- **Auth**
  - [alpha] Further polishing of the Role-based access control alpha API including a default set of cluster roles. ([docs](http://kubernetes.io/docs/admin/authorization/)) ([kubernetes/features#2](https://github.com/kubernetes/enhancements/issues/2))

Joe Tsai <******@****.***> 1503105518 -0700

- github.com/go-critic/go-critic: [1df3008](https://github.com/go-critic/go-critic/tree/1df3008)
- github.com/go-lintpack/lintpack: [v0.5.2](https://github.com/go-lintpack/lintpack/tree/v0.5.2)
- github.com/go-ole/go-ole: [v1.2.1](https://github.com/go-ole/go-ole/tree/v1.2.1)
- github.com/go-toolsmith/astcast: [v1.0.0](https://github.com/go-toolsmith/astcast/tree/v1.0.0)
- github.com/go-toolsmith/astcopy: [v1.0.0](https://github.com/go-toolsmith/astcopy/tree/v1.0.0)

- DRA: Starting Kubernetes 1.33, regular users with namespaced cluster `edit` role assigned have `read` permission to `resourceclaims`, `resourceclaims/status`,`resourceclaimtemplates`. And `write` permission for `resourceclaims`, `resourceclaimtemplates`. ([#130738](https://github.com/kubernetes/kubernetes/pull/130738), [@ritaz...

- github.com/gliderlabs/ssh: v0.1.1
- github.com/go-critic/go-critic: 1df3008
- github.com/go-kit/kit: v0.8.0
- github.com/go-lintpack/lintpack: v0.5.2
- github.com/go-logfmt/logfmt: v0.3.0
- github.com/go-ole/go-ole: v1.2.1
- github.com/go-stack/stack: v1.8.0
- github.com/go-toolsmith/astcast: v1.0.0
- github.com/go-toolsmith/astcopy: v1.0.0
- github.com/go-toolsmith/astequal: v1.0.0
- github.com/go-toolsmith/astfmt: v1.0.0

   * a "hole" in it so that set tests of {@code ContiguousSet} can suppress them with {@code
   * FeatureSpecificTestSuiteBuilder.suppressing()}.
   */
  /*
   * TODO(cpovirk): or we could make HOLES_FORBIDDEN a feature. Or we could declare that
   * implementations are permitted to throw IAE if a hole is requested, and we could update

Query)}(this,function(a){!function(a,b){"use strict";a.formUtils.registerLoadedModule("lang/cs"),a(b).bind("validatorsLoaded",function(){a.formUtils.LANG={errorTitle:"Podání formuláře selhalo!",requiredField:"Toto pole je povinné",requiredfields:"Nebyly vyplněny všechny požadované pole",badTime:"Neplatný čas",badEmail:"Neplatná e-mailová adresa",badTelephone:"Neplatné telefonní číslo",badSecurityAnswer:"Chybná odpověď na bezpečnostní otázku",badDate:"Nesprávné datum",lengthBadStart:"Zadaná hodnota...

ottom:.5rem}button{border-radius:0}button:focus:not(:focus-visible){outline:0}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}[role=button]{cursor:pointer}select{word-wrap:normal}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]:not(:disabled),[type=reset]:not(:disabled),[type=submit]:not(:disabled),button:not(:disabled){cursor:pointer}[ty...

   * a "hole" in it so that set tests of {@code ContiguousSet} can suppress them with {@code
   * FeatureSpecificTestSuiteBuilder.suppressing()}.
   */
  /*
   * TODO(cpovirk): or we could make HOLES_FORBIDDEN a feature. Or we could declare that
   * implementations are permitted to throw IAE if a hole is requested, and we could update

- Fixed a regression preventing garbage collection of RBAC role and binding objects ([#90534](https://github.com/kubernetes/kubernetes/pull/90534), [@apelisse](https://github.com/apelisse)) [SIG Auth]