- Updates golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80 to resolve CVE-2022-27664 ([#113459](https://github.com/kubernetes/kubernetes/pull/113459), [@aimuz](https://github.com/aimuz)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release and Storage]

    - [(No, really, you MUST do this before you upgrade)](#no-really-you-must-do-this-before-you-upgrade)
  - [Major Themes](#major-themes)
    - [SIG API Machinery](#sig-api-machinery)
    - [SIG Auth](#sig-auth)
    - [SIG CLI](#sig-cli)
    - [SIG Cluster Lifecycle](#sig-cluster-lifecycle)
    - [SIG Instrumentation](#sig-instrumentation)
    - [SIG Network](#sig-network)
    - [SIG Node](#sig-node)

### Feature

    /** The key of the message: Number of Shards */
    public static final String LABELS_number_of_shards_for_doc = "{labels.number_of_shards_for_doc}";

    /** The key of the message: Auto-expand Replicas */
    public static final String LABELS_auto_expand_replicas_for_doc = "{labels.auto_expand_replicas_for_doc}";

    /** The key of the message: Crawler Index */

- Graduated the `LegacyServiceAccountTokenTracking` feature gate to GA. The usage of auto-generated secret-based service account token now produces warnings, and relevant Secrets are labeled with a last-used timestamp (label key `kubernetes.io/legacy-token-last-used`). ([#117591](https://github.com/kubernetes/kubernetes/pull/117591), [@zshihang](https://github.com/zshihang)) [SIG API Machinery, Auth and Testing]

key":"requests_deadline","value":"10s"},{"key":"cluster_deadline","value":"10s"},{"key":"cors_allow_origin","value":"*"},{"key":"remote_transport_deadline","value":"2h"},{"key":"list_quorum","value":"strict"},{"key":"replication_priority","value":"auto"},{"key":"replication_max_workers","value":"500"},{"key":"transition_workers","value":"100"},{"key":"stale_uploads_cleanup_interval","value":"6h"},{"key":"stale_uploads_expiry","value":"24h"},{"key":"delete_cleanup_interval","value":"5m"},{"key":"...

- Create HPA v2 from v2beta2 with some fields changed. (#102534, @wangyysde) [SIG API Machinery, Apps, Auth, Autoscaling and Testing]

        assertFalse(auth.matches("ftp://hoge/"));
        assertFalse(auth.matches("ftp://hoge"));
        assertFalse(auth.matches("ftp://"));
        assertFalse(auth.matches("http://hostname/"));
        assertFalse(auth.matches("http://hostname:21/"));
        assertFalse(auth.matches(""));
        assertFalse(auth.matches(null));

        // Test with different ports
        auth.setPort(8080);

        Kerb5Authenticator auth = new Kerb5Authenticator(subj, "DOM", "user", "pass");
        auth.setUser("alice");
        auth.setRealm("EXAMPLE.COM");
        auth.setService("cifs");
        auth.setUserLifeTime(123);
        auth.setLifeTime(456);
        auth.setForceFallback(true);

        Kerb5Authenticator cloned = auth.clone();

        assertNotSame(auth, cloned);

  - [Notable Features](#notable-features)
  - [API Changes](#api-changes)
  - [Detailed Bug Fixes And Changes](#detailed-bug-fixes-and-changes)
    - [API Machinery](#api-machinery)
    - [Apps](#apps)
    - [Auth](#auth)
    - [AWS](#aws)
    - [Azure](#azure)
    - [CLI](#cli)
    - [Cloud Provider](#cloud-provider)
    - [Cluster Lifecycle](#cluster-lifecycle)
    - [GCP](#gcp)
    - [Network](#network)
    - [Node](#node)