Update k8s deps from 0.28.2 -> 0.28.15

[ddl-ebrown]

Tracking issue

Why are the changes needed?

• Resolves rapid reset https://nvd.nist.gov/vuln/detail/CVE-2023-44487
• Updates protobuf libs as well

What changes were proposed in this pull request?

How was this patch tested?

Labels

Please add one or more of the following labels to categorize your PR:

• added: For new features.
• changed: For changes in existing functionality.
• deprecated: For soon-to-be-removed features.
• removed: For features being removed.
• fixed: For any bug fixed.
• security: In case of vulnerabilities

This is important to improve the readability of release notes.

Setup process

Screenshots

Check all the applicable boxes

• I updated the documentation accordingly.
• All new and existing tests passed.
• All commits are signed-off.

Related PRs

Docs link

Summary by Bito

This pull request updates Kubernetes dependencies from version 0.28.2 to 0.28.15 and the protobuf library from version 1.5.3 to 1.5.4, addressing a security vulnerability (CVE-2023-44487). These updates enhance the project's security and stability by ensuring the use of the latest stable versions across multiple modules.

[Sovietaced]

Looks like go mod tidy needs to be run

[ddl-ebrown]

Yeah I was intentionally trying to avoid that because I think it's going to do a larger dep update, but I'll give it a shot in a little bit to see how bad the carnage is

even keeping it simple with go get downgraded a few things I didn't want to downgrade

[ddl-ebrown]

Yeah I was intentionally trying to avoid that because I think it's going to do a larger dep update, but I'll give it a shot in a little bit to see how bad the carnage is

even keeping it simple with go get downgraded a few things I didn't want to downgrade

Excluded the "dangerous" updates that go get introduced (below) and ran go mod tidy. Hopefully this one is good now

commit 1e00dd71175bc547de11217a2f23d8471389783c
Merge: 2db1e286a 97fef4afc
Author: ddl-ebrown <[email protected]>
Date:   Wed Jul 9 11:21:15 2025 -0700

    WIP on update-k8s-apimachinery: 2db1e286a Update k8s deps from 0.28.2 -> 0.28.15

diff --cc flyteadmin/go.mod
index b4bb024c1,b4bb024c1..8312d516d
--- a/flyteadmin/go.mod
+++ b/flyteadmin/go.mod
@@@ -14,8 -14,8 +14,6 @@@ require 
  	github.com/coreos/go-oidc/v3 v3.6.0
  	github.com/evanphx/json-patch v5.6.0+incompatible
  	github.com/flyteorg/flyte/flyteidl v0.0.0-00010101000000-000000000000
--	github.com/flyteorg/flyte/flyteplugins v0.0.0-00010101000000-000000000000
--	github.com/flyteorg/flyte/flytepropeller v0.0.0-00010101000000-000000000000
  	github.com/flyteorg/flyte/flytestdlib v0.0.0-00010101000000-000000000000
  	github.com/flyteorg/stow v0.3.11
  	github.com/ghodss/yaml v1.0.0
diff --cc flyteplugins/go.mod
index 5c0e2367e,5c0e2367e..4373de531
--- a/flyteplugins/go.mod
+++ b/flyteplugins/go.mod
@@@ -11,13 -11,13 +11,12 @@@ require 
  	github.com/coocood/freecache v1.1.1
  	github.com/dask/dask-kubernetes/v2023 v2023.0.0-20230626103304-abd02cd17b26
  	github.com/flyteorg/flyte/flyteidl v0.0.0-00010101000000-000000000000
--	github.com/flyteorg/flyte/flytepropeller v0.0.0-00010101000000-000000000000
  	github.com/flyteorg/flyte/flytestdlib v0.0.0-00010101000000-000000000000
  	github.com/go-test/deep v1.0.7
  	github.com/golang/protobuf v1.5.4
  	github.com/hashicorp/golang-lru v0.5.4
  	github.com/imdario/mergo v0.3.13
--	github.com/kubeflow/training-operator v1.8.0
++	github.com/kubeflow/training-operator v1.7.0
  	github.com/magiconair/properties v1.8.6
  	github.com/mitchellh/mapstructure v1.5.0
  	github.com/pkg/errors v0.9.1
diff --cc flyteplugins/go.sum
index 6e426527e,6e426527e..73981627c
--- a/flyteplugins/go.sum
+++ b/flyteplugins/go.sum
@@@ -284,6 -284,6 +284,8 @@@ github.com/kr/pty v1.1.1/go.mod h1:pFQY
  github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
  github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
  github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
++github.com/kubeflow/training-operator v1.7.0 h1:Zh61GlOWrlRi4UFOtJeV+/5REo/OndhwQ25KYd0llzc=
++github.com/kubeflow/training-operator v1.7.0/go.mod h1:BZCLX1h06wY3YSeSZZcGYAqI9/nVi7isVCRkfgZe9nE=
  github.com/kubeflow/training-operator v1.8.0 h1:cHXIz7BV3Ayp7W5Rqe20/ukmVEzraI+O/XRYKBHQcrg=
  github.com/kubeflow/training-operator v1.8.0/go.mod h1:T6I15h1S09ncH5C6St/QEC7Dy6dpHZA5sPFo+VoJAvE=
  github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
diff --cc flytepropeller/go.mod
index efc63f54d,efc63f54d..ed39a9455
--- a/flytepropeller/go.mod
+++ b/flytepropeller/go.mod
@@@ -102,7 -102,7 +102,7 @@@ require 
  	github.com/jmespath/go-jmespath v0.4.0 // indirect
  	github.com/josharian/intern v1.0.0 // indirect
  	github.com/json-iterator/go v1.1.12 // indirect
--	github.com/kubeflow/training-operator v1.8.0 // indirect
++	github.com/kubeflow/training-operator v1.7.0 // indirect
  	github.com/kylelemons/godebug v1.1.0 // indirect
  	github.com/mailru/easyjson v0.7.7 // indirect
  	github.com/mattn/go-colorable v0.1.12 // indirect
diff --cc flytepropeller/go.sum
index 022f4cebf,022f4cebf..b962d67fa
--- a/flytepropeller/go.sum
+++ b/flytepropeller/go.sum
@@@ -304,6 -304,6 +304,7 @@@ github.com/kr/pty v1.1.1/go.mod h1:pFQY
  github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
  github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
  github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
++github.com/kubeflow/training-operator v1.7.0/go.mod h1:BZCLX1h06wY3YSeSZZcGYAqI9/nVi7isVCRkfgZe9nE=
  github.com/kubeflow/training-operator v1.8.0 h1:cHXIz7BV3Ayp7W5Rqe20/ukmVEzraI+O/XRYKBHQcrg=
  github.com/kubeflow/training-operator v1.8.0/go.mod h1:T6I15h1S09ncH5C6St/QEC7Dy6dpHZA5sPFo+VoJAvE=
  github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
diff --cc go.mod
index 9211fc821,9211fc821..904865312
--- a/go.mod
+++ b/go.mod
@@@ -124,7 -124,7 +124,7 @@@ require 
  	github.com/json-iterator/go v1.1.12 // indirect
  	github.com/kelseyhightower/envconfig v1.4.0 // indirect
  	github.com/klauspost/compress v1.17.8 // indirect
--	github.com/kubeflow/training-operator v1.8.0 // indirect
++	github.com/kubeflow/training-operator v1.7.0 // indirect
  	github.com/kylelemons/godebug v1.1.0 // indirect
  	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
  	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
diff --cc go.sum
index d6cfd48a6,d6cfd48a6..1e84a8b5e
--- a/go.sum
+++ b/go.sum
@@@ -930,6 -930,6 +930,7 @@@ github.com/kr/pty v1.1.8/go.mod h1:O1se
  github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
  github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
  github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
++github.com/kubeflow/training-operator v1.7.0/go.mod h1:BZCLX1h06wY3YSeSZZcGYAqI9/nVi7isVCRkfgZe9nE=
  github.com/kubeflow/training-operator v1.8.0 h1:cHXIz7BV3Ayp7W5Rqe20/ukmVEzraI+O/XRYKBHQcrg=
  github.com/kubeflow/training-operator v1.8.0/go.mod h1:T6I15h1S09ncH5C6St/QEC7Dy6dpHZA5sPFo+VoJAvE=
  github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 58.66%. Comparing base (c085cb5) to head (71ae1aa).
Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6527      +/-   ##
==========================================
- Coverage   58.67%   58.66%   -0.01%     
==========================================
  Files         938      888      -50     
  Lines       71466    69274    -2192     
==========================================
- Hits        41933    40640    -1293     
+ Misses      26346    25556     -790     
+ Partials     3187     3078     -109     

Flag	Coverage Δ
unittests-datacatalog	?
unittests-flyteadmin	56.22% <ø> (ø)
unittests-flytecopilot	39.56% <ø> (ø)
unittests-flytectl	64.72% <ø> (ø)
unittests-flyteidl	76.12% <ø> (ø)
unittests-flyteplugins	61.13% <ø> (ø)
unittests-flytepropeller	54.83% <ø> (ø)
unittests-flytestdlib	64.04% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Sovietaced]

@ddl-ebrown do you think we can close this or do you want to retry after the go changes that have been made?

[ddl-ebrown]

@ddl-ebrown do you think we can close this or do you want to retry after the go changes that have been made?

I'll give it another shot as soon as I get some cycles. Copilot recently landed changes to use sidecar containers (which only went GA recently in k8s 1.33 but was originally introduced in 1.29 IIRC). In any event it would be helpful to understand what level of k8s support the project expects at this point - 1.29 is EOL (1.31 is about to be EOL soon as well)