Skip to content

[pull] main from kedacore:main#142

Closed
pull[bot] wants to merge 177 commits into
NDViet:mainfrom
kedacore:main
Closed

[pull] main from kedacore:main#142
pull[bot] wants to merge 177 commits into
NDViet:mainfrom
kedacore:main

Conversation

@pull

@pull pull Bot commented Feb 18, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

Signed-off-by: Nikolay Rovdo <nichogaus@gmail.com>
@pull pull Bot locked and limited conversation to collaborators Feb 18, 2026
@pull pull Bot added the ⤵️ pull label Feb 18, 2026
rickbrouwer and others added 27 commits February 22, 2026 17:15
* Add paths-filter action to PR validation workflow

Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>

* Update .github/workflows/pr-validation.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>

* Update .github/workflows/static-analysis-codeql.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>

* Update CodeQL workflow to handle push events

Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>

* restore codeql

Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>

---------

Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>
---------

Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>
Bump s390x node

Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
* feat: Use informer cache for ReplicaSet replica count lookups

GetCurrentReplicas() has special handling for Deployments and StatefulSets
that uses the controller-runtime client (backed by informer cache) instead
of the scale subresource API. This avoids live API calls on every poll.

ReplicaSets were missing this optimization and always used the scale
subresource, causing a live API call every polling interval. With many
ScaledObjects targeting ReplicaSets, this creates significant API server
load.

This change adds ReplicaSet to the list of resource types that use the
informer cache, reducing API calls for ReplicaSet-targeted ScaledObjects.

Signed-off-by: Matt Sheppard <matt.sheppard@daily.co>

* test: Add e2e test for ReplicaSet scaling

Signed-off-by: Matt Sheppard <matt.sheppard@daily.co>

* docs: Update CHANGELOG for PR 7466

Signed-off-by: Matt Sheppard <matt.sheppard@daily.co>

* Add RBAC permissions and move helper to utils package

- Add replicasets to ClusterRole for informer cache list/watch
- Move WaitForReplicaSetReplicaReadyCount to tests/helper package
- Update e2e test to use shared helper function

Signed-off-by: Matt Sheppard <matt.sheppard@daily.co>

* Move CHANGELOG message in to Other section

Signed-off-by: Matt Sheppard <matt.sheppard@daily.co>

---------

Signed-off-by: Matt Sheppard <matt.sheppard@daily.co>
Signed-off-by: Mohamed Amine Arous <mohamed.amine.arous93@gmail.com>
Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com>
Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>
| datasource  | package                 | from | to |
| ----------- | ----------------------- | ---- | -- |
| github-tags | actions/upload-artifact | v6   | v7 |

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource  | package          | from   | to     |
| ----------- | ---------------- | ------ | ------ |
| github-tags | actions/setup-go | v6.2.0 | v6.3.0 |

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* fix(gcp): validate Pub/Sub resource name in BuildMQLQuery

Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>

* add goog check

Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>

---------

Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>
The badge href pointed to the API badge image endpoint
(api.scorecard.dev/projects/.../badge) which returns a 302
redirect to shields.io, instead of linking to the actual
scorecard viewer page.

Signed-off-by: Artem Muterko <artem@sopho.tech>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.32.0 to 0.34.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@dc5a429...e368e32)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](helm/kind-action@92086f6...ef37e7f)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…7512)

Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.39.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.39.0...v1.40.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.40.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.0 to 4.32.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b20883b...89a39a4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) from 1.1.0 to 1.1.1.
- [Commits](FiloSottile/edwards25519@v1.1.0...v1.1.1)

---
updated-dependencies:
- dependency-name: filippo.io/edwards25519
  dependency-version: 1.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): replace retracted k8s.io/client-go v1.5.2 with v0.35.0

v1.5.2 is a pre-Go-modules tag retracted upstream, see https://github.com/kubernetes/client-go/blob/32a6ebfbede364be10a92117004afe77f3957a3f/go.mod#L38-L39
The replace directive masked this locally, but replace directives don't propagate to consumers like the HTTP Add-on, so Go would select v1.5.2 over v0.x in downstream modules.

Also removes an unused replace directive for github.com/chzyer/logex.

Signed-off-by: Vincent Link <vlink@redhat.com>

* chore(deps): replace retracted prometheus/common and prometheus versions

Both prometheus/common v1.20.99 and prometheus/prometheus v1.99.0 are
retracted upstream. Like the client-go v1.5.2 fix, the replace
directives masked these locally but they poison downstream consumers
via MVS.

Signed-off-by: Vincent Link <vlink@redhat.com>

---------

Signed-off-by: Vincent Link <vlink@redhat.com>
Co-authored-by: Rick Brouwer <rickbrouwer@gmail.com>
Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>
…brancz/kube-rbac-proxy:v0.18.2 (#7531)

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
Bumps [github.com/aws/aws-sdk-go-v2/service/dynamodb](https://github.com/aws/aws-sdk-go-v2) from 1.54.0 to 1.56.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.54.0...service/s3/v1.56.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/dynamodb
  dependency-version: 1.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.39.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.39.0...v1.40.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [fossas/fossa-action](https://github.com/fossas/fossa-action) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/fossas/fossa-action/releases)
- [Commits](fossas/fossa-action@3ebcea1...c414b9a)

---
updated-dependencies:
- dependency-name: fossas/fossa-action
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Rick Brouwer <rickbrouwer@gmail.com>
Bumps [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go) from 1.39.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.39.0...v1.40.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#7508)

Bumps [github.com/aws/aws-sdk-go-v2/service/dynamodbstreams](https://github.com/aws/aws-sdk-go-v2) from 1.32.10 to 1.32.11.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.10...service/mgn/v1.32.11)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/dynamodbstreams
  dependency-version: 1.32.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ic values (#7534)

* fix: avoid int64 overflow in milli-quantity conversion for large metric values

Values exceeding ~9.2e15 caused int64 overflow when multiplied by 1000
in GetMetricTargetMili() and GenerateMetricInMili(), resulting in metrics
being reported as zero. Use resource.MustParse with string formatting
instead to handle arbitrarily large float64 values.

Signed-off-by: Munem Hashmi <munem.hashmi@gmail.com>

* fix: handle NaN and Inf values to prevent panic in milli-quantity conversion

MustParse panics on "NaN" or "+Inf" strings. Add a guard in
quantityFromFloat64 that treats NaN/Inf as zero, preventing operator
crashes from malformed metric API responses.

Signed-off-by: Munem Hashmi <munem.hashmi@gmail.com>

* test: simplify TestGetMetricTargetMili by removing unnecessary metricType variation

The metric type only affects which struct field receives the quantity,
not the conversion logic. Use a single metric type to keep the test
focused on value conversion.

Signed-off-by: Munem Hashmi <munem.hashmi@gmail.com>

---------

Signed-off-by: Munem Hashmi <munem.hashmi@gmail.com>
* feat: add CRD-level validation markers for KEDA API types

Add kubebuilder validation markers (Minimum, MinLength, MinItems, Enum)
across ScaledObject, ScaledJob, ScaleTriggers, and TriggerAuthentication
API types so that invalid values are rejected by the API server at
admission time, before any webhook or controller runs.

Validations added:
- Minimum=0/1 on numeric fields (polling intervals, replica counts,
  cooldown periods, history limits, fallback thresholds)
- MinItems=1 on Triggers arrays and secret provider Secrets arrays
- MinLength=1 on ScaleTriggers.Type and ScaleTarget.Name
- Enum constraints on RolloutStrategy, ScalingStrategy, Rollout,
  AuthenticationRef.Kind, VaultAuthentication, and VaultSecretType

Also fixes several typos in comments.

Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com>

* chore: address review comments

Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com>

---------

Signed-off-by: Mikhail Fedosin <mfedosin@redhat.com>
… scaledObject (#7490)

Signed-off-by: Mathis Raguin <mathis.raguin@gitguardian.com>
wozniakjan and others added 29 commits May 31, 2026 15:22
The events e2e test asserted events at fixed positions in a list sorted
by .metadata.creationTimestamp. KEDA emits several events for a single
ScaledObject/ScaledJob within the same second, and events.k8s.io
creationTimestamp only has 1s granularity, so same-second events sort
non-deterministically. After #7781 migrated event recording to
events.k8s.io, "Started scalers watch" [1] and "ScaledJob is ready for
scaling" [2] started swapping positions, failing the test every night.

Match the expected reason/note pair against any event emitted for the
resource instead of a fixed index, removing the ordering dependency.

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
Signed-off-by: Puneet Dixit <236133619+puneetdixit200@users.noreply.github.com>
Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>
Co-authored-by: Puneet Dixit <236133619+puneetdixit200@users.noreply.github.com>
Co-authored-by: Rick Brouwer <rickbrouwer@gmail.com>
Co-authored-by: Deepak kudi <deepakkudi23@adsl-172-10-9-116.dsl.sndg02.sbcglobal.net>
…ration (#7808)

#7755 added TestGetScaledObjectStateRecordsResourceScalerActiveMetric and
TestGetScaledObjectStateSkipsResourceScalerActiveMetricWithModifiers using
record.NewFakeRecorder. In the meantime #7781 migrated this file to the
events recorder and dropped the k8s.io/client-go/tools/record import, so
the merged result fails to compile with "undefined: record", breaking the
unit-test build and Static Checks on main.

Use events.NewFakeRecorder, matching the rest of the file and the
events.EventRecorder type of the Recorder/recorder fields.

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
WaitForAllPodRunningInNamespace(namespace, iterations, intervalSeconds)
was called with minReplicaCount (1) as iterations and 180 as the
interval, so it checked pod status once immediately after resource
creation, slept 180s, and returned false without ever re-checking. The
initial readiness assertion then failed whenever the nginx pod was not
already Running in that single instant, turning the nightly e2e red
regardless of scaler behavior.

Swap to 18 iterations x 10s so it actually polls for ~3 minutes, as the
message intends.

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
- CHANGELOG: rename Unreleased -> v2.20.0, add a fresh empty Unreleased
  section, and drop the leftover TODO placeholders from the released section
- Bump supported Kubernetes versions to 1.33-1.35 (welcome message)
- Add 2.20.0 to the bug report template version dropdown

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
Move v2.20 from upcoming estimations to previous releases (Jun 1st, 2026)
and add v2.23 to keep the rolling 3-release window.

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
…7809)

Setup and teardown short-circuit run-all.go with os.Exit(1) before
evaluateExecution runs, so dumpResults never writes passed.txt/failed.txt.
On such failures the PR e2e comment showed no detail at all (only the
reaction emoji), forcing maintainers into the raw logs to learn that the
cluster never bootstrapped or that cleanup leaked resources.

run-all.go now writes setup_and_teardown.txt to E2E_RESULTS_DIR when the
setup or teardown step fails, naming the step, its test file, and the
failing sub-test(s) parsed from the output (e.g. "setup failed
(tests/utils/setup_test.go): TestSetUpStrimzi"). It is written explicitly
before each early os.Exit (os.Exit skips deferred dumps) and only on
failure, so its existence signals a setup/teardown failure. The runner
stays output-format agnostic; rendering lives in the workflow.

pr-e2e.yml renders a separate, expanded "setup / teardown failures" block
(with a headline) only when setup_and_teardown.txt is non-empty, above the
existing passed/failed blocks, and posts the comment when any of the three
files is present. The passed/failed blocks stay single-purpose.

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
* make scale-in tolerant of orphan runners
* decouple scaling assertions from GitHub job execution

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
* fix: concurrent map read/write data race in fallback updateStatus using mutex

Signed-off-by: Jiyu Chen <jiyuchen@stripe.com>

* fix: fallback logic to be thread safe through fallback.ScaledObjectHandler

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>

---------

Signed-off-by: Jiyu Chen <jiyuchen@stripe.com>
Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
Co-authored-by: Jan Wozniak <wozniak.jan@gmail.com>
Move the two patch fixes (#7838, #7820) out of Unreleased into a
dedicated v2.20.1 section, leaving Unreleased for the next minor.
Add 2.20.1 to the bug-report version dropdown.

Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
| datasource  | package          | from   | to     |
| ----------- | ---------------- | ------ | ------ |
| github-tags | actions/checkout | v6.0.2 | v6.0.3 |

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
The vendor directory used 200+ MB and provided no meaningful
benefit: go.sum ensures reproducibility, proxy.golang.org ensures
availability, and vendoring bloated the repo and dependency update diffs.

Changes:
- Remove vendor/ directory
- Remove -mod=vendor from build commands and -I vendor from protoc
- Update Dockerfiles to cache and download dependencies
- Update hack/update-codegen.sh to resolve code-generator via module cache
- Remove vendor-related config from .golangci.yml, .pre-commit-config.yaml,
  .gitignore, and trivy.yml
- Remove now-empty trivy.yml and its workflow reference

Signed-off-by: Vincent Link <vlink@redhat.com>
Introduce new ClickHouse Scaler for scaling based on SQL query results. The scaler supports both connection string and individual connection parameters, with authentication via TriggerAuthentication.

Refs: #7418
Refs: kedacore/keda-docs#1788
Refs: #7404

Signed-off-by: Izaak Schroeder <izaak.schroeder@gmail.com>
)

* fix: add "default" to ScaledJob scalingStrategy.strategy CRD enum

The CRD validation for ScaledJob.spec.scalingStrategy.strategy was missing
"default" as a valid value, despite the docs listing it as valid. The runtime
already handles empty/"default" via the switch default case; this aligns the
CRD enum to match the documented behavior.

Fixes #7855

Signed-off-by: Goutham Annem <gouthemannem@gmail.com>

* Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>

---------

Signed-off-by: Goutham Annem <gouthemannem@gmail.com>
Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
Co-authored-by: Jan Wozniak <wozniak.jan@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: s3onghyun <s3onghyun.hong@gmail.com>
WithConnectParams replaces grpc-go's default backoff with the supplied
Backoff field; leaving it unset zeroed the backoff and caused a zero-delay
reconnect loop that floods the metrics-apiserver logs when keda-operator
is unreachable. Set Backoff to grpc's DefaultConfig.

Signed-off-by: Chris Kandalaft <chris.kandalaft@affinity.co>
Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
Co-authored-by: Jan Wozniak <wozniak.jan@gmail.com>
…7661)

When the informer cache races with ScaledObject creation,
scaledObject.Status.ScaleTargetGVKR can be nil at the point the scale
loop invokes GetCurrentReplicas. The current code then dereferences
.Group / .Kind on a nil pointer and panics, taking down the operator.

This applies the same defensive pattern already used in
ResolveScaleTargetPodSpec: re-fetch the ScaledObject via the client
when Status.ScaleTargetGVKR is nil, and if it is still nil after
re-fetch, return a descriptive error instead of panicking.

Observed in a 10k-ScaledObject KWOK load test where kube-burner
created ScaledObjects at 10/s; the cache-race window opened wide
enough that the panic fired reliably within the first 750 objects.

Refs: #4389, #4955, #6176

Signed-off-by: Greg Garber <ggarb@netflix.com>
Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>
Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>
Co-authored-by: Rick Brouwer <rickbrouwer@gmail.com>
Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com>
* Add e2e coverage for paused annotation precedence

Signed-off-by: Ali Aqel <aliaqel@stripe.com>

* Add inverse paused annotation precedence e2e coverage

Signed-off-by: Ali Aqel <aliaqel@stripe.com>

* Add paused scale-out precedence e2e coverage

Signed-off-by: Ali Aqel <aliaqel@stripe.com>

* Include HPA deletion error in e2e assertion

Signed-off-by: Ali Aqel <aliaqel@stripe.com>

---------

Signed-off-by: Ali Aqel <aliaqel@stripe.com>
| datasource  | package              | from   | to     |
| ----------- | -------------------- | ------ | ------ |
| github-tags | actions/cache        | v5.0.5 | v5.1.0 |
| github-tags | actions/setup-go     | v6.4.0 | v6.5.0 |
| github-tags | actions/setup-python | v6.2.0 | v6.3.0 |

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource  | package          | from   | to     |
| ----------- | ---------------- | ------ | ------ |
| github-tags | actions/cache    | v5.1.0 | v6.1.0 |
| github-tags | actions/checkout | v6.0.3 | v7.0.0 |

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Add nil guards for CustomScalingQueueLengthDeduction (*int32) and
CustomScalingRunningJobPercentage (*float64) in
customScalingStrategy.GetEffectiveMaxScale. The
CustomScalingQueueLengthDeduction field is declared with omitempty in
the CRD spec, so it is nil whenever a ScaledJob is created without
setting it. Previously the method unconditionally dereferenced the
pointer, causing the controller goroutine to panic with a nil pointer
dereference and interrupting the ScaledJob reconciliation loop.

A nil deduction is now treated as zero, consistent with how the running
job percentage is handled. A regression test is added that exercises
both the direct struct path and the NewScalingStrategy factory path
with the deduction omitted.

Fixes #7798

Signed-off-by: itxaiohanglover <1531137510@qq.com>
… updates (#7884)

Bumps the github-actions group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |
| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |
| [tspascoal/get-user-teams-membership](https://github.com/tspascoal/get-user-teams-membership) | `4.0.1` | `4.0.2` |
| [dkershner6/reaction-action](https://github.com/dkershner6/reaction-action) | `2.2.1` | `3.0.0` |
| [test-summary/action](https://github.com/test-summary/action) | `2.4` | `2.6` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.1` | `3.0.1` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.35.1` | `4.36.2` |
| [github/codeql-action/init](https://github.com/github/codeql-action) | `4.35.1` | `4.36.2` |
| [github/codeql-action/autobuild](https://github.com/github/codeql-action) | `4.35.1` | `4.36.2` |
| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.35.1` | `4.36.2` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` |



Updates `sigstore/cosign-installer` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@cad07c2...6f9f177)

Updates `docker/login-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@4907a6d...650006c)

Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f)

Updates `tspascoal/get-user-teams-membership` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/tspascoal/get-user-teams-membership/releases)
- [Commits](tspascoal/get-user-teams-membership@818140d...b2546c5)

Updates `dkershner6/reaction-action` from 2.2.1 to 3.0.0
- [Release notes](https://github.com/dkershner6/reaction-action/releases)
- [Commits](dkershner6/reaction-action@97ede30...7aa8978)

Updates `test-summary/action` from 2.4 to 2.6
- [Release notes](https://github.com/test-summary/action/releases)
- [Commits](test-summary/action@31493c7...37b508c)

Updates `softprops/action-gh-release` from 2.6.1 to 3.0.1
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@153bb8e...718ea10)

Updates `github/codeql-action/upload-sarif` from 4.35.1 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c10b806...8aad20d)

Updates `github/codeql-action/init` from 4.35.1 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c10b806...8aad20d)

Updates `github/codeql-action/autobuild` from 4.35.1 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c10b806...8aad20d)

Updates `github/codeql-action/analyze` from 4.35.1 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c10b806...8aad20d)

Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@57a97c7...ed142fd)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: tspascoal/get-user-teams-membership
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: dkershner6/reaction-action
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: test-summary/action
  dependency-version: '2.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action/autobuild
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: bump prometheus lib to fix CVE-2026-42151, CVE-2026-42154, CVE-2026-40179

Signed-off-by: Ronaldo Lanhellas <ronaldo.lanhellas@gmail.com>

* fix: bump prometheus lib to fix CVE-2026-42151, CVE-2026-42154, CVE-2026-40179

Signed-off-by: Ronaldo Lanhellas <ronaldo.lanhellas@gmail.com>

* fix: bump prometheus lib to fix CVE-2026-42151, CVE-2026-42154, CVE-2026-40179

Signed-off-by: Ronaldo Lanhellas <ronaldo.lanhellas@gmail.com>

* fix: bump prometheus lib to fix CVE-2026-42151, CVE-2026-42154, CVE-2026-40179

Signed-off-by: Ronaldo Lanhellas <ronaldo.lanhellas@gmail.com>

---------

Signed-off-by: Ronaldo Lanhellas <ronaldo.lanhellas@gmail.com>
Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>
Co-authored-by: Rick Brouwer <rickbrouwer@gmail.com>
…#7876)

Azure Storage blob names never include a leading "/", but users
naturally write path-style patterns like "/folder/sub/*.json". The
gobwas/glob library treats a leading "/" in the pattern literally, so
such patterns never matched any blob and the scaler silently never
activated, regardless of single or double asterisk usage. Strip a
leading "/" from the pattern before compiling it.

Fixes #6492

Signed-off-by: Goutham Annem <gouthemannem@gmail.com>
…N) admission cost (#7681)

verifyScaledObjects and verifyHpas each performed an unfiltered kc.List
over every ScaledObject (or HPA) in the namespace on every admission.
Because controller-runtime's cached client DeepCopies every returned
item, this allocated O(N) memory per admission. A heap profile during
a 10k SO creation burst showed verifyScaledObjects at 71% of inuse
heap (106 MB). At 60k SOs the unfiltered List allocated ~900 MB per
admission, OOMKilling the webhook under sustained creation bursts.

Register three controller-runtime field indexes in
SetupWebhookWithManager:

  scaleTargetRefNameIdx (spec.scaleTargetRef.name) on ScaledObject
  hpaNameIdx (spec.hpaName) on ScaledObject
  scaleTargetRefNameIdx (spec.scaleTargetRef.name) on HPA

verifyScaledObjects now issues two narrow indexed Lists — one for
duplicate scaleTargetRef and one for duplicate HPA name — each
returning the small set of candidates that share the indexed value.
The loop still post-filters by GVK so two SOs targeting the same
workload name with different Kinds (e.g. Deployment foo and StatefulSet
foo) are not flagged as duplicates. verifyHpas uses the same HPA index
to narrow HPA-ownership checks.

Adds a Ginkgo test covering the same-name-different-Kind case to
guard against a false-positive regression on the indexed lookup.

Signed-off-by: Greg Garber <ggarb@netflix.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(kafka): add optional fullMetadata trigger field

Signed-off-by: Hanoch Arega <arega.hanoch@gmail.com>

* feat(scalers): add fullMetadata field to schema

Signed-off-by: Hanoch Arega <arega.hanoch@gmail.com>

* fix(kafka): Improve error logging per review

Signed-off-by: Hanoch Arega <arega.hanoch@gmail.com>

---------

Signed-off-by: Hanoch Arega <arega.hanoch@gmail.com>
@VietND96 VietND96 closed this Jul 5, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.