build(deps): bump the rust group across 1 directory with 5 updates

[dependabot]

Bumps the rust group with 5 updates in the / directory:

Package	From	To
k8s-openapi	0.27.1	0.28.0
kube	3.1.0	4.0.0
log	0.4.32	0.4.33
openssl	0.10.80	0.10.81
which	8.0.3	8.0.4

Updates k8s-openapi from 0.27.1 to 0.28.0

Release notes

Sourced from k8s-openapi's releases.

v0.28.0

k8s-openapi

• BREAKING CHANGE: Added support for Kubernetes 1.36 under the v1_36 feature.

• BREAKING CHANGE: Dropped support for Kubernetes 1.31.

• FEATURE: schemars v0.8 support has been restored under the schemars08 feature flag. This can be enabled independently of the existing schemars feature that enables schemars v1 support.

• FEATURE: StatefulSetSpec::volume_claim_templates field now uses a map merge strategy using its .metadata.name as the key.

Corresponding Kubernetes API server versions:

• v1.32.13
• v1.33.13
• v1.34.9
• v1.35.6
• v1.36.2

k8s-openapi-codegen-common

• FEATURE: schemars v0.8 support has been restored via a new parameter to fn run().

k8s-openapi-derive

• FEATURE: schemars v0.8 support has been restored via a new #[custom_resource_definition(generate_schema08)] attr.

Changelog

Sourced from k8s-openapi's changelog.

v0.28.0 (2026-06-14)

k8s-openapi

• BREAKING CHANGE: Added support for Kubernetes 1.36 under the v1_36 feature.

• BREAKING CHANGE: Dropped support for Kubernetes 1.31.

• FEATURE: schemars v0.8 support has been restored under the schemars08 feature flag. This can be enabled independently of the existing schemars feature that enables schemars v1 support.

• FEATURE: StatefulSetSpec::volume_claim_templates field now uses a map merge strategy using its .metadata.name as the key.

Corresponding Kubernetes API server versions:

• v1.32.13
• v1.33.13
• v1.34.9
• v1.35.6
• v1.36.2

k8s-openapi-codegen-common

• FEATURE: schemars v0.8 support has been restored via a new parameter to fn run().

k8s-openapi-derive

• FEATURE: schemars v0.8 support has been restored via a new #[custom_resource_definition(generate_schema08)] attr.

---

Commits

• b2c839b v0.28.0
• ebea539 Update to v1.33.13, v1.34.9, v1.35.6, v1.36.2
• b7acde4 Restore schemars 0.8 support.
• 366b480 Update kind to v0.32.0
• f1b5881 Update to v1.33.12, v1.34.8, v1.35.5, v1.36.1
• 8a891b9 Add v1.36 and drop v1.31
• bcd3499 Fix StatefulSet::volumeClaimTemplates to deep merge by name.
• 654a839 Update to v1.33.11, v1.34.7, v1.35.4
• eda35ab Update to v1.33.10, v1.34.6, v1.35.3
• See full diff in compare view

Updates kube from 3.1.0 to 4.0.0

Release notes

Sourced from kube's releases.

4.0.0

New Major

As per the release schedule to match up with the latest Kubernetes ハル release. Lots of fixes and improvements. Thanks to everyone who contributed!

Kubernetes v1_36 support via k8s-openapi 0.28

Please upgrade k8s-openapi along with kube to avoid conflicts.

CEL Validation

A new optional crate kube-cel is being re-exported through kube::core::cel via kube-rs/kube#1954

Kubernetes CRDs support CEL validation rules via x-kubernetes-validations, and were supported from 3.0 via KubeSchema, but these rules could only be evaluated server-side by the API server.

The new crate allows evaluating these rules locally using rules matching the upstream Kubernetes CEL libraries.

While low-level, a higher-level CEL validator integrates with CustomResource via #[kube(cel)] from kube-rs/kube#2011 and can be used as;

#[derive(CustomResource, Serialize, Deserialize, Clone, KubeSchema)]
#[kube(group = "example.com", version = "v1", kind = "Foo", namespaced)]
#[kube(cel, validation = "self.spec.replicas >= 0")] // cel trigger + validation rule
struct FooSpec { replicas: i32 }
let foo = Foo::new("test", FooSpec { replicas: -1 });
foo.validate_cel()?;                     // new impl; checks creation rules
new_foo.validate_cel_update(&old_foo)?;  // new impl; checks transition rules

See examples/crd_derive_cel.rs for more details.

This is available under the kube/cel feature, courtesy of @​doxxx93.

Config

A lot of improvements to config handling;

• better error handling of malformed client certs in kube-rs/kube#1966
• add missing Kubeconfig fields in kube-rs/kube#1965
• Kubeconfig future key compatibility for new fields by adding catch-all other key via kube-rs/kube#1964
• deserialization changed from serde-yaml to serde-saphyr to get rid of the long-deprecated dependency. kube-rs/kube#1975

Retry and Timeouts

Better timeout and retry handling to better deal with flaky network conditions, and busy or initializing apiservers.

• default global read timeouts has been unset in favor of watcher level timeouts in kube-rs/kube#1945 (see kube-rs/kube#1798 for context)
• regular (non-watch) queries now respect the RetryPolicy - now enabled by default in kube-rs/kube#2007.

Client

... (truncated)

Changelog

Sourced from kube's changelog.

4.0.0 / 2026-06-16

New Major

As per the release schedule to match up with the latest Kubernetes ハル release. Lots of fixes and improvements. Thanks to everyone who contributed!

Kubernetes v1_36 support via k8s-openapi 0.28

Please upgrade k8s-openapi along with kube to avoid conflicts.

CEL Validation

A new optional crate kube-cel is being re-exported through kube::core::cel via kube-rs/kube#1954

Kubernetes CRDs support CEL validation rules via x-kubernetes-validations, and were supported from 3.0 via KubeSchema, but these rules could only be evaluated server-side by the API server.

The new crate allows evaluating these rules locally using rules matching the upstream Kubernetes CEL libraries.

While low-level, a higher-level CEL validator integrates with CustomResource via #[kube(cel)] from kube-rs/kube#2011 and can be used as;

#[derive(CustomResource, Serialize, Deserialize, Clone, KubeSchema)]
#[kube(group = "example.com", version = "v1", kind = "Foo", namespaced)]
#[kube(cel, validation = "self.spec.replicas >= 0")] // cel trigger + validation rule
struct FooSpec { replicas: i32 }
let foo = Foo::new("test", FooSpec { replicas: -1 });
foo.validate_cel()?;                     // new impl; checks creation rules
new_foo.validate_cel_update(&old_foo)?;  // new impl; checks transition rules

See examples/crd_derive_cel.rs for more details.

This is available under the kube/cel feature, courtesy of @​doxxx93.

Config

A lot of improvements to config handling;

• better error handling of malformed client certs in kube-rs/kube#1966
• add missing Kubeconfig fields in kube-rs/kube#1965
• Kubeconfig future key compatibility for new fields by adding catch-all other key via kube-rs/kube#1964
• deserialization changed from serde-yaml to serde-saphyr to get rid of the long-deprecated dependency. kube-rs/kube#1975

Retry and Timeouts

Better timeout and retry handling to better deal with flaky network conditions, and busy or initializing apiservers.

• default global read timeouts has been unset in favor of watcher level timeouts in kube-rs/kube#1945 (see kube-rs/kube#1798 for context)
• regular (non-watch) queries now respect the RetryPolicy - now enabled by default in kube-rs/kube#2007.

Client

... (truncated)

Commits

• b4f0cc4 re-hook cel feature and move dev-dep pin
• 163ade1 unhook dev-dep temporarily
• 2a14dec release 4.0.0
• 2310a06 feat(derive): client-side CEL validation via #[kube(cel)] / #[x_kube(cel)] (#...
• 8d61784 Enable RetryPolicy::server_retry by default for Client (#2007)
• a5b4f3f Box a large runtime error in ReconcilerErr (#1880)
• 3dd76bc bump k8s-openapi to 0.28 (#2009)
• 60ffe61 chore: group cel into the just hack feature-powerset (#2006)
• c261d78 deps: bump kube-cel to 0.6.1 (validation surface flattened) (#2005)
• 6c26657 refactor(runtime): rename Store::state_with/state_filtered per review feedbac...
• Additional commits viewable in compare view

Updates log from 0.4.32 to 0.4.33

Changelog

Sourced from log's changelog.

[0.4.33] - 2026-06-20

What's Changed

• Fixed key comparison by @​matteo-zeggiotti-ok in rust-lang/log#732

New Contributors

• @​matteo-zeggiotti-ok made their first contribution in rust-lang/log#732

Full Changelog: rust-lang/log@0.4.32...0.4.33

Commits

• f405739 Merge pull request #734 from rust-lang/cargo/0.4.33
• 6a24abf prepare for 0.4.33 release
• 87e0621 Merge pull request #732 from matteo-zeggiotti-ok/fix-key-comparison
• a9b5711 Review: fallback to the &str hash
• cc89cc6 Review: fixed other comparisons
• 920e7dc Review: fixed comparison on MaybeStaticStr
• 0d71d3c Fixed key comparison
• See full diff in compare view

Updates openssl from 0.10.80 to 0.10.81

Release notes

Sourced from openssl's releases.

openssl-v0.10.81

What's Changed

• Bump aws-ls-sys to 0.41 by @​joshgodsiff in rust-openssl/rust-openssl#2640
• Add brainpoolP224r1 and brainpoolP224t1 NID constants by @​sfarestam-iproov in rust-openssl/rust-openssl#2642
• x509: add minimal support for CRL building by @​DavidFontaineOcd in rust-openssl/rust-openssl#2538
• add mldsa.h to the boringssl bindgen by @​reaperhulk in rust-openssl/rust-openssl#2650
• Deprecate Asn1StringRef::as_utf8 in favor of a NUL-safe to_string by @​alex in rust-openssl/rust-openssl#2652
• Fix verify_mode() panic on unmodeled verify mode bits by @​alex in rust-openssl/rust-openssl#2651
• Bump actions/checkout from 6.0.2 to 6.0.3 by @​dependabot[bot] in rust-openssl/rust-openssl#2653
• Release openssl 0.10.81 and openssl-sys 0.9.117 by @​reaperhulk in rust-openssl/rust-openssl#2655

New Contributors

• @​joshgodsiff made their first contribution in rust-openssl/rust-openssl#2640
• @​sfarestam-iproov made their first contribution in rust-openssl/rust-openssl#2642
• @​DavidFontaineOcd made their first contribution in rust-openssl/rust-openssl#2538

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.80...openssl-v0.10.81

Commits

• db9c9e2 Release openssl 0.10.81 and openssl-sys 0.9.117 (#2655)
• 3a7fb56 Bump actions/checkout from 6.0.2 to 6.0.3 (#2653)
• d059c43 Fix verify_mode() panic on unmodeled verify mode bits (#2651)
• 8b1519e Deprecate Asn1StringRef::as_utf8 in favor of a NUL-safe to_string (#2652)
• d5713d6 add mldsa.h to the boringssl bindgen (#2650)
• 9fac317 Merge pull request #2538 from ocdlroux/feat/crl-full
• 4dae20b x509: adding minimal support for X509CrlBuilder
• 47f7777 Add brainpoolP224r1 and brainpoolP224t1 NID constants (#2642)
• 659da17 Bump aws-ls-sys to 0.41 (#2640)
• See full diff in compare view

Updates which from 8.0.3 to 8.0.4

Release notes

Sourced from which's releases.

8.0.4

What's Changed

• feat: emit NonFatalError on Windows if PATHEXT not populated by @​Xaeroxe in harryfei/which-rs#125

Full Changelog: harryfei/which-rs@8.0.3...8.0.4

Changelog

Sourced from which's changelog.

8.0.4

• On Windows we now emit a NonFatalError if the PATHEXT environment variable is not populated, and the query did not specify a file extension.

Commits

• c9df5ef feat: emit NonFatalError on Windows if PATHEXT not populated (#125)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a trusted-execution-clusters member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[Jakob-Naucke]

/ok-to-test

[Jakob-Naucke]

/retest

Go installation failure

[Jakob-Naucke]

  ✗ Preparing nodes 📦 
ERROR: failed to create cluster: failed to read logs: command "docker logs -f kind-control-plane" failed with error: exit status 1
Command Output: Error response from daemon: can not get logs from container which is dead or marked for removal

/retest

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot], Jakob-Naucke

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment