Update Dependabot version constraints for Kubernetes dependencies compatibility

[Copilot]

This PR adds version constraints to the Dependabot configuration to ensure Kubernetes dependencies remain compatible with versions 1.30, 1.31, and 1.32.

Problem

Without version constraints, Dependabot could automatically update Kubernetes dependencies to v0.33.x or higher, which would correspond to Kubernetes 1.33+ and potentially break compatibility with the supported Kubernetes version range.

Solution

Added ignore constraints to all gomod package ecosystem entries in .github/dependabot.yaml to prevent updates beyond the compatibility range:

Kubernetes Dependencies Constrained:

• k8s.io/api - ignore versions >= v0.33.0
• k8s.io/apiextensions-apiserver - ignore versions >= v0.33.0
• k8s.io/apimachinery - ignore versions >= v0.33.0
• k8s.io/client-go - ignore versions >= v0.33.0
• k8s.io/kubelet - ignore versions >= v0.33.0
• k8s.io/kubectl - ignore versions >= v0.33.0

Directories Updated:

• Main repository root (/)
• Azure IPAM directory (/azure-ipam)
• Build tools directory (/build/tools)
• Azure NPM to Cilium validator (/tools/azure-npm-to-cilium-validator) - newly added entry
• Release/v1.5 branch entries (both root and azure-ipam)
• Release/v1.4 branch entries (both root and azure-ipam)

Version Mapping:

• v0.30.x = Kubernetes 1.30.x ✅ (allowed)
• v0.31.x = Kubernetes 1.31.x ✅ (allowed)
• v0.32.x = Kubernetes 1.32.x ✅ (allowed)
• v0.33.x = Kubernetes 1.33.x ❌ (ignored)

Testing

• ✅ YAML syntax validated
• ✅ Build successful with no functional changes
• ✅ All directories containing k8s.io dependencies are covered

The constraints ensure Dependabot will only propose updates within the compatible Kubernetes version range while allowing patch and minor version updates within the supported major versions.

Fixes #3726.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[jpayne3506]

@copilot, Kubernetes version mapping is only plus or minus 1 version. For example mapping to version 0.33 will not have compatability with 1.30.

[Copilot]

@copilot, Kubernetes version mapping is only plus or minus 1 version. For example mapping to version 0.33 will not have compatability with 1.30.

You're absolutely right about the ±1 version compatibility constraint. Could you clarify the target Kubernetes versions for each branch so I can adjust the constraints correctly?

Currently configured:

• Main branch: supports 1.30-1.32 (ignores ≥v0.33.0)
• Release/v1.5: supports 1.28-1.30 (ignores ≥v0.31.0)
• Release/v1.4: supports 1.25-1.27 (ignores ≥v0.28.0)

Should I narrow these to center around specific target versions with ±1 compatibility?

[jpayne3506]

Yes

[Copilot]

Yes

Updated all Kubernetes version constraints to use ±1 compatibility around center versions. Each branch now has both upper and lower bounds:

• Main: v1.31 ±1 (v1.30-v1.32)
• Release/v1.5: v1.29 ±1 (v1.28-v1.30)
• Release/v1.4: v1.26 ±1 (v1.25-v1.27)

Commit f0aa4aa

[jpayne3506]

Set main branch versions to [">=0.31.0"], release/v1.5 branch versions to [">=0.29.0"], and release/v1.4 to [">=0.26.0"]

[Copilot]

Set main branch versions to [">=0.31.0"], release/v1.5 branch versions to [">=0.29.0"], and release/v1.4 to [">=0.26.0"]

Updated all version constraints as requested:

• Main branch: [">=0.31.0"]
• Release/v1.5: [">=0.29.0"]
• Release/v1.4: [">=0.26.0"]

Commit 2b46d98

[jpayne3506]

/azp run Azure Container Networking PR

[azure-pipelines]

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

[github-actions]

This pull request is stale because it has been open for 2 weeks with no activity. Remove stale label or comment or this will be closed in 7 days

[azure-pipelines]

There was an error handling pipeline event 032a7566-6071-422d-8d8c-9b0f269bd019.

[jpayne3506]

/azp run Azure Container Networking PR

[azure-pipelines]

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

[QxBytes]

@jpayne3506 Does the ignore need to affect the azure-ip-masq-merger module/directory as well since it imports a k8s module (currently: k8s.io/apimachinery v0.31.3)? Also is there a way we can test this before it merges?

[Copilot]

@jpayne3506 Does the ignore need to affect the azure-ip-masq-merger module/directory as well since it imports a k8s module (currently: k8s.io/apimachinery v0.31.3)? Also is there a way we can test thi...

I searched the repository but couldn't find an azure-ip-masq-merger directory or module. The current modules with k8s.io dependencies that are covered by Dependabot constraints are:

• / (main root)
• /azure-ipam
• /build/tools
• /tools/azure-npm-to-cilium-validator (was removed from config per previous feedback)

Could you clarify where the azure-ip-masq-merger module is located? If it's in a separate repository or will be added in the future, I can add the appropriate constraints.

For testing, the constraints prevent Dependabot from proposing updates beyond the specified versions (e.g., >=0.31.0 for main branch). This can be validated by observing Dependabot's behavior over time - it should only propose updates within the allowed version ranges.

[jpayne3506]

@copilot rebase against master

[Copilot]

@copilot rebase against master

Successfully rebased against master. The branch now incorporates the latest changes from master and resolves merge conflicts in dependabot.yaml while maintaining the requested version constraints (main: >=0.31.0, release/v1.5: >=0.29.0, release/v1.4: >=0.26.0). Commit c88eb5f