Skip to content

chore(deps): bump the go group across 1 directory with 19 updates #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): bump the go group across 1 directory with 19 updates #186

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 12, 2025
edited
Loading

Bumps the go group with 3 updates in the / directory: github.com/fluxcd/flux2/v2, github.com/open-component-model/ocm-controller and ocm.software/ocm.

Updates github.com/fluxcd/flux2/v2 from 2.6.4 to 2.7.2

Release notes

Sourced from github.com/fluxcd/flux2/v2's releases.

v2.7.2

Highlights

Flux v2.7.2 is a patch release that comes with security fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

All Flux components are now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib that could lead to denial of service. The list of security fixes can be found in the Go 1.25.2 release notes.

Components changelog

CLI changelog

Full Changelog: fluxcd/flux2@v2.7.1...v2.7.2

v2.7.1

Highlights

Flux v2.7.1 is a patch release that comes with various improvements and fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Improvements:

  • Extend flux migrate with support for migrating manifests in Git repositories to the latest API versions.
  • Add recommendations for configuring HelmReleases on production environments.

Fixes:

  • Fix flux migrate command to handle managed fields properly.
  • Fix self-signed TLS cert handling for public Helm repositories in source-controller.
  • Fix the default API versions used by receivers in notification-controller.
  • Fix redundant Ready condition patching in helm-controller.
  • Fix workload identity configuration examples for kubeconfig in helm-controller and kustomize-controller.

Components changelog

... (truncated)

Commits
  • 4a15fa6 Merge pull request #5579 from fluxcd/backport-5578-to-release/v2.7.x
  • 6adffe7 Update toolkit components
  • e8213d7 Merge pull request #5577 from fluxcd/backport-5576-to-release/v2.7.x
  • ddd9ef9 Update dependencies to Kubernetes v1.34.1 and Go 1.25.2
  • f3cc580 Merge pull request #5575 from fluxcd/backport-5574-to-release/v2.7.x
  • bb9b4e8 Use RUNTIME_NAMESPACE when setting --events-addr
  • 6bb4aef Fix --storage-adv-addr for source-watcher
  • ca29bb1 Merge pull request #5571 from fluxcd/backport-5570-to-release/v2.7.x
  • c707c3a Disable AUR publishing
  • 53552c8 Merge pull request #5569 from fluxcd/backport-5568-to-release/v2.7.x
  • Additional commits viewable in compare view

Updates github.com/fluxcd/helm-controller/api from 1.3.0 to 1.4.2

Release notes

Sourced from github.com/fluxcd/helm-controller/api's releases.

v1.4.2

Changelog

v1.4.2 changelog

Container images

  • docker.io/fluxcd/helm-controller:v1.4.2
  • ghcr.io/fluxcd/helm-controller:v1.4.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.1

Changelog

v1.4.1 changelog

Container images

  • docker.io/fluxcd/helm-controller:v1.4.1
  • ghcr.io/fluxcd/helm-controller:v1.4.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.0

Changelog

v1.4.0 changelog

Container images

  • docker.io/fluxcd/helm-controller:v1.4.0
  • ghcr.io/fluxcd/helm-controller:v1.4.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.0-rc.1

This release candidate is meant for testing.

... (truncated)

Changelog

Sourced from github.com/fluxcd/helm-controller/api's changelog.

1.4.2

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #1329

1.4.1

Release date: 2025-10-06

This patch release fixes the controller setting the Ready condition to Unknown redundantly during reconciliation.

Fixes:

  • Remove redundant Ready condition setter #1323
  • Fix docs example for kubeconfig workload identity #1315

1.4.0

Release date: 2025-09-25

This minor release comes with various bug fixes and improvements.

⚠️ The v2beta1 APIs were removed. Before upgrading the CRDs, Flux users must run flux migrate to migrate the cluster storage off v2beta1.

The controller now supports ExternalArtifact Helm chart sources under the feature gate ExternalArtifact.

A new RetryOnFailure strategy has been added for automatic retries on Helm release failures.

Dependencies can now be evaluated using CEL expressions via the new readyExpr field, providing more flexible and powerful dependency readiness checks.

... (truncated)

Commits
  • 310cd46 Merge pull request #1331 from fluxcd/release-v1.4.2
  • bcd4b75 Release v1.4.2
  • 955ccc2 Add changelog entry for v1.4.2
  • c13d3b0 Merge pull request #1330 from fluxcd/backport-1329-to-release/v1.4.x
  • d2e2425 Update dependencies to Kubernetes v1.34.1 and Go 1.25.2
  • 5961301 Merge pull request #1325 from fluxcd/release-v1.4.1
  • 141ebe4 Release v1.4.1
  • 3d8a070 Add changelog entry for v1.4.1
  • ceefb36 Merge pull request #1324 from fluxcd/backport-1323-to-release/v1.4.x
  • db72db6 Add recommended settings to docs
  • Additional commits viewable in compare view

Updates github.com/fluxcd/image-automation-controller/api from 0.41.2 to 1.0.2

Release notes

Sourced from github.com/fluxcd/image-automation-controller/api's releases.

v1.0.2

Changelog

v1.0.2 changelog

Container images

  • docker.io/fluxcd/image-automation-controller:v1.0.2
  • ghcr.io/fluxcd/image-automation-controller:v1.0.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.0.1

Changelog

v1.0.1 changelog

Container images

  • docker.io/fluxcd/image-automation-controller:v1.0.1
  • ghcr.io/fluxcd/image-automation-controller:v1.0.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.0.0

Changelog

v1.0.0 changelog

Container images

  • docker.io/fluxcd/image-automation-controller:v1.0.0
  • ghcr.io/fluxcd/image-automation-controller:v1.0.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/image-automation-controller/api's changelog.

1.0.2

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #978

1.0.1

Release date: 2025-09-28

This patch release fixes the Git checkout reference name not being taken into account when checking out the Git repository.

Fixes:

  • Fix checkout reference name not taken into account #973

1.0.0

Release date: 2025-09-16

This is the first GA release of the image-automation-controller. It comes with various bug fixes and improvements.

The ImageUpdateAutomation API has been promoted to v1 (GA) status. The v1 API is backwards compatible with v1beta2.

⚠️ The v1beta1 APIs were removed. Before upgrading the CRDs, Flux users must run flux migrate to migrate the cluster storage off v1beta1. After the upgrade, all manifests in Git which contain ImagePolicy, ImageRepository and ImageUpdateAutomation definitions must be updated to:

apiVersion: image.toolkit.fluxcd.io/v1

The .spec.update.strategy field is now optional, simplifying configuration for basic use cases. Object-level workload identity support has been added for Azure DevOps Git repositories. A --default-service-account=<sa name> flag was introduced for workload identity multi-tenancy lockdown. The controller now supports system certificate pools for improved CA compatibility, and TLS ServerName pinning has been removed from TLS configuration for better flexibility. TLS support was also added for GitHub App authentication. Sparse checkout is now performed when .spec.update.path is specified.

In addition, the Kubernetes dependencies have been updated to v1.34 and various other controller dependencies have been updated to their latest version. The controller is now built with Go 1.25.

Fixes:

... (truncated)

Commits
  • dacc8ee Merge pull request #981 from fluxcd/release-v1.0.2
  • e0585ef Release v1.0.2
  • 0ef8d4b Add changelog entry for v1.0.2
  • 78efff5 Merge pull request #980 from fluxcd/backport-978
  • 4ae8643 Update dependencies to Kubernetes v1.34.1 and Go 1.25.2
  • 885d9f7 Merge pull request #975 from fluxcd/release-v1.0.1
  • d03b3a1 Release v1.0.1
  • 6bb4506 Add changelog entry for v1.0.1
  • 8c5b036 Merge pull request #974 from fluxcd/backport-973-to-release/v1.0.x
  • f835a3a Fix checkout reference name not taken into account
  • Additional commits viewable in compare view

Updates github.com/fluxcd/image-reflector-controller/api from 0.35.2 to 1.0.2

Release notes

Sourced from github.com/fluxcd/image-reflector-controller/api's releases.

v1.0.2

Changelog

v1.0.2 changelog

Container images

  • docker.io/fluxcd/image-reflector-controller:v1.0.2
  • ghcr.io/fluxcd/image-reflector-controller:v1.0.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.0.1

Changelog

v1.0.1 changelog

Container images

  • docker.io/fluxcd/image-reflector-controller:v1.0.1
  • ghcr.io/fluxcd/image-reflector-controller:v1.0.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.0.0

Changelog

v1.0.0 changelog

Container images

  • docker.io/fluxcd/image-reflector-controller:v1.0.0
  • ghcr.io/fluxcd/image-reflector-controller:v1.0.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/image-reflector-controller/api's changelog.

1.0.2

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #836

1.0.1

Release date: 2025-09-20

This patch release fixes the ImagePolicy controller not watching reconcile requests performed by adding the reconcile annotation to the object.

Fixes:

  • Fix controllers not watching reconcile requests from annotations #824

1.0.0

Release date: 2025-09-15

This is the first GA release of the image-reflector-controller. It comes with various bug fixes and improvements.

⚠️ The v1beta1 APIs were removed. Before upgrading the CRDs, Flux users must run flux migrate to migrate the cluster storage off v1beta1. After the upgrade, all manifests in Git which contain ImagePolicy, ImageRepository and ImageUpdateAutomation definitions must be updated to:

apiVersion: image.toolkit.fluxcd.io/v1

ImageRepository

The ImageRepository API has been promoted to v1 (GA) status. The v1 API is backwards compatible with v1beta2.

ImagePolicy

The ImagePolicy API has been promoted to v1 (GA) status. The v1 API is backwards compatible with v1beta2.

... (truncated)

Commits
  • 07c8b98 Merge pull request #838 from fluxcd/release-v1.0.2
  • 7cda7d5 Release v1.0.2
  • 89adcec Add changelog entry for v1.0.2
  • f2885ef Merge pull request #837 from fluxcd/backport-836-to-release/v1.0.x
  • c8f31e4 Update dependencies to Kubernetes v1.34.1 and Go 1.25.2
  • fa9d9a0 Merge pull request #832 from fluxcd/backport-fix-release-v1.0.x
  • ff2ed14 Fix release workflow
  • e7fd55e Bump the ci group across 1 directory with 2 updates
  • 59e67af ci: Refactor CI with fluxcd/gha-workflows
  • ce367e3 Merge pull request #826 from lukas8219/release-v1.0.1
  • Additional commits viewable in compare view

Updates github.com/fluxcd/kustomize-controller/api from 1.6.1 to 1.7.1

Release notes

Sourced from github.com/fluxcd/kustomize-controller/api's releases.

v1.7.1

Changelog

v1.7.1 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.7.1
  • ghcr.io/fluxcd/kustomize-controller:v1.7.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.0

Changelog

v1.7.0 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.7.0
  • ghcr.io/fluxcd/kustomize-controller:v1.7.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.0-rc.1

This release candidate is meant for testing.

Container images

  • docker.io/fluxcd/kustomize-controller:v1.7.0-rc.1
  • ghcr.io/fluxcd/kustomize-controller:v1.7.0-rc.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/kustomize-controller/api's changelog.

1.7.1

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #1530

1.7.0

Release date: 2025-09-24

This minor release comes with various bug fixes and improvements.

⚠️ The v1beta1 APIs were removed. Before upgrading the CRDs, Flux users must run flux migrate to migrate the cluster storage off v1beta1.

The Kustomization API now supports reconciling content from external storage systems through the new ExternalArtifact CRD. This feature is controlled by the ExternalArtifact feature gate and enables reconciliation of artifacts stored outside of Git repositories.

Kustomizations now track their reconciliation history in .status.history, providing visibility into past reconciliation attempts and their outcomes.

Dependencies can now be evaluated using CEL expressions through the new readyExpr field in dependsOn. This feature is controlled by the AdditiveCELDependencyCheck feature gate and allows for more flexible dependency readiness checks.

The controller now supports global SOPS Age key decryption, allowing centralized management of decryption keys.

Support for workload identity authentication has been added for remote clusters. This is support both at the controller and object levels. For object-level, enable the feature gate ObjectLevelWorkloadIdentity.

The new .spec.ignoreMissingComponents field allows Kustomizations to continue reconciliation even when referenced components are missing, providing more resilient deployments.

A feature gate CancelHealthChecksOnNewRevision has been added to cancel ongoing

... (truncated)

Commits
  • 1d4447f Merge pull request #1533 from fluxcd/release-v1.7.1
  • 08349ba Release v1.7.1
  • a1fa37b Add changelog entry for v1.7.1
  • f21648c Merge pull request #1531 from fluxcd/backport-1530-to-release/v1.7.x
  • 13d9796 Update dependencies to Kubernetes v1.34.1 and Go 1.25.2
  • 66bb1ea Merge pull request #1525 from fluxcd/backport-1524-to-release/v1.7.x
  • 61ddcad Fix docs example for kubeconfig workload identity
  • 91e762e Merge pull request #1521 from fluxcd/release-v1.7.0
  • 020caf4 Release v1.7.0
  • 8a3619d Add changelog entry for v1.7.0
  • Additional commits viewable in compare view

Updates github.com/fluxcd/notification-controller/api from 1.6.0 to 1.7.3

Release notes

Sourced from github.com/fluxcd/notification-controller/api's releases.

v1.7.3

Changelog

v1.7.3 changelog

Container images

  • docker.io/fluxcd/notification-controller:v1.7.3
  • ghcr.io/fluxcd/notification-controller:v1.7.3

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.2

Changelog

v1.7.2 changelog

Container images

  • docker.io/fluxcd/notification-controller:v1.7.2
  • ghcr.io/fluxcd/notification-controller:v1.7.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.1

Changelog

v1.7.1 changelog

Container images

  • docker.io/fluxcd/notification-controller:v1.7.1
  • ghcr.io/fluxcd/notification-controller:v1.7.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.0

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/notification-controller/api's changelog.

1.7.3

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #1191

1.7.2

Release date: 2025-10-06

This patch release fixes the default Flux API versions in the Receiver handler.

Fixes:

  • Update default API versions to GA #1186

1.7.1

Release date: 2025-09-24

This patch release fixes the release workflow.

Fixes:

  • Fix release workflow #1179

1.7.0

Release date: 2025-09-24

This minor release comes with various bug fixes and improvements.

⚠️ The v1beta1 APIs were removed. Before upgrading the CRDs, Flux users must run flux migrate to migrate the cluster storage off v1beta1.

Provider

The field .spec.proxySecretRef has been added to the Provider API.

... (truncated)

Commits
  • e17f23f Merge pull request #1193 from fluxcd/release-v1.7.3
  • 6fca71a Release v1.7.3
  • f92a3e2 Add changelog entry for v1.7.3
  • 7e4b357 Merge pull request #1192 from fluxcd/backport-1191
  • 610f1a8 Update dependencies to Kubernetes v1.34.1 and Go 1.25.2
  • e761a39 Merge pull request #1188 from fluxcd/release-v1.7.2
  • 64a8f68 Release v1.7.2
  • a21e959 Add changelog entry for v1.7.2
  • cdce50c Merge pull request #1187 from fluxcd/backport-1186-to-release/v1.7.x
  • ed816fb receiver: Update default API versions to GA
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.21.0 to 1.22.0

Commits
  • 413a95f Merge pull request #1039 from fluxcd/dependabot/github_actions/ci-05a7a237d9
  • 246714f build(deps): bump the ci group with 3 updates
  • ac938bf Merge pull request #1040 from fluxcd/k8s-1.34.1
  • ef1c3ec Prepare release
  • 5679184 Update dependencies
  • d56c6f4 Merge pull request #1038 from cappyzawa/validate-proxy-url
  • 3e994a9 Prepare for release
  • c1274b1 runtime/secrets: validate proxy URL scheme and length
  • ca99961 Merge pull request #1037 from fluxcd/ssa-migrate-managed-fields
  • 18da908 ssa: Add helper function to migrate the apiVersion on managed fields
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.86.0 to 0.88.0

Commits
  • 413a95f Merge pull request #1039 from fluxcd/dependabot/github_actions/ci-05a7a237d9
  • 246714f build(deps): bump the ci group with 3 updates
  • ac938bf Merge pull request #1040 from fluxcd/k8s-1.34.1
  • ef1c3ec Prepare release
  • 5679184 Update dependencies
  • d56c6f4 Merge pull request #1038 from cappyzawa/validate-proxy-url
  • 3e994a9 Prepare for release
  • c1274b1 runtime/secrets: validate proxy URL scheme and length
  • ca99961 Merge pull request #1037 from fluxcd/ssa-migrate-managed-fields
  • 18da908 ssa: Add helper function to migrate the apiVersion on managed fields
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/ssa from 0.55.0 to 0.60.0

Commits
  • 413a95f Merge pull request #1039 from fluxcd/dependabot/github_actions/ci-05a7a237d9
  • 246714f build(deps): bump the ci group with 3 updates
  • ac938bf Merge pull request #1040 from fluxcd/k8s-1.34.1
  • ef1c3ec Prepare release
  • 5679184 Update dependencies
  • d56c6f4 Merge pull request #1038 from cappyzawa/validate-proxy-url
  • 3e994a9 Prepare for release
  • c1274b1 runtime/secrets: validate proxy URL scheme and length
  • ca99961 Merge pull request #1037 from fluxcd/ssa-migrate-managed-fields
  • 18da908 ssa: Add helper function to migrate the apiVersion on managed fields
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/version from 0.10.0 to 0.11.0

Commits
  • c964ce7 Merge pull request #858 from fluxcd/custom-healthchecks-impl
  • 62d235c Add CEL library with custom healthchecks to runtime
  • 243510f Merge pull request #863 from fluxcd/dependabot/github_actions/ci-83dfb6cda2
  • 3cffbeb build(deps): bump the ci group across 1 directory with 3 updates
  • 2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
  • a6353b2 Add healthcheck expressions to kustomize types
  • af0f283 Merge pull request #859 from fluxcd/cel-meta
  • 1178930 Add InvalidCELExpressionReason to apis/meta
  • f39dac4 Merge pull request #861 from fluxcd/deps-kube-v0.32.1
  • 70e88cb Update dependencies
  • Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.7.0 to 1.7.2

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.7.2

Changelog

v1.7.2 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.7.2
  • ghcr.io/fluxcd/source-controller:v1.7.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.1

Changelog

v1.7.1 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.7.1
  • ghcr.io/fluxcd/source-controller:v1.7.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.7.2

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #1908

1.7.1

Release date: 2025-10-06

This patch release comes with a fix for TLS certs handling in the HelmChart reconciler when auth credentials are not specified.

Fixes:

  • Fix HelmChart reconciler appending login options when they do not exist #1904

Improvements:

  • ci: Fix release workflow #1897
  • Point to OCIRepository in HelmRepository docs #1893
Commits

Updates github.com/open-component-model/ocm-controller from 0.26.8 to 0.26.9

Release notes

Sourced from github.com/open-component-model/ocm-controller's releases.

v0.26.9

Release v0.26.9

  • fix: manually set client-side ratelimiting to previous values (#754)
  • fix(deps): remove ocm dependent pins from go mod (#739)
  • fix: rename the helm podinfo deployer as it collides with ocm test (#736)
  • chore: add more log output to the e2e tests (#724)

🧰 Maintenance

  • chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 in the go_modules group (#735)
  • chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in the go_modules group (#732)
  • chore(deps): bump helm.sh/helm/v3 from 3.18.4 to 3.18.5 in the go_modules group (#722)

⬆️ Dependencies

  • chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 in the go_modules group (#735)
  • chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in the go_modules group (#732)
  • chore(deps): bump helm.sh/helm/v3 from 3.18.4 to 3.18.5 in the go_modules group (#722)
Commits
  • 64dcfb5 chore: release notes and version bump for v0.26.9 (#755)
  • fe6a2fd fix: manually set client-side ratelimiting to previous values (#754)
  • 27c2561 chore(deps): bump the ci group across 1 directory with 4 updates (#752)
  • 255953a chore(deps): bump the ci group across 1 directory with 3 updates (#747)
  • 68579fe chore(deps): bump the ci group with 2 updates (#744)
  • 402e95a chore(deps): bump github/codeql-action from 3.30.1 to 3.30.2 in the ci group ...
  • c26546e chore(deps): bump the ci group across 1 directory with 2 updates (#742)
  • 04d4764 fix(deps): remove ocm dependent pins from go mod (#739)
  • f082ebd chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 in the go_mod...
  • 58d429f chore(deps): bump github/codeql-action from 3.29.11 to 3.30.0 in the ci group...
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.34.0 to 0.34.1

Commits

Updates k8s.io/apiextensions-apiserver from 0.34.0 to 0.34.1

Commits
  • bb91141 Update dependencies to v0.34.1 tag
  • 4a9fea1 Merge pull request #133901yongruilin/automated-cherry-pick-of-#133896
  • 3896d9f fix: Only warn for unrecognized formats on type=string
  • See full diff in compare view

Updates k8s.io/apimachinery from 0.34.0 to 0.34.1

Commits

Updates k8s.io/cli-runtime from 0.34.0 to 0.34.1

Commits

Updates k8s.io/client-go from 0.34.0 to 0.34.1

Commits

@dependabot
chore(deps): bump the go group across 1 directory with 19 updates
64cf233 
Bumps the go group with 3 updates in the / directory: [github.com/fluxcd/flux2/v2](https://github.com/fluxcd/flux2), [github.com/open-component-model/ocm-controller](https://github.com/open-component-model/ocm-controller) and [ocm.software/ocm](https://github.com/open-component-model/ocm).


Updates `github.com/fluxcd/flux2/v2` from 2.6.4 to 2.7.2
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml)
- [Commits](fluxcd/flux2@v2.6.4...v2.7.2)

Updates `github.com/fluxcd/helm-controller/api` from 1.3.0 to 1.4.2
- [Release notes](https://github.com/fluxcd/helm-controller/releases)
- [Changelog](https://github.com/fluxcd/helm-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/helm-controller@v1.3.0...v1.4.2)

Updates `github.com/fluxcd/image-automation-controller/api` from 0.41.2 to 1.0.2
- [Release notes](https://github.com/fluxcd/image-automation-controller/releases)
- [Changelog](https://github.com/fluxcd/image-automation-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/image-automation-controller@v0.41.2...v1.0.2)

Updates `github.com/fluxcd/image-reflector-controller/api` from 0.35.2 to 1.0.2
- [Release notes](https://github.com/fluxcd/image-reflector-controller/releases)
- [Changelog](https://github.com/fluxcd/image-reflector-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/image-reflector-controller@v0.35.2...v1.0.2)

Updates `github.com/fluxcd/kustomize-controller/api` from 1.6.1 to 1.7.1
- [Release notes](https://github.com/fluxcd/kustomize-controller/releases)
- [Changelog](https://github.com/fluxcd/kustomize-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/kustomize-controller@v1.6.1...v1.7.1)

Updates `github.com/fluxcd/notification-controller/api` from 1.6.0 to 1.7.3
- [Release notes](https://github.com/fluxcd/notification-controller/releases)
- [Changelog](https://github.com/fluxcd/notification-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/notification-controller@v1.6.0...v1.7.3)

Updates `github.com/fluxcd/pkg/apis/meta` from 1.21.0 to 1.22.0
- [Commits](fluxcd/pkg@apis/meta/v1.21.0...apis/meta/v1.22.0)

Updates `github.com/fluxcd/pkg/runtime` from 0.86.0 to 0.88.0
- [Commits](fluxcd/pkg@runtime/v0.86.0...runtime/v0.88.0)

Updates `github.com/fluxcd/pkg/ssa` from 0.55.0 to 0.60.0
- [Commits](fluxcd/pkg@oci/v0.55.0...ssa/v0.60.0)

Updates `github.com/fluxcd/pkg/version` from 0.10.0 to 0.11.0
- [Commits](fluxcd/pkg@tar/v0.10.0...tar/v0.11.0)

Updates `github.com/fluxcd/source-controller/api` from 1.7.0 to 1.7.2
- [Release notes](https://github.com/fluxcd/source-controller/releases)
- [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/source-controller@v1.7.0...v1.7.2)

Updates `github.com/open-component-model/ocm-controller` from 0.26.8 to 0.26.9
- [Release notes](https://github.com/open-component-model/ocm-controller/releases)
- [Changelog](https://github.com/open-component-model/ocm-controller/blob/main/.goreleaser.yaml)
- [Commits](open-component-model/ocm-controller@v0.26.8...v0.26.9)

Updates `k8s.io/api` from 0.34.0 to 0.34.1
- [Commits](kubernetes/api@v0.34.0...v0.34.1)

Updates `k8s.io/apiextensions-apiserver` from 0.34.0 to 0.34.1
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.34.0...v0.34.1)

Updates `k8s.io/apimachinery` from 0.34.0 to 0.34.1
- [Commits](kubernetes/apimachinery@v0.34.0...v0.34.1)

Updates `k8s.io/cli-runtime` from 0.34.0 to 0.34.1
- [Commits](kubernetes/cli-runtime@v0.34.0...v0.34.1)

Updates `k8s.io/client-go` from 0.34.0 to 0.34.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.34.0...v0.34.1)

Updates `ocm.software/ocm` from 0.29.1 to 0.31.0
- [Release notes](https://github.com/open-component-model/ocm/releases)
- [Changelog](https://github.com/open-component-model/ocm/blob/main/RELEASE_PROCESS.md)
- [Commits](open-component-model/ocm@v0.29.1...v0.31)

Updates `sigs.k8s.io/controller-runtime` from 0.22.1 to 0.22.2
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.22.1...v0.22.2)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/flux2/v2
  dependency-version: 2.7.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/helm-controller/api
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/image-automation-controller/api
  dependency-version: 1.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: go
- dependency-name: github.com/fluxcd/image-reflector-controller/api
  dependency-version: 1.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: go
- dependency-name: github.com/fluxcd/kustomize-controller/api
  dependency-version: 1.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/notification-controller/api
  dependency-version: 1.7.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/apis/meta
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/runtime
  dependency-version: 0.88.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/ssa
  dependency-version: 0.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/version
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/source-controller/api
  dependency-version: 1.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/open-component-model/ocm-controller
  dependency-version: 0.26.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/api
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/cli-runtime
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/client-go
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: ocm.software/ocm
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Oct 12, 2025
@dependabot dependabot bot requested a review from a team as a code owner October 12, 2025 06:04
@dependabot dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Oct 12, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 26, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Oct 26, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/go-3f287e605c branch October 26, 2025 06:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

kind/chore chore, maintenance, etc. kind/dependency dependency update, etc.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant