upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-05-25 02:33:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/hack
History
Davanum Srinivas 5b478645cd
Update security and stability dependencies 
This PR updates several dependencies addressing security vulnerabilities,
stability fixes, and authentication improvements.

- golang.org/x/crypto: v0.46.0 -> v0.47.0
  - Includes latest X509 root certificate bundle updates
  - Security hardening for cryptographic operations
  - Foundation dependency for TLS and authentication

- github.com/golang-jwt/jwt/v5: v5.2.2 -> v5.3.0
  - IMPORTANT: v5.2.2 patched vulnerability GHSA-mh63-6h87-95cp (token
    validation security issue) - this update ensures we have the fix
  - Adds multiple audience validation support for JWT tokens
  - Go 1.21 minimum requirement (code modernization)
  - Replaced legacy interface{} with modern any keyword

- golang.org/x/net: v0.48.0 -> v0.49.0
  - HTTP/2 priority scheduler improvements (RFC 9218)
  - WebSocket security enhancements
  - Network layer stability fixes

- go.uber.org/zap: v1.27.0 -> v1.27.1
  - Fix: Prevent Object from panicking on nils (PR #1501)
  - Fix: Race condition in WithLazy (PR #1511)
  - Both fixes improve logging stability in concurrent scenarios

- github.com/godbus/dbus/v5: v5.2.0 -> v5.2.2
  - Security: Disabled SHA1 authentication by default on non-Windows
    platforms (v5.2.0 change now inherited)
  - Performance: Multiple optimizations reducing memory allocations
  - Fix: Alignment issues in decoder operations
  - Fix: Allow more than 32 containers/struct fields in a signature

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2026-01-15 19:57:11 -05:00
..
boilerplate Remove year from copyright header boilerplate 2025-10-23 16:50:13 -07:00
conformance e2e: remove redundant spaces in test names 2023-09-29 08:30:57 +02:00
e2e-internal
gen-swagger-doc
jenkins drop spammy xtrace from hack/test scripts 2025-08-28 12:21:01 -07:00
kube-api-linter feat: Enforce +k8s:optional on +k8s:unionMember fields via dependenttag linter 2026-01-14 20:08:59 +00:00
lib etcd: Update etcd to v3.6.7 2025-12-18 19:05:14 +05:30
make-rules make test: fix support for PARALLEL 2025-12-30 12:22:13 +01:00
testdata update pause version to 3.10.1 2025-07-09 16:38:14 +05:30
tools update sigs.k8s.io/kube-api-linter to latest 2026-01-14 20:02:30 +00:00
verify-flags kubelet: create top-level traces for pod sync and GC 2023-03-11 10:42:14 +01:00
.descriptions_failures Add missing comments in k8s.io/api/core/v1 2024-11-07 18:42:33 -08:00
.import-aliases scheduler: remove deprecated v1beta2 KubeSchedulerConfiguration 2023-08-17 13:27:21 +08:00
.spelling_failures Add gimme 2023-02-01 16:34:23 -05:00
_update-generated-proto-bindings-dockerized.sh Update protobindings scripts to drop gogo paths 2025-09-01 09:35:20 +02:00
_update-generated-protobuf-dockerized.sh Make hack scripts use go install and assume PATH 2024-02-29 22:07:32 -08:00
apidiff.sh apidiff: autodetect remote and default branch 2025-11-20 16:48:02 -08:00
benchmark-go.sh
build-cross.sh
build-go.sh
cherry_pick_pull.sh Add release notes to the body of the pull request on create cherry-pick. 2024-08-26 20:58:51 +03:00
dev-build-and-push.sh
dev-build-and-up.sh
dev-push-conformance.sh remove calls to kube::build::build_image and kube::build::copy_output 2025-10-13 09:47:24 -07:00
diff-protobuf.sh Add helper command for comparing protobuf files 2025-07-30 14:21:24 -04:00
e2e-node-test.sh
generate-docs.sh
get-build.sh fix: use dl.k8s.io, not kubernetes-release bucket 2023-05-13 10:57:41 +00:00
ginkgo-e2e.sh test: automatically lower Ginkgo parallelism when using race detection 2025-09-16 20:25:53 +02:00
golangci-hints.yaml Merge pull request #136184 from yongruilin/master_dependenttag 2026-01-15 11:09:45 +05:30
golangci.yaml Merge pull request #136184 from yongruilin/master_dependenttag 2026-01-15 11:09:45 +05:30
golangci.yaml.in lint: don't ignore go vet printf 2026-01-05 13:44:57 +01:00
grab-profiles.sh
install-etcd.sh install-ectd.sh: brace PATH and suggest user export 2025-03-13 11:23:53 -07:00
install-protoc.sh Add helper script to install protoc 2023-01-26 18:00:08 -05:00
lint-dependencies.sh Add guard for dependencies recursively depending on kubernetes or staging modules 2024-09-04 16:58:04 -04:00
local-up-cluster.sh Merge pull request #135687 from yashsingh74/cni-bump 2026-01-10 04:57:41 +05:30
logcheck.conf Merge pull request #135432 from pohly/apimachinery-featuregate-contextual-logging 2026-01-14 01:11:35 +05:30
module-graph.sh
OWNERS emeritus spiffxp 2025-06-10 20:05:40 -07:00
pin-dependency.sh Remove _tmp from pin-dependency 2024-03-05 21:44:43 -08:00
print-workspace-status.sh
README.md
run-prometheus-on-etcd-scrapes.sh
serve-prom-scrapes.sh
test-go.sh
unwanted-dependencies.json Update security and stability dependencies 2026-01-15 19:57:11 -05:00
update-all.sh
update-codegen.sh Revert "Implement validation-gen lint for CI" 2025-10-22 18:02:06 +00:00
update-conformance-yaml.sh Revert "Save a list of images used by e2e.test" 2024-01-12 13:15:01 -08:00
update-featuregates.sh add utility for generating markdown for feature gates 2025-12-18 22:53:56 -05:00
update-generated-api-compatibility-data.sh Rename new::setup_env back to setup_env 2024-02-29 22:06:44 -08:00
update-generated-docs.sh Move doc-generation funcs into only caller 2024-02-29 22:07:33 -08:00
update-generated-stable-metrics.sh
update-gofmt.sh Call verify_go_version at the END of setup_env 2024-02-29 22:06:56 -08:00
update-golangci-lint-config.sh golangci-lint: remove "strict" checking 2025-02-02 18:50:27 +01:00
update-import-aliases.sh Call verify_go_version at the END of setup_env 2024-02-29 22:06:56 -08:00
update-internal-modules.sh Change pushd $d; go ...; popd to go -C $d ... 2024-03-02 14:40:10 -08:00
update-kustomize.sh Simplify update-vendor.sh to use go work sync 2024-10-10 17:58:54 -04:00
update-mocks.sh Bump to mockery v3 2025-08-29 13:43:54 +02:00
update-netparse-cve.sh Honor KUBE_HACK_TOOLS_GOTOOLCHAIN 2025-02-14 13:01:59 -05:00
update-openapi-spec.sh Allow OpenAPI verification to pass both with and without strict alpha 2025-03-05 21:31:40 +00:00
update-owners-fmt.sh Rename hack/*-yamlfmt to -owners-fmt 2025-07-24 12:12:59 -07:00
update-translations.sh i18n: Fix bug where package-level variables are not translated. 2022-11-21 22:48:42 -05:00
update-vendor-licenses.sh Tidy update-vendor-licenses for workspaces 2024-02-29 22:06:53 -08:00
update-vendor.sh Replace cmd/yamlfmt with k-sigs/yaml/yamlfmt 2025-07-24 12:11:04 -07:00
verify-all.sh
verify-api-groups.sh removed this k8s.io/kubernetes/pkg/apis/componentconfig from verify-api-groups.sh 2024-04-13 05:26:16 -04:00
verify-boilerplate.sh
verify-cli-conventions.sh Make hack scripts use go install and assume PATH 2024-02-29 22:07:32 -08:00
verify-codegen.sh hack: move common "verify generated" shell code into function 2023-08-22 20:39:23 +02:00
verify-conformance-requirements.sh Call verify_go_version at the END of setup_env 2024-02-29 22:06:56 -08:00
verify-conformance-yaml.sh Revert "Save a list of images used by e2e.test" 2024-01-12 13:15:01 -08:00
verify-deadcode-elimination.sh add script for verifying dead code elimination 2025-06-17 03:35:12 +00:00
verify-description.sh Make hack scripts use go install and assume PATH 2024-02-29 22:07:32 -08:00
verify-e2e-images.sh e2e: suppress or ignore init log output 2026-01-07 14:11:33 +01:00
verify-e2e-test-ownership.sh declare and assign seperately in hack/verify-e2e-test-ownership.sh 2022-10-19 23:46:18 -07:00
verify-external-dependencies-version.sh update zeitgeist to v0.5.4 2024-10-21 09:57:12 +02:00
verify-featuregates.sh hack/verify-featuregates.sh: print failure information to stderr 2025-12-26 10:37:10 +01:00
verify-fieldname-docs.sh Make hack scripts use go install and assume PATH 2024-02-29 22:07:32 -08:00
verify-file-sizes.sh Changed to use "wc -c" to ensure the command works on both Linux and Mac OS X with a single implementation 2024-04-20 04:39:50 +09:00
verify-flags-underscore.py Get rid of most references to GOPATH 2024-02-29 22:06:51 -08:00
verify-generated-docs.sh Move doc-generation funcs into only caller 2024-02-29 22:07:33 -08:00
verify-generated-stable-metrics.sh
verify-gofmt.sh Remove legacy references to './output' 2024-02-29 22:07:31 -08:00
verify-golangci-lint-config.sh hack: verify to verify-golangci-lint.sh 2025-03-10 14:37:13 +02:00
verify-golangci-lint-pr-hints.sh hack: update golangci-lint verify scripts 2023-10-09 20:14:47 +02:00
verify-golangci-lint.sh Remove some unused bits of verify-golangci-lint.sh 2025-09-23 08:39:49 -04:00
verify-govulncheck.sh Merge pull request #132820 from dims/update-to-v1.1.4-for-golang.org/x/vuln/cmd/govulncheck 2025-07-08 20:01:33 -07:00
verify-import-aliases.sh Call verify_go_version at the END of setup_env 2024-02-29 22:06:56 -08:00
verify-import-boss.sh Move import-boss: k/code-generator/cmd -> k/k/cmd 2024-02-29 22:07:36 -08:00
verify-imports.sh Make hack scripts use go install and assume PATH 2024-02-29 22:07:32 -08:00
verify-internal-modules.sh hack: move common "verify generated" shell code into function 2023-08-22 20:39:23 +02:00
verify-licenses.sh Update allowed-thir-party-license-policy.md link 2025-12-11 17:10:35 +01:00
verify-mocks.sh hack: move common "verify generated" shell code into function 2023-08-22 20:39:23 +02:00
verify-netparse-cve.sh Remove legacy references to './output' 2024-02-29 22:07:31 -08:00
verify-no-vendor-cycles.sh Call verify_go_version at the END of setup_env 2024-02-29 22:06:56 -08:00
verify-non-mutating-validation.sh
verify-openapi-docs-urls.sh Remove _tmp from verify-openapi-docs-urls 2024-03-05 21:44:44 -08:00
verify-openapi-spec.sh Allow OpenAPI verification to pass both with and without strict alpha 2025-03-05 21:31:40 +00:00
verify-owners-fmt.sh Rename hack/*-yamlfmt to -owners-fmt 2025-07-24 12:12:59 -07:00
verify-pkg-names.sh remove unnecessary kube::golang::verify_go_version calls 2023-09-11 14:06:28 -07:00
verify-prerelease-lifecycle-tags.sh enforce that GA apis also have lifecycle tags 2024-05-21 13:27:01 -07:00
verify-prometheus-imports.sh kubelet: Force deleted pods can fail to move out of terminating 2023-03-08 22:03:51 -06:00
verify-publishing-bot.sh Honor KUBE_HACK_TOOLS_GOTOOLCHAIN 2025-02-14 13:01:59 -05:00
verify-readonly-packages.sh Remove legacy references to './output' 2024-02-29 22:07:31 -08:00
verify-shellcheck.sh disable selinux relabeling when mounting sourcedir to shellcheck 2025-06-11 15:35:56 -07:00
verify-spelling.sh dependencies: github.com/client9/misspell -> github.com/golangci/misspell 2025-04-28 15:44:04 +02:00
verify-staging-meta-files.sh
verify-test-code.sh Provide link with e2e guidelines when verity-test-code.sh fails 2024-10-29 13:07:05 +01:00
verify-test-featuregates.sh Record and require all kube-feature dependencies 2025-10-15 10:29:15 -07:00
verify-test-images.sh
verify-testing-import.sh hack: configure Go environments where necessary 2024-09-26 23:32:33 +02:00
verify-typecheck.sh Fix flaky typecheck: enforce serial execution to prevent OOM 2026-01-09 10:40:43 +05:30
verify-vendor-licenses.sh Make vendor-licenses use verify::generated 2024-03-05 21:44:43 -08:00
verify-vendor.sh Simplify update-vendor.sh to use go work sync 2024-10-10 17:58:54 -04:00

README.md

Kubernetes hack GuideLines

This document describes how you can use the scripts from hack directory and gives a brief introduction and explanation of these scripts.

Overview

The hack directory contains many scripts that ensure continuous development of kubernetes, enhance the robustness of the code, improve development efficiency, etc. The explanations and descriptions of these scripts are helpful for contributors. For details, refer to the following guidelines.

Key scripts

  • verify-all.sh: This script is a vestigial redirection, Please do not add "real" logic. It is equivalent to make verify.
  • update-all.sh: This script is a vestigial redirection, Please do not add "real" logic. The true target of this makerule is hack/make-rules/update.sh.It is equivalent to make update.

Attention

Note that all scripts must be run from the Kubernetes root directory. We should run hack/verify-all.sh before submitting a PR and if anything fails run hack/update-all.sh.