Bump the non-k8s group across 1 directory with 2 updates

[dependabot]

Bumps the non-k8s group with 2 updates in the / directory: github.com/coredns/coredns and k8s.io/klog/v2.

Updates github.com/coredns/coredns from 1.13.2 to 1.14.2

Release notes

Sourced from github.com/coredns/coredns's releases.

v1.14.2

This release adds the new proxyproto plugin to support Proxy Protocol and preserve client IPs behind load balancers. It also includes enhancements such as improved DNS logging metadata and stronger randomness for loop detection (CVE-2026-26018), along with several bug fixes including TLS+IPv6 forwarding, improved CNAME handling and rewriting, allowing jitter disabling, prevention of an ACL bypass (CVE-2026-26017), and a Kubernetes plugin crash fix. In addition, the release updates the build to Go 1.26.1, which include security fixes addressing CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-25679, and CVE-2026-27142.

Brought to You By

Adphi Henrik Gerdes hide Kelly Kane Shiv Tyagi vflaux Ville Vesilehto yangsenzk Yong Tang YOUNEVSKY

Noteworthy Changes

• core: Reorder rewrite before acl to prevent bypass (coredns/coredns#7882)
• plugin/file: Return SOA and NS records when queried for a record CNAMEd to origin (coredns/coredns#7808)
• plugin/forward: Fix parsing error when handling TLS+IPv6 address (coredns/coredns#7848)
• plugin/log: Add metadata for response Type and Class to Log (coredns/coredns#7806)
• plugin/loop: Use crypto/rand for query name generation (coredns/coredns#7881)
• plugin/kubernetes: Fix panic on empty ListenHosts (coredns/coredns#7857)
• plugin/proxyproto: Add proxy protocol support (coredns/coredns#7738)
• plugin/reload: Allow disabling jitter with 0s (coredns/coredns#7896)
• plugin/rewrite: Fix cname target rewrite for CNAME chains (coredns/coredns#7853)

v1.14.1

This release primarily addresses security vulnerabilities affecting Go versions prior to Go 1.25.6 and Go 1.24.12 (CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731, CVE-2025-68119). It also includes performance improvements to the proxy plugin via multiplexed connections, along with various documentation updates.

Brought to You By

Alex Massy Shiv Tyagi Ville Vesilehto Yong Tang

Noteworthy Changes

... (truncated)

Commits

• dd1df4f Update release note for upcoming 1.14.2 (#7897)
• 8c271b8 Bump golang to 1.26.1 (#7902)
• 51a11b3 plugin/reload: Allow disabling jitter with 0s (#7896)
• 5d97c15 Bump version to 1.14.2 (#7895)
• ba3b6ce build(deps): bump github.com/aws/aws-sdk-go-v2/service/route53 (#7893)
• b760b24 build(deps): bump google.golang.org/api from 0.267.0 to 0.269.0 (#7890)
• a012d9e build(deps): bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (#7892)
• 465d75b build(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (#7885)
• 86d9bc7 build: add grpcnotrace tag to exclude x/net/trace (#7884)
• 442f106 build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#7886)
• Additional commits viewable in compare view

Updates k8s.io/klog/v2 from 2.130.1 to 2.140.0

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.36

What's Changed

• Add dependabot by @​lucacome in kubernetes/klog#410
• Use strconv.AppendQuote instead of strconv.Quote for message formatting by @​astef in kubernetes/klog#413
• de-duplication of key/value pairs by @​pohly in kubernetes/klog#415
• Fix: Ensure constant format strings in fmt and printf calls by @​mikelolasagasti in kubernetes/klog#417
• Remove old note on Go version requirements by @​guettli in kubernetes/klog#425
• test with 1.24 and 1.25 by @​pohly in kubernetes/klog#428
• ktesting: fix vmodule support by @​pohly in kubernetes/klog#431
• ktesting: support multi-line result from AnyToStringHook by @​pohly in kubernetes/klog#433
• textlogger: optionally turn off header by @​pohly in kubernetes/klog#430
• feat: fix stderrthreshold not honored when logtostderr is set (#212) + two new flags by @​pierluigilenoci in kubernetes/klog#432

New Contributors

• @​lucacome made their first contribution in kubernetes/klog#410
• @​astef made their first contribution in kubernetes/klog#413
• @​mikelolasagasti made their first contribution in kubernetes/klog#417
• @​guettli made their first contribution in kubernetes/klog#425
• @​pierluigilenoci made their first contribution in kubernetes/klog#432

Full Changelog: kubernetes/klog@v2.130.1...v2.140.0

Commits

• ef4b370 Merge pull request #432 from pierluigilenoci/fix/stderr-threshold-issue-212
• 39c4c76 refactor: address code review feedback from @​pohly
• 764a9a3 Merge pull request #430 from pohly/textlogger-optional-header
• 015c613 Update stderr_threshold_test.go
• 2f517bd Update klog.go
• 36bc4ff textlogger: optionally turn off header
• 5f1f303 Merge pull request #433 from pohly/textlogger-hook-result
• c469d41 Merge pull request #431 from pohly/ktesting-vmodule-fix
• 8509d6a ktesting: support multi-line result from AnyToStringHook
• 08e6e8b Fix stderrthreshold not honored when logtostderr is set
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign damiansawicki for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment