" unclean paths. (#46)

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

v0.4.0

This release primarily includes a few minor breaking changes to make the MkdirAll and SecureJoin interfaces more robust against accidental misuse.

• SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

  While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

  All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

  Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

• MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

  However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.4.1] - 2025-01-28

Fixed

• The restrictions added for root paths passed to SecureJoin in 0.4.0 was found to be too strict and caused some regressions when folks tried to update, so this restriction has been relaxed to only return an error if the path contains a .. component. We still recommend users use filepath.Clean (and even filepath.EvalSymlinks) on the root path they are using, but at least you will no longer be punished for "trivial" unclean paths.

[0.4.0] - 2025-01-13

Breaking

• SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

  While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

  All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

  Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

• MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

  However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

[0.3.6] - 2024-12-17

Compatibility

• The minimum Go version requirement for filepath-securejoin is now Go 1.18 (we use generics internally).

... (truncated)

Commits

• 7abd870 VERSION: release v0.4.1
• 509a359 merge #47 into cyphar/filepath-securejoin:main
• fbaef26 join: loosen cleanliness requirements for SecureJoin root
• 54460df merge #45 into cyphar/filepath-securejoin:main
• 14e6cfe VERSION: back to development
• 9a17e6b VERSION: release v0.4.0
• e410d4a merge #44 into cyphar/filepath-securejoin:main
• ea4e5b6 gha: add GOARCH=386 build check
• 0c2fbe6 mkdirall: switch to os.FileMode argument
• f3a512c merge #43 into cyphar/filepath-securejoin:main
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/event from 0.13.0 to 0.16.0

Commits

• 91eda6e Merge pull request #694 from fluxcd/git-deps-up
• 2a64584 Use gomega in sourceignore
• 46577cd Update golang.org dependencies
• e6b6af7 Merge pull request #685 from knutgoetz/chore/gogit/delete-gogiterror-function
• cbc2172 Delete obsolete goGitError function
• 02723c3 Merge pull request #693 from fluxcd/go-git-v5.10.1
• 3715de1 Update go-git to v5.10.1
• ce91255 Merge pull request #692 from fluxcd/ssa-nits
• 8fc4505 ssa: prevent unnecessary DeepCopy
• cc07605 Merge pull request #691 from fluxcd/jsondiff-include-obj
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.9.0 to 1.10.0

Commits

• 2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
• a6353b2 Add healthcheck expressions to kustomize types
• af0f283 Merge pull request #859 from fluxcd/cel-meta
• 1178930 Add InvalidCELExpressionReason to apis/meta
• f39dac4 Merge pull request #861 from fluxcd/deps-kube-v0.32.1
• 70e88cb Update dependencies
• f59d360 Merge pull request #850 from kane8n/support-sparse-checkout
• a033d2f support sparse checkout
• 528bc56 Merge pull request #856 from fluxcd/get-revision
• a189152 Add GetRevision() to Event API
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.52.0 to 0.53.0

Commits

• c964ce7 Merge pull request #858 from fluxcd/custom-healthchecks-impl
• 62d235c Add CEL library with custom healthchecks to runtime
• 243510f Merge pull request #863 from fluxcd/dependabot/github_actions/ci-83dfb6cda2
• 3cffbeb build(deps): bump the ci group across 1 directory with 3 updates
• 2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
• a6353b2 Add healthcheck expressions to kustomize types
• af0f283 Merge pull request #859 from fluxcd/cel-meta
• 1178930 Add InvalidCELExpressionReason to apis/meta
• f39dac4 Merge pull request #861 from fluxcd/deps-kube-v0.32.1
• 70e88cb Update dependencies
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/tar from 0.10.0 to 0.11.0

Commits

• a5896a6 git/internal/e2e: update dependencies
• 00f6465 git/gogit: update dependencies
• acf35bd git: update dependencies
• eda77cf ssh: update dependencies
• 41b3167 Merge pull request #504 from fluxcd/misc-update-deps
• 9a579c9 ssa: update dependencies
• 5185f64 http/fetch: update dependencies
• 3caadb0 oci/tests: update dependencies
• 6f300e8 oci: update dependencies
• 527a993 Merge pull request #503 from fluxcd/kustomize-update-deps
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.69.4 to 1.70.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.70.0

Behavior Changes

• client: reject service configs containing an invalid retryPolicy in accordance with gRFCs A21 and A6. (#7905)
  • Note that this is a potential breaking change for some users using an invalid configuration, but continuing to allow this behavior would violate our cross-language compatibility requirements.

New Features

• xdsclient: fallback to a secondary management server (if specified in the bootstrap configuration) when the primary is down is enabled by default. Can be disabled by setting the environment variable GRPC_EXPERIMENTAL_XDS_FALLBACK to false. (#7949)
• experimental/credentials: experimental transport credentials are added which don't enforce ALPN. (#7980)
  • These credentials will be removed in an upcoming grpc-go release. Users must not rely on these credentials directly. Instead, they should either vendor a specific version of gRPC or copy the relevant credentials into their own codebase if absolutely necessary.

Bug Fixes

• xds: fix a possible deadlock that happens when both the client application and the xDS management server (responsible for configuring the client) are using the xds:/// scheme in their target URIs. (#8011)

Performance

• server: for unary requests, free raw request message data as soon as parsing is finished instead of waiting until the method handler returns. (#7998)
  • Special Thanks: @​lqs

Documentation

• examples/features/gracefulstop: add example to demonstrate server graceful stop. (#7865)

Commits

• 98a0092 Change version to 1.70.0 (#7984)
• bf380de Cherrypick #7998, #8011, #8010 into 1.70.x (#8028)
• 54b3eb9 experimental/credentials: Add credentials that don't enforce ALPN (#7980) (#8...
• 62b9185 clustetresolver: Copy endpoints.Addresses slice from DNS updates to avoid dat...
• 724f450 examples/features/csm_observability: use helloworld client and server instead...
• e8d5feb rbac: add method name to :path in headers (#7965)
• e912015 cleanup: Fix usages of non-constant format strings (#7959)
• 681334a cleanup: replace dial with newclient (#7943)
• 063d352 internal/resolver: introduce a new resolver to handle target URI and proxy ad...
• 10c7e13 outlierdetection: Support health listener for ejection updates (#7908)
• Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.20.1

What's Changed

• 🐛 Check to see if custom source implements fmt.Stringer when logging by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3077
• 🐛 cache: clone maps to prevent data race when concurrently creating caches using the same options by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3079
• 🐛 support WaitForSync in custom TypedSyncingSource by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3086
• 🌱 Add debug logging for the state of the priority queue by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3088
• 🐛 Priorityqueue: Yet another queue_depth metric fix by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3089

Full Changelog: kubernetes-sigs/controller-runtime@v0.20.0...v0.20.1

v0.20.0

Highlights

• Based on k8s.io/* v1.32 libraries and minimum Go version is now v1.23
• New experimental priority queue feature
  • More details in #3013 and #2374
  • Can be enabled via manager.Options.Controller.UsePriorityQueue
  • Please give it a try and provide feedback in #2374
• AggregatedDiscovery is automatically used when available (#2901)
• As usual, many improvements to the fake client

Changes since v0.19.0

⚠️ Breaking Changes

• Bump to k8s.io/* v1.32 libraries (#2971 #2990 #3001 #3007 #3029 #3043)
• logging: Stop deduplicating API warnings by default (#2953)
• webhook: Stop deleting unknown fields in CustomDefaulter (#2982 #3056)
• webhook: Remove deprecated Defaulter and Validator (#2877 #2945)
• cluster: Remove deprecated SyncPeriod option (#2970)

✨ New Features

• cache: Add EnableWatchBookmarks option (defaults to true) (#3017)
• cache: Export NewInformer option (#3061)
• cert-watcher: Add polling (#3020 #3050)
• controller: Add experimental priority queue (off per default) (#3013 #3014 #3060 #3066)
• fake client: Allow adding indexes at runtime (#3021)
• fake client: Add support for ServiceAccountToken subresource (#2969)
• restmapper: Use AggregatedDiscovery if available (#2901)
• util: Add HasOwnerReference func (#2882)
• webhook: Add custom path option (#2998)

🐛 Bug Fixes

• controller: Error when source.Start() never returns (#2997 #3006 #3008)
• fake client: Don't return items on invalid selector (#3022)
• fake client: Fix TOCTOU races (#2980)
• fake client: Preserve TypeMeta during Get call with PartialObjectMeta (#2949)

... (truncated)

Commits

• 626b2f3 Merge pull request #3089 from k8s-infra-cherrypick-robot/cherry-pick-3085-to-...
• 64cb665 bug: Priorityqueue: Yet another queue_depth metric fix
• 791b6c9 Merge pull request #3088 from k8s-infra-cherrypick-robot/cherry-pick-3075-to-...
• 99a4044 🌱 Add debug logging for the state of the priority queue
• f33705e [release-0.20] 🐛fix(controller): support WaitForSync in custom TypedSyncingSo...
• 571c31a Merge pull request #3079 from k8s-infra-cherrypick-robot/cherry-pick-3078-to-...
• 8d66e89 cache: clone maps to prevent data race when concurrently creating caches usin...
• aa3f342 [release-0.20] 🐛 Check to see if custom source implements fmt.Stringer when l...
• 8f7e114 Merge pull request #3074 from sbueringer/pr-fix-fake-list
• 3b23354 fake client: preserve TypeMeta during List call with UnstructuredList
• Additional commits viewable in compare view

Updates github.com/fluxcd/cli-utils from 0.36.0-flux.11 to 0.36.0-flux.12

Commits

• e4d3759 Merge pull request #13 from fluxcd/controller-runtime-v0.20.1
• 7b7f602 Update controller-runtime to v0.20.1
• See full diff in compare view

Updates github.com/fluxcd/pkg/ssa from 0.43.0 to 0.45.0

Commits

• e454462 Merge pull request #864 from fluxcd/internal-deps-bump
• 2959020 Update internal dependencies
• c964ce7 Merge pull request #858 from fluxcd/custom-healthchecks-impl
• 62d235c Add CEL library with custom healthchecks to runtime
• 243510f Merge pull request #863 from fluxcd/dependabot/github_actions/ci-83dfb6cda2
• 3cffbeb build(deps): bump the ci group across 1 directory with 3 updates
• 2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
• a6353b2 Add healthcheck expressions to kustomize types
• af0f283 Merge pull request #859 from fluxcd/cel-meta
• 1178930 Add InvalidCELExpressionReason to apis/meta
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.9.0 to 1.10.0

Commits

• 2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
• a6353b2 Add healthcheck expressions to kustomize types
• af0f283 Merge pull request #859 from fluxcd/cel-meta
• 1178930 Add InvalidCELExpressionReason to apis/meta
• f39dac4 Merge pull request #861 from fluxcd/deps-kube-v0.32.1
• 70e88cb Update dependencies
• f59d360 Merge pull request #850 from kane8n/support-sparse-checkout
• a033d2f support sparse checkout
• 528bc56 Merge pull request #856 from fluxcd/get-revision
• a189152 Add GetRevision() to Event API
• Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.20.1

What's Changed

• 🐛 Check to see if custom source implements fmt.Stringer when logging by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3077
• 🐛 cache: clone maps to prevent data race when concurrently creating caches using the same options by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3079
• 🐛 support WaitForSync in custom TypedSyncingSource by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3086
• 🌱 Add debug logging for the state of the priority queue by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3088
• 🐛 Priorityqueue: Yet another queue_depth metric fix by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3089

Full Changelog: kubernetes-sigs/controller-runtime@v0.20.0...v0.20.1

v0.20.0

Highlights

• Based on k8s.io/* v1.32 libraries and minimum Go version is now v1.23
• New experimental priority queue feature
  • More details in #3013 and #2374
  • Can be enabled via manager.Options.Controller.UsePriorityQueue
  • Please give it a try and provide feedback in #2374
• AggregatedDiscovery is automatically used when available (#2901)
• As usual, many improvements to the fake client

Changes since v0.19.0

⚠️ Breaking Changes

• Bump to k8s.io/* v1.32 libraries (#2971 #2990 #3001 #3007 #3029 #3043)
• logging: Stop deduplicating API warnings by default (#2953)
• webhook: Stop deleting unknown fields in CustomDefaulter (#2982 #3056)
• webhook: Remove deprecated Defaulter and Validator (#2877 #2945)
• cluster: Remove deprecated SyncPeriod option (#2970)

✨ New Features

• cache: Add EnableWatchBookmarks option (defaults to true) (#3017)
• cache: Export NewInformer option (#3061)
• cert-watcher: Add polling (#3020 #3050)
• controller: Add experimental priority queue (off per default) (#3013 #3014 #3060 #3066)
• fake client: Allow adding indexes at runtime (#3021)
• fake client: Add support for ServiceAccountToken subresource (#2969)
• restmapper: Use AggregatedDiscovery if available (#2901)
• util: Add HasOwnerReference func (#2882)
• webhook: Add custom path option (#2998)

🐛 Bug Fixes

• controller: Error when source.Start() never returns (#2997 #3006 #3008)
• fake client: Don't return items on invalid selector (#3022)
• fake client: Fix TOCTOU races (#2980)
• fake client: Preserve TypeMeta during Get call with PartialObjectMeta (#2949)

... (truncated)

Commits

• 626b2f3 Merge pull request #3089 from k8s-infra-cherrypick-robot/cherry-pick-3085-to-...
• 64cb665 bug: Priorityqueue: Yet another queue_depth metric fix
• 791b6c9 Merge pull request #3088 from k8s-infra-cherrypick-robot/cherry-pick-3075-to-...
• 99a4044 🌱 Add debug logging for the state of the priority queue
• f33705e [release-0.20] 🐛fix(controller): support WaitForSync in custom TypedSyncingSo...
• 571c31a Merge pull request #3079 from k8s-infra-cherrypick-robot/cherry-pick-3078-to-...
• 8d66e89 cache: clone maps to prevent data race when concurrently creating caches usin...
• aa3f342 [release-0.20] 🐛 Check to see if custom source implements fmt.Stringer when l...
• 8f7e114 Merge pull request #3074 from sbueringer/pr-fix-fake-list
• 3b23354 fake client: preserve TypeMeta during List call with UnstructuredList
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.9.0 to 1.10.0

Commits

• 2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
• a6353b2 Add healthcheck expressions to kustomize types
• af0f283 Merge pull request #859 from fluxcd/cel-meta
• 1178930 Add InvalidCELExpressionReason to apis/meta
• f39dac4 Merge pull request #861 from fluxcd/deps-kube-v0.32.1
• 70e88cb Update dependencies
• f59d360 Merge pull request #850 from kane8n/support-sparse-checkout
• a033d2f support sparse checkout
• 528bc56 Merge pull request #856 from fluxcd/get-revision
• a189152 Add GetRevision() to Event API
• Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.1

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.20.1

What's Changed

• 🐛 Check to see if custom source implements fmt.Stringer when logging by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3077
• 🐛 cache: clone maps to prevent data race when concurrently creating caches using the same options by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3079
• 🐛 support WaitForSync in custom TypedSyncingSource by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3086
• 🌱 Add debug logging for the state of the priority queue by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3088
• 🐛 Priorityqueue: Yet another queue_depth metric fix by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3089

Full Changelog: kubernetes-sigs/controller-runtime@v0.20.0...v0.20.1

v0.20.0

Highlights

• Based on k8s.io/* v1.32 libraries and minimum Go version is now v1.23
• New experimental priority queue feature
  • More details in #3013 and #2374
  • Can be enabled via manager.Options.Controller.UsePriorityQueue
  • Please give it a try and provide feedback in #2374
• AggregatedDiscovery is automatically used when available (#2901)
• As usual, many improvements to the fake client

Changes since v0.19.0

⚠️ Breaking Changes

• Bump to k8s.io/* v1.32 libraries (#2971 #2990 #3001 #3007 #3029 #3043)
• logging: Stop deduplicating API warnings by default (#2953)
• webhook: Stop deleting unknown fields in CustomDefaulter (#2982 #3056)
• webhook: Remove deprecated Defaulter and Validator (#2877 #2945)
• cluster: Remove deprecated SyncPeriod option (#2970)

✨ New Features

• cache: Add EnableWatchBookmarks option (defaults to true) (#3017)
• cache: Export NewInformer option (#3061)
• cert-watcher: Add polling (#3020 #3050)
• controller: Add experimental priority queue (off per default) (#3013 #3014 #3060 #3066)
• fake client: Allow adding indexes at runtime (#3021)
• fake client: Add support for ServiceAccountToken subresource (#2969)
• restmapper: Use AggregatedDiscovery if available (#2901)
• util: Add HasOwnerReference func (#2882)
• webhook: Add custom path option (#2998)

🐛 Bug Fixes

• controller: Error when source.Start() never returns (#2997 #3006 #3008)
• fake client: Don't return items on invalid selector (#3022)
• fake client: Fix TOCTOU races (#2980)
• fake client: Preserve TypeMeta during Get call with PartialObjectMeta (#2949)

... (truncated)

Commits

• 626b2f3 Merge pull request #3089 from k8s-infra-cherrypick-robot/cherry-pick-3085-to-...
• 64cb665 bug: Priorityqueue: Yet another queue_depth metric fix
• 791b6c9 Merge pull request #3088 from k8...

  Description has been truncated

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.