Skip to content

chore: Cut v2.18.0 #2840

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
k8s-ci-robot merged 14 commits into from
Jan 18, 2026
Merged

chore: Cut v2.18.0 #2840

k8s-ci-robot merged 14 commits into from
Jan 18, 2026
+577 −141

Conversation

@rexagod
Copy link
Member

@rexagod rexagod commented Jan 11, 2026
edited
Loading

@rexagod rexagod requested a review from mrueg January 11, 2026 20:39
@rexagod rexagod self-assigned this Jan 11, 2026
@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jan 11, 2026
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jan 11, 2026
@github-project-automation github-project-automation bot moved this to Needs Triage in SIG Instrumentation Jan 11, 2026
@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jan 11, 2026
@rexagod rexagod force-pushed the release-2.18 branch 2 times, most recently from 6607e96 to 9e26ddf Compare January 11, 2026 23:16
rexagod
rexagod commented Jan 11, 2026
View reviewed changes
go.mod Outdated
module k8s.io/kube-state-metrics/v2

go 1.24.5
go 1.25.5
Copy link
Member Author

@rexagod rexagod Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

go1.25.5 (released 2025-12-02) includes two security fixes to the crypto/x509 package, as well as bug fixes to the mime and os packages.

Copy link
Member

@mrueg mrueg Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's not raise it here, it prevents folks from building with 1.24

Copy link
Member Author

@rexagod rexagod Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. I was trying to get a leg up on the CVEs reported fixed in 1.25, but they don't seem critical. Will revert.

Copy link
Member

@mrueg mrueg Jan 14, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand, we're controlling the go version currently in the Makefile, so you already addressed them there.

mrueg
mrueg reviewed Jan 12, 2026
View reviewed changes
mrueg
mrueg reviewed Jan 12, 2026
View reviewed changes
mrueg
mrueg reviewed Jan 12, 2026
View reviewed changes
dependabot bot and others added 4 commits January 12, 2026 11:14
@dependabot
build(deps): Bump actions/setup-go from 5 to 6
9c03af8 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build(deps): Bump actions/checkout from 4 to 6
1e12514 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@k8s-ci-robot
Merge pull request kubernetes#2842 from kubernetes/dependabot/github_…
9ba7a57 
…actions/actions/setup-go-6

build(deps): Bump actions/setup-go from 5 to 6
@k8s-ci-robot
Merge pull request kubernetes#2843 from kubernetes/dependabot/github_…
b8aa7d4 
…actions/actions/checkout-6

build(deps): Bump actions/checkout from 4 to 6
@rexagod rexagod moved this from Needs Triage to Needs Review (PR) or Response (Issue) in SIG Instrumentation Jan 12, 2026
@rexagod
Copy link
Member Author

rexagod commented Jan 12, 2026

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 12, 2026
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jan 14, 2026
mrueg
mrueg reviewed Jan 14, 2026
View reviewed changes
mrueg
mrueg reviewed Jan 15, 2026
View reviewed changes
mrueg
mrueg reviewed Jan 16, 2026
View reviewed changes
.github/workflows/ci.yml Outdated
SUDO: sudo
GO_VERSION: "^1.24"
GOLANGCI_LINT_VERSION: "v2.4.0"
GO_VERSION: "1.25.5"
Copy link
Member

@mrueg mrueg Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we bump go to 1.25.6 before the release? https://go.dev/doc/devel/release#go1.25.6

mrueg
mrueg reviewed Jan 16, 2026
View reviewed changes
@mrueg
Copy link
Member

mrueg commented Jan 17, 2026

/hold

/lgtm

Thanks for working on this release, feel free to unhold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 17, 2026
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 17, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jan 17, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mrueg, rexagod

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rexagod
Copy link
Member Author

rexagod commented Jan 18, 2026

/unhold

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 18, 2026
@k8s-ci-robot k8s-ci-robot merged commit ab562f7 into kubernetes:release-2.18 Jan 18, 2026
13 checks passed
@github-project-automation github-project-automation bot moved this from Needs Review (PR) or Response (Issue) to Done in SIG Instrumentation Jan 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrueg mrueg mrueg left review comments

@logicalhan logicalhan Awaiting requested review from logicalhan

Assignees

@mrueg mrueg

@rexagod rexagod

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Projects

SIG Instrumentation
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rexagod @mrueg @k8s-ci-robot @ksmiley