fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/checkout	action	patch	v4.2.0 -> v4.2.2
actions/setup-go	action	minor	v5.1.0 -> v5.2.0
actions/upload-artifact	action	minor	v4.4.3 -> v4.6.0
actions/upload-artifact	action	minor	v4.4.0 -> v4.6.0
aws (source)	required_provider	minor	5.80.0 -> 5.83.1
coredns (source)		minor	1.36.1 -> 1.37.0
curlimages/curl	final	patch	8.11.0 -> 8.11.1
docker/build-push-action	action	minor	v6.10.0 -> v6.11.0
github/codeql-action	action	minor	v3.27.6 -> v3.28.1
go.opentelemetry.io/otel	require	minor	v1.32.0 -> v1.33.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	require	minor	v1.32.0 -> v1.33.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	require	minor	v1.32.0 -> v1.33.0
go.opentelemetry.io/otel/sdk	require	minor	v1.32.0 -> v1.33.0
go.opentelemetry.io/otel/trace	require	minor	v1.32.0 -> v1.33.0
goreleaser/goreleaser-action	action	minor	v6.0.0 -> v6.1.0
istio.io/client-go	require	patch	v1.24.1 -> v1.24.2
jaegertracing/all-in-one		minor	1.64.0 -> 1.65.0
kubernetes (source)	required_provider	minor	2.34.0 -> 2.35.1
peter-evans/create-pull-request	action	patch	v7.0.5 -> v7.0.6
step-security/harden-runner	action	patch	v2.10.2 -> v2.10.3
step-security/harden-runner	action	patch	v2.10.1 -> v2.10.3
terraform-aws-modules/eks/aws (source)	module	patch	20.31.1 -> 20.31.6
terraform-aws-modules/iam/aws (source)	module	minor	5.48.0 -> 5.52.2

---

Release Notes

actions/checkout (actions/checkout)

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in https://github.com/actions/checkout/pull/1941
• Expand unit test coverage for isGhes by @​jww3 in https://github.com/actions/checkout/pull/1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in https://github.com/actions/checkout/pull/1924

actions/setup-go (actions/setup-go)

v5.2.0

Compare Source

What's Changed

• Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @​Shegox in https://github.com/actions/setup-go/pull/496

New Contributors

• @​Shegox made their first contribution in https://github.com/actions/setup-go/pull/496

Full Changelog: actions/setup-go@v5...v5.2.0

actions/upload-artifact (actions/upload-artifact)

v4.6.0

Compare Source

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in https://github.com/actions/upload-artifact/pull/662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

Compare Source

hashicorp/terraform-provider-aws (aws)

v5.83.1

Compare Source

BUG FIXES:

• resource/aws_route53_record: Correct fdqn value if name is a wildcard domain name (the leftmost label is *). This fixes a regression introduced in v5.83.0 (#​40868)

v5.83.0

Compare Source

NOTES:

• provider: The retry handling in the apigatewayv2 client has been updated to more extensively match ConflictException error responses. This change should be transparent to users, but if any unexpected changes in behavior with apigatewayv2 resources occur following an upgrade to this release, please open a bug report. (#​40840)
• resource/aws_api_gateway_domain_name_access_association: Deprecates id in favor of arn. (#​40626)
• resource/aws_route53_cidr_location: Deprecates id. (#​40626)
• resource/aws_s3_directory_bucket: Deprecates id in favor of bucket. (#​40626)

FEATURES:

• New Data Source: aws_cloudwatch_event_buses (#​40662)
• New Data Source: aws_ecs_clusters (#​40638)
• New Data Source: aws_route53_records (#​38186)
• New Ephemeral Resource: aws_cognito_identity_openid_token_for_developer_identity (#​40763)
• New Resource: aws_bedrockagent_agent_collaborator (#​40559)
• New Resource: aws_cleanrooms_membership (#​35165)
• New Resource: aws_cloudwatch_log_delivery (#​40731)
• New Resource: aws_cloudwatch_log_delivery_destination (#​40731)
• New Resource: aws_cloudwatch_log_delivery_destination_policy (#​40731)
• New Resource: aws_cloudwatch_log_delivery_source (#​40731)
• New Resource: aws_cloudwatch_log_index_policy (#​40594)
• New Resource: aws_vpclattice_resource_gateway (#​40821)

ENHANCEMENTS:

• data-source/aws_codebuild_fleet: Add compute_configuration attribute (#​40752)
• data-source/aws_dms_endpoint: Add kafka_settings.sasl_mechanism attribute (#​36918)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_rds_certificate: Add default_for_new_launches attribute (#​40536)
• data-source/aws_rds_engine_version: Add supports_certificate_rotation_without_restart, supports_integrations, and supports_local_write_forwarding attributes (#​40700)
• data-source/aws_s3_bucket: Add hosted zone ID for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_vpc_endpoint_service: Add region attribute (#​40795)
• data-source/aws_vpc_endpoint_service: Add service_regions argument (#​40795)
• provider: Support ap-southeast-7 as a valid AWS Region (#​40849)
• resource/aws_appflow_flow: Add data_transfer_api attribute to destination_flow_config_list.destination_connector_properties.salesforce (#​34937)
• resource/aws_cloudfront_distribution: Add grpc_config argument to default_cache_behavior and ordered_cache_behavior configuration blocks (#​40762)
• resource/aws_codebuild_fleet: Add compute_configuration argument (#​40752)
• resource/aws_cognito_user_pool: Add email_mfa_configuration argument (#​40734)
• resource/aws_cognito_user_pool: Add sign_in_policy and web_authn_configuration arguments (#​40765)
• resource/aws_cognito_user_pool: Add user_pool_tier argument (#​40633)
• resource/aws_dms_endpoint: Add kafka_settings.sasl_mechanism argument (#​36918)
• resource/aws_ecr_account_setting: Add valid values for registry policy scope to name and value arguments (#​40772)
• resource/aws_eip_association: Adds validation to only allow one of instance_id or network_interface_id (#​40769)
• resource/aws_eks_node_group: Add node_repair_config configuration block (#​40698)
• resource/aws_elasticache_user: Add VALKEY as supported value for 'engine' argument (#​40764)
• resource/aws_elasticache_user_group: Add VALKEY as supported value for 'engine' argument (#​40764)
• resource/aws_emr_studio: Add encryption_key_arn argument (#​40771)
• resource/aws_quicksight_user: Add user_invitation_url attribute (#​40775)
• resource/aws_rds_cluster: Support iam-db-auth-error as a valid value for enabled_cloudwatch_logs_exports (#​40789)
• resource/aws_rds_integration: Add data_filter argument (#​40816)
• resource/aws_s3_object_copy: Add override_provider configuration block, allowing tags inherited from the provider default_tags configuration block to be ignored (#​40689)

BUG FIXES:

• resource/aws_api_gateway_domain_name: Fixed error when adding policy to existing private domain name (#​40708)
• resource/aws_apigatewayv2_api: Don't overwrite the configured values of description, name or version if they are not present in the OpenAPI definition body (#​40707)
• resource/aws_apigatewayv2_route: Fix retry handling of ConflictException error responses (#​40840)
• resource/aws_cloudfront_cache_policy: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when parameters_in_cache_key_and_forwarded_to_origin.cookies_config, parameters_in_cache_key_and_forwarded_to_origin.headers_config, or parameters_in_cache_key_and_forwarded_to_origin.query_strings_config are empty (#​40815)
• resource/aws_codebuild_fleet: Allow scaling_configuration to be removed on Update (#​40773)
• resource/aws_codebuild_project: Allow file_system_locations to be removed on Update (#​40842)
• resource/aws_ec2_instance_connect_endpoint: Set fips_dns_name to an empty value ("") when no value is returned from the EC2 API. This fixes known-after-apply loops in Regions that don't support FIPS endpoints (#​37939)
• resource/aws_emr_studio: Fix issue with IAM/KMS policy eventual consistency handling not working (#​40771)
• resource/aws_glue_catalog_database: Fix crash when expanding create_table_default_permission with a nil principal block (#​40761)
• resource/aws_instance: Always set http_tokens when metadata_options is updated (#​40727)
• resource/aws_instance: Set new computed value for public_dns and public_ip attributes when changing instance_type, user_data, or user_data_base64 (#​40710)
• resource/aws_internet_gateway: Handle operation error EC2: DetachInternetGateway, ..., api error InvalidInternetGatewayID.NotFound: ... errors on delete for resources deleted out-of-band (#​40790)
• resource/aws_internet_gateway_attachment: Handle operation error EC2: DetachInternetGateway, ..., api error InvalidInternetGatewayID.NotFound: ... errors on delete for resources deleted out-of-band (#​40790)
• resource/aws_quicksight_data_set: Correctly expand logical_table_map.tag_column_operation.tags.column_description (#​40713)
• resource/aws_rds_instance Fix manage_master_user_password being updated in state when update errors (#​40538)
• resource/aws_route53_record: Fix perpetual diff if alias.name contains characters that the Route 53 API escapes (#​40154)
• resource/aws_route53_zone: Fix perpetual diff if name contains characters that the Route 53 API escapes (#​40154)
• resource/aws_ses_identity_notification_topic: Prevent destroy failure when resource is already deleted outside of Terraform (#​40684)
• resource/aws_sesv2_configuration_set: Fix handling of delivery_options.max_delivery_seconds when not configured (#​40670)
• resource/aws_sesv2_configuration_set_event_destination: Retry IAM eventual consistency errors (#​40843)
• resource/aws_sqs_queue: Fix timeout error on creation if sqs_managed_sse_enabled=true and kms_data_key_reuse_period_seconds is configured (#​40729)

v5.82.2

Compare Source

BUG FIXES:

• data-source/aws_lb_listener: Add mutual_authentication.advertise_trust_store_ca_names attribute. This fixes a regression introduced in v5.82.0 causing setting mutual_authentication: Invalid address to set: []string{"mutual_authentication", "0", "advertise_trust_store_ca_names"} errors (#​40658)

v5.82.1

Compare Source

ENHANCEMENTS:

• resource/aws_autoscaling_group: Add availability_zone_distribution argument (#​40634)

BUG FIXES:

• data-source/aws_iam_policy_document: Reverts plan-time validation for statement sid (#​40639)

v5.82.0

Compare Source

NOTES:

• resource/aws_resourcegroups_resource: The format of the read-only id attribute has changed to prevent inconsistent parsing which resulted in provider crashes under certain conditions. The new format is a comma-delimited string combining group_arn and resource_arn in their entirety. Configuarations relying on the previous format may need to be updated to continue functioning correctly. (#​40579)

FEATURES:

• New Data Source: aws_servicecatalogappregistry_attribute_group_associations (#​38306)
• New Resource: aws_api_gateway_domain_name_access_association (#​40566)
• New Resource: aws_cloudfront_vpc_origin (#​40239)
• New Resource: aws_memorydb_multi_region_cluster (#​40376)
• New Resource: aws_networkmanager_dx_gateway_attachment (#​40546)
• New Resource: aws_rds_cluster_snapshot_copy (#​40398)

ENHANCEMENTS:

• data-source/aws_dx_gateway: Add arn attribute (#​40546)
• data-source/aws_iam_policy_document: Add plan-time validation that the statement sid is valid, including on alphanumeric characters (#​40562)
• data-source/aws_vpc_endpoint: Add service_region attribute (#​40583)
• resource/aws_bedrockagent_agent: Add agent_collaboration attribute to configure agent collaboration role (#​40543)
• resource/aws_cloudfront_distribution: Add origin.vpc_origin_config argument (#​40239)
• resource/aws_db_parameter_group: Support import of name_prefix argument (#​40622)
• resource/aws_dx_gateway: Add arn attribute (#​40546)
• resource/aws_fsx_lustre_file_system: Add efa_enabled argument (#​40381)
• resource/aws_lb_listener: Add advertise_trust_store_ca_names attribute to the mutual_authentication configuration block (#​40550)
• resource/aws_memorydb_cluster: Add multi_region_cluster_name argument (#​40376)
• resource/aws_networkmanager_attachment_accepter: Add edge_locations attribute (#​40546)
• resource/aws_resourcegroups_resource: Add import support (#​40579)
• resource/aws_vpc_endpoint: Add service_region argument (#​40583)

BUG FIXES:

• data-source/aws_acmpca_certificate_authority: Ignore AccessDeniedException: ... is not authorized to perform: acm-pca:GetCertificateAuthorityCsr on resource: ... errors for RAM-shared CAs (#​39952)
• data-source/aws_licensemanager_received_license: Fix setting entitlements: Invalid address to set: []string{"entitlements", "0", "overage"} errors (#​40621)
• resource/aws_amplify_domain_association: No longer ignores changes to certificate_settings when updating. (#​40589)
• resource/aws_amplify_domain_association: Prevent "unexpected state" error when setting certificate_settings.type to CUSTOM. (#​40589)
• resource/aws_amplify_domain_association: Prevent ValidationException when setting certificate_settings.type to AMPLIFY_MANAGED. (#​40589)
• resource/aws_amplify_domain_association: Prevent permanent diff when certificate_settings not set. (#​40589)
• resource/aws_amplify_domain_association: Prevents panic in some circumstances when certificate_settings is not set during update. (#​40589)
• resource/aws_api_gateway_domain_name: Correct arn for private custom domain names (#​40566)
• resource/aws_codeconnections_host: Mark vpc_configuration.tls_certificate as Optional (#​40574)
• resource/aws_elasticache_replication_group: Prevent perpetual diff which triggers resource replacement on at_rest_encryption_enabled when engine is valkey. (#​40514)
• resource/aws_lakeformation_permissions: Add support for IAMPrincipals principal group (#​38600)
• resource/aws_lakeformation_permissions: Fix refreshing state so order is not considered in permissions and permissions_with_grant_option attributes (#​38047)
• resource/aws_lakeformation_resource_lf_tag: Fix panic when resource tries to destroy a LFTag reference that does not exist (#​40584)
• resource/aws_lambda_invocation: Set new computed value for result attribute when changing input attribute, for lifecycle scope "CRUD" (#​34263)
• resource/aws_medialive_channel: Added missing teletext_destination_settings. (#​33797)
• resource/aws_rds_cluster: Fix issue with waiter when modifying allocated_storage (#​40601)
• resource/aws_resourcegroups_resource: Fix crash when parsing certain ARN formats (#​40579)
• resource/aws_s3_bucket: Destroying a bucket with force_destroy = true can now delete objects with non-XML-safe keys (#​40537)
• resource/aws_s3_directory_bucket: Destroying a directory bucket with force_destroy = true can now delete objects with non-XML-safe keys (#​40537)
• resource/aws_secretsmanager_secret_rotation: Fix bug where automatically_after_days was not being set properly when schedule_expression had been set previously (#​34295)
• resource/aws_secretsmanager_secret_rotation: Retry rotation in case it has not yet propagated when previously an error would occur: InvalidRequestException: A previous rotation isn't complete. That rotation will be reattempted. (#​34295)
• resource/aws_sqs_queue_redrive_allow_policy: Fix perpetual redrive_allow_policy diffs (#​40604)

v5.81.0

Compare Source

FEATURES:

• New Data Source: aws_servicecatalogappregistry_attribute_group (#​38188)
• New Ephemeral Resource: aws_ssm_parameter (#​40313)
• New Resource: aws_bedrock_inference_profile (#​40294)
• New Resource: aws_cloudwatch_log_anomaly_detector (#​40437)
• New Resource: aws_ecr_account_setting (#​40219)
• New Resource: aws_msk_single_scram_secret_association (#​37056)
• New Resource: aws_servicecatalogappregistry_attribute_group (#​38183)
• New Resource: aws_servicecatalogappregistry_attribute_group_association (#​38290)

ENHANCEMENTS:

• data-source/aws_api_gateway_domain_name: Add policy and domain_name_id attributes (#​40364)
• data-source/aws_servicecatalogappregistry_application: Add tags attribute (#​38243)
• data-source/aws_sesv2_configuration_set: Add delivery_options.max_delivery_seconds and tracking_options.https_policy attributes (#​40194)
• resource/aws_api_gateway_base_path_mapping: Add domain_name_id argument (#​40447)
• resource/aws_api_gateway_domain_name: Add policy argument and domain_name_id attribute (#​40364)
• resource/aws_api_gateway_domain_name: Support PRIVATE as a valid value for endpoint_configuration.types argument, enabling custom domain name support for private REST API endpoints (#​40364)
• resource/aws_ebs_snapshot_copy: Add completion_duration_minutes argument (#​40336)
• resource/aws_glue_catalog_table_optimizer: Add configuration.retention_configuration and configuration.orphan_file_deletion_configuration attributes. (#​40199)
• resource/aws_instance: Add enable_primary_ipv6 argument to add support for enabling primary IPv6 addresses on EC2 instances (#​36425)
• resource/aws_kinesis_stream: Add plan-time validation that shard_count would not exceed the AWS account's shard quota when the data stream capacity mode is PROVISIONED, preventing the provider from retrying for 1 hour in the case that the quota is exceeded. This functionality requires the kinesis:DescribeLimits IAM permission (#​40499)
• resource/aws_kinesis_stream: Add plan-time validation that creation of an on-demand stream would not exceed the AWS account's data stream quota, preventing the provider from retrying for 1 hour in the case that the quota is exceeded. This functionality requires the kinesis:DescribeLimits IAM permission (#​40499)
• resource/aws_msk_replicator: Add topic_replication.topic_name_configuration argument (#​40101)
• resource/aws_network_interface: Add enable_primary_ipv6 argument to add support for enabling primary IPv6 addresses for network interfaces (#​36425)
• resource/aws_networkfirewall_firewall_policy: Add stateful_engine_options.flow_timeouts argument (#​39996)
• resource/aws_rds_cluster: Add serverlessv2_scaling_configuration.seconds_until_auto_pause argument (#​40441)
• resource/aws_rds_global_cluster: Add tags argument and tags_all attribute (#​40470)
• resource/aws_sagemaker_notebook_instance: Support notebook-al2-v3 value for platform_identifier (#​40484)
• resource/aws_servicecatalogappregistry_application: Add tags argument and tags_all attribute (#​38243)
• resource/aws_sesv2_configuration_set: Add delivery_options.max_delivery_seconds and tracking_options.https_policy arguments (#​40194)

BUG FIXES:

• data-source/aws_kinesis_stream: Fix InvalidArgumentException: NextToken and StreamName cannot be provided together errors when the data stream has more than 1000 shards (#​40499)
• resource/aws_ce_cost_category: Change rule from TypeSet to TypeList as order is significant (#​40521)
• resource/aws_fsx_windows_file_system: Fix plan-time validation of throughput_capacity validation to allow values up to 12228 (#​40468)
• resource/aws_networkfirewall_logging_configuration: Correctly manage all configured logging_configuration.log_destination_configs (#​40092)
• resource/aws_rds_cluster: Fix InvalidDBClusterStateFault errors when deleting clusters that are members of a global cluster (#​40333)
• resource/aws_rds_cluster: Fix InvalidParameterValue: Serverless v2 maximum capacity 0.0 isn't valid. The maximum capacity must be at least 1.0. errors when removing serverlessv2_scaling_configuration in an update (#​40511)
• resource/aws_rds_cluster: Respect storage_type when restoring from S3 (#​40471)
• resource/aws_rds_cluster: Respect storage_type when restoring from snapshot (#​40471)
• resource/aws_rds_cluster: Respect storage_type when restoring to a point in time (#​40471)
• resource/aws_rds_global_cluster: Mark database_name as Computed. This prevents resource recreation when the source cluster specifies a database_name (#​40469)

coredns/helm (coredns)

v1.37.0

Compare Source

CoreDNS is a DNS server that chains plugins and provides Kubernetes DNS Services

v1.36.2

Compare Source

CoreDNS is a DNS server that chains plugins and provides Kubernetes DNS Services

curl/curl-container (curlimages/curl)

v8.11.1

Compare Source

Changed

• bump to curl 8.11.1
• bump to alpine:3.21.0

docker/build-push-action (docker/build-push-action)

v6.11.0

Compare Source

github/codeql-action (github/codeql-action)

v3.28.1

Compare Source

v3.28.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024

• Bump the minimum CodeQL bundle version to 2.15.5. #​2655
• Don't fail in the unusual case that a file is on the search path. #​2660.

See the full CHANGELOG.md for more information.

v3.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.8

Compare Source

v3.27.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we conti

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for k8gb-preview ready!

Name	Link
🔨 Latest commit	9f56fb9
🔍 Latest deploy log	https://app.netlify.com/sites/k8gb-preview/deploys/67819fc0d56e31000850c5f3
😎 Deploy Preview	https://deploy-preview-1786--k8gb-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 14 additional dependencies were updated

Details:

Package	Change
github.com/grpc-ecosystem/grpc-gateway/v2	v2.23.0 -> v2.24.0
go.opentelemetry.io/otel/metric	v1.32.0 -> v1.33.0
go.opentelemetry.io/proto/otlp	v1.3.1 -> v1.4.0
golang.org/x/net	v0.30.0 -> v0.32.0
golang.org/x/oauth2	v0.23.0 -> v0.24.0
golang.org/x/sync	v0.9.0 -> v0.10.0
golang.org/x/sys	v0.27.0 -> v0.28.0
golang.org/x/term	v0.25.0 -> v0.27.0
golang.org/x/text	v0.20.0 -> v0.21.0
google.golang.org/genproto/googleapis/api	v0.0.0-20241104194629-dd2ea8efbc28 -> v0.0.0-20241209162323-e6fa225c2576
google.golang.org/genproto/googleapis/rpc	v0.0.0-20241104194629-dd2ea8efbc28 -> v0.0.0-20241209162323-e6fa225c2576
google.golang.org/grpc	v1.67.1 -> v1.68.1
google.golang.org/protobuf	v1.35.1 -> v1.35.2
istio.io/api	v1.24.0-rc.0.0.20241101200753-9397ebf09c3a -> v1.24.2-0.20241206152109-43afb8563706