rebase: update kubernetes to latest

updating the kubernetes release to the
latest in main go.mod

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>

vendor/k8s.io/apiserver/pkg/cel/environment/base.go

@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"strconv"
 	"sync"
+	"sync/atomic"
 
 	"github.com/google/cel-go/cel"
 	"github.com/google/cel-go/checker"
@@ -30,20 +31,29 @@ import (
 	"k8s.io/apimachinery/pkg/util/version"
 	celconfig "k8s.io/apiserver/pkg/apis/cel"
 	"k8s.io/apiserver/pkg/cel/library"
+	genericfeatures "k8s.io/apiserver/pkg/features"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
+	utilversion "k8s.io/apiserver/pkg/util/version"
 )
 
 // DefaultCompatibilityVersion returns a default compatibility version for use with EnvSet
 // that guarantees compatibility with CEL features/libraries/parameters understood by
-// an n-1 version
+// the api server min compatibility version
 //
-// This default will be set to no more than n-1 the current Kubernetes major.minor version.
+// This default will be set to no more than the current Kubernetes major.minor version.
 //
-// Note that a default version number less than n-1 indicates a wider range of version
-// compatibility than strictly required for rollback. A wide range of compatibility is
-// desirable because it means that CEL expressions are portable across a wider range
-// of Kubernetes versions.
+// Note that a default version number less than n-1 the current Kubernetes major.minor version
+// indicates a wider range of version compatibility than strictly required for rollback.
+// A wide range of compatibility is desirable because it means that CEL expressions are portable
+// across a wider range of Kubernetes versions.
+// A default version number equal to the current Kubernetes major.minor version
+// indicates fast forward CEL features that can be used when rollback is no longer needed.
 func DefaultCompatibilityVersion() *version.Version {
-	return version.MajorMinor(1, 29)
+	effectiveVer := utilversion.DefaultComponentGlobalsRegistry.EffectiveVersionFor(utilversion.DefaultKubeComponent)
+	if effectiveVer == nil {
+		effectiveVer = utilversion.DefaultKubeEffectiveVersion()
+	}
+	return effectiveVer.MinCompatibilityVersion()
 }
 
 var baseOpts = append(baseOptsWithoutStrictCost, StrictCostOpt)
@@ -132,6 +142,45 @@ var baseOptsWithoutStrictCost = []VersionedOptions{
 			library.CIDR(),
 		},
 	},
+	// Format Library
+	{
+		IntroducedVersion: version.MajorMinor(1, 31),
+		EnvOptions: []cel.EnvOption{
+			library.Format(),
+		},
+	},
+	// Authz selectors
+	{
+		IntroducedVersion: version.MajorMinor(1, 31),
+		FeatureEnabled: func() bool {
+			enabled := utilfeature.DefaultFeatureGate.Enabled(genericfeatures.AuthorizeWithSelectors)
+			authzSelectorsLibraryInit.Do(func() {
+				// Record the first time feature enablement was checked for this library.
+				// This is checked from integration tests to ensure no cached cel envs
+				// are constructed before feature enablement is effectively set.
+				authzSelectorsLibraryEnabled.Store(enabled)
+				// Uncomment to debug where the first initialization is coming from if needed.
+				// debug.PrintStack()
+			})
+			return enabled
+		},
+		EnvOptions: []cel.EnvOption{
+			library.AuthzSelectors(),
+		},
+	},
+}
+
+var (
+	authzSelectorsLibraryInit    sync.Once
+	authzSelectorsLibraryEnabled atomic.Value
+)
+
+// AuthzSelectorsLibraryEnabled returns whether the AuthzSelectors library was enabled when it was constructed.
+// If it has not been contructed yet, this returns `false, false`.
+// This is solely for the benefit of the integration tests making sure feature gates get correctly parsed before AuthzSelector ever has to check for enablement.
+func AuthzSelectorsLibraryEnabled() (enabled, constructed bool) {
+	enabled, constructed = authzSelectorsLibraryEnabled.Load().(bool)
+	return
 }
 
 var StrictCostOpt = VersionedOptions{