- go.etcd.io/bbolt: v1.4.2 → v1.4.3
- go.etcd.io/etcd/api/v3: v3.6.4 → v3.6.5
- go.etcd.io/etcd/client/pkg/v3: v3.6.4 → v3.6.5
- go.etcd.io/etcd/client/v3: v3.6.4 → v3.6.5
- go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5
- go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.58.0 → v0.61.0
- go.opentelemetry.io/otel/metric: v1.35.0 → v1.36.0

	VPROLD $65, Z21, K7, Z14                           // 62b10d4f72cd41
	VPROLD $65, Z8, K7, Z14                            // 62d10d4f72c841
	VPROLD $65, 7(SI)(DI*8), K7, Z14                   // 62f10d4f728cfe0700000041
	VPROLD $65, -15(R14), K7, Z14                      // 62d10d4f728ef1ffffff41
	VPROLD $65, Z21, K7, Z15                           // 62b1054f72cd41

pkg syscall (netbsd-arm64-cgo), const EFTYPE = 79
pkg syscall (netbsd-arm64-cgo), const EFTYPE Errno
pkg syscall (netbsd-arm64-cgo), const EHOSTDOWN = 64
pkg syscall (netbsd-arm64-cgo), const EHOSTUNREACH = 65
pkg syscall (netbsd-arm64-cgo), const EIDRM = 82
pkg syscall (netbsd-arm64-cgo), const EILSEQ = 85
pkg syscall (netbsd-arm64-cgo), const EINPROGRESS = 36
pkg syscall (netbsd-arm64-cgo), const EINTR = 4

pkg syscall (darwin-arm64), const EFTYPE = 79
pkg syscall (darwin-arm64), const EFTYPE Errno
pkg syscall (darwin-arm64), const EHOSTDOWN = 64
pkg syscall (darwin-arm64), const EHOSTUNREACH = 65
pkg syscall (darwin-arm64), const EIDRM = 90
pkg syscall (darwin-arm64), const EILSEQ = 92
pkg syscall (darwin-arm64), const EINPROGRESS = 36
pkg syscall (darwin-arm64), const EINTR = 4

- cloud.google.com/go/documentai: v1.23.7
- cloud.google.com/go/domains: v0.9.4
- cloud.google.com/go/edgecontainer: v1.1.4
- cloud.google.com/go/errorreporting: v0.3.0
- cloud.google.com/go/essentialcontacts: v1.6.5
- cloud.google.com/go/eventarc: v1.13.3
- cloud.google.com/go/filestore: v1.8.0
- cloud.google.com/go/firestore: v1.14.0
- cloud.google.com/go/functions: v1.15.4
- cloud.google.com/go/gkebackup: v1.3.4

- cloud.google.com/go/documentai: v1.22.0 → v1.23.7
- cloud.google.com/go/domains: v0.9.1 → v0.9.4
- cloud.google.com/go/edgecontainer: v1.1.1 → v1.1.4
- cloud.google.com/go/essentialcontacts: v1.6.2 → v1.6.5
- cloud.google.com/go/eventarc: v1.13.0 → v1.13.3
- cloud.google.com/go/filestore: v1.7.1 → v1.8.0
- cloud.google.com/go/firestore: v1.12.0 → v1.14.0
- cloud.google.com/go/functions: v1.15.1 → v1.15.4

### Cloud Providers

* Azure: Container permissions for provisioned volumes have changed to private. If you have existing Azure volumes that were created by Kubernetes v1.6.0-v1.6.5, you should change the permissions on them manually. ([#47605](https://github.com/kubernetes/kubernetes/pull/47605), [@brendandburns](https://github.com/brendandburns))

representation of the Unicode code point with the given integer value.
Values outside the range of valid Unicode code points are converted to <code>"\uFFFD"</code>.

<pre>
string('a')          // "a"
string(65)           // "A"
string('\xf8')       // "\u00f8" == "ø" == "\xc3\xb8"
string(-1)           // "\ufffd" == "\xef\xbf\xbd"

type myString string
myString('\u65e5')   // "\u65e5" == "日" == "\xe6\x97\xa5"
</pre>

  - kube-apiserver <= v1.24.14

**Fixed Versions**:
  - kube-apiserver v1.27.3
  - kube-apiserver v1.26.6
  - kube-apiserver v1.25.11
  - kube-apiserver v1.24.15


**CVSS Rating:** Medium (6.5) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

## Changes by Kind

### Feature

- Updates the following images to pick up CVE fixes:
  - `debian` to v1.8.0
  - `debian-iptables` to v1.6.5
  - `setcap` to v2.0.3 ([#103235](https://github.com/kubernetes/kubernetes/pull/103235), [@thejoycekung](https://github.com/thejoycekung)) [SIG API Machinery, Release and Testing]

### Bug or Regression