release Dependency update - Golang 1.22.7/1.23.1

Tracking info

Link to any previous tracking issue: https://github.com/kubernetes/release/issues/3723

Golang mailing list announcement: https://groups.google.com/g/golang-announce/c/vM0L-2IDlOU/m/R-gi-VMOBQAJ

SIG Release Slack thread: https://kubernetes.slack.com/archives/CJH2GBF7Y/p1725031141201539

Work items

[x] kube-cross, go-runner, releng-ci image updates: https://github.com/kubernetes/release/pull/3758
- [x] kube-cross image promotion: https://github.com/kubernetes/k8s.io/pull/7324
- [x] go-runner image promotion: https://github.com/kubernetes/k8s.io/pull/7323
- [x] releng-ci image promotion: https://github.com/kubernetes/k8s.io/pull/7320

After go-runner image promotion

[x] distroless-iptables image update: https://github.com/kubernetes/release/pull/3773
- [ ] image promotion:

After kube-cross and distroless-iptables image promotions

[ ] kubernetes/kubernetes update (master):

Ensure the following have been updated within the PR:
- [ ] .go-version file
- [ ] kube-cross image
- [ ] go-runner image
- [ ] distroless-iptables image
- [ ] publishing bot rules
- [ ] test image

Note This update may require an update to go.sum files, for example: https://github.com/kubernetes/kubernetes/pull/118507 This will require an API Review approval.

After kubernetes/kubernetes (master) has been updated

[ ] k8s-cloud-builder and k8s-ci-builder image updates:

[ ] kubekins/krte image variants update:

Cherry picks

[ ] Kubernetes 1.y-1:
[ ] Kubernetes 1.y-2:
[ ] Kubernetes 1.y-3:

[ ] publishing bot rule updates for active Golang versions:

After kubernetes/kubernetes (release branches) has been updated

[ ] k8s-cloud-builder and k8s-ci-builder image updates:

[ ] kubekins/krte image updates:

Follow-up items

[ ] Ensure the Golang issue template is updated with any new requirements
[ ] <Any other follow up items>

/assign cc: @kubernetes/release-engineering

Aug 30 '24 15:08 jeremyrickard

Creating this in case we need to adopt this. Will update further once we see the CVEs.

Aug 30 '24 15:08 jeremyrickard

i can work on that @jeremyrickard if you want

Sep 05 '24 16:09 cpanato

@jeremyrickard do we skip this for the patch releases ?

Sep 06 '24 17:09 ameukam

created PR https://github.com/kubernetes/release/pull/3758

Sep 12 '24 18:09 haitch

/assign @haitch as he is working on the bumps

Sep 19 '24 10:09 cpanato

3 image promotion PR:

https://github.com/kubernetes/k8s.io/pull/7324
https://github.com/kubernetes/k8s.io/pull/7323
https://github.com/kubernetes/k8s.io/pull/7320

Sep 20 '24 00:09 haitch

all 3 PR need ok-to-test label

Sep 20 '24 01:09 haitch

#3773 for distroless-iptables image update

Sep 21 '24 03:09 haitch

I don't understand why the bot close this issue, we still have quite some item pending, @jeremyrickard can you mark complete for

distroless-iptable image promotion
kubernetes/kubernetes update (master)

another thing I want to ask is shall we keep bump go 1.22.7 for kubernetes {1.28 to 1.31}, or shall we halt and start go 1.22.8 work stream?

Oct 02 '24 18:10 haitch

we need to reactive this issue

Oct 03 '24 04:10 haitch

/reopen

Oct 03 '24 05:10 ameukam

@ameukam: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Oct 03 '24 05:10 k8s-ci-robot

Superseded by https://github.com/kubernetes/release/issues/3778. /close

Oct 03 '24 17:10 justaugustus