chore(deps): bump the go-dependencies group with 8 updates

[dependabot]

Bumps the go-dependencies group with 8 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2	1.41.9	1.41.11
github.com/aws/aws-sdk-go-v2/config	1.32.20	1.32.22
github.com/aws/aws-sdk-go-v2/credentials	1.19.19	1.19.21
github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager	0.2.3	0.2.5
github.com/aws/aws-sdk-go-v2/service/ecs	1.82.0	1.82.2
github.com/aws/aws-sdk-go-v2/service/lambda	1.91.0	1.92.1
github.com/aws/aws-sdk-go-v2/service/s3	1.102.2	1.103.1
sigs.k8s.io/kind	0.31.0	0.32.0

Updates github.com/aws/aws-sdk-go-v2 from 1.41.9 to 1.41.11

Commits

• fa369bd Release 2026-06-03
• 960ee4d Regenerated Clients
• 4b6df8b Update endpoints model
• 30b15dd Update API model
• e8c72af enable schema-serde (#3421)
• b4d02c5 Release 2026-06-02
• 48e375b Regenerated Clients
• b8a4fc1 Update API model
• e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
• 4e258a3 chore: update changelog description per review
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.20 to 1.32.22

Commits

• fa369bd Release 2026-06-03
• 960ee4d Regenerated Clients
• 4b6df8b Update endpoints model
• 30b15dd Update API model
• e8c72af enable schema-serde (#3421)
• b4d02c5 Release 2026-06-02
• 48e375b Regenerated Clients
• b8a4fc1 Update API model
• e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
• 4e258a3 chore: update changelog description per review
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.19 to 1.19.21

Commits

• fa369bd Release 2026-06-03
• 960ee4d Regenerated Clients
• 4b6df8b Update endpoints model
• 30b15dd Update API model
• e8c72af enable schema-serde (#3421)
• b4d02c5 Release 2026-06-02
• 48e375b Regenerated Clients
• b8a4fc1 Update API model
• e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
• 4e258a3 chore: update changelog description per review
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager from 0.2.3 to 0.2.5

Commits

• fa369bd Release 2026-06-03
• 960ee4d Regenerated Clients
• 4b6df8b Update endpoints model
• 30b15dd Update API model
• e8c72af enable schema-serde (#3421)
• b4d02c5 Release 2026-06-02
• 48e375b Regenerated Clients
• b8a4fc1 Update API model
• e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
• 4e258a3 chore: update changelog description per review
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecs from 1.82.0 to 1.82.2

Commits

• fa369bd Release 2026-06-03
• 960ee4d Regenerated Clients
• 4b6df8b Update endpoints model
• 30b15dd Update API model
• e8c72af enable schema-serde (#3421)
• b4d02c5 Release 2026-06-02
• 48e375b Regenerated Clients
• b8a4fc1 Update API model
• e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
• 4e258a3 chore: update changelog description per review
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/lambda from 1.91.0 to 1.92.1

Commits

• 34ec0a4 Release 2025-11-25
• 540441a Regenerated Clients
• 9869a2b Update endpoints model
• a6b38c1 Update API model
• 3953a0d add explicit message deser to all s3 errors (#3237)
• e7eec69 Fix panic during auth scheme resolution due to region validation (#3235)
• d68b3a0 Release 2025-11-24
• 292a198 Regenerated Clients
• dfeabc6 Update API model
• a7a1be5 Release 2025-11-21
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.102.2 to 1.103.1

Commits

• fa369bd Release 2026-06-03
• 960ee4d Regenerated Clients
• 4b6df8b Update endpoints model
• 30b15dd Update API model
• e8c72af enable schema-serde (#3421)
• b4d02c5 Release 2026-06-02
• 48e375b Regenerated Clients
• b8a4fc1 Update API model
• e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
• 4e258a3 chore: update changelog description per review
• Additional commits viewable in compare view

Updates sigs.k8s.io/kind from 0.31.0 to 0.32.0

Release notes

Sourced from sigs.k8s.io/kind's releases.

v0.32.0

This release contains critical dependency updates, bug fixes, and defaults to Kubernetes 1.36.1.

Breaking Changes

• The default node image is now kindest/node:v1.36.1@sha256:3489c7674813ba5d8b1a9977baea8a6e553784dab7b84759d1014dbd78f7ebd5
• New node images requiring upgrading kind to kind load ...: Due to a containerd upgrade, you must upgrade kind to this release or newer to use kind load ... with the newly published node images. As always, we cannot gurantee full compatibility of node images between kind releases. You can use the digests from previous releases, upgrade kind, or build your own node-images.
• kubeadm v1beta4 config format is now used for Kubernetes 1.36.0+ If you are using versioned config patches, you must update to target v1beta4. Unversioned patches kind will attempt to convert as needed (more below in New Features). This change is required for Kubernetes 1.37+ which drops kubeadm v1beta3 config.
• Adoption of Envoy for Load Balancing in multi-control-plane node clusters: HAProxy has been replaced by Envoy (docker.io/envoyproxy/envoy:v1.36.2) as the load balancer in multi-control-plane (HA) clusters. If you rely on custom HAProxy loadbalancer configurations or images, please note that Envoy is now used.
• cgroup v1 warning: A warning is now printed if cgroup v1 is detected on the host. Kubernetes has deprecated support for cgroup v1, and at some point in the future KIND releases / node-images will also drop support for cgroup v1.

New Features

• kubeadm v1beta4 configuration support: KIND now uses the v1beta4 config format for Kubernetes v1.36.0+ while maintaining v1beta3 for v1.23.0 up to v1.35.x, and v1beta2 for older versions.
• Custom Merging & Version-Awareness for Kubeadm Config Patches:
  • KIND now automatically translates old-style map-based extraArgs / kubeletExtraArgs patches to the list-based v1beta4 format when targeting v1beta4 configs.
  • Config patches now append to extraArgs / kubeletExtraArgs / certSANs reliably. To overwrite or make other more precise patching, use json6902 patches.
• Support for containerd config v4 format: Enabled support for containerd's config v4 format in kind load and snapshotter parsing, which is required for newer containerd versions.
• Building Node Images from CI Artifacts: Added support to build node images from Kubernetes CI artifacts (resolving endpoints like https://dl.k8s.io/ci/latest.txt or CI build prefixes).
• Support for containerd version-aware containerd config patching: Like kubeadmConfigPatches, containerd config patching is now aware of version and if specified in patches will only apply patches that match the containerd config being used.
• Assorted dependency updates.

Images pre-built for this release:

• v1.36.1: kindest/node:v1.36.1@sha256:3489c7674813ba5d8b1a9977baea8a6e553784dab7b84759d1014dbd78f7ebd5
• v1.35.5: kindest/node:v1.35.5@sha256:ce977ae6d65918d0b58a5f8b5e940429c2ce42fa3a5619ec2bbc60b949c0ac95
• v1.34.8: kindest/node:v1.34.8@sha256:02722c2dedddcfc00febf5d27fbeb9b7b2c14294c82109ff4a85d89ac9ba3256
• v1.33.12: kindest/node:v1.33.12@sha256:3f5c8443c620245e4d355cfe09e96a91ead32ceaa569d3f1ca9edf0cb2fe2ff4

NOTE: You must use the @sha256 digest to guarantee an image built for this release, until such a time as we switch to a different tagging scheme. Even then we will highly encourage digest pinning for security and reproducibility reasons.

Fixes

• Fix permission error when creating pods with hostUsers: false (Kubernetes 1.36+).
• Handle registry ports correctly in image normalization logic (e.g., registry running on ports like localhost:5000/...).
• Handle empty port mapping listen addresses correctly (defaults to wildcard address).
• Skip /dev/mapper mount on rootless Docker.
• Assorted documentation fixes and improvements.

See also:

• https://kind.sigs.k8s.io/docs/user/quick-start/#creating-a-cluster
• https://kind.sigs.k8s.io/docs/user/quick-start/#building-images

NOTE: These node images support amd64 and arm64, both of our supported platforms. You must use the same platform as your host, for more context see #2718

Contributors

Committers for this release:

• @​AnjaliMishra1st
• @​aojea

... (truncated)

Changelog

Sourced from sigs.k8s.io/kind's changelog.

kind Release Process

This document describes the steps to cut a new kind release. It is intended for maintainers who have push access to the upstream repository and the staging image registry.

Prerequisites

• GNU sed (macOS: brew install gnu-sed)
• Docker with buildx support
• crane installed (for image promotion to Docker Hub)
• Push access to github.com/kubernetes-sigs/kind
• Push access to gcr.io/k8s-staging-kind
• Push access to kindest on Docker Hub

---

Phase 1 - Publish Node Images

Node images must be built, tested, and promoted to Docker Hub before the kind release so their digest hashes are known and can be embedded in the release binary.

1.1 Build and push to staging

Use hack/release/push-node.sh for Kubernetes v1.31 and later:

./hack/release/push-node.sh v1.35.0

This builds amd64 and arm64 node images and pushes them to gcr.io/k8s-staging-kind/node:v1.35.0, then creates a multi-arch manifest list.

You can override the registry or add architectures:

REGISTRY=gcr.io/k8s-staging-kind ARCHES="amd64 arm64" ./hack/release/push-node.sh v1.35.0

1.2 Test with the staging image

Update the default image in pkg/apis/config/defaults/image.go to point to the staging image with its digest, then run CI to validate:

const Image = "gcr.io/k8s-staging-kind/node:v1.35.0@sha256:<digest-from-push>"

... (truncated)

Commits

• cda67ef version v0.32.0
• a335a9e Merge pull request #4182 from stmcginnis/kindest/node-v1.36.1
• 645b868 bump default image to kindest/node:v1.36.1
• d1b84e8 Merge pull request #4181 from BenTheElder/base-fix
• 25d94fa bump staging node image
• 088013a update base image with permissions fix
• 995e8fa Fix: Permission error when creating pod with hostUsers: false (#4179)
• b029a2b Merge pull request #4149 from BenTheElder/bump-images-asdf
• 140186f Merge pull request #4174 from BenTheElder/ci-builds
• 811ea84 Merge pull request #4173 from BenTheElder/kubeadm-v1beta4-special-patch
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[claude]

Claude finished @dependabot[bot]'s task in 35s —— View job

---

Dependency Upgrade Review

• Identify changed dependencies
• Review go.mod changes
• Analyze AWS SDK usage in codebase
• Analyze sigs.k8s.io/kind usage in codebase
• Check for breaking changes and risks
• Post final review

---

Summary

This PR bumps 8 dependencies (7 AWS SDK modules + kind). All changes are low risk — no breaking API changes affect this codebase.

---

AWS SDK v2 (patch/minor bumps)

Package	From	To	Risk
aws-sdk-go-v2	1.41.9	1.41.11	None
config	1.32.20	1.32.22	None
credentials	1.19.19	1.19.21	None
feature/s3/transfermanager	0.2.3	0.2.5	Low
service/ecs	1.82.0	1.82.2	None
service/lambda	1.91.0	1.92.1	None
service/s3	1.102.2	1.103.1	None

Usage in this repo: The AWS SDK is used in internal/aws/ for ECS cluster/service/task listing, Lambda function enumeration, and S3 object listing/download. All usage relies on stable, well-established API operations (ListFunctions, DescribeClusters, ListObjectsV2, etc.).

Upstream changes are routine — regenerated clients, endpoint model updates, API model updates, and a cleanup of deprecated ioutil usage internal to the SDK. The ioutil removal is internal to the SDK; this codebase does not use any deprecated ioutil-related SDK APIs.

transfermanager v0.2.5 note: This is still pre-v1 (v0.x), so semver allows breaking changes. However, this repo uses only transfermanager.New() and transfermanager.Client.DownloadObject() — both are core APIs unlikely to change in a patch bump. Low concern.

Verdict: Safe. No API surface changes affect this codebase.

---

sigs.k8s.io/kind (0.31.0 → 0.32.0)

This is the most notable bump — kind v0.32.0 has several documented breaking changes:

1. Default node image → Kubernetes v1.36.1 — new default node image
2. HAProxy → Envoy for HA (multi-control-plane) clusters
3. kubeadm v1beta4 config format for K8s 1.36+
4. containerd config v4 format required for kind load
5. cgroup v1 warning now printed

Usage in this repo: Kind is used only in test infrastructure (internal/kube/kube_test.go) to spin up a single-node test cluster:

suite.provider = cluster.NewProvider(cluster.ProviderWithDocker())
suite.provider.Create(suite.clusterName, cluster.CreateWithWaitForReady(300*time.Second))
suite.provider.ExportKubeConfig(...)
suite.provider.Delete(...)

Impact assessment:

Breaking change	Affects this repo?	Why
HAProxy → Envoy	No	Single-node cluster, no HA config
kubeadm v1beta4	No	No custom kubeadm config patches used
containerd v4 config	No	No kind load or containerd config in tests
New default node image	Low risk	Test cluster uses default image; K8s 1.36.1 should be compatible
cgroup v1 warning	No	Cosmetic warning only

Verdict: Safe. None of the breaking changes affect the minimal test-only usage pattern. The default node image change (K8s 1.36.1) aligns with the repo already depending on k8s.io/kubernetes v1.36.1.

---

Recommendation

This PR is safe to merge. All upgrades are routine with no breaking changes affecting this codebase. The kind v0.32.0 breaking changes are real but none apply to the single-node, default-config test cluster pattern used here.

No follow-up action required — CI test results will confirm compatibility.