Bump k8s.io/apimachinery from 0.29.3 to 0.30.2

[dependabot]

Bumps k8s.io/apimachinery from 0.29.3 to 0.30.2.

Commits

• 37988e5 Merge remote-tracking branch 'origin/master' into release-1.30
• c857a38 Update x/net for CVE-2023-45288
• 0407311 followup to allow special characters
• 25164f7 Merge pull request #123435 from tallclair/apparmor-ga
• cbfe0a1 Merge pull request #123758 from liggitt/protobump
• 21d26b6 Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
• 0c29f84 Merge pull request #123385 from HirazawaUi/allow-special-characters
• 60d24f2 Merge pull request #123708 from p0lyn0mial/upstream-const-watchlist-bookmark-...
• 513d23a apimachinery/meta/types.go: define InitialEventsAnnotationKey const
• 67cb3a8 Merge pull request #123413 from seans3/tunneling-spdy-websockets
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[weinong]

@bcho is it expected? should we change L4 as well?

[bcho]

umm i think it's unexpected, but it won't break thing according to this doc: https://go.dev/blog/toolchain#:~:text=There%20is%20also%20a%20new%20toolchain%20line%20in%20go.mod%20that%20specifies%20the%20minimum%20Go%20toolchain%20to%20use%20when%20working%20in%20a%20particular%20module.%20In%20contrast%20to%20the%20go%20line%2C%20toolchain%20does%20not%20impose%20a%20requirement%20on%20other%20modules.%20For%20example%2C%20a%20go.mod%20might%20say%3A

[bcho]

but looks like the build is failing already, i guess dependabot is having issues with these toolchain config

[bcho]

yeah i think it's an implementation issue in the dependabot side, after using the toolchain, the go version should be set with patch version in the go directive. I think we probably need a separate PR to update the go.mod settings first.

[bcho]

dependabot/dependabot-core#8044 similar issue

[weinong]

it is still wrong

[bcho]

yep i tried the go mod tidy from local, it will add an empty line in between...

[bcho]

@dependabot recreate

[bcho]

@dependabot recreate

[bcho]

The toolchain is required because of the apimachinery requires 1.22.0 now. I will include this in the next release after bumping kubelogin's go & toolchain version to 1.22+

[dependabot]

Superseded by #493.