Update kubeclient requirement from >= 4.4, < 4.10 to >= 4.4, < 4.12

[dependabot]

Updates the requirements on kubeclient to permit the latest version.

Changelog

Sourced from kubeclient's changelog.

4.10.1 — 2022-10-01

Removed

• Dropped debug logging about bearer token options that was added in 4.10.0. (#577)

4.10.0 — 2022-08-29

Added

• When using :bearer_token_file, re-read the file on every request. (#566 closed #561)

  Kubernetes version 1.21 graduated BoundServiceAccountTokenVolume feature to beta and enabled it by default, so standard in-cluster auth now uses short-lived tokens.

  This changes allows a long-lived Client object to keep working when the token file gets rotated. It's not optimized at all, if you feel the performance overhead, please report!

4.9.3 — 2022-03-23

Fixed

• VULNERABILITY FIX: Previously, whenever kubeconfig did not define custom CA (normal situation for production clusters with public domain and certificate!), Config was returning ssl_options[:verify_ssl] hard-coded to VERIFY_NONE :-(

  Assuming you passed those ssl_options to Kubeclient::Client, this means that instead of checking server's certificate against your system CA store, it would accept ANY certificate, allowing easy man-in-the middle attacks.

  This is especially dangerous with user/password or token credentials because MITM attacker could simply steal those credentials to the cluster and do anything you could do on the cluster.

  This was broken IN ALL RELEASES MADE BEFORE 2022, ever since Kubeclient::Config was created.

  #554.

• Bug fix: kubeconfig insecure-skip-tls-verify field was ignored. When kubeconfig did define custom CA, Config was returning hard-coded VERIFY_PEER.

  Now we honor it, return VERIFY_NONE iff kubeconfig has explicit insecure-skip-tls-verify: true, otherwise VERIFY_PEER.

  #555.

• Config: fixed parsing of certificate-authority file containing concatenation of

... (truncated)

Commits

• b722dee Merge pull request #579 from cben/release-4.10.1
• 433e7ad README: Document that bearer_token_file gets automatically re-read
• 8ec59b8 Changelog & bump for 4.10.1 release
• 5f96d9e Merge pull request #577 from harshit-splunk/v4.y
• 8b0012c Remove logger
• 1bef6a8 Merge pull request #574 from cben/release-4.10.0
• 521ded1 Bump kubeclient to 4.10.0
• 546d229 Changelog for 4.10.0 (#566)
• 75bf033 Merge pull request #572 from Harshit221/fix-tests
• 70d4046 Restrict minitest to 5.15.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)